Client-Originated PIM Register beacon (implementation for RFC-22)#3959
Open
ben-malbeclabs wants to merge 13 commits into
Open
Client-Originated PIM Register beacon (implementation for RFC-22)#3959ben-malbeclabs wants to merge 13 commits into
ben-malbeclabs wants to merge 13 commits into
Conversation
Implements RegisterSender: periodic PIM Register message sender that beacons publisher groups to the RP so the RP can originate the source into MSDP. Includes mock-based unit test exercising sendRegister directly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…cksum test Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Export heartbeat.HeartbeatPayload (was unexported heartbeatPayload) - Add RegisterWriter interface to services/base.go - Wire register field into MulticastService: ctor param, Setup start, Teardown close, UpdateGroups update - Add mockRegister + TestMulticastSetupStartsRegisterForPublisher; remove manager import from test file to avoid arity breakage in Task 5 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…anager Thread services.RegisterWriter through CreateService (new final param), NetlinkManager struct + NewNetlinkManager (after heartbeat), and the internal provisionLocked call site. Construct pim.NewRegisterSender() in runtime/run.go and pass it through NewNetlinkManager. Update all test call sites (reconciler_test.go, http_test.go) with mock implementations. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add `permit pim any host 10.0.0.0` to SEC-USER-PUB-MCAST-IN before the final deny, so unicast PIM Register packets sent by the client to the RP (10.0.0.0) are not dropped at the inbound tunnel ACL. The belt-and- suspenders `pim ipv4 border-router` and SEC-USER-SUB-MCAST-IN are unchanged.
…pub groups Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…RpAddress defaults The reconciler path called buildProvisionRequest which constructed an api.ProvisionRequest without calling Validate(). This left MulticastRpAddress as nil. When the multicast service then called register.Start with that nil rp, sendRegister built an ipv4.Header with a nil Dst and WriteTo failed with "missing address". The HTTP provisioning path was unaffected because ServeProvision calls Validate() explicitly (internal/manager/http.go:66). Fix: build the request into a local var in buildProvisionRequest and call Validate() before returning, mirroring what the HTTP path does. Validate() defaults nil MulticastRpAddress to 10.0.0.0. Regression test TestReconcile_ProvisionMulticast_DefaultsRpAddress exercises a publisher user through the reconciler and asserts that both ProvisionRequest.MulticastRpAddress and the rp arg passed to mockRegisterSender.Start equal net.IPv4(10,0,0,0). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The Task 4 rename heartbeatPayload -> HeartbeatPayload missed the test file references, tripping go-lint typecheck on CI. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Fix mockRawConn method alignment flagged by go-lint (gofmt). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The controller now renders `permit pim any host 10.0.0.0` in the device-global SEC-USER-PUB-MCAST-IN ACL (RFC-22), so every e2e agent config fixture that includes that ACL needs the line. Updates the multicast, ibrl, and ibrl_with_allocated_addr fixtures to match. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Client-Originated PIM Register beacon (implementation for RFC-22)
Implementation for RFC-22 (PR #3951). On a dual-role (publisher+subscriber) multicast tunnel, the subscriber-side PIM neighbor suppresses the device's
pim border-routersource injection, so the device never originates the MSDP SA for the published source and it goes dark to the rest of the anycast-RP mesh. This change hasdoublezerodoriginate a periodic PIM Register (a "beacon") for its published sources, so the device — receiving a Register — originates the SA regardless of border-router suppression.Changes
pim: PIM Register message serialization + aRegisterSenderbeacon (periodic, no inbound Register-Stop path; checksum over the first 8 bytes per RFC 7761 §4.9.1; egress pinned to the tunnel viaControlMessage.IfIndexso no10.0.0.0route is installed).api:MulticastRpAddressonProvisionRequest(default10.0.0.0).services: start the beacon for publishers only.manager/runtime: wire it through; the reconciler validates the built request so the RP defaults (see the bug note below).controller:permit pim any host 10.0.0.0on publisher tunnels'SEC-USER-PUB-MCAST-INACL so the client Register reaches the RP;pim ipv4 border-routerretained as a backstop.How it works
The client encapsulates its existing heartbeat into a PIM Register and unicasts it to the RP over the GRE tunnel. The device, as the anycast RP, learns the source via the Register (
Cflag), sets the "may notify MSDP" (N) flag, and originates the SA — the exact step border-router can't do when a PIM neighbor is present.Verification
Unit tests
All client suites (
pim,api,services,manager) and the controller golden suite pass (run in a Linux container; the client is Linux-only).A bug the e2e caught (and this PR fixes)
End-to-end testing surfaced that the reconciler path (
buildProvisionRequest) never calledValidate(), so in productionMulticastRpAddresswasnil→ the Register failed with "missing address" and was never sent (the unit tests validated manually and missed it). Fixed by validating the reconciler-built request, with a regression test (TestReconcile_ProvisionMulticast_DefaultsRpAddress) that drives the real reconcile path and asserts the RP reaching the register is10.0.0.0.End-to-end on real cEOS — the Register on the wire
Captured on the client underlay (
eth0),eth0-gre-run2.pcapframe 242 shows the complete protocol stack from RFC-22: a GRE-encapsulated PIM Register to the RP, encapsulating the original heartbeat datagram.Protocol stack:
eth:ethertype:ip:gre:ip:pim:ip:udp:data— exactly the RFC-22 packet diagram.End-to-end on real cEOS: the MSDP SA flood to a second RP
A two-device run (dz1 + dz2, both anycast RP 10.0.0.0) proves the SA propagates end to end. dz1 originates the source from the client Register, then floods it to dz2.
dz1 (the RP that receives the Register),
show ip mroute:C= learned from a DR via a register,N= may notify MSDP. Before this change, with border-router suppressed on a dual-role tunnel, the entry never carriedNand nothing was originated.dz2 (the remote anycast RP),
show ip msdp sa-cache:dz2's
show ip mroutecarries flagsMPE(M= learned via MSDP) and the MSDP session shows SA Count 1. That is the full chain: client Register, dz1 setsNand originates the SA, MSDP floods it, dz2 installs it.cEOS constraints (checks that are real-hardware only)
permit pim any host 10.0.0.0entry renders correctly in the ACL, butip access-group SEC-USER-PUB-MCAST-IN inon a tunnel returns "not supported on this hardware platform" in the emulator. That is exactly why the template guards the binding behindNoHardware. The per-entry hit-counter check for the Register permit can only run on real hardware.e2e/docs/CEOS_MULTICAST_LIMITATION.md). The SA flood proven here is control-plane and works regardless.Backward compatibility
Belt-and-suspenders:
pim ivp4 border-routerstays as a backstop, and the ACL permit is additive — every old/new client × old/new device combination is safe (see RFC-22 §Backward Compatibility). No smart-contract change. New optionalmcast_rp_addressprovision field defaults to10.0.0.0.🤖 Generated with Claude Code