Skip to content

activator/client/controller: use DzPrefixFirstIP as multicast tunnel endpoint#2884

Closed
martinsander00 wants to merge 1 commit intomainfrom
ms/522
Closed

activator/client/controller: use DzPrefixFirstIP as multicast tunnel endpoint#2884
martinsander00 wants to merge 1 commit intomainfrom
ms/522

Conversation

@martinsander00
Copy link
Copy Markdown
Contributor

@martinsander00 martinsander00 commented Feb 9, 2026
edited
Loading

Resolves: malbeclabs/infra#522

Summary

  • Multicast tunnels now use the device's DZ prefix first IP (network address of dz_prefixes[0]) as both tunnel source (device side) and tunnel destination (client side), instead of the device's public IP — enabling simultaneous IBRL and multicast tunnels on the same device with unique GRE (src, dst) pairs
  • Client sets multicast tunnel_endpoint to DzPrefixFirstIP; when IBRL already exists, multicast reuses the same device instead of excluding it
  • Activator validates DzPrefixFirstIP as a valid tunnel endpoint and explicitly reserves the network address of each dz_prefix block so it cannot be allocated as a user dz_ip
  • E2E infrastructure configures DzPrefixFirstIP as a secondary IP on device Ethernet1; single-client tests now verify same-device IBRL+multicast coexistence

Backward Compatibility

  • Standalone multicast (no IBRL) with DzPrefixFirstIP available: uses DzPrefixFirstIP
  • Standalone multicast on old devices without dz_prefixes: falls back to PublicIP
  • Controller logic unchanged — already uses user.TunnelEndpoint when set, falling back to PublicIP

Testing Verification

  • Activator unit tests (55 pass): test_is_valid_tunnel_endpoint_matches_dz_prefix, test_dz_prefix_first_ip_reserved_at_init, updated IP count expectations for reservation
  • Client unit tests (62 pass): multicast tests updated for same-device behavior with DzPrefixFirstIP, IBRL+multicast coexistence on same device
  • Controller unit tests (6 pass): multicast_uses_dz_prefix_first_ip_as_tunnel_source verifying UnderlaySrcIP matches DzPrefixFirstIP
  • E2E: TestE2E_Multicast, TestE2E_IBRL_Multicast_Coexistence, TestE2E_MultiTunnel_SameDevice
## Devnet Verification (chi-dn-dzd1 + chi-dn-bm2)                                                                                                                                            
                                                                                                                                                                                               
  ### Device onchain state                                                                                                                                                                     
  $ doublezero device list   
   code        | public_ip | dz_prefixes
   chi-dn-dzd1 | 100.0.0.1 | 198.18.0.0/24

  ### Client: both tunnels up on same device
  $ doublezero status
   Tunnel Status  | Tunnel Name | Tunnel Src      | Tunnel Dst | User Type | Current Device
   BGP Session Up | doublezero0 | 137.174.145.145 | 100.0.0.1  | IBRL      | chi-dn-dzd1
   BGP Session Up | doublezero1 | 137.174.145.145 | 198.18.0.0 | Multicast | chi-dn-dzd1

  ### Device: distinct GRE (src, dst) pairs — no demux collision
  chi-dn-dzd1# show running-config section Tunnel50
  interface Tunnel501
     description USER-MCAST-501
     tunnel source 198.18.0.0        ← DzPrefixFirstIP
     tunnel destination 137.174.145.145

  interface Tunnel502
     description USER-UCAST-502
     tunnel source 100.0.0.1         ← public_ip
     tunnel destination 137.174.145.145

  ### PIM adjacency established over multicast tunnel
  chi-dn-dzd1# show ip pim neighbor
  Neighbor Address  Interface     Uptime
  169.254.0.1       Tunnel501     00:08:10

@martinsander00 martinsander00 force-pushed the ms/522 branch 3 times, most recently from bead9fd to a9440b9 Compare February 9, 2026 23:10
@martinsander00 martinsander00 self-assigned this Feb 9, 2026
@martinsander00 martinsander00 force-pushed the ms/522 branch 12 times, most recently from b6a4071 to 2b748b3 Compare February 13, 2026 07:17
@martinsander00 martinsander00 changed the title controller: use dz_prefix first IP as multicast tunnel source activator/client/controller: use DzPrefixFirstIP as multicast tunnel endpoint Feb 13, 2026
@martinsander00
activator/client/controller: use DzPrefixFirstIP as multicast tunnel …
3a9f247 
…endpoint

Multicast tunnels now use the device's DZ prefix first IP (network
address of dz_prefixes[0]) instead of public_ip for both tunnel source
(device side) and tunnel destination (client side). This enables
simultaneous IBRL and multicast tunnels on the same device with unique
GRE (src, dst) pairs, eliminating demux collisions.

- Client: multicast tunnel_endpoint set to DzPrefixFirstIP; when IBRL
  exists, multicast reuses same device instead of excluding it
- Activator: validate DzPrefixFirstIP as tunnel endpoint; reserve
  network address of each dz_prefix so it cannot be allocated as a
  user dz_ip
- Controller: no logic changes needed (already uses user.TunnelEndpoint
  when set); added test coverage
- E2E: DzPrefixFirstIP as secondary IP on Ethernet1; single-client
  tests now verify same-device IBRL+multicast coexistence
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@snormore snormore Awaiting requested review from snormore

@ben-malbeclabs ben-malbeclabs Awaiting requested review from ben-malbeclabs

@packethog packethog Awaiting requested review from packethog

@bgm-malbeclabs bgm-malbeclabs Awaiting requested review from bgm-malbeclabs

Assignees

@martinsander00 martinsander00

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@martinsander00