Community discussions

MikroTik App
 
benbgg
just joined
Topic Author
Posts: 5
Joined: Sat Mar 28, 2020 11:41 am

IGMP-Proxy issue

Wed Apr 01, 2020 10:49 am

Hi.

I hope you're staying well and isolated

I would be very grateful if you could help with the following problem:

My configuration:
RB4011 + Zisa GPON-ONU stick
F/w 6.46.4
ISP Movistar (Spain)

pppoe over VLAN 6 - works fine
Telephonyover VLAN 3 - works fine
IPTV multicast - VLAN 2: lots of issues

Issues:
IGMP-Proxy only seems to work if I add all interfaces as downstream. When you do that, and you join a channel using VLC, your MFC cache looks like this:

Flags: X - disabled, A - active, D - dynamic
0 AD group=239.0.0.5 source=172.26.79.177 upstream-interface=IPTV downstream-interfaces=HomeNet
active-downstream-interfaces=HomeNet bytes=14994320 packets=11508 wrong-packets=11508
Packet sniffing on the GPON SFP interface with the filter !pppoe-session shows:
IGMPv3 reports going out *untagged*
IGMPv3 queries arriving tagged on 2
UDP data (occasionally) arriving *untagged*

No UDP multicast data propagated on network. STB (directly connected to ether1) does not boot up. Snooping show unicast comms to an ACS but also joining of groups specified in DHCP option 240 -and that fails.

Backgound + configs

Sample igmp-proxy debug:
7:03:06 igmp-proxy,debug source: 172.26.79.177
07:03:06 igmp-proxy,debug removing multicast forwarding entry
07:03:06 igmp-proxy,debug group: 239.0.0.5
07:03:06 igmp-proxy,debug source: 172.26.79.177
07:03:06 igmp-proxy,debug leaving multicast group 239.0.0.5 on IPTV
07:03:06 igmp-proxy,debug received notification:
07:03:06 igmp-proxy,debug source=172.26.79.177
07:03:06 igmp-proxy,debug destination=239.0.0.5
07:03:13 igmp-proxy,debug ignoring request from unknown address - "alternative-subnets" configuration may be required:
07:03:13 igmp-proxy,debug source=192.168.37.197
07:03:13 igmp-proxy,debug destination=239.255.255.250
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on GPON
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on HomeNet
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on Voice
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on HSIA-pppoe
07:03:20 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.37.2 to 239.255.255.250 on HomeNet
07:03:20 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.37.197 to 239.0.0.5 on HomeNet
07:03:20 igmp-proxy,debug adding multicast forwarding entry
07:03:20 igmp-proxy,debug group: 239.0.0.5
07:03:20 igmp-proxy,debug source: 172.26.79.177
07:03:20 igmp-proxy,debug joining multicast group 239.0.0.5 on IPTV
functioning of IPTV requires routes to various (overlapping) subnets in 172.26.0.0/16. Movistar's own CPE aquires these routes via passive RIP v2

The routing table in Movistar CPE looks like this (for IPTV) Notice how more routes received

172.26.22.0 10.64.0.1 255.255.255.192 UG 3 0 0 veip0.3
172.26.22.56 10.64.0.1 255.255.255.248 UG 3 0 0 veip0.3
172.26.23.0 10.64.0.1 255.255.255.224 UG 4 0 0 veip0.3
172.26.23.3 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.4 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.5 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.23 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.24 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.30 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.80.0 10.64.0.1 255.255.248.0 UG 3 0 0 veip0.3

