Community discussions

MikroTik App
 
zerobase
just joined
Topic Author
Posts: 18
Joined: Sun May 21, 2017 1:55 pm

Multicast routing through GRE tunnel

Sun Nov 01, 2020 2:45 pm

Issue: I cannot get multicast routing to work between 2 Mikrotik routers.

I am using the example provided in the Mikrotik Wiki: Example

Router A:
  • Type: RB750Gr3 (hEX)
  • Subnet I = 192.168.10.0/24
  • Tunnel IP: 10.0.0.5/30

Router B:
  • Type: RB760iGS (hEX S)
  • Subnet III = 192.168.11.0/24
  • Tunnel IP: 10.0.0.6/30

Subnet II is a GRE tunnel (over IPsec) with subnet 10.0.0.4/30. Routes between the two routers are distributed via OSPF.
Both routers are running the latest stable version of RouterOS (6.47.7).

A PC on subnet I is the sender (VLC audiostream) and a PC on subnet III functions as a receiver. I use 239.255.10.1 as multicast group (arbitrarily chosen).
The PC sending the multicast stream (connected to router A on interface ether3) has an IP-adress of 192.168.10.86. I configured the stream to use a TTL of 50 and a maximum packet-size of 1280. Wireshark confirms the packet is leaving the PC with a TTL of 50.

The sniffer shows that multicast traffic is hitting the router from the PC on ether3:
[admin@routera] /tool sniffer quick ip-protocol=udp
INTERFACE     TIME     NUM DIR SRC-MAC           DST-MAC           VLAN   SRC-ADDRESS           DST-ADDRESS                         PROTOCOL   SIZE CPU FP
ether3        1.647    222 <-  D4:5D:64:B2:6A:92 01:00:5E:7F:0A:01        192.168.10.86:63496   239.255.10.1:5004 (avt-profile-1)   ip:udp      685   1 no
br-lan        1.647    223 <-  D4:5D:64:B2:6A:92 01:00:5E:7F:0A:01 10     192.168.10.86:63496   239.255.10.1:5004 (avt-profile-1)   ip:udp      689   1 no
vlan10        1.647    224 <-  D4:5D:64:B2:6A:92 01:00:5E:7F:0A:01        192.168.10.86:63496   239.255.10.1:5004 (avt-profile-1)   ip:udp      685   1 no

When starting a VLC player on another PC (connected to router A on interface ether4) I can see the IGMP packets and I have audio playing:
[admin@routera] /tool sniffer quick ip-protocol=igmp
INTERFACE     TIME     NUM DIR SRC-MAC           DST-MAC           VLAN   SRC-ADDRESS           DST-ADDRESS                         PROTOCOL   SIZE CPU FP
ether4        9.545     10 <-  70:5A:0F:8C:54:2D 01:00:5E:7F:0A:01        192.168.10.158        239.255.10.1                        ip:igmp      60   3 no
br-lan        9.545     11 <-  70:5A:0F:8C:54:2D 01:00:5E:7F:0A:01 10     192.168.10.158        239.255.10.1                        ip:igmp      64   3 no
vlan10        9.545     12 <-  70:5A:0F:8C:54:2D 01:00:5E:7F:0A:01        192.168.10.158        239.255.10.1                        ip:igmp      60   3 no

Moving the receiving PC to a switch also works.

Now comes the part that is not working: Routing the multicast traffic over the GRE tunnel to subnet III.

As per the instructions in the wiki, I configured the following under '/routing pim' for both router A and router B (Below, the config for router A is given):

Router A:
[admin@routerA] /routing pim interface> print detail
Flags: X - disabled, I - inactive, D - dynamic, R - designated-router, v1 - IGMPv1, v2 - IGMPv2, v3 - IGMPv3
 0  Rv2 interface=br-lan protocols=pim,igmp preferred-source-address=0.0.0.0 dr-priority=1 hello-period=30s hello-trigerred-delay=5s hello-holdtime=1m45s propagation-delay=50 override-interval=250
        tracking-support=yes require-hello=yes join-prune-period=1m join-prune-holdtime=3m30s assert-time=3m assert-override-interval=3s alternative-subnets="" igmp-version=IGMPv2

