网卡组播组 & Multicast on Openstack

root@focal2-2:~# netstat -gan
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
ens3            1      224.0.0.5
ens3            1      224.0.0.1
lo              1      ff02::1
lo              1      ff01::1
ens3            1      ff02::1:ff96:d442
ens3            2      ff02::1
ens3            1      ff01::1
root@focal2-2:~# 

root@focal2-2:~# ifconfig -a | grep multicast
root@focal2-2:~# cat /boot/config-5.4.0-42-generic  | grep CONFIG_IP_MULTICAST
CONFIG_IP_MULTICAST=y
root@focal2-2:~# 

root@focal2-2:~# cat /boot/config-5.4.0-42-generic  | egrep 'CONFIG_IP_MULTICAST|CONFIG_NET_IPIP|CONFIG_IP_MROUTE'
CONFIG_IP_MULTICAST=y
CONFIG_NET_IPIP=m
CONFIG_IP_MROUTE_COMMON=y
CONFIG_IP_MROUTE=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y

root@focal2-2:~#  ip mroute
root@focal2-2:~#  more /proc/net/ip_mr_vif
Interface      BytesIn  PktsIn  BytesOut PktsOut Flags Local    Remote
root@focal2-2:~# 

root@focal2-2:~# ip link set ens3 multicast on
root@focal2-2:~# ifconfig -a | grep multicast
root@focal2-2:~# ifconfig -a | grep multicast
root@focal2-2:~# ip link set ens3 multicast on
root@focal2-2:~# ip link show ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether fa:16:3e:96:d4:42 brd ff:ff:ff:ff:ff:ff
root@focal2-2:~# 

root@ubuntu:/home/ubuntu# ip link set  enahisic2i3  multicast on
root@ubuntu:/home/ubuntu# ip -d  link show enahisic2i3  | grep  multicast
root@ubuntu:/home/ubuntu# 

root@focal:/var/log/frr# tcpdump -i ens3   ip proto ospf  -env
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
20:07:55.365256 fa:16:3e:07:4f:e6 > 01:00:5e:00:00:05, ethertype IPv4 (0x0800), length 78: (tos 0xc0, ttl 1, id 43803, offset 0, flags [none], proto OSPF (89), length 64)
    10.10.18.148 > 224.0.0.5: OSPFv2, Hello, length 44
        Router-ID 10.10.18.148, Backbone Area, Authentication Type: none (0)
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 1
20:08:05.365555 fa:16:3e:07:4f:e6 > 01:00:5e:00:00:05, ethertype IPv4 (0x0800), length 78: (tos 0xc0, ttl 1, id 43804, offset 0, flags [none], proto OSPF (89), length 64)
    10.10.18.148 > 224.0.0.5: OSPFv2, Hello, length 44
        Router-ID 10.10.18.148, Backbone Area, Authentication Type: none (0)
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 1
20:08:15.365867 fa:16:3e:07:4f:e6 > 01:00:5e:00:00:05, ethertype IPv4 (0x0800), length 78: (tos 0xc0, ttl 1, id 43805, offset 0, flags [none], proto OSPF (89), length 64)
    10.10.18.148 > 224.0.0.5: OSPFv2, Hello, length 44
        Router-ID 10.10.18.148, Backbone Area, Authentication Type: none (0)
        Options [External]
          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 1
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
root@focal:/var/log/frr# 

root@focal:/var/log/frr# tcpdump -i ens3  host 10.10.18.152 -env
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
20:26:01.735585 fa:16:3e:96:d4:42 > 01:00:5e:00:00:16, ethertype IPv4 (0x0800), length 54: (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
    10.10.18.152 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.5 to_in, 0 source(s)]
20:26:01.843300 fa:16:3e:96:d4:42 > 01:00:5e:00:00:16, ethertype IPv4 (0x0800), length 54: (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
    10.10.18.152 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.5 to_in, 0 source(s)]
20:26:03.108673 fa:16:3e:96:d4:42 > 01:00:5e:00:00:16, ethertype IPv4 (0x0800), length 54: (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA))
    10.10.18.152 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.5 to_ex, 0 source(s)]