# mar/31/2020 07:08:34 by RouterOS 6.46.4
# software id = BYEE-NLX8
#
# model = RB4011iGS+5HacQ2HnD
# serial number = B8E30B2D2B9C
/interface bridge
add admin-mac=C4:AD:34:60:7D:67 auto-mac=no comment=defconf dhcp-snooping=yes \
igmp-snooping=yes name=HomeNet
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] mtu=1512 name=GPON
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-n/ac channel-width=20/40mhz-XX \
country=no_country_set disabled=no distance=indoors frequency=auto \
frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=\
blahblah tx-power-mode=all-rates-fixed wmm-support=enabled wps-mode=\
disabled
set [ find default-name=wlan2 ] band=2ghz-g/n channel-width=20/40mhz-XX \
country=spain disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge ssid=blahv24 wireless-protocol=802.11
/interface 6to4
add comment="Hurricane Electric IPv6 Tunnel Broker" !keepalive local-address=\
x.x.x.x mtu=1472 name=sit1 remote-address=216.66.80.26
/interface wireless nstreme
set wlan2 enable-nstreme=yes
/interface vlan
add interface=GPON loop-protect=off mtu=1480 name=HSIA vlan-id=6
add interface=GPON loop-protect=off name=IPTV vlan-id=2
add interface=GPON loop-protect=off name=Voice vlan-id=3
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
Myc@tsaregineranddaisy
/ip dhcp-server
add disabled=no interface=ether1 name=server2
/ip dhcp-server option
add code=6 name=domain-name-servers value="'172.26.23.3'"
add code=125 name=option_params_priv value="0x00000de9240406623034366663050c65\
3034313336623034313061060c4750542d32353431474e4143"
add code=60 name=option-60 value="'[IAL]'"
add code=240 name=option_para_deco value=\
"':::::239.0.2.10:22222:v6.0:239.0.2.30:22222'"
/ip dhcp-server option sets
add name=deco_option_set options=domain-name-servers,option_para_deco
/ip pool
add name=dhcp_pool0 ranges=192.168.37.65-192.168.37.199
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=HomeNet name=server1
/ipv6 pool
add name=pool1 prefix=x:x:x:x::/48 prefix-length=56
/ppp profile
add name=pppoe-client on-down="/log info \\\"Client disconnected\\\"" on-up="#\
\_Update Hurricane Electric IPv6 Tunnel Client IPv4 address\r\
\n\r\
\n:local HEtunnelinterface \"sit1\"\r\
\n:local HEtunnelid \"zzzzzzz\"\r\
\n:local HEuserid \"zzzzzz\"\r\
\n:local HEmd5pass \"zzzzzzzzz\"\r\
\n:local HEupdatehost \"ipv4.tunnelbroker.net\"\r\
\n:local HEupdatepath \"/nic/update\"\r\
\n:local WANinterface \"HSIA-pppoe\"\r\
\n:local outputfile (\"HE-\" . \$HEtunnelid . \".txt\")\r\
\n\r\
\n# Internal processing below...\r\
\n# ----------------------------------\r\
\n:local HEipv4addr\r\
\n\r\
\n# Get WAN interface IP address\r\
\n:set HEipv4addr [/ip address get [/ip address find interface=\$WANinterf\
ace] address]\r\
\n:set HEipv4addr [:pick [:tostr \$HEipv4addr] 0 [:find [:tostr \$HEipv4ad\
dr] \"/\"]]\r\
\n\r\
\n:if ([:len \$HEipv4addr] = 0) do={\r\
\n :log error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n :error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n}\r\
\n\r\
\n# Update the HEtunnelinterface with WAN IP\r\
\n/interface 6to4 {\r\
\n :if ([get (\$HEtunnelinterface) local-address] != \$HEipv4addr) do={\
\r\
\n :log info (\"Updating \" . \$HEtunnelinterface . \" local-address \
with new IP \" . \$HEipv4addr . \"...\")\r\
\n set (\$HEtunnelinterface) local-address=\$HEipv4addr\r\
\n }\r\
\n}\r\
\n\r\
\n:log info (\"Updating IPv6 Tunnel \" . \$HEtunnelid . \" Client IPv4 add\
ress to new IP \" . \$HEipv4addr . \"...\")\r\
\n/tool fetch mode=https \\\r\
\n host=(\$HEupdatehost) \\\r\
\n url=(\"https://\" . \$HEupdatehost . \$HEupdatepath . \
\\\r\
\n \"\?hostname=\" . \$HEtunnelid . \\\r\
\n \"&myip=\" . \$HEipv4addr) \\\r\
\n user=(\$HEuserid) \\\r\
\n password=(\$HEmd5pass) \\\r\
\n dst-path=(\$outputfile)\r\
\n \r\
\n:log info ([/file get (\$outputfile) contents])\r\
\n/file remove (\$outputfile)"
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=HSIA max-mru=\
1480 max-mtu=1480 name=HSIA-pppoe password=adslppp profile=pppoe-client \
user=adslppp@telefonicanetpa
/system logging action
set 3 bsd-syslog=yes remote=192.168.37.12 src-address=192.168.37.1 \
syslog-facility=local6
/interface bridge port
add bridge=HomeNet interface=ether2
add bridge=HomeNet interface=ether3
add bridge=HomeNet interface=ether4
add bridge=HomeNet interface=ether5
add bridge=HomeNet interface=ether6
add bridge=HomeNet interface=ether7
add bridge=HomeNet interface=ether8
add bridge=HomeNet interface=ether9
add bridge=HomeNet interface=wlan1
add bridge=HomeNet interface=wlan2
add interface=ether10 pvid=2
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=none
/interface bridge vlan
add vlan-ids=2
/interface list member
add comment=defconf interface=HomeNet list=LAN
add interface=HSIA-pppoe list=WAN
add interface=IPTV list=WAN
add interface=Voice list=WAN
add interface=ether1 list=LAN
/ip address
add address=10.68.x.x/10 interface=IPTV network=10.64.0.0
add address=192.168.1.2/24 interface=GPON network=192.168.1.0
add address=192.168.37.1/24 interface=HomeNet network=192.168.37.0
add address=192.168.36.254/24 interface=ether1 network=192.168.36.0
/ip dhcp-client
add add-default-route=no disabled=no interface=Voice use-peer-ntp=no
/ip dhcp-server lease
blah
blah
blah
/ip dhcp-server network
add address=192.168.36.0/24 dhcp-option-set=deco_option_set dns-server=\
172.26.23.3 gateway=192.168.36.254 netmask=24
add address=192.168.37.0/24 dns-server=192.168.37.13,192.168.37.12 domain=\
u.u.u.u gateway=192.168.37.1 netmask=24 wins-server=\
192.168.37.13
/ip dns
set servers=\

