oracular (8) smcrouted.8.gz

Provided by: smcroute_2.5.7-1_amd64 bug

NAME

     smcrouted — SMCRoute, a static multicast router

SYNOPSIS

     smcrouted [-nNhsv] [-c SEC] [-d SEC] [-e CMD] [-f FILE] [-F FILE] [-i NAME] [-l LVL]
               [-m SEC] [-p USER:GROUP] [-P FILE] [-t ID] [-u FILE]

DESCRIPTION

     smcrouted is a static multicast routing daemon providing fine grained control over the
     multicast forwarding cache (MFC) in the UNIX kernel.  Both IPv4 and IPv6 are fully
     supported.

     smcrouted can be used as an alternative to dynamic multicast daemons like mrouted(8),
     pimd(8) or pim6sd(8) in situations where static multicast routes should be maintained and/or
     no proper IGMP or MLD signaling exists.

     Multicast routes exist in the UNIX kernel only as long as a multicast routing daemon is
     running.  On Linux, multiple multicast routers can run simultaneously using different
     multicast routing tables.  To run smcrouted and, mrouted at the same time, set the former to
     use a routing table other than the default (0).

     smcrouted modifies the kernel routing table and needs either full superuser rights, or
     CAP_NET_ADMIN on Linux.  This also applies to the friendly control tool smcroutectl(8).

   Warning
     Be careful when creating multicast routes.  You can easily flood your networks by
     inadvertently creating routing loops.  Either direct loops listing an inbound interface also
     as an outbound, or indirect loops by going through other routers.

OPTIONS

     The following command line options are available:

     -c SEC  Flush unused dynamic (*,G) multicast routes every SEC seconds.

             This option is intended for systems with topology changes, i.e., when inbound
             multicast may change both interface and source IP address.  E.g. in a setup with at
             least two VRRP routers.  If there is no way of detecting such a topology change this
             option makes sure to periodically flush all dynamically learned multicast routes so
             that traffic may resume.  Flushing of a specific route only occurs if it was unused
             during the last flush interval, i.e. there was no traffic matching it.  This avoids
             toggling between different inbound interfaces if traffic arrives on several
             interfaces simultaneously.  In this case, the first selected inbound interface is
             retained until traffic on it ceases.

             Default is 60 sec, set to 0 to disable.  See also the smcroutectl flush command,
             which can be called manually on topology changes.

     -d SEC  Daemon startup delay.  Delays the probe of interfaces and parsing of the
             configuration file.  Note, the PID file is also not created, since the daemon is not
             ready yet.

             This command line option, although useful in some use-cases, is fragile.  It is
             almost always better to rely on an init or process supervisor that handles
             dependencies properly, like finit(8), which can wait for interfaces to come up and
             files to be created before starting a service.

     -e CMD  Specify external script or command to be called when smcrouted has loaded/reloaded
             all static multicast routes from the configuration file, or when a source-less (ANY)
             rule has been installed.

     -f FILE
             Alternate configuration file, default /etc/smcroute.conf

     -F FILE
             Check configuration file syntax, use -l LEVEL to increase verbosity.  Returns non-
             zero on error.

     -h      Show summary of command line options and exit.

     -i NAME
             Set daemon identity.  Used to create unique PID, IPC socket, and configuration file
             names, as well as set the syslog identity.  E.g., -I foo would make smcrouted look
             for /etc/foo.conf, write its PID to /var/run/foo.pid and create an IPC socket for
             smcroutectl in /var/run/foo.sock.

             For smcroutectl the same option can be used to select the proper smcrouted instance
             to send IPC to.

             This option is required for both daemon and client when running multiple smcrouted
             instances, using multiple routing tables, on Linux.

     -l LEVEL
             Set log level: none, err, notice, info, debug.  Default is notice.

     -m SEC  Modify Multicast Router Discovery (mrdisc) announcement interval.  Default 20 sec.
             This option is only available when smcrouted is built with mrdisc support (Linux,
             and IPv4, only). RFC4286.

