Hi to all…
I am using Mikrotik as dhcp server for my network where I have iptv streamer and set-top boxes. Problem is that Mikrotik receive all streams and cpu gets to 100%.
I dont need Mikrotik to do anything with that streams…how can I leave (dont enter any multicast groups)? Or block this traffic?
At first I didnt have multicast packet installed, but now I have installed it, but nothing has changed…
Please help…
thank you…
Ultimately you will need a switch which supports IGMP snooping. Then it won’t send multicast traffic directed towards the port the Mikrotik is plugged into unless its subscribing to the stream. The multicast package seems to just contain items needed for routing multicast traffic (PIM, etc…)
I guess if your sure you don’t want any of the streams to hit the CPU you could use the switch chip features on some devices to filter the multicast traffic.
But I have switch like that. Other devices on that switch are doing fine. They join and leave multicast group as expected.
this is the switch: http://www.tp-link.com/en/products/details/?model=TL-SG2424…
It seems that Mikrotik joins all multicast groups it can lay hands on 
if router does not have multicast package it will not accept multicast packets (unless OSFP is used) Also, it wont subscribe to any IGMP groups outside management groups.
It seems that it was a routeros 5.x bug…
after upgrade to 6.11 it is no longer a issue…
Thank you…
I have the same problem. Router OS is 6.34.4 and does NOT have multicast package installed. Still the same problem.
Does your switch have IGMP snooping enabled?
Does your Mikrotik have IGMP proxy / PIM disabled?
If I get it right IGMP settings should be under routing. There is no IGMP under routing.
Your router must not have the multicast package installed.
Therefore, your problem is that the switch is not doing IGMP snooping.
I did NOT had multicast package installed. However now I’ve upgraded my CCR to 6.36.2 and have IGMP proxy but have no idea what to do with it. Problem still stays the same. I am buying 100Mbps and 60 are going to this multicasting so I am freaking out. Every possible solution is welcomed. 
Since you joined the thread with “I’m having the same problem” - it would be good if you were to clarify.
Describe the situation:
Which interface is receiving the traffic? (wan or lan)
Is the traffic then being sent out the opposite interface?
etc.
In general:
The router won’t receive multicast streams that it is not subscribed to. (unless exception below is true)
The router won’t subscribe to multicast streams unless some host behind it has requested to join the multicast group.
Exception - There is another host on your WAN segment (not your router) which has joined the multicast group and the WAN network your router is connected to does not perform IGMP snooping - meaning that the multicast traffic is converted to broadcast traffic (essentially) and you just happen to be getting a copy of it even though you didn’t request it.
Traffic is received on WAN interface.
Traffic is just on the WAN interface and nowhere else. Even if I remove all clients or shut down my pppoe server multicast traffic is on.
And probably this is what is happening:
Exception - There is another host on your WAN segment (not your router) which has joined the multicast group and the WAN network your router is connected to does not perform IGMP snooping - meaning that the multicast traffic is converted to broadcast traffic (essentially) and you just happen to be getting a copy of it even though you didn’t request it.
There are few other routers on the same WAN, Mikrotik and Cisco. I can see them in my neighbor list.
Is there any way I can block this traffic?
No. The device your router is connected to on its WAN interface must perform the filtering out of unwanted multicast streams.
Well that sucks. I called the ISP I am buying internet from and they told me there is no problem on their side and no multicast traffic is generated. However even it is so, I must solve this problem. What if I make 1G link between the media converter they left and my CCR? That will make again 60Mbps for this crazy unblocable multicast but will it leave my 100 untouched? In my neighbors I can see 4 more routers in the same subnet as I am. What if I block those IPs? I so need solution on this…
It doesn’t matter what you do because by the time you receive a packet - sure you could drop it, but it’s too late to stop it from having crossed your WAN link. It has already crossed your WAN link. Your router is already tossing it out anyway since you don’t have any multicast listeners on the group(s) whose traffic you’re receiving.
If you want to look a little deeper at the stream(s) hitting your router, you could run sniffer, capture to a file on the Mikrotik, and then download the file and open it in Wireshark.
The thing to check would be the source MAC address on each multicast packet.
Is it the same MAC as your default GW’s MAC? If so, then the stream is definitely originating from somewhere behind the ISP’s router.
If it’s some other MAC, then it would seem that one of your neighbors is sending the traffic. You could give that MAC to your ISP and they can go deal with the troublemaker.
This is what I get. All in black is my WAN IP. Is this the address that makes me troubles (40:8d:5c..)? It is under “Src:” on every line.
https://s21.postimg.io/drfy71q05/wtf.png
edit: I can see that same MAC under bridge > hosts on the same WAN interface.
That is the MAC address that is sending the multicast traffic onto your WAN segment.
Now - check the IP > ARP entries to see if this is also your ISP’s router.
Whatever IP is your current default GW, find that IP’s corresponding MAC address in the ARP table.
If it matches, then the stream is coming from the Internet and you’re getting a copy.
If it does not match, then you could possibly run an IP ping sweep on your wan IP range (to get the ARP entries of your neighbors) and then look for the host that has the same MAC - that will be the IP of the sender.
The simple thing to do though is to note the source IP of the stream. If it is in the same IP range as your WAN IP, then it’s one of your neighbors.
Try doing a traceroute to that IP…