Community discussions

MikroTik App
 
misterm
just joined
Topic Author
Posts: 4
Joined: Sat Jan 22, 2022 1:23 pm

rv5900 igmp-proxy

Sat Jan 22, 2022 1:30 pm

Hi

I just bought my rb5900 a couple of days a go for my isp in the Netherlands. My isp providers tv and internet over 2 vlan's where the tv signals are send over multicast.
I configured my rb5900 with igmp-snooping and igmp-proxy but what ever i try the rb5009 drops the multicasts.

With the same config applied on the rb750 no issues
/interface bridge
add arp=proxy-arp igmp-snooping=yes name=bridge-local protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp l2mtu=1598 loop-protect=off
set [ find default-name=ether2 ] l2mtu=1598
/interface vlan
add interface=ether1 name=vlan1.4 vlan-id=4
add interface=ether1 loop-protect=off name=vlan1.6 vlan-id=6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option sets
add name=IPTV options=option60-vendorclass
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge-local lease-time=1h30m name=\
    dhcp1
/ppp profile
set *0 only-one=yes use-compression=yes use-ipv6=no use-upnp=no
add name=default-ipv6 only-one=yes use-compression=yes use-upnp=no
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=vlan1.6 \
    keepalive-timeout=20 max-mru=1500 max-mtu=1500 name=pppoe-client profile=\
    default-ipv6 user=1234@provider
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    disabled=yes disabled=yes name=zt1 port=9993
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6
add bridge=bridge-local interface=ether7
add bridge=bridge-local interface=ether8
/ip address
add address=192.168.1.1/24 interface=bridge-local network=192.168.1.0
/ip dhcp-client
add default-route-distance=210 dhcp-options=option60-vendorclass interface=\
    vlan1.4 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input in-interface=pppoe-client protocol=icmp
add action=accept chain=input connection-state=related
add action=accept chain=input connection-state=established
add action=reject chain=input in-interface=pppoe-client protocol=tcp \
    reject-with=icmp-port-unreachable
add action=reject chain=input in-interface=pppoe-client protocol=udp \
    reject-with=icmp-port-unreachable
/ip firewall nat
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    213.75.112.0/21 out-interface=vlan1.4
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    217.166.0.0/16 out-interface=vlan1.4
add action=masquerade chain=srcnat comment="Needed for internet" \
    out-interface=pppoe-client src-address=192.168.1.0/24
/ip upnp
set show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-client type=external
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan1.4 upstream=yes
add interface=bridge-local
/system clock
set time-zone-name=Europe/Amsterdam
/system routerboard settings
set cpu-frequency=auto
compared with the rb750
/interface bridge
add arp=proxy-arp igmp-snooping=yes name=bridge-local protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp l2mtu=1598 loop-protect=off
set [ find default-name=ether2 ] l2mtu=1598
/interface vlan
add interface=ether1 name=vlan1.4 vlan-id=4
add interface=ether1 loop-protect=off name=vlan1.6 vlan-id=6
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=vlan1.6 \
    keepalive-timeout=20 max-mru=1500 max-mtu=1500 name=pppoe-client \
    password=1234 user=1234@provider
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option sets
add name=IPTV options=option60-vendorclass
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-local lease-time=\
    1h30m name=dhcp1
/ppp profile
set *0 only-one=yes use-compression=yes use-upnp=no
/routing bgp instance
set default disabled=yes
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.1.1/24 interface=bridge-local network=192.168.1.0
/ip dhcp-client
add default-route-distance=210 dhcp-options=option60-vendorclass disabled=no \
    interface=vlan1.4 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip firewall filter

add action=accept chain=input in-interface=pppoe-client protocol=icmp
add action=accept chain=input connection-state=related
add action=accept chain=input connection-state=established

add action=reject chain=input in-interface=pppoe-client protocol=tcp \
    reject-with=icmp-port-unreachable

add action=reject chain=input in-interface=pppoe-client protocol=udp \
    reject-with=icmp-port-unreachable
/ip firewall nat
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    213.75.112.0/21 out-interface=vlan1.4
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    217.166.0.0/16 out-interface=vlan1.4

add action=masquerade chain=srcnat comment="Needed for internet" \
    out-interface=pppoe-client src-address=192.168.1.0/24
/ip upnp
set show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-client type=external
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan1.4 upstream=yes
add interface=bridge-local
/system clock
set time-zone-name=Europe/Amsterdam
/system logging
add topics=igmp-proxy
/tool user-manager database
set db-path=flash/user-manager
I am completely lost... any advise on what to try next?
 
Ady262
just joined
Posts: 4
Joined: Sat Dec 18, 2021 2:10 am

Re: rv5900 igmp-proxy

Thu Jan 27, 2022 4:01 pm

See here, it looks like the same thing maybe?
viewtopic.php?p=906140#p906140
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: rv5900 igmp-proxy

Thu Jan 27, 2022 7:15 pm

Your config looks right.

