IGMPproxy behaviour with VLAN, no IGMP reports are received

mirtouf · November 24, 2019, 7:28pm

Hi folks,

I am trying to make IGMPproxy working with my ISP (Bouygues Telecom) in order to be able to received multicast streams.
Here are the input data:

all the traffic if coming from VLAN 100
IGMP reports are coming from 0.0.0.0.0 address
MC streams are coming from prefixes 89.86.96.0/24,89.86.97.0/24,193.251.97.0/24
protocol is UDP
source ports are 8200 & 49152
802.1p is applied to streams and IGMP reports v2 (no v3 has been seen)

Here is the behaviour I’m noticing:

Last MC stream watched is accessible but after 5 minutes it is shutting down as no reports are received from 0.0.0.0 (a change of stream allows to resume the previous stream)
Reports are sent
This behaviour is reproducible with GNU/Linux OSes, PfSense/OPNSense and ubnt routers

A dirty workaround I found on PfSense is to shutdown IGMPproxy, start PIMd with a crappy configuration excepts for interfaces and prefixes, kill it and then start again IGMPproxy with the same configuration. Configuration used for PIMd is:

phyint igb0.100 enable igmpv2 altnet 193.251.97.0/24 89.86.97.0/24 176.165.8.0/24 89.86.96.0/24
phyint igb1 enable igmpv2 altnet 192.168.1.0/24

igmp-query-interval 12
igmp-querier-timeout 42

spt-threshold packets 0 interval 5

My RB750gr3 configuration is this one:

# nov/21/2019 00:48:13 by RouterOS 6.45.7
# software id = M5BD-SC37
#
# model = RB750Gr3
# serial number = 8AFF09DE5CD5

/interface bridge
add admin-mac=B8:69:F4:6D:AE:EB auto-mac=no comment=defconf fast-forward=no igmp-snooping=yes multicast-querier=yes name=bridge protocol-mode=none

/interface ethernet
set [ find default-name=ether1 ] comment="Fibre WAN" mac-address=xx:xx:xx:xx:xx:xx

/interface vlan
add interface=ether1 name=Fibre_ByTel_vl100 vlan-id=100

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip dhcp-client option
add code=60 name=vendorid value=0x42594754454c494144

/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool_lan ranges=192.168.88.10-192.168.88.254

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5

/ip neighbor discovery-settings
set discover-interface-list=LAN

/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN

/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

/ip dhcp-client
add dhcp-options=vendorid,hostname,clientid disabled=no interface=Fibre_ByTel_vl100

/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 name=router.lan

/ip firewall address-list
add address=212.195.48.0/24 list=VODReplay
add address=212.195.244.0/24 list=VODReplay
add address=62.34.201.0/24 list=VODReplay
add address=194.158.119.0/24 list=VODReplay
add address=195.36.152.0/24 list=VODReplay
add address=192.168.88.0/24 list=MyNetwork
add address=193.251.97.0/24 list=TV
add address=89.86.97.0/24 list=TV
add address=89.86.96.0/24 list=TV

/ip firewall filter
add action=accept chain=output comment=Output
add action=accept chain=input comment="--- Accept IGMP for IPTV Multicast" log=yes protocol=igmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=1d chain=input comment="Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=tarpit chain=input comment="Drop to syn flood list" protocol=tcp src-address-list=Syn_Flooder
add action=tarpit chain=input comment="Drop to port scan list" protocol=tcp src-address-list=Port_Scanner
add action=accept chain=input comment="--- Accept IP Flow for IGMP Proxy" dst-address=224.0.0.0/4 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=TV src-port=8200,49152
add action=accept chain=input comment="--- Accept Established / Related" connection-state=established,related in-interface=Fibre_ByTel_vl100
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="--- Deny All / Drop -- INPUT" src-address-list=!MyNetwork
add action=fasttrack-connection chain=forward comment="--- FastTrack Forwarding Established / Related" connection-state=established,related
add action=accept chain=forward comment="--- Accept Established / Related" connection-state=established,related
add action=accept chain=forward comment="--- Accept IP flow for VOD" dst-port=20000-30000 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=VODReplay
add action=accept chain=forward comment="--- Accept Outgoing Client Traffic Out to Internet"
add action=drop chain=forward comment="--- Deny All / Drop -- FORWARD"

/ip firewall nat
add action=masquerade chain=srcnat out-interface=Fibre_ByTel_vl100 src-address-list=MyNetwork
add action=dst-nat chain=dstnat dst-port=20000-30000 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=VODReplay to-addresses=192.168.88.253

/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote

/ip traffic-flow
set enabled=yes

/ip upnp
set enabled=yes

/routing igmp-proxy
set query-response-interval=15s

/routing igmp-proxy interface
add alternative-subnets=192.168.88.0/24 interface=bridge
add alternative-subnets=89.86.96.0/24,89.86.97.0/24,193.251.97.0/24 interface=Fibre_ByTel_vl100 upstream=yes

/snmp
set enabled=yes

/system clock
set time-zone-name=Europe/Paris

/system logging
add topics=igmp-proxy

/system ntp client
set enabled=yes

/tool mac-server
set allowed-interface-list=LAN

/tool mac-server mac-winbox
set allowed-interface-list=LAN

Do you have any hints why this failing ?
Cheers,

PS: formatting is not so good.

mirtouf · November 30, 2019, 12:20pm

When it works for 5 minutes:

/interface bridge mdb print 
GROUP                             VID PORTS                             BRIDGE                                                                                                   
232.0.64.201                         ether5                                  bridge                                                                                                   
239.255.3.22                         ether5                                  bridge                                                                                                   
239.255.255.250                   ether5                                  bridge                                                                                                   
ff02::c                                    ether5                                  bridge                                                                                                   
ff02::fb                                   ether5                                  bridge                                                                                                   
ff02::1:ffb9:fd97                     ether5                                  bridge                                                                                                   
ff02::1:ffd6:91e2                    ether2                                  bridge

.