/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input in-interface=IPTV
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input in-interface=HomeNet
add action=accept chain=input connection-state=established,related \
in-interface=HSIA-pppoe
add action=accept chain=input in-interface=IPTV
add action=accept chain=input in-interface=ether1
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input dst-port=520 in-interface=Voice protocol=udp
add action=accept chain=forward in-interface=IPTV
add action=accept chain=output dst-address=224.0.0.0/4
add action=accept chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=output disabled=yes dst-port=520 protocol=udp
/ip firewall mangle
add action=set-priority chain=postrouting new-priority=4 out-interface=IPTV \
passthrough=yes
add action=set-priority chain=postrouting new-priority=4 out-interface=Voice \
passthrough=no
add action=set-priority chain=postrouting new-priority=1 out-interface=\
HSIA-pppoe passthrough=yes
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=IPTV
add action=masquerade chain=srcnat out-interface=HSIA-pppoe
add action=masquerade chain=srcnat out-interface=Voice
add action=dst-nat chain=dstnat dst-address-type=local in-interface=IPTV log=\
yes log-prefix=fusion to-addresses=192.168.36.200
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=255 gateway=255.255.255.255
add disabled=yes distance=1 dst-address=10.64.0.0/10 gateway=10.64.0.1
add distance=1 dst-address=172.26.0.0/16 gateway=10.64.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=192.168.36.0/22
set api disabled=yes
set winbox address=192.168.36.0/22
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=local
/ipv6 address
add address=x.x.x.x.x advertise=no interface=sit1
add address=x.x.x.x.x.x eui-64=yes interface=HomeNet
add address=y.y.y.y.y.y eui-64=yes interface=ether1
/ipv6 dhcp-server
add dhcp-option=*7FFFFFFF interface=HomeNet lease-time=12h name=server1
/ipv6 firewall filter
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid,untracked in-interface=\
sit1 log=yes log-prefix=fw-v6-drop
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid,untracked
/ipv6 nd
set [ find default=yes ] interface=HomeNet mtu=1400
add advertise-dns=no hop-limit=64 interface=ether1 mtu=1400
/ipv6 route
add distance=1 dst-address=2000::/3 gateway=
/routing igmp-proxy
set query-interval=15s query-response-interval=2s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=172.16.0.0/12,239.0.0.0/16 interface=IPTV upstream=\
yes
add
/routing rip
set timeout-timer=2m
/routing rip interface
add interface=IPTV passive=yes receive=v2
add interface=Voice passive=yes receive=v2
/routing rip network
add network=10.0.0.0/8
add network=172.16.0.0/12
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=rtr
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/system logging
add action=remote topics=info
add topics=igmp-proxy
/system ntp client
set enabled=yes primary-ntp=163.117.202.33 secondary-ntp=89.248.104.162
/system scheduler
add interval=1h name=schedule1 on-event=update_wan_ip.rsc policy=\
reboot,read,write,policy,test,password start-date=mar/21/2020 start-time=\
14:47:43
/system script
\n/file remove (\$outputfile)"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=GPON filter-mac-protocol=!pppoe filter-stream=yes \
streaming-enabled=yes streaming-server=192.168.37.2
 