The RB5009 on ROS 7.1.1 and 7.2rc1 has issues with DSCP and VLAN IDs and priorities.
The initial report was about troubles with outgoing PPPoE and VLANs. Other users have reported the same also for VLAN ifaces directly attached to physical etherX interfaces, breaking SIP over VLAN.

It seams the RB5009 messes up with VLAN and VLAN priorities on WAN interfaces.
If possible, try to sniff for in/out IGMP on WAN connection and RTP streams if it gets so far to establish them.

If you encounter wrong VLAN IDs and or priorities, it can be worked around by adding a Raw post-routing FW rule on thw WAN facing iface to adjust wrong values befor they travel towards WAN.

For know, I gave up with MDNS Proxy on RB5009 and temorarly solved the problem by adding a VLAN passing the WAN to an untagged access port for the TV box. This way the TV IGMP/RTP traffic flows around the NAT on L2. This works well with the l2hw offload for VLAN bridging in RB5009.
This might not work dpending on your ISP IPTV and the CPE in place. But if it does, it works very reliable.
 
maxb
newbie
Posts: 34
Joined: Wed Feb 12, 2014 4:42 am

Re: rv5900 igmp-proxy

Fri Jan 28, 2022 2:41 am

I'm also experiencing SIP issues (in my case provisionning) with PPPoE on a VLAN interface on both RB5009UG+S+IN & RB4011iGS+RM.... Let's hope Mikrotik is able to fix those VLAN bugs...
 
Ady262
just joined
Posts: 4
Joined: Sat Dec 18, 2021 2:10 am

Re: rv5900 igmp-proxy

Fri Jan 28, 2022 1:05 pm

I have it configured like this, PPPoE+multicast on VLAN:
/interface bridge
add igmp-snooping=yes mtu=1588 multicast-querier=yes name=bridge1 \
    protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1596
set [ find default-name=ether2 ] l2mtu=1596
set [ find default-name=ether3 ] l2mtu=1596
set [ find default-name=ether4 ] l2mtu=1596
set [ find default-name=ether5 ] l2mtu=1596
set [ find default-name=ether6 ] l2mtu=1596
set [ find default-name=ether7 ] l2mtu=1596
set [ find default-name=ether8 ] l2mtu=1596
set [ find default-name=sfp-sfpplus1 ] l2mtu=1596 rx-flow-control=auto \
    tx-flow-control=auto
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether8 name=pppoe-out1 \
    service-name=ccr user=username
/interface vlan
add interface=ether8 name=vlan602 vlan-id=602
add interface=ether8 name=vlan606 vlan-id=606
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.50-192.168.1.200
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=1h name=dhcp1
/interface bridge filter
add action=set-priority chain=forward disabled=yes in-interface=vlan606 \
    new-priority=7 out-interface=ether5 packet-type=multicast passthrough=no
add action=drop chain=forward out-interface=vlan606 packet-type=!multicast
add action=drop chain=output out-interface=vlan606 packet-type=!multicast
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether1
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
add bridge=bridge1 ingress-filtering=no interface=ether6
add bridge=bridge1 ingress-filtering=no interface=ether7
add bridge=bridge1 ingress-filtering=no interface=vlan606
add bridge=bridge1 interface=sfp-sfpplus1
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-client
add add-default-route=no interface=vlan602 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1,8.8.8.8 gateway=192.168.1.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=drop chain=input icmp-options=8:0 in-interface=pppoe-out1 \
    protocol=icmp
add action=drop chain=input icmp-options=8:0 in-interface=vlan602 protocol=\
    icmp
add action=drop chain=input disabled=yes icmp-options=8:0 in-interface=\
    bridge1 protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip route
add disabled=no dst-address=192.168.200.0/29 gateway=192.168.250.1
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add interface=vlan606 upstream=yes
add interface=bridge1
it works for me, but I'm waiting for them to fix the filters
 
hmmbob
just joined
Posts: 8
Joined: Mon Jan 03, 2022 4:53 pm

Re: rv5900 igmp-proxy

Fri Jan 28, 2022 5:16 pm

Hi

I just bought my rb5900 a couple of days a go for my isp in the Netherlands. My isp providers tv and internet over 2 vlan's where the tv signals are send over multicast.
I configured my rb5900 with igmp-snooping and igmp-proxy but what ever i try the rb5009 drops the multicasts.