12:46:26 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:26 igmp-proxy,debug sending IGMP query to 232.0.64.202 on bridge 
12:46:26 igmp-proxy,debug leaving multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:46:26 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.203 on bridge 
12:46:26 igmp-proxy,debug joining multicast group 232.0.64.203 on Fibre_ByTel_vl100 
12:46:26 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:26 igmp-proxy,debug   source=176.133.29.231 
12:46:26 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:26 igmp-proxy,debug ignoring request from myself: 
12:46:26 igmp-proxy,debug   source=176.133.29.231 
12:46:26 igmp-proxy,debug   destination=232.0.64.203 
12:46:26 igmp-proxy,debug received notification: 
12:46:26 igmp-proxy,debug   source=89.86.97.6 
12:46:26 igmp-proxy,debug   destination=232.0.64.203 
12:46:26 igmp-proxy,debug adding  multicast forwarding entry 
12:46:26 igmp-proxy,debug group: 232.0.64.203 
12:46:26 igmp-proxy,debug source: 89.86.97.6 
12:46:29 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:29 igmp-proxy,debug sending IGMP query to 232.0.64.203 on bridge 
12:46:29 igmp-proxy,debug leaving multicast group 232.0.64.203 on Fibre_ByTel_vl100 
12:46:29 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.202 on bridge 
12:46:29 igmp-proxy,debug joining multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:46:29 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:29 igmp-proxy,debug   source=176.133.29.231 
12:46:29 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:29 igmp-proxy,debug ignoring request from myself: 
12:46:29 igmp-proxy,debug   source=176.133.29.231 
12:46:29 igmp-proxy,debug   destination=232.0.64.202 
12:46:31 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:31 igmp-proxy,debug sending IGMP query to 232.0.64.202 on bridge 
12:46:31 igmp-proxy,debug leaving multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:46:31 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.201 on bridge 
12:46:31 igmp-proxy,debug joining multicast group 232.0.64.201 on Fibre_ByTel_vl100 
12:46:31 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:31 igmp-proxy,debug   source=176.133.29.231 
12:46:31 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:31 igmp-proxy,debug ignoring request from myself: 
12:46:31 igmp-proxy,debug   source=176.133.29.231 
12:46:31 igmp-proxy,debug   destination=232.0.64.201 
12:46:31 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:31 igmp-proxy,debug   source=176.133.29.231 
12:46:31 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:32 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.201 on bridge 
12:46:36 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:36 igmp-proxy,debug   source=176.133.29.231 
12:46:36 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:36 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.201 on bridge 
12:46:40 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:40 igmp-proxy,debug sending IGMP query to 232.0.64.201 on bridge 
12:46:40 igmp-proxy,debug leaving multicast group 232.0.64.201 on Fibre_ByTel_vl100 
12:46:44 igmp-proxy,debug removing  multicast forwarding entry 
12:46:44 igmp-proxy,debug group: 232.0.64.203 
12:46:44 igmp-proxy,debug source: 89.86.97.6 
12:46:46 igmp-proxy,debug removing  multicast forwarding entry 
12:46:46 igmp-proxy,debug group: 232.0.64.202 
12:46:46 igmp-proxy,debug source: 89.86.97.6 
12:47:02 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.202 on bridge 
12:47:02 igmp-proxy,debug joining multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:47:02 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:47:02 igmp-proxy,debug   source=176.133.29.231 
12:47:02 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:47:02 igmp-proxy,debug ignoring request from myself: 
12:47:02 igmp-proxy,debug   source=176.133.29.231 
12:47:02 igmp-proxy,debug   destination=232.0.64.202 
12:47:02 igmp-proxy,debug received notification: 
12:47:02 igmp-proxy,debug   source=89.86.97.6 
12:47:02 igmp-proxy,debug   destination=232.0.64.202 
12:47:02 igmp-proxy,debug adding  multicast forwarding entry 
12:47:02 igmp-proxy,debug group: 232.0.64.202 
12:47:02 igmp-proxy,debug source: 89.86.97.6 
12:47:05 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:47:05 igmp-proxy,debug   source=176.133.29.231 
12:47:05 igmp-proxy,debug   interface=Fibre_ByTel_vl100

And when it doesn’t work:

13:19:37 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
13:19:37 igmp-proxy,debug sending IGMP query to 232.0.64.201 on bridge 
13:19:37 igmp-proxy,debug leaving multicast group 232.0.64.201 on Fibre_ByTel_vl100 
13:19:38 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.205 on bridge 
13:19:38 igmp-proxy,debug joining multicast group 232.0.64.205 on Fibre_ByTel_vl100 
13:19:43 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.205 on bridge 
13:19:47 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
13:19:47 igmp-proxy,debug sending IGMP query to 232.0.64.205 on bridge 
13:19:47 igmp-proxy,debug leaving multicast group 232.0.64.205 on Fibre_ByTel_vl100 
13:19:52 igmp-proxy,debug removing  multicast forwarding entry 
13:19:52 igmp-proxy,debug group: 232.0.64.201 
13:19:52 igmp-proxy,debug source: 89.86.97.6

mirtouf · November 30, 2019, 12:46pm

When capturing:

I see IGMPv2 reports from the LAN side but IGMPv3 at the WAN side. This is not what is expected.

I should have this on WAN side, IGMPv2 reports (note the 0.0.0.0 source address):