Community discussions

MikroTik App
 
tangent
Forum Guru
Forum Guru
Topic Author
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Conditional unknown multicast flooding

Tue Jul 20, 2021 12:32 am

Some protocols depend on unknown multicast flooding while others work best when only the ports that actively solicit the traffic get it. My particular examples are mDNS and traditional IPTV, but there must be other combinations with this characteristic. Let us posit OSPF and Norton Ghost for the sake of argument.

This dichotomy is fine in networks where you can subset the two types of hosts into non-overlapping groups, since then the simple yes/no choice that RouterOS gives for flooding unknown multicast suffices, but what happens when a given host needs to consume both sorts of protocol? An mDNS consumer might not want to be spammed by another host's IPTV stream, but it still needs to receive these mDNS messages so it can decide whether and how to respond to them.

I first went looking for a way to allow flooding by multicast destination subnet so I could make this conditional, but I couldn't find that. (e.g. Unknown multicast to 224.0.0.0/8 gets flooded but 239.255.0.0/16 does not.)

I then tried resorting to switch, bridge, and IP filters, but each time I ran into a wall trying to make it work properly. This is my best attempt:

/interface ethernet switch rule
switch=switch1 ports=sfp-sfpplus2 mac-protocol=ip dst-address=224.0.0.251/32 \
    protocol=udp dst-port=5353 new-dst-ports=ether2

…coupled with an inverse rule saying mDNS from ether2 gets sent back to sfp2. The problem with this is, there are three legs on this network that need mDNS, and my CRS328 is documented as not supporting multiple ports in the "new-dst-ports" rule.

Worse, the same document also says that if you have multiple matching switch rules, only the first one takes effect, so I can't just roll my eyes and write a combinatorial explosion of rules listing all possible pairings. It's "only" 12 rules for bidirectional communication among 3 ports, but it's 48 rules for 4 ports and 240 rules for 5 ports, at which point I'm stuffed: my CRS328 only supports 128 switch rules. That's combinatorics for you.

I tried setting a switch rule to direct such traffic down to the CPU, but it doesn't seem to get the packet into the bridge filter before the "routing decision" block in the packet flow diagram. I don't particularly want to set use-ip-filter just so I can use the "prerouting" chain to bypass this problem. Even if I did, does an "accept" rule then cause flooding, since if it doesn't, what's the point of burning those CPU cycles?

What I've ended up doing instead is allowing flooding of unknown multicast on the three switch ports that need to consume mDNS, then rely on the IGMP querier to pinch off IPTV after a minute or two.

Is there a less ugly solution? Hopefully one not involving CPU rules, since I'm trying to use this more as a switch than as a router.

Who is online

Users browsing this forum: Briancer, Google [Bot], GoogleOther [Bot], lurker888 and 55 guests