User avatar
CarlitoxxPro
newbie
Posts: 35
Joined: Wed Jan 04, 2017 10:15 am
Location: Spain
Contact:

Re: IGMP-Proxy issue

Sat Apr 04, 2020 1:44 am

Forget Zisa, come to the future, to a real GPON ONU SFP.

viewtopic.php?f=3&t=116364&hilit=SFP+ON ... 00#p783676 :wink:
 
User avatar
kerafyrm
just joined
Posts: 5
Joined: Sat Feb 29, 2020 6:13 am

Re: IGMP-Proxy issue

Tue Apr 14, 2020 5:17 am

Forget Zisa, come to the future, to a real GPON ONU SFP.

viewtopic.php?f=3&t=116364&hilit=SFP+ON ... 00#p783676 :wink:
So, when we can buy it ?
 
User avatar
CarlitoxxPro
newbie
Posts: 35
Joined: Wed Jan 04, 2017 10:15 am
Location: Spain
Contact:

Re: IGMP-Proxy issue

Tue Apr 21, 2020 1:12 am

Right now we are on manufacturing process, as soon as we receive the first batch on our warehouse and be ready to sell and shipping we will notify you with all the details (Cost, Payment Methods, Specs, Shipping, etc,.) please send an email with your details to contacto@ carlitoxxpro.com to we can notify you.

Kindest Regards.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: IGMP-Proxy issue

Tue Apr 21, 2020 4:22 pm

Right now we are on manufacturing process, as soon as we receive the first batch on our warehouse and be ready to sell and shipping we will notify you with all the details (Cost, Payment Methods, Specs, Shipping, etc,.) please send an email with your details to contacto@ carlitoxxpro.com to we can notify you.
The OP stated that they have the RB4011. MikroTik state in the following link
Note: The RB4011 does not support Passive DAC modules and SFP GPON modules
You @CarlitoxxPro state: Forget Zisa, come to the future, to a real GPON ONU SFP.

Have you tested your real GPON ONU SFP module on the RB4011 and does it work without going through rocket science to configure it?
 
User avatar
CarlitoxxPro
newbie
Posts: 35
Joined: Wed Jan 04, 2017 10:15 am
Location: Spain
Contact:

Re: IGMP-Proxy issue

Fri Apr 24, 2020 9:27 am

Right now we are on manufacturing process, as soon as we receive the first batch on our warehouse and be ready to sell and shipping we will notify you with all the details (Cost, Payment Methods, Specs, Shipping, etc,.) please send an email with your details to contacto@ carlitoxxpro.com to we can notify you.
The OP stated that they have the RB4011. MikroTik state in the following link
Note: The RB4011 does not support Passive DAC modules and SFP GPON modules
You @CarlitoxxPro state: Forget Zisa, come to the future, to a real GPON ONU SFP.

