SMCROUTED(8) | System Manager's Manual (smm) | SMCROUTED(8) |
smcrouted
—
SMCRoute, a static multicast router
smcrouted |
[-nNhsv ] [-c
SEC] [-d
SEC] [-e
CMD] [-f
FILE] [-F
FILE] [-i
NAME] [-l
LVL] [-m
SEC] [-p
USER:GROUP] [-P
FILE] [-t
ID] [-u
FILE] |
smcrouted
is a static multicast routing
daemon providing fine grained control over the multicast forwarding cache
(MFC) in the UNIX kernel. Both IPv4 and IPv6 are fully supported.
smcrouted
can be used as an alternative to
dynamic multicast daemons like mrouted(8),
pimd(8) or pim6sd(8) in situations where
static multicast routes should be maintained and/or no proper IGMP or MLD
signaling exists.
Multicast routes exist in the UNIX kernel only as long as a
multicast routing daemon is running. On Linux, multiple multicast routers
can run simultaneously using different multicast routing tables. To run
smcrouted
and, mrouted
at
the same time, set the former to use a routing table other than the default
(0).
smcrouted
modifies the kernel routing
table and needs either full superuser rights, or
CAP_NET_ADMIN
on Linux. This also applies to the
friendly control tool smcroutectl(8).
Be careful when creating multicast routes. You can easily flood your networks by inadvertently creating routing loops. Either direct loops listing an inbound interface also as an outbound, or indirect loops by going through other routers.
The following command line options are available:
-c
SECThis option is intended for systems with topology changes, i.e., when inbound multicast may change both interface and source IP address. E.g. in a setup with at least two VRRP routers. If there is no way of detecting such a topology change this option makes sure to periodically flush all dynamically learned multicast routes so that traffic may resume. Flushing of a specific route only occurs if it was unused during the last flush interval, i.e. there was no traffic matching it. This avoids toggling between different inbound interfaces if traffic arrives on several interfaces simultaneously. In this case, the first selected inbound interface is retained until traffic on it ceases.
Default is 60 sec, set to 0 to disable. See also the
smcroutectl flush
command, which can be called
manually on topology changes.
-d
SECThis command line option, although useful in some use-cases, is fragile. It is almost always better to rely on an init or process supervisor that handles dependencies properly, like finit(8), which can wait for interfaces to come up and files to be created before starting a service.
-e
CMDsmcrouted
has loaded/reloaded all static multicast
routes from the configuration file, or when a source-less (ANY) rule has
been installed.-f
FILE-F
FILE-l
LEVEL to increase verbosity. Returns non-zero on
error.-h
-i
NAME-I
foo would make
smcrouted
look for
/etc/foo.conf
, write its PID to
/var/run/foo.pid
and create an IPC socket for
smcroutectl
in
/var/run/foo.sock
.
For smcroutectl
the same option can be
used to select the proper smcrouted
instance to
send IPC to.
This option is required for both daemon and client when
running multiple smcrouted
instances, using
multiple routing tables, on Linux.
-l
LEVEL-m
SECsmcrouted
is built with mrdisc support (Linux, and
IPv4, only). RFC4286.-n
-N
smcrouted
enables multicast routing on
all available, and multicast capable, interfaces in the system. These
interfaces are enumerated as VIFs, virtual interfaces, of which most UNIX
systems have a very limited amount, usually 32. This daemon option inverts
the behavior so no interfaces are enabled by default. Useful on systems
with many interfaces, where multicast routing only makes use of a few.
The config file setting phyint IFNAME enable is required to enable the required interfaces.
-p
USER [:GROUP]smcrouted
is built with libcap support.-P
FILE-i
NAME. Regardless, setting this option overrides all
others, but it is recommended to use the ident option instead.-s
-t
IDip mrule add iif eth0 lookup 123 ip mrule add oif eth0 lookup 123
Note:
Only available on Linux.
-u
FILEsmcrouted
and smcroutectl
.