With the same config applied on the rb750 no issues
/interface bridge
add arp=proxy-arp igmp-snooping=yes name=bridge-local protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp l2mtu=1598 loop-protect=off
set [ find default-name=ether2 ] l2mtu=1598
/interface vlan
add interface=ether1 name=vlan1.4 vlan-id=4
add interface=ether1 loop-protect=off name=vlan1.6 vlan-id=6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option sets
add name=IPTV options=option60-vendorclass
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge-local lease-time=1h30m name=\
    dhcp1
/ppp profile
set *0 only-one=yes use-compression=yes use-ipv6=no use-upnp=no
add name=default-ipv6 only-one=yes use-compression=yes use-upnp=no
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=vlan1.6 \
    keepalive-timeout=20 max-mru=1500 max-mtu=1500 name=pppoe-client profile=\
    default-ipv6 user=1234@provider
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    disabled=yes disabled=yes name=zt1 port=9993
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6
add bridge=bridge-local interface=ether7
add bridge=bridge-local interface=ether8
/ip address
add address=192.168.1.1/24 interface=bridge-local network=192.168.1.0
/ip dhcp-client
add default-route-distance=210 dhcp-options=option60-vendorclass interface=\
    vlan1.4 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input in-interface=pppoe-client protocol=icmp
add action=accept chain=input connection-state=related
add action=accept chain=input connection-state=established
add action=reject chain=input in-interface=pppoe-client protocol=tcp \
    reject-with=icmp-port-unreachable
add action=reject chain=input in-interface=pppoe-client protocol=udp \
    reject-with=icmp-port-unreachable
/ip firewall nat
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    213.75.112.0/21 out-interface=vlan1.4
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    217.166.0.0/16 out-interface=vlan1.4
add action=masquerade chain=srcnat comment="Needed for internet" \
    out-interface=pppoe-client src-address=192.168.1.0/24
/ip upnp
set show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-client type=external
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan1.4 upstream=yes
add interface=bridge-local
/system clock
set time-zone-name=Europe/Amsterdam
/system routerboard settings
set cpu-frequency=auto
compared with the rb750
/interface bridge
add arp=proxy-arp igmp-snooping=yes name=bridge-local protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp l2mtu=1598 loop-protect=off
set [ find default-name=ether2 ] l2mtu=1598
/interface vlan
add interface=ether1 name=vlan1.4 vlan-id=4
add interface=ether1 loop-protect=off name=vlan1.6 vlan-id=6
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=vlan1.6 \
    keepalive-timeout=20 max-mru=1500 max-mtu=1500 name=pppoe-client \
    password=1234 user=1234@provider
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option sets
add name=IPTV options=option60-vendorclass
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-local lease-time=\
    1h30m name=dhcp1
/ppp profile
set *0 only-one=yes use-compression=yes use-upnp=no
/routing bgp instance
set default disabled=yes
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.1.1/24 interface=bridge-local network=192.168.1.0
/ip dhcp-client
add default-route-distance=210 dhcp-options=option60-vendorclass disabled=no \
    interface=vlan1.4 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip firewall filter

add action=accept chain=input in-interface=pppoe-client protocol=icmp
add action=accept chain=input connection-state=related
add action=accept chain=input connection-state=established

add action=reject chain=input in-interface=pppoe-client protocol=tcp \
    reject-with=icmp-port-unreachable

add action=reject chain=input in-interface=pppoe-client protocol=udp \
    reject-with=icmp-port-unreachable
/ip firewall nat
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    213.75.112.0/21 out-interface=vlan1.4
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=\
    217.166.0.0/16 out-interface=vlan1.4

add action=masquerade chain=srcnat comment="Needed for internet" \
    out-interface=pppoe-client src-address=192.168.1.0/24
/ip upnp
set show-dummy-rule=no
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=pppoe-client type=external
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=vlan1.4 upstream=yes
add interface=bridge-local
/system clock
set time-zone-name=Europe/Amsterdam
/system logging
add topics=igmp-proxy
/tool user-manager database
set db-path=flash/user-manager
I am completely lost... any advise on what to try next?
KPN?

But: enable "multicast_querier" on your bridge and you should be good. Took me forever to figure that out, appears this was enabled by default / differently in rOS 6.4x - hence why migrating (or netwerkje.com) settings isn't working from the box.

edit: Which is what Ady262 linked to before, kudos.
edit2: Oh, and if it is KPN (or any of the sub brands): IPv6 won't work yet. Issue described above.
 
huntermic
Member Candidate
Member Candidate
Posts: 111
Joined: Wed Oct 26, 2016 3:42 pm

Re: rv5900 igmp-proxy

Fri Jan 28, 2022 5:21 pm

I'm also using kpn, no "multicast_querier" on bridge needed here as there is an IGMP Proxy interface with "Querier" ( the bridge-local interface ) on the device.

/routing igmp-proxy interface
add interface=bridge-local
add alternative-subnets=10.237.224.0/19,213.75.167.0/24,213.75.112.0/21,217.166.224.0/22 interface=vlan4 upstream=yes

Who is online

Users browsing this forum: No registered users and 19 guests