Have you tested your real GPON ONU SFP module on the RB4011 and does it work without going through rocket science to configure it?
Hi @mozerd, yes effectively its working fine with that (and all others) models of routers Mikrotik, without any specific configuration on the router side. Basically you only need to configure the SN and Ploam Password (Slid) into the GPON ONU SFP (Via WebUI or Telnet) and into your router side add the VLANs and specific configurations related to the connection used by your ISP.

Very soon we will show more details and configurations examples.

Kindest Regards.
 
benbgg
just joined
Topic Author
Posts: 5
Joined: Sat Mar 28, 2020 11:41 am

Re: IGMP-Proxy issue + ZISA SOLVED!

Fri Mar 05, 2021 1:01 pm

Hi,
I finally figured a way to make this work with the Zisa
The problem arises because although unicast and Control Plane multicast (IGMP & RIP) happen overn VLAN 2, video etc arrives *untagged* on the SFP interface.

Solution at a high level.
a) Create a dedicated bridge for: SFP and all wan tagged interfaces. Define a native vlan spanning across the SFP and the port where the decoder box is connected.
b) Assign an internal address to the dedicated bridge. Make sure relevant NAT/ masquerade rules point to new IF
c) Create a 2nd DHCP server with a static lease for the decoder box providing DNS (172.26.23.3) and option 240 (the OPCH group, now changed to: ':::::239.0.2.10:22222:v6.0:239.0.2.29:22222')
d) Make your IGMP proxy downstream interface the dedicated interface and the upstream the IPTV LAN (in this case vlan ID 2)

Note: This will only provide IPTV multicast on the dedicated bridge - not on your normal internal network. My next move will be to add another interface to the bridge, hook up a Pi and proxy to unicast back into the main network.

Here's some stanza to demonstrate how the bridge gets setup. I'd welcome input - I'm not a Mikrotik expert. If you've managed to get PPPOE and VoIP going you should be able to do these tweaks

/interface bridge vlan
add bridge=WANB comment=Internet tagged=GPON vlan-ids=6
add bridge=WANB comment=IPTV tagged=GPON vlan-ids=2
add bridge=WANB comment=Voz tagged=GPON vlan-ids=3
add bridge=WANB untagged=ether1,GPON vlan-ids=8




Hi.

I hope you're staying well and isolated

I would be very grateful if you could help with the following problem:

My configuration:
RB4011 + Zisa GPON-ONU stick
F/w 6.46.4
ISP Movistar (Spain)

pppoe over VLAN 6 - works fine
Telephonyover VLAN 3 - works fine
IPTV multicast - VLAN 2: lots of issues

Issues:
IGMP-Proxy only seems to work if I add all interfaces as downstream. When you do that, and you join a channel using VLC, your MFC cache looks like this:

Flags: X - disabled, A - active, D - dynamic
0 AD group=239.0.0.5 source=172.26.79.177 upstream-interface=IPTV downstream-interfaces=HomeNet
active-downstream-interfaces=HomeNet bytes=14994320 packets=11508 wrong-packets=11508
Packet sniffing on the GPON SFP interface with the filter !pppoe-session shows:
IGMPv3 reports going out *untagged*
IGMPv3 queries arriving tagged on 2
UDP data (occasionally) arriving *untagged*

No UDP multicast data propagated on network. STB (directly connected to ether1) does not boot up. Snooping show unicast comms to an ACS but also joining of groups specified in DHCP option 240 -and that fails.