Use this to override the default socket path, derived from the daemon
identity, -i
NAME. This
option can be useful when overriding the identity is not sufficient, e.g.
for testing. The default depends on how smcrouted
is configured at build time, see
FILES.-v
The -e
CMD option is
useful if you want to trigger other processes to start when
smcrouted
has completed installing dynamic multicast
routes from (*,G) rules in /etc/smcroute.conf, or
when a source-less (ANY) route, a.k.a (*,G) multicast rule, from
/etc/smcroute.conf. is matched and installed. For
instance, calling conntrack on Linux to flush firewall
connection tracking when NAT:ing multicast.
The script CMD is called with an argument
reload or install to let the
script know if it is called on SIGHUP/startup, or when a (*,G) rule is
matched and installed. In the latter case smcrouted
also sets two environment variables: source
, and
group
. Beware that these environment variables are
unconditionally overwritten by smcrouted
and can
thus not be used to pass information to the script from outside of
smcrouted
.
When smcrouted
starts up it scans for
available network interfaces that have the MULTICAST
flag set. Provided the -N
flag is not set, each
interface is enumerated as a virtual interface (VIF) which is what the
kernel's multicast routing stack uses. The enumeration process on some
operating systems also require each interface to have an IP address, but
Linux and FreeBSD systems only require the ifindex and the MULTICAST flag.
If the interface does not yet exist when smcrouted
starts, the -d
SEC flag can be
used to delay startup. Otherwise smcrouted
needs to
be reloaded (e.g., using SIGHUP) when a new interface has been added to the
system.
Since VIFs are a limited resource, most operating systems only
support 32 in total, the administrator may need to declare which interfaces
to use for multicast routing using the
/etc/smcroute.conf phyint
directive. It is recommended to always start
smcrouted
with the -N
flag,
disabling VIF creation by default, and then selectively enable each of the
interfaces you are going to route between. See
smcroute.conf(5) for more information.
Because multicast inherently is broadcast there is an obvious need to limit. On a LAN this is usually managed automatically by bridges (switches) with built-in multicast snooping (IGMP and MLD). Between LANs there is also the need to scope multicast, often the same multicast groups are used for different purposes on different LANs. This must be managed by administrators, at least three options exist:
TTL
scoping
Administrative
scoping (RFC2365)
smcrouted
this is left to the
administrator to manage. See mrouted(8), and
mrouted.conf(5), for more details.Filtering
A multicast route is defined by an input interface IFNAME, the sender's unicast IP address SOURCE, which is optional, the multicast group GROUP and a list of, at least one, output interface IFNAME [IFNAME ...].
mroute from eth0 group 225.1.2.3 to eth1 eth2 mroute from eth0 source 1.2.3.4 group 225.3.2.1 to eth1 eth2 mroute from eth0 group ff2e::42 to eth1 eth2 mroute from eth0 source 2001:3::1 group ff2e::43 to eth1 eth2
The sender address and multicast group must both be either IPv4 or IPv6 addresses.
The output interfaces are not needed when removing routes using
the smcroutectl remove
command. The first three
parameters are sufficient to identify the source of the multicast route.
The intended purpose of smcrouted
is to
aid in situations where dynamic multicast routing does not work properly.
However, a dynamic multicast routing protocol is in nearly all cases the
preferred solution. The reason for this is their ability to translate
Layer-3 signaling to Layer-2 and vice versa (IGMP or MLD).
Note:
the optional source address multicast routes are not installed in the kernel
multicast forwarding cache (MFC) by smcrouted
.
Instead, it dynamically installs new routes to the kernel MFC, matching the
group and inbound interface, when the kernel notifies
smcrouted
using "upcalls" called
NOCACHE
messages. This feature was grafted onto
smcrouted
from mrouted(8), and may
not work as intended in all use-cases.
smcrouted
is capable of simple group join
and leave by sending commands to the kernel. The kernel then handles sending
Layer-2 IGMP/MLD join and leave frames as needed. This can be used for
testing but is also useful sometimes to open up multicast from the sender if
located on a LAN with switches equipped with IGMP/MLD Snooping. Such devices
will prevent forwarding of multicast unless an IGMP/MLD capable router or
multicast client is located on the same physical port as you run
smcrouted
on. However, this feature of
smcrouted
is only intended as a workaround. Some
platforms impose a limit on the maximum number of groups that can be joined,
some of these systems can be tuned to increase this limit. For bigger
installations it is strongly recommended to instead address the root cause,
e.g. enable multicast router ports on intermediate switches, either
statically or by enabling the multicast router discovery feature of
smcrouted
.