[root@x86compute01 ~]# cat /proc/sys/net/ipv4/conf/all/mc_forwarding
0
[root@x86compute01 ~]#   cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
1
[root@x86compute01 ~]# sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_echo_ignore_broadcasts = 1
[root@x86compute01 ~]#   cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
1
[root@x86compute01 ~]# sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0
net.ipv4.icmp_echo_ignore_broadcasts = 0
[root@x86compute01 ~]#   cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
0
[root@x86compute01 ~]

Openstack Environment:
Havana (ML2 + OVS)
  
Test Environment:
VM1 is in Vlan 850. VM2,VM3,VM4 are in Vlan 820.
VM2 and VM3 are on the same compute node ci91szcmp003 , VM1 and VM4 are on another compute node ci91szcmp004.
  

Here is the topology:





The security Group I'm using is as following, UDP 5001 is the port which I used to test Multicast Packet:



Test Tool:
I use iperf to test Multicast. You can easily install this tool on CentOS with the following command:

yum install iperf

If you do not know how to use this tool, you can see "man iperf" for more detail.
  
Simulate Multicast Sender with the following command:

iperf -c 224.1.1.1 -u -T 32 -t 3 -i 1

Simulate Multicast Receiver with the following command:

iperf -s -u -B 224.1.1.1 -i 1

Test Case and Result:
VMs in the same Vlan
Case #1:
VM2 send multicast packet. VM3 and VM4 do not join the Multicast Group, use tcpdump to see if they can receive Multicast packets.
Multicast packet flow from VM2 to VM3 is VM2 -> OVS -> VM3, as following：



Multicast packet flow from VM2 to VM4 is VM2 -> OVS -> Phy Switch -> OVS -> VM3, as following：



Result and Log:

On VM2 I send multicast packet:
[root@VM2 ~]# iperf -c 224.1.1.1 -u -T 32 -t 3 -i 1
------------------------------------------------------------
Client connecting to 224.1.1.1, UDP port 5001
Sending 1470 byte datagrams
Setting multicast TTL to 32
UDP buffer size:  224 KByte (default)
------------------------------------------------------------
[  3] local 10.224.159.146 port 54457 connected with 224.1.1.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   129 KBytes  1.06 Mbits/sec
[  3]  1.0- 2.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  2.0- 3.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  0.0- 3.0 sec   386 KBytes  1.05 Mbits/sec
[  3] Sent 269 datagrams
 
On VM3, I did not join the Multicast Group and use tcpdump to dump packet:
[root@VM3 ~]# netstat -g -n
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
eth0            1      224.0.0.1
[root@VM3 ~]# tcpdump -i eth0 host 224.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
04:45:59.213678 IP 10.224.159.146.54457 > 224.1.1.1.commplex-link: UDP, length 1470
04:45:59.224902 IP 10.224.159.146.54457 > 224.1.1.1.commplex-link: UDP, length 1470
04:45:59.236114 IP 10.224.159.146.54457 > 224.1.1.1.commplex-link: UDP, length 1470
04:45:59.247387 IP 10.224.159.146.54457 > 224.1.1.1.commplex-link: UDP, length 1470
04:45:59.258611 IP 10.224.159.146.54457 > 224.1.1.1.commplex-link: UDP, length 1470
04:45:59.269744 IP 10.224.159.146.54457 > 224.1.1.1.commplex-link: UDP, length 1470
04:45:59.281011 IP 10.224.159.146.54457 > 224.1.1.1.commplex-link: UDP, length 1470
...
 
On VM4, I did not join the Multicast Group and use tcpdump to dump packet:
[root@VM4 ~]# netstat -g -n
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
eth0            1      224.0.0.1
[root@VM4 ~]# tcpdump -i eth0 host 224.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

We can see that VM2 and VM3 are in the same Vlan and on the same compute node. They are connected with Openvswitch.Openvswitch do not support Multicast snooping. So it will broadcast all the Multicast packets. So Even VM3 did not join the multicast group, it can also receive the Multicast packets.And at the same time, We can see VM4 did not receive the Multicast packet because VM4 is on another Compute node. The two compute nodes are connected to a physical switch. And the physical Switch support igmp snooping and it will not broadcast the multicast packet to other compute nodes.
  