Backgound + configs

Sample igmp-proxy debug:
7:03:06 igmp-proxy,debug source: 172.26.79.177
07:03:06 igmp-proxy,debug removing multicast forwarding entry
07:03:06 igmp-proxy,debug group: 239.0.0.5
07:03:06 igmp-proxy,debug source: 172.26.79.177
07:03:06 igmp-proxy,debug leaving multicast group 239.0.0.5 on IPTV
07:03:06 igmp-proxy,debug received notification:
07:03:06 igmp-proxy,debug source=172.26.79.177
07:03:06 igmp-proxy,debug destination=239.0.0.5
07:03:13 igmp-proxy,debug ignoring request from unknown address - "alternative-subnets" configuration may be required:
07:03:13 igmp-proxy,debug source=192.168.37.197
07:03:13 igmp-proxy,debug destination=239.255.255.250
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on GPON
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on HomeNet
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on Voice
07:03:19 igmp-proxy,debug sending IGMP query to 224.0.0.1 on HSIA-pppoe
07:03:20 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.37.2 to 239.255.255.250 on HomeNet
07:03:20 igmp-proxy,debug RECV IGMPv2 membership report from 192.168.37.197 to 239.0.0.5 on HomeNet
07:03:20 igmp-proxy,debug adding multicast forwarding entry
07:03:20 igmp-proxy,debug group: 239.0.0.5
07:03:20 igmp-proxy,debug source: 172.26.79.177
07:03:20 igmp-proxy,debug joining multicast group 239.0.0.5 on IPTV
functioning of IPTV requires routes to various (overlapping) subnets in 172.26.0.0/16. Movistar's own CPE aquires these routes via passive RIP v2

The routing table in Movistar CPE looks like this (for IPTV) Notice how more routes received

172.26.22.0 10.64.0.1 255.255.255.192 UG 3 0 0 veip0.3
172.26.22.56 10.64.0.1 255.255.255.248 UG 3 0 0 veip0.3
172.26.23.0 10.64.0.1 255.255.255.224 UG 4 0 0 veip0.3
172.26.23.3 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.4 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.5 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.23 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.24 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.23.30 10.64.0.1 255.255.255.255 UGH 3 0 0 veip0.3
172.26.80.0 10.64.0.1 255.255.248.0 UG 3 0 0 veip0.3