To emulate a multicast client using
smcrouted
you use the join
and leave
commands to issue join and leave commands
for a given multicast group on a given interface
IFNAME. The GROUP may be given
in an IPv4 or IPv6 address format.
The command is passed to the daemon that passes it to the kernel. The kernel then tries to join the multicast group GROUP on interface IFNAME by starting IGMP, or MLD for IPv6 group address, signaling on the given interface. This signaling may be received by routers/switches connected on that network supporting IGMP/MLD multicast signaling and, in turn, start forwarding the requested multicast stream eventually reach your desired interface.
When running multiple smcrouted
instances,
using the -t
ID command line
flag, one per routing table on Linux, it is required to use the
-i
NAME option to both daemon
and client. This because the name of the IPC socket used for communicating
is composed from the identity.
The most common problem when attempting to route multicast is the TTL. Always start by verifying that the TTL of your multicast stream is not set to 1, because the router decrements the TTL of an IP frame before routing it. Test your setup using ping(8) or iperf(1). Either of which is capable of creating multicast traffic with an adjustable TTL. Iperf in particular is useful since it can act both as a multicast source (sender) and a multicast sink (receiver). For more advanced IP multicast testing the mcjoin(1) tool can be used.
A lot of extra information is sent under the daemon facility and
the debug priority to the syslog daemon. Use
‘smcrouted -s -l debug
’ to enable.
For convenience in sending signals,
smcrouted
writes its process ID to
/var/run/smcroute.pid upon startup, unless the
-p
FILE or
-i
NAME options are used to
change the identity or file name used. The following signals are
supported:
smcrouted
. Defined
interfaces to use, groups to join, and routes to set when starting, or
reloading smcrouted
on
SIGHUP. Like the PID file, the name of the
configuration file may be different depending on command line options
given to the daemon. Most notably, -I
IDENT defines the full suite of files used by the
smcrouted
daemon. See
smcroute.conf(5) for details.smcrouted
when it
has started up and is ready to receive commands. See also the
-i
NAME or
-P
FILE options which can
change the default name.smcrouted
for use by
smcroutectl
. Same caveats apply to this file as
the previous two, command line options -i
NAME and -S
FILE to the daemon can be used to change the socket
file name.BSD systems may consult the netstat(1) tool for stats on virtual multicast interface tables and multicast forwarding caches, and VIF/MIF allocation, as well as the ifmcstat(8) tool for querying group membership.
smcrouted
leverages BSD
sysexits.h exit codes (64-78), which process
supervisors like systemd(1) and finit(8)
understands. The following table details what codes are used for and how to
interpret them.
Status | Symbolic Name | Description |
0 | EX_OK | Success |
64 | EX_USAGE | Invalid command line option, or missing argument |
69 | EX_UNAVAILABLE | Multicast routing socket (or table) already in use |
79 | EX_SOFTWARE | Internal error, bug in smcrouted |
71 | EX_OSERR | Failed fork (), daemon (),
getifaddrs (), malloc (),
etc. |
76 | EX_PROTOCOL | Kernel does not seem to support multicast routing |
77 | EX_NOPERM | Not enough permissions to run |
78 | EX_CONFIG | Parse error in configuration file |
smcroute.conf(5), smcroutectl(8), mrouted(8), pimd(8), pim6sd(8), ping(8), mcjoin(1), iperf(1)
SMCRoute was originally created by Carsten Schill <carsten@cschill.de>. Initial IPv6 support by Todd Hayton <todd.hayton@gmail.com>. Initial FreeBSD support by Micha Lenk <micha@debian.org>.
SMCRoute is currently maintained by Joachim Wiberg <troglobit@gmail.com>, and Micha Lenk <micha@debian.org> at GitHub.
November 28, 2021 | Debian |