     -n      Run daemon in foreground, do not detach from controlling terminal

     -N      By default smcrouted enables multicast routing on all available, and multicast
             capable, interfaces in the system.  These interfaces are enumerated as VIFs, virtual
             interfaces, of which most UNIX systems have a very limited amount, usually 32.  This
             daemon option inverts the behavior so no interfaces are enabled by default.  Useful
             on systems with many interfaces, where multicast routing only makes use of a few.

             The config file setting phyint IFNAME enable is required to enable the required
             interfaces.

     -p USER [:GROUP]
             Drop root privileges to USER:GROUP after start and retain CAP_NET_ADMIN capabilities
             only.  The :GROUP is optional.  This option is only available when smcrouted is
             built with libcap support.

     -P FILE
             Set PID file name, and optionally full path, in case you need to override the
             default identity, or the identity set with -i NAME.  Regardless, setting this option
             overrides all others, but it is recommended to use the ident option instead.

     -s      Let daemon log to syslog, default unless running in foreground.

     -t ID   Set multicast routing table ID.  Remember to also create routing rules directing
             packets to the table.  This example uses routing table ID 123:

             ip mrule add iif eth0 lookup 123
             ip mrule add oif eth0 lookup 123

             Note: Only available on Linux.

     -u FILE
             UNIX domain socket path, used for the IPC between smcrouted and smcroutectl.  Use
             this to override the default socket path, derived from the daemon identity, -i NAME.
             This option can be useful when overriding the identity is not sufficient, e.g. for
             testing.  The default depends on how smcrouted is configured at build time, see
             FILES.

     -v      Show program version and support information.

     The -e CMD option is useful if you want to trigger other processes to start when smcrouted
     has completed installing dynamic multicast routes from (*,G) rules in /etc/smcroute.conf, or
     when a source-less (ANY) route, a.k.a (*,G) multicast rule, from /etc/smcroute.conf.  is
     matched and installed.  For instance, calling conntrack on Linux to flush firewall
     connection tracking when NAT:ing multicast.

     The script CMD is called with an argument reload or install to let the script know if it is
     called on SIGHUP/startup, or when a (*,G) rule is matched and installed.  In the latter case
     smcrouted also sets two environment variables: source, and group.  Beware that these
     environment variables are unconditionally overwritten by smcrouted and can thus not be used
     to pass information to the script from outside of smcrouted.

OPERATION

   Introduction
     When smcrouted starts up it scans for available network interfaces that have the MULTICAST
     flag set.  Provided the -N flag is not set, each interface is enumerated as a virtual
     interface (VIF) which is what the kernel's multicast routing stack uses.  The enumeration
     process on some operating systems also require each interface to have an IP address, but
     Linux and FreeBSD systems only require the ifindex and the MULTICAST flag.  If the interface
     does not yet exist when smcrouted starts, the -d SEC flag can be used to delay startup.
     Otherwise smcrouted needs to be reloaded (e.g., using SIGHUP) when a new interface has been
     added to the system.

     Since VIFs are a limited resource, most operating systems only support 32 in total, the
     administrator may need to declare which interfaces to use for multicast routing using the
     /etc/smcroute.conf phyint directive.  It is recommended to always start smcrouted with the
     -N flag, disabling VIF creation by default, and then selectively enable each of the
     interfaces you are going to route between.  See smcroute.conf(5) for more information.

   Multicast Scoping
     Because multicast inherently is broadcast there is an obvious need to limit.  On a LAN this
     is usually managed automatically by bridges (switches) with built-in multicast snooping
     (IGMP and MLD).  Between LANs there is also the need to scope multicast, often the same
     multicast groups are used for different purposes on different LANs.  This must be managed by
     administrators, at least three options exist:

           TTL scoping
                   The traditional way of "raising walls" between zones.  The outbound interfaces
                   of routers are given a TTL threshold greater than the hop it represents.  The
                   default TTL threshold is 1.  Managing the routers is a lot easier than
                   adjusting the TTL value of each multicast sender.  The only real downside to
                   this is that it scales poorly with the number of routers and it affects all
                   multicast traversing the router's interfaces.

           Administrative scoping (RFC2365)
                   This is one of the current best practices, defining boundaries for sets of
                   multicast groups instead of limiting all multicast (as TTL scoping does).  In
                   the case of smcrouted this is left to the administrator to manage.  See
                   mrouted(8), and mrouted.conf(5), for more details.