# mar/31/2020 07:08:34 by RouterOS 6.46.4
# software id = BYEE-NLX8
#
# model = RB4011iGS+5HacQ2HnD
# serial number = B8E30B2D2B9C
/interface bridge
add admin-mac=C4:AD:34:60:7D:67 auto-mac=no comment=defconf dhcp-snooping=yes \
igmp-snooping=yes name=HomeNet
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] mtu=1512 name=GPON
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-n/ac channel-width=20/40mhz-XX \
country=no_country_set disabled=no distance=indoors frequency=auto \
frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=\
blahblah tx-power-mode=all-rates-fixed wmm-support=enabled wps-mode=\
disabled
set [ find default-name=wlan2 ] band=2ghz-g/n channel-width=20/40mhz-XX \
country=spain disabled=no distance=indoors frequency=auto installation=\
indoor mode=ap-bridge ssid=blahv24 wireless-protocol=802.11
/interface 6to4
add comment="Hurricane Electric IPv6 Tunnel Broker" !keepalive local-address=\
x.x.x.x mtu=1472 name=sit1 remote-address=216.66.80.26
/interface wireless nstreme
set wlan2 enable-nstreme=yes
/interface vlan
add interface=GPON loop-protect=off mtu=1480 name=HSIA vlan-id=6
add interface=GPON loop-protect=off name=IPTV vlan-id=2
add interface=GPON loop-protect=off name=Voice vlan-id=3
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
Myc@tsaregineranddaisy
/ip dhcp-server
add disabled=no interface=ether1 name=server2
/ip dhcp-server option
add code=6 name=domain-name-servers value="'172.26.23.3'"
add code=125 name=option_params_priv value="0x00000de9240406623034366663050c65\
3034313336623034313061060c4750542d32353431474e4143"
add code=60 name=option-60 value="'[IAL]'"
add code=240 name=option_para_deco value=\
"':::::239.0.2.10:22222:v6.0:239.0.2.30:22222'"
/ip dhcp-server option sets
add name=deco_option_set options=domain-name-servers,option_para_deco
/ip pool
add name=dhcp_pool0 ranges=192.168.37.65-192.168.37.199
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=HomeNet name=server1
/ipv6 pool
add name=pool1 prefix=x:x:x:x::/48 prefix-length=56
/ppp profile
add name=pppoe-client on-down="/log info \\\"Client disconnected\\\"" on-up="#\
\_Update Hurricane Electric IPv6 Tunnel Client IPv4 address\r\
\n\r\
\n:local HEtunnelinterface \"sit1\"\r\
\n:local HEtunnelid \"zzzzzzz\"\r\
\n:local HEuserid \"zzzzzz\"\r\
\n:local HEmd5pass \"zzzzzzzzz\"\r\
\n:local HEupdatehost \"ipv4.tunnelbroker.net\"\r\
\n:local HEupdatepath \"/nic/update\"\r\
\n:local WANinterface \"HSIA-pppoe\"\r\
\n:local outputfile (\"HE-\" . \$HEtunnelid . \".txt\")\r\
\n\r\
\n# Internal processing below...\r\
\n# ----------------------------------\r\
\n:local HEipv4addr\r\
\n\r\
\n# Get WAN interface IP address\r\
\n:set HEipv4addr [/ip address get [/ip address find interface=\$WANinterf\
ace] address]\r\
\n:set HEipv4addr [:pick [:tostr \$HEipv4addr] 0 [:find [:tostr \$HEipv4ad\
dr] \"/\"]]\r\
\n\r\
\n:if ([:len \$HEipv4addr] = 0) do={\r\
\n :log error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n :error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n}\r\
\n\r\
\n# Update the HEtunnelinterface with WAN IP\r\
\n/interface 6to4 {\r\
\n :if ([get (\$HEtunnelinterface) local-address] != \$HEipv4addr) do={\
\r\
\n :log info (\"Updating \" . \$HEtunnelinterface . \" local-address \
with new IP \" . \$HEipv4addr . \"...\")\r\
\n set (\$HEtunnelinterface) local-address=\$HEipv4addr\r\
\n }\r\
\n}\r\
\n\r\
\n:log info (\"Updating IPv6 Tunnel \" . \$HEtunnelid . \" Client IPv4 add\
ress to new IP \" . \$HEipv4addr . \"...\")\r\
\n/tool fetch mode=https \\\r\
\n host=(\$HEupdatehost) \\\r\
\n url=(\"https://\" . \$HEupdatehost . \$HEupdatepath . \
\\\r\
\n \"\?hostname=\" . \$HEtunnelid . \\\r\
\n \"&myip=\" . \$HEipv4addr) \\\r\
\n user=(\$HEuserid) \\\r\
\n password=(\$HEmd5pass) \\\r\
\n dst-path=(\$outputfile)\r\
\n \r\
\n:log info ([/file get (\$outputfile) contents])\r\
\n/file remove (\$outputfile)"
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=HSIA max-mru=\
1480 max-mtu=1480 name=HSIA-pppoe password=adslppp profile=pppoe-client \
user=adslppp@telefonicanetpa
/system logging action
set 3 bsd-syslog=yes remote=192.168.37.12 src-address=192.168.37.1 \
syslog-facility=local6
/interface bridge port
add bridge=HomeNet interface=ether2
add bridge=HomeNet interface=ether3
add bridge=HomeNet interface=ether4
add bridge=HomeNet interface=ether5
add bridge=HomeNet interface=ether6
add bridge=HomeNet interface=ether7
add bridge=HomeNet interface=ether8
add bridge=HomeNet interface=ether9
add bridge=HomeNet interface=wlan1
add bridge=HomeNet interface=wlan2
add interface=ether10 pvid=2
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=none
/interface bridge vlan
add vlan-ids=2
/interface list member
add comment=defconf interface=HomeNet list=LAN
add interface=HSIA-pppoe list=WAN
add interface=IPTV list=WAN
add interface=Voice list=WAN
add interface=ether1 list=LAN
/ip address
add address=10.68.x.x/10 interface=IPTV network=10.64.0.0
add address=192.168.1.2/24 interface=GPON network=192.168.1.0
add address=192.168.37.1/24 interface=HomeNet network=192.168.37.0
add address=192.168.36.254/24 interface=ether1 network=192.168.36.0
/ip dhcp-client
add add-default-route=no disabled=no interface=Voice use-peer-ntp=no
/ip dhcp-server lease
blah
blah
blah
/ip dhcp-server network
add address=192.168.36.0/24 dhcp-option-set=deco_option_set dns-server=\
172.26.23.3 gateway=192.168.36.254 netmask=24
add address=192.168.37.0/24 dns-server=192.168.37.13,192.168.37.12 domain=\
u.u.u.u gateway=192.168.37.1 netmask=24 wins-server=\
192.168.37.13
/ip dns
set servers=\

