Community discussions

MUM Europe 2020
 
mirtouf
just joined
Topic Author
Posts: 3
Joined: Sun Nov 24, 2019 9:12 pm

IGMPproxy behaviour with VLAN, no IGMP reports are received

Sun Nov 24, 2019 9:28 pm

Hi folks,

I am trying to make IGMPproxy working with my ISP (Bouygues Telecom) in order to be able to received multicast streams.
Here are the input data:
- all the traffic if coming from VLAN 100
- IGMP reports are coming from 0.0.0.0.0 address
- MC streams are coming from prefixes 89.86.96.0/24,89.86.97.0/24,193.251.97.0/24
- protocol is UDP
- source ports are 8200 & 49152
- 802.1p is applied to streams and IGMP reports v2 (no v3 has been seen)

Here is the behaviour I'm noticing:
- Last MC stream watched is accessible but after 5 minutes it is shutting down as no reports are received from 0.0.0.0 (a change of stream allows to resume the previous stream)
- Reports are sent
- This behaviour is reproducible with GNU/Linux OSes, PfSense/OPNSense and ubnt routers

A dirty workaround I found on PfSense is to shutdown IGMPproxy, start PIMd with a crappy configuration excepts for interfaces and prefixes, kill it and then start again IGMPproxy with the same configuration. Configuration used for PIMd is:
phyint igb0.100 enable igmpv2 altnet 193.251.97.0/24 89.86.97.0/24 176.165.8.0/24 89.86.96.0/24
phyint igb1 enable igmpv2 altnet 192.168.1.0/24

igmp-query-interval 12
igmp-querier-timeout 42

spt-threshold packets 0 interval 5
My RB750gr3 configuration is this one:
# nov/21/2019 00:48:13 by RouterOS 6.45.7
# software id = M5BD-SC37
#
# model = RB750Gr3
# serial number = 8AFF09DE5CD5

/interface bridge
add admin-mac=B8:69:F4:6D:AE:EB auto-mac=no comment=defconf fast-forward=no igmp-snooping=yes multicast-querier=yes name=bridge protocol-mode=none

/interface ethernet
set [ find default-name=ether1 ] comment="Fibre WAN" mac-address=xx:xx:xx:xx:xx:xx

/interface vlan
add interface=ether1 name=Fibre_ByTel_vl100 vlan-id=100

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip dhcp-client option
add code=60 name=vendorid value=0x42594754454c494144

/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool_lan ranges=192.168.88.10-192.168.88.254

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5

/ip neighbor discovery-settings
set discover-interface-list=LAN

/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN

/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

/ip dhcp-client
add dhcp-options=vendorid,hostname,clientid disabled=no interface=Fibre_ByTel_vl100

/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 name=router.lan

/ip firewall address-list
add address=212.195.48.0/24 list=VODReplay
add address=212.195.244.0/24 list=VODReplay
add address=62.34.201.0/24 list=VODReplay
add address=194.158.119.0/24 list=VODReplay
add address=195.36.152.0/24 list=VODReplay
add address=192.168.88.0/24 list=MyNetwork
add address=193.251.97.0/24 list=TV
add address=89.86.97.0/24 list=TV
add address=89.86.96.0/24 list=TV

/ip firewall filter
add action=accept chain=output comment=Output
add action=accept chain=input comment="--- Accept IGMP for IPTV Multicast" log=yes protocol=igmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=1d chain=input comment="Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=tarpit chain=input comment="Drop to syn flood list" protocol=tcp src-address-list=Syn_Flooder
add action=tarpit chain=input comment="Drop to port scan list" protocol=tcp src-address-list=Port_Scanner
add action=accept chain=input comment="--- Accept IP Flow for IGMP Proxy" dst-address=224.0.0.0/4 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=TV src-port=8200,49152
add action=accept chain=input comment="--- Accept Established / Related" connection-state=established,related in-interface=Fibre_ByTel_vl100
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="--- Deny All / Drop -- INPUT" src-address-list=!MyNetwork
add action=fasttrack-connection chain=forward comment="--- FastTrack Forwarding Established / Related" connection-state=established,related
add action=accept chain=forward comment="--- Accept Established / Related" connection-state=established,related
add action=accept chain=forward comment="--- Accept IP flow for VOD" dst-port=20000-30000 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=VODReplay
add action=accept chain=forward comment="--- Accept Outgoing Client Traffic Out to Internet"
add action=drop chain=forward comment="--- Deny All / Drop -- FORWARD"