           Filtering
                   Some sort of filtering mechanism, e.g., firewall (Linux netfilter) or low-
                   level filter (Linux tc or eBPF) that may even have some hardware offloading
                   support (TCAM).  The firewall is likely the most common since it is also often
                   used to set up SNAT or 1:1 NAT (Linux netmap).

   Multicast Routes
     A multicast route is defined by an input interface IFNAME, the sender's unicast IP address
     SOURCE, which is optional, the multicast group GROUP and a list of, at least one, output
     interface IFNAME [IFNAME ...].

           mroute from eth0                  group 225.1.2.3  to eth1 eth2
           mroute from eth0 source 1.2.3.4   group 225.3.2.1  to eth1 eth2

           mroute from eth0                  group  ff2e::42  to eth1 eth2
           mroute from eth0 source 2001:3::1 group  ff2e::43  to eth1 eth2

     The sender address and multicast group must both be either IPv4 or IPv6 addresses.

     The output interfaces are not needed when removing routes using the smcroutectl remove
     command.  The first three parameters are sufficient to identify the source of the multicast
     route.

     The intended purpose of smcrouted is to aid in situations where dynamic multicast routing
     does not work properly.  However, a dynamic multicast routing protocol is in nearly all
     cases the preferred solution.  The reason for this is their ability to translate Layer-3
     signaling to Layer-2 and vice versa (IGMP or MLD).

     Note: the optional source address multicast routes are not installed in the kernel multicast
     forwarding cache (MFC) by smcrouted.  Instead, it dynamically installs new routes to the
     kernel MFC, matching the group and inbound interface, when the kernel notifies smcrouted
     using "upcalls" called NOCACHE messages.  This feature was grafted onto smcrouted from
     mrouted(8), and may not work as intended in all use-cases.

   Multicast Groups
     smcrouted is capable of simple group join and leave by sending commands to the kernel.  The
     kernel then handles sending Layer-2 IGMP/MLD join and leave frames as needed.  This can be
     used for testing but is also useful sometimes to open up multicast from the sender if
     located on a LAN with switches equipped with IGMP/MLD Snooping.  Such devices will prevent
     forwarding of multicast unless an IGMP/MLD capable router or multicast client is located on
     the same physical port as you run smcrouted on.  However, this feature of smcrouted is only
     intended as a workaround.  Some platforms impose a limit on the maximum number of groups
     that can be joined, some of these systems can be tuned to increase this limit.  For bigger
     installations it is strongly recommended to instead address the root cause, e.g. enable
     multicast router ports on intermediate switches, either statically or by enabling the
     multicast router discovery feature of smcrouted.

     To emulate a multicast client using smcrouted you use the join and leave commands to issue
     join and leave commands for a given multicast group on a given interface IFNAME.  The GROUP
     may be given in an IPv4 or IPv6 address format.

     The command is passed to the daemon that passes it to the kernel. The kernel then tries to
     join the multicast group GROUP on interface IFNAME by starting IGMP, or MLD for IPv6 group
     address, signaling on the given interface.  This signaling may be received by
     routers/switches connected on that network supporting IGMP/MLD multicast signaling and, in
     turn, start forwarding the requested multicast stream eventually reach your desired
     interface.

   Multiple Daemon Instances
     When running multiple smcrouted instances, using the -t ID command line flag, one per
     routing table on Linux, it is required to use the -i NAME option to both daemon and client.
     This because the name of the IPC socket used for communicating is composed from the
     identity.

DEBUGGING

     The most common problem when attempting to route multicast is the TTL.  Always start by
     verifying that the TTL of your multicast stream is not set to 1, because the router
     decrements the TTL of an IP frame before routing it.  Test your setup using ping(8) or
     iperf(1).  Either of which is capable of creating multicast traffic with an adjustable TTL.
     Iperf in particular is useful since it can act both as a multicast source (sender) and a
     multicast sink (receiver).  For more advanced IP multicast testing the mcjoin(1) tool can be
     used.

   Note
     A lot of extra information is sent under the daemon facility and the debug priority to the
     syslog daemon.  Use ‘smcrouted -s -l debug’ to enable.