/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input in-interface=IPTV
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input in-interface=HomeNet
add action=accept chain=input connection-state=established,related \
in-interface=HSIA-pppoe
add action=accept chain=input in-interface=IPTV
add action=accept chain=input in-interface=ether1
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input dst-port=520 in-interface=Voice protocol=udp
add action=accept chain=forward in-interface=IPTV
add action=accept chain=output dst-address=224.0.0.0/4
add action=accept chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=output disabled=yes dst-port=520 protocol=udp
/ip firewall mangle
add action=set-priority chain=postrouting new-priority=4 out-interface=IPTV \
passthrough=yes
add action=set-priority chain=postrouting new-priority=4 out-interface=Voice \
passthrough=no
add action=set-priority chain=postrouting new-priority=1 out-interface=\
HSIA-pppoe passthrough=yes
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=IPTV
add action=masquerade chain=srcnat out-interface=HSIA-pppoe
add action=masquerade chain=srcnat out-interface=Voice
add action=dst-nat chain=dstnat dst-address-type=local in-interface=IPTV log=\
yes log-prefix=fusion to-addresses=192.168.36.200
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=255 gateway=255.255.255.255
add disabled=yes distance=1 dst-address=10.64.0.0/10 gateway=10.64.0.1
add distance=1 dst-address=172.26.0.0/16 gateway=10.64.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=192.168.36.0/22
set api disabled=yes
set winbox address=192.168.36.0/22
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=local
/ipv6 address
add address=x.x.x.x.x advertise=no interface=sit1
add address=x.x.x.x.x.x eui-64=yes interface=HomeNet
add address=y.y.y.y.y.y eui-64=yes interface=ether1
/ipv6 dhcp-server
add dhcp-option=*7FFFFFFF interface=HomeNet lease-time=12h name=server1
/ipv6 firewall filter
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid,untracked in-interface=\
sit1 log=yes log-prefix=fw-v6-drop
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid,untracked
/ipv6 nd
set [ find default=yes ] interface=HomeNet mtu=1400
add advertise-dns=no hop-limit=64 interface=ether1 mtu=1400
/ipv6 route
add distance=1 dst-address=2000::/3 gateway=
/routing igmp-proxy
set query-interval=15s query-response-interval=2s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=172.16.0.0/12,239.0.0.0/16 interface=IPTV upstream=\
yes
add
/routing rip
set timeout-timer=2m
/routing rip interface
add interface=IPTV passive=yes receive=v2
add interface=Voice passive=yes receive=v2
/routing rip network
add network=10.0.0.0/8
add network=172.16.0.0/12
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=rtr
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/system logging
add action=remote topics=info
add topics=igmp-proxy
/system ntp client
set enabled=yes primary-ntp=163.117.202.33 secondary-ntp=89.248.104.162
/system scheduler
add interval=1h name=schedule1 on-event=update_wan_ip.rsc policy=\
reboot,read,write,policy,test,password start-date=mar/21/2020 start-time=\
14:47:43
/system script
\n/file remove (\$outputfile)"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=GPON filter-mac-protocol=!pppoe filter-stream=yes \
streaming-enabled=yes streaming-server=192.168.37.2

Who is online

Users browsing this forum: No registered users and 17 guests