/ip firewall nat
add action=masquerade chain=srcnat out-interface=Fibre_ByTel_vl100 src-address-list=MyNetwork
add action=dst-nat chain=dstnat dst-port=20000-30000 in-interface=Fibre_ByTel_vl100 protocol=udp src-address-list=VODReplay to-addresses=192.168.88.253

/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote

/ip traffic-flow
set enabled=yes

/ip upnp
set enabled=yes

/routing igmp-proxy
set query-response-interval=15s

/routing igmp-proxy interface
add alternative-subnets=192.168.88.0/24 interface=bridge
add alternative-subnets=89.86.96.0/24,89.86.97.0/24,193.251.97.0/24 interface=Fibre_ByTel_vl100 upstream=yes

/snmp
set enabled=yes

/system clock
set time-zone-name=Europe/Paris

/system logging
add topics=igmp-proxy

/system ntp client
set enabled=yes

/tool mac-server
set allowed-interface-list=LAN

/tool mac-server mac-winbox
set allowed-interface-list=LAN
Do you have any hints why this failing ?
Cheers,


PS: formatting is not so good.
 
mirtouf
just joined
Topic Author
Posts: 3
Joined: Sun Nov 24, 2019 9:12 pm

Re: IGMPproxy behaviour with VLAN, no IGMP reports are received

Sat Nov 30, 2019 2:20 pm

When it works for 5 minutes:
/interface bridge mdb print 
GROUP                             VID PORTS                             BRIDGE                                                                                                   
232.0.64.201                         ether5                                  bridge                                                                                                   
239.255.3.22                         ether5                                  bridge                                                                                                   
239.255.255.250                   ether5                                  bridge                                                                                                   
ff02::c                                    ether5                                  bridge                                                                                                   
ff02::fb                                   ether5                                  bridge                                                                                                   
ff02::1:ffb9:fd97                     ether5                                  bridge                                                                                                   
ff02::1:ffd6:91e2                    ether2                                  bridge
.
12:46:26 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:26 igmp-proxy,debug sending IGMP query to 232.0.64.202 on bridge 
12:46:26 igmp-proxy,debug leaving multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:46:26 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.203 on bridge 
12:46:26 igmp-proxy,debug joining multicast group 232.0.64.203 on Fibre_ByTel_vl100 
12:46:26 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:26 igmp-proxy,debug   source=176.133.29.231 
12:46:26 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:26 igmp-proxy,debug ignoring request from myself: 
12:46:26 igmp-proxy,debug   source=176.133.29.231 
12:46:26 igmp-proxy,debug   destination=232.0.64.203 
12:46:26 igmp-proxy,debug received notification: 
12:46:26 igmp-proxy,debug   source=89.86.97.6 
12:46:26 igmp-proxy,debug   destination=232.0.64.203 
12:46:26 igmp-proxy,debug adding  multicast forwarding entry 
12:46:26 igmp-proxy,debug group: 232.0.64.203 
12:46:26 igmp-proxy,debug source: 89.86.97.6 
12:46:29 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:29 igmp-proxy,debug sending IGMP query to 232.0.64.203 on bridge 
12:46:29 igmp-proxy,debug leaving multicast group 232.0.64.203 on Fibre_ByTel_vl100 
12:46:29 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.202 on bridge 
12:46:29 igmp-proxy,debug joining multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:46:29 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:29 igmp-proxy,debug   source=176.133.29.231 
12:46:29 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:29 igmp-proxy,debug ignoring request from myself: 