 1   v2 interface=gre-tunnel protocols=pim,igmp preferred-source-address=0.0.0.0 dr-priority=1 hello-period=30s hello-trigerred-delay=5s hello-holdtime=1m45s propagation-delay=50 override-interval=250
        tracking-support=yes require-hello=yes join-prune-period=1m join-prune-holdtime=3m30s assert-time=3m assert-override-interval=3s alternative-subnets="" igmp-version=IGMPv2

 2 DR   interface=register protocols=pim dr-priority=1 hello-period=30s hello-trigerred-delay=5s hello-holdtime=1m45s propagation-delay=50 override-interval=250 tracking-support=yes require-hello=yes
        join-prune-period=1m join-prune-holdtime=3m30s assert-time=3m assert-override-interval=3s alternative-subnets=""

[admin@routerA] > /routing pim rp print detail
Flags: D - dynamic, X - disabled
 0    address=192.168.10.1 type=static group=224.0.0.0/4 priority=192 hash-mask-length=30 active-groups=1
 

Using MGEN running on a Linux machine in subnet III, I try to join the multicast group (and leave it 60 seconds later):
root@linux:~# mgen ttl 50 event "0.0 join 239.255.10.1 interface ens3" event "60.0 leave 239.255.10.1 interface ens3"

Running this command I can see from sniffing the traffic that the Linux machine is sending IGMP packets to Router B:
[admin@routerB] /tool sniffer quick ip-protocol=igmp
INTERFACE     TIME     NUM DIR SRC-MAC           DST-MAC           VLAN   SRC-ADDRESS           DST-ADDRESS                         PROTOCOL   SIZE CPU FP
ether2        5.309      4 <-  02:11:32:2B:91:96 01:00:5E:00:00:16        192.168.11.92         224.0.0.22                          ip:igmp      60   3 no
br-lan        5.309      5 <-  02:11:32:2B:91:96 01:00:5E:00:00:16 11     192.168.11.92         224.0.0.22                          ip:igmp      64   3 no
vlan11        5.309      6 <-  02:11:32:2B:91:96 01:00:5E:00:00:16        192.168.11.92         224.0.0.22                          ip:igmp      60   3 no

This where things stop working. I do not see any multicast traffic flowing through the tunnel other than 224.0.0.2 (All Routers), 224.0.0.5 (OSPF), 224.0.0.13 (PIM) and 224.0.0.22 (IGMP).

Has anyone ever managed to get this working? Multicast address 239.255.10.1 should be routable.
 
zerobase
just joined
Topic Author
Posts: 18
Joined: Sun May 21, 2017 1:55 pm

Re: Multicast routing through GRE tunnel  [SOLVED]

Tue Nov 03, 2020 8:03 am

Managed to get it working:

  • The vlan interface carrying the multicast traffic should be added to the list of interfaces too (under '/routing pim interfaces'; Previously, I only added the bridge interface for the physical ports, assuming the bridge vlan filtering would take care of moving the traffic over to the vlan interface)
  • A NAT bypass rule under '/ip firewall nat' was missing

The config now looks like this:
[admin@routerA] /routing pim interface> print
Flags: X - disabled, I - inactive, D - dynamic, R - designated-router,
v1 - IGMPv1, v2 - IGMPv2, v3 - IGMPv3
 #      INTERFACE                           PROTOCOLS
 0  Rv2 br-lan                              pim
                                            igmp
 1  Rv2 gre-tunnel                          pim
                                            igmp
 2  Rv2 vlan10                              pim  <== This one needed to be added
                                            igmp <== (both pim and igmp)
 3 DR   register                            pim

Furthermore, a NAT bypass rule was needed for traffic entering the tunnel (I had NAT bypass active, but limited only to the 10.0.0.4/30 network between the two endpoints because of IPsec):
[admin@routerA] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 3    chain=srcnat action=accept out-interface=gre-tunnel
 

Multicast is now flowing perfectly between the two sites.

Who is online

Users browsing this forum: No registered users and 11 guests