SIGNALS

     For convenience in sending signals, smcrouted writes its process ID to /var/run/smcroute.pid
     upon startup, unless the -p FILE or -i NAME options are used to change the identity or file
     name used.  The following signals are supported:

     HUP   Tell smcrouted to reload its configuration file and activate the changes.
     INT   Terminates execution gracefully.
     TERM  The same as INT.

FILES

     /etc/smcroute.conf      Optional configuration file for smcrouted.  Defined interfaces to
                             use, groups to join, and routes to set when starting, or reloading
                             smcrouted on SIGHUP.  Like the PID file, the name of the
                             configuration file may be different depending on command line
                             options given to the daemon.  Most notably, -I IDENT defines the
                             full suite of files used by the smcrouted daemon.  See
                             smcroute.conf(5) for details.
     /etc/smcroute.d/*.conf  Optional configuration directory, path defined by convention only,
                             actual configuration directory, or file(s) to include, defined by
                             /etc/smcroute.conf.  See smcroute.conf(5) for details.
     /var/run/smcroute.pid   Default PID file (re)created by smcrouted when it has started up and
                             is ready to receive commands.  See also the -i NAME or -P FILE
                             options which can change the default name.
     /var/run/smcroute.sock  IPC socket created by smcrouted for use by smcroutectl.  Same
                             caveats apply to this file as the previous two, command line options
                             -i NAME and -S FILE to the daemon can be used to change the socket
                             file name.
     /proc/net/ip_mr_cache   Linux specific, holds active IPv4 multicast routes.
     /proc/net/ip_mr_vif     Linux specific, holds the IPv4 virtual interfaces used by the active
                             multicast routing daemon.
     /proc/net/ip6_mr_cache  Linux specific, holds active IPv6 multicast routes.
     /proc/net/ip6_mr_vif    Linux specific, holds the IPv6 virtual interfaces used by the active
                             multicast routing daemon.
     /proc/net/igmp          Linux specific, holds active IGMP ASM (*,G) joins.
     /proc/net/igmp6         Linux specific, holds active MLD ASM (*,G) joins.
     /proc/net/mcfilter      Linux specific, holds active IGMP SSM (S,G) joins.
     /proc/net/mcfilter6     Linux specific, holds active MLD SSM (S,G) joins.
     /proc/sys/net/ipv4/igmp_max_memberships
                             Linux specific tuning of max IGMP ASM (*,G) per socket, default 20.
     /proc/sys/net/ipv4/igmp_max_msf
                             Linux specific tuning of max IGMP SSM (S,G) per socket, default 10.

     BSD systems may consult the netstat(1) tool for stats on virtual multicast interface tables
     and multicast forwarding caches, and VIF/MIF allocation, as well as the ifmcstat(8) tool for
     querying group membership.

EXIT STATUS

     smcrouted leverages BSD sysexits.h exit codes (64-78), which process supervisors like
     systemd(1) and finit(8) understands.  The following table details what codes are used for
     and how to interpret them.

           Status    Symbolic Name    Description
           0         EX_OK            Success
           64        EX_USAGE         Invalid command line option, or missing argument
           69        EX_UNAVAILABLE   Multicast routing socket (or table) already in use
           79        EX_SOFTWARE      Internal error, bug in smcrouted
           71        EX_OSERR         Failed fork(), daemon(), getifaddrs(), malloc(), etc.
           76        EX_PROTOCOL      Kernel does not seem to support multicast routing
           77        EX_NOPERM        Not enough permissions to run
           78        EX_CONFIG        Parse error in configuration file

SEE ALSO

     smcroute.conf(5), smcroutectl(8), mrouted(8), pimd(8), pim6sd(8), ping(8), mcjoin(1),
     iperf(1)

AUTHORS

     SMCRoute was originally created by Carsten Schill <carsten@cschill.de>.  Initial IPv6
     support by Todd Hayton <todd.hayton@gmail.com>.  Initial FreeBSD support by Micha Lenk
     <micha@debian.org>.

     SMCRoute is currently maintained by Joachim Wiberg <troglobit@gmail.com>, and Micha Lenk
     <micha@debian.org> at GitHub: https://github.com/troglobit/smcroute.