12:46:29 igmp-proxy,debug   source=176.133.29.231 
12:46:29 igmp-proxy,debug   destination=232.0.64.202 
12:46:31 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:31 igmp-proxy,debug sending IGMP query to 232.0.64.202 on bridge 
12:46:31 igmp-proxy,debug leaving multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:46:31 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.201 on bridge 
12:46:31 igmp-proxy,debug joining multicast group 232.0.64.201 on Fibre_ByTel_vl100 
12:46:31 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:31 igmp-proxy,debug   source=176.133.29.231 
12:46:31 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:31 igmp-proxy,debug ignoring request from myself: 
12:46:31 igmp-proxy,debug   source=176.133.29.231 
12:46:31 igmp-proxy,debug   destination=232.0.64.201 
12:46:31 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:31 igmp-proxy,debug   source=176.133.29.231 
12:46:31 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:32 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.201 on bridge 
12:46:36 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:46:36 igmp-proxy,debug   source=176.133.29.231 
12:46:36 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:46:36 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.201 on bridge 
12:46:40 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
12:46:40 igmp-proxy,debug sending IGMP query to 232.0.64.201 on bridge 
12:46:40 igmp-proxy,debug leaving multicast group 232.0.64.201 on Fibre_ByTel_vl100 
12:46:44 igmp-proxy,debug removing  multicast forwarding entry 
12:46:44 igmp-proxy,debug group: 232.0.64.203 
12:46:44 igmp-proxy,debug source: 89.86.97.6 
12:46:46 igmp-proxy,debug removing  multicast forwarding entry 
12:46:46 igmp-proxy,debug group: 232.0.64.202 
12:46:46 igmp-proxy,debug source: 89.86.97.6 
12:47:02 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.202 on bridge 
12:47:02 igmp-proxy,debug joining multicast group 232.0.64.202 on Fibre_ByTel_vl100 
12:47:02 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:47:02 igmp-proxy,debug   source=176.133.29.231 
12:47:02 igmp-proxy,debug   interface=Fibre_ByTel_vl100 
12:47:02 igmp-proxy,debug ignoring request from myself: 
12:47:02 igmp-proxy,debug   source=176.133.29.231 
12:47:02 igmp-proxy,debug   destination=232.0.64.202 
12:47:02 igmp-proxy,debug received notification: 
12:47:02 igmp-proxy,debug   source=89.86.97.6 
12:47:02 igmp-proxy,debug   destination=232.0.64.202 
12:47:02 igmp-proxy,debug adding  multicast forwarding entry 
12:47:02 igmp-proxy,debug group: 232.0.64.202 
12:47:02 igmp-proxy,debug source: 89.86.97.6 
12:47:05 igmp-proxy,debug ignoring IGMP message: source address is local: 
12:47:05 igmp-proxy,debug   source=176.133.29.231 
12:47:05 igmp-proxy,debug   interface=Fibre_ByTel_vl100

And when it doesn't work:
13:19:37 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
13:19:37 igmp-proxy,debug sending IGMP query to 232.0.64.201 on bridge 
13:19:37 igmp-proxy,debug leaving multicast group 232.0.64.201 on Fibre_ByTel_vl100 
13:19:38 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.205 on bridge 
13:19:38 igmp-proxy,debug joining multicast group 232.0.64.205 on Fibre_ByTel_vl100 
13:19:43 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.88.251 to 232.0.64.205 on bridge 
13:19:47 igmp-proxy,debug RECV IGMP leave message from 192.168.88.251 to 224.0.0.2 on bridge 
13:19:47 igmp-proxy,debug sending IGMP query to 232.0.64.205 on bridge 
13:19:47 igmp-proxy,debug leaving multicast group 232.0.64.205 on Fibre_ByTel_vl100 
13:19:52 igmp-proxy,debug removing  multicast forwarding entry 
13:19:52 igmp-proxy,debug group: 232.0.64.201 
13:19:52 igmp-proxy,debug source: 89.86.97.6
 
mirtouf
just joined
Topic Author
Posts: 3
Joined: Sun Nov 24, 2019 9:12 pm

Re: IGMPproxy behaviour with VLAN, no IGMP reports are received

Sat Nov 30, 2019 2:46 pm

When capturing:
Image

I see IGMPv2 reports from the LAN side but IGMPv3 at the WAN side. This is not what is expected.

I should have this on WAN side, IGMPv2 reports (note the 0.0.0.0 source address):
Image

Who is online

Users browsing this forum: No registered users and 25 guests