Case #2:
VM2 send multicast packet. VM4 join the Multicast Group to see if it can receive Multicast packets.
Result and Log:

On VM2 I send multicast packet:
[root@VM2 ~]# iperf -c 224.1.1.1 -u -T 32 -t 3 -i 1
------------------------------------------------------------
Client connecting to 224.1.1.1, UDP port 5001
Sending 1470 byte datagrams
Setting multicast TTL to 32
UDP buffer size:  224 KByte (default)
------------------------------------------------------------
[  3] local 10.224.159.146 port 35844 connected with 224.1.1.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   129 KBytes  1.06 Mbits/sec
[  3]  1.0- 2.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  2.0- 3.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  0.0- 3.0 sec   386 KBytes  1.05 Mbits/sec
[  3] Sent 269 datagrams
 
On VM4 I receive multicast packet:
[root@VM4 ~]# iperf -s -u -B 224.1.1.1 -i 1
------------------------------------------------------------
Server listening on UDP port 5001
Binding to local address 224.1.1.1
Joining multicast group  224.1.1.1
Receiving 1470 byte datagrams
UDP buffer size:  224 KByte (default)
------------------------------------------------------------
[  3] local 224.1.1.1 port 5001 connected with 10.224.159.146 port 35844
[ ID] Interval       Transfer     Bandwidth        Jitter   Lost/Total Datagrams
[  3]  0.0- 1.0 sec   128 KBytes  1.05 Mbits/sec   0.027 ms    0/   89 (0%)
[  3]  1.0- 2.0 sec   128 KBytes  1.05 Mbits/sec   0.026 ms    0/   89 (0%)
[  3]  2.0- 3.0 sec   128 KBytes  1.05 Mbits/sec   0.018 ms    0/   89 (0%)
[  3]  0.0- 3.0 sec   386 KBytes  1.05 Mbits/sec   0.019 ms    0/  269 (0%)
 
[root@VM4 ~]# netstat -n -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
eth0            1      224.1.1.1
eth0            1      224.0.0.1

We can see that VM2 and VM4 are in the same Vlan and on different compute nodes. After VM4 join the Multicast Group, VM2 send the packets and VM4 can receive the multicast packets.
  
VMs in different Vlan and use external Router
Case #3:
VM1 send Multicast packet. VM2 and VM4 do not join the Multicast Group, tcpdump to see if they can receive Multicast packets.
Multicast packet flow from VM1 to VM2 is VM1 -> OVS -> Phy Switch -> Phy Router -> Phy Switch -> OVS -> VM2, as following：



Multicast packet flow from VM1 to VM4 is VM1 -> OVS -> Phy Switch -> Phy Router -> Phy Switch -> OVS -> VM4, as following：



Result and Log:

[root@VM1 ~]# iperf -c 224.1.1.1 -u -T 32 -t 3 -i 1
------------------------------------------------------------
Client connecting to 224.1.1.1, UDP port 5001
Sending 1470 byte datagrams
Setting multicast TTL to 32
UDP buffer size:  224 KByte (default)
------------------------------------------------------------
[  3] local 10.224.148.94 port 60820 connected with 224.1.1.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   129 KBytes  1.06 Mbits/sec
[  3]  1.0- 2.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  2.0- 3.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  0.0- 3.0 sec   386 KBytes  1.05 Mbits/sec
[  3] Sent 269 datagrams
 
[root@VM2 ~]# netstat -n -g
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
eth0            1      224.0.0.1
[root@VM2 ~]# tcpdump -i eth0 host 224.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
 
 
[root@VM4 ~]# netstat -g -n
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
eth0            1      224.0.0.1
[root@VM4 ~]# tcpdump -i eth0 host 224.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

Case #4:
VM1 send Multicast packet. VM2 join the Multicast Group to see if it can receive Multicast packets.
Result and Log:

[root@VM1 ~]# iperf -c 224.1.1.1 -u -T 32 -t 3 -i 1
------------------------------------------------------------
Client connecting to 224.1.1.1, UDP port 5001
Sending 1470 byte datagrams
Setting multicast TTL to 32
UDP buffer size:  224 KByte (default)
------------------------------------------------------------
[  3] local 10.224.148.94 port 41301 connected with 224.1.1.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec   129 KBytes  1.06 Mbits/sec
[  3]  1.0- 2.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  2.0- 3.0 sec   128 KBytes  1.05 Mbits/sec
[  3]  0.0- 3.0 sec   386 KBytes  1.05 Mbits/sec
[  3] Sent 269 datagrams
 
[root@VM2 ~]# iperf -s -u -B 224.1.1.1 -i 1
------------------------------------------------------------
Server listening on UDP port 5001
Binding to local address 224.1.1.1
Joining multicast group  224.1.1.1
Receiving 1470 byte datagrams
UDP buffer size:  224 KByte (default)
------------------------------------------------------------
[  3] local 224.1.1.1 port 5001 connected with 10.224.148.94 port 41301
[ ID] Interval       Transfer     Bandwidth        Jitter   Lost/Total Datagrams
[  3]  0.0- 1.0 sec   128 KBytes  1.05 Mbits/sec   0.029 ms    0/   89 (0%)
[  3]  1.0- 2.0 sec   128 KBytes  1.05 Mbits/sec   0.031 ms    0/   89 (0%)
[  3]  2.0- 3.0 sec   128 KBytes  1.05 Mbits/sec   0.025 ms    0/   89 (0%)
[  3]  0.0- 3.0 sec   386 KBytes  1.05 Mbits/sec   0.025 ms    0/  269 (0%)
 
[root@VM2 ~]# netstat -g -n
IPv6/IPv4 Group Memberships
Interface       RefCnt Group
--------------- ------ ---------------------
lo              1      224.0.0.1
eth0            1      224.1.1.1
eth0            1      224.0.0.1

Conclusion:
1. Openvswitch do not support IGMP snooping, and if the VM on one compute node send multicast packets, all the VM on the same compute and in the same Vlan will receive the multicast packets. This may have some performance loss here. As I know, Cisco N1K can support IGMP snooping. If we use N1K can get better performance here.
2. If VMs use External Router, we need config the External Router to support IGMP, and in this situation the Multicast can work well in Openstack. If you use neutron-l3-agent, it will use iptables + namespace to simulate Virtual Router, it does not support Multicast now.
 

[root@x86compute01 ~]# sysctl net.ipv4.conf.brq07e0cfa1-17.mc_forwarding=1
sysctl: setting key "net.ipv4.conf.brq07e0cfa1-17.mc_forwarding": 没有那个文件或目录
[root@x86compute01 ~]# ls -ln /proc/sys/net/ipv4/conf/all/mc_forwarding
-r--r--r-- 1 0 0 0 7月  27 20:58 /proc/sys/net/ipv4/conf/all/mc_forwarding
[root@x86compute01 ~]# sysctl -w net.ipv4.conf.all.mc_forwarding = 1
sysctl: "net.ipv4.conf.all.mc_forwarding" must be of the form name=value
sysctl: malformed setting "="
sysctl: "1" must be of the form name=value
[root@x86compute01 ~]# sysctl -w net.ipv4.conf.all.mc_forwarding=1
sysctl: setting key "net.ipv4.conf.all.mc_forwarding": 没有那个文件或目录
[root@x86compute01 ~]# cat /proc/sys/net/ipv4/conf/all/mc_forwarding
0
[root@x86compute01 ~]# echo '1' /proc/sys/net/ipv4/conf/all/mc_forwarding
1 /proc/sys/net/ipv4/conf/all/mc_forwarding
[root@x86compute01 ~]# cat /proc/sys/net/ipv4/conf/all/mc_forwarding
0
[root@x86compute01 ~]# echo '1' > /proc/sys/net/ipv4/conf/all/mc_forwarding
-bash: /proc/sys/net/ipv4/conf/all/mc_forwarding: 权限不够
[root@x86compute01 ~]# cat /boot/config-3.10.0-862.1.ky4.x86_64 | egrep 'CONFIG_IP_MULTICAST|CONFIG_NET_IPIP|CONFIG_IP_MROUTE'
CONFIG_IP_MULTICAST=y
CONFIG_NET_IPIP=m
CONFIG_IP_MROUTE=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
[root@x86compute01 ~]#