From 3ed8a3d28d53d7e619f273357856aad90b7cd2fd Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" Date: Sat, 16 Nov 2024 19:18:53 +0100 Subject: [PATCH] pm: NM >= 1.40 set the endpoints by default It is important to know that, not to have NM and mptcpd configuring the endpoints. Also, in most cases, it might not be needed to configure these endpoints if NM or mptcpd does the job for the user. While at it, mention that the in-kernel PM is the default one, and add a note about `rp_filter`, the same as the one mentioned in NM's release notes. Link: https://networkmanager.dev/blog/networkmanager-1-40/#mptcp-support Signed-off-by: Matthieu Baerts (NGI0) --- pm.md | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/pm.md b/pm.md index 5bd7e0b..e656082 100644 --- a/pm.md +++ b/pm.md @@ -31,21 +31,36 @@ As of Linux v5.19, there are two path managers controlled by the netns-aware ## In-kernel Path-Manager -With the In-kernel Path-Manager, the same rules are applied to all connections. -Address endpoints and limits can be set to control its behavior. +With the (default) in-kernel Path-Manager, the same rules are applied to all +connections. Address endpoints and limits can be set to control its behavior. ### Configuration This configuration can be automated with tools like -[Network Manager](https://networkmanager.dev) -- in command lines, look for -`mptcp-flags` in the [settings](https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html) -- -and [mptcpd](https://mptcpd.mptcp.dev). Here, the focus is on the manual +[NetworkManager](https://networkmanager.dev) and +[`mptcpd`](https://mptcpd.mptcp.dev). Here below, the focus is on the manual configuration, using the `ip mptcp` command. Please check the manual for more details: [`man ip-mptcp`](https://man7.org/linux/man-pages/man8/ip-mptcp.8.html). +#### Automatic configuration + +{: .info } +NetworkManager 1.40 or newer automatically configures MPTCP endpoints with +the `subflow` flag ("client" mode) by default +([source](https://networkmanager.dev/blog/networkmanager-1-40/#mptcp-support)), +similar to what `mptcpd` does by default. **The manual configuration might then +not be needed**. + +To change this behavior, with NetworkManager, look for the +`connection.mptcp-flags` option in the +[settings](https://networkmanager.dev/docs/api/latest/nm-settings-nmcli.html#nm-settings-nmcli.property.connection.mptcp-flags), +while for `mptcpd`, look at the `/etc/mptcpd/mptcpd.conf` config file, or +disable the service if it is not needed. Make sure not to have both +NetworkManager and `mptcpd` conflicting to configure the MPTCP endpoints. + #### Endpoints -MPTCP endpoints can be configured with this command: +MPTCP endpoints can be manually configured with this command: ```sh ip mptcp endpoint add dev [ signal | subflow ] [ backup ] [ fullmesh ] @@ -177,3 +192,15 @@ done on the userspace daemon side. `mptcpd` can help to create custom userspace Path-Managers: please check this [Plugins](https://github.com/multipath-tcp/mptcpd/wiki/Plugins) page for more details about that. + +## Notes + +Be aware that a strict `rp_filter` breaks MPTCP use-cases. So if MPTCP handling +on an interface is enabled, it is recommended to relax a strict setting (`1`) to +loose reverse path filtering (`2`): + +```bash +sysctl -w net.ipv4.conf..rp_filter=2 +``` + +That's something NetworkManager 1.40 or newer does automatically.