Community discussions

MikroTik App
 
jhbarrantes
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Wed Aug 21, 2019 2:56 pm

How VXLAN works with multicast traffic

Fri Feb 03, 2023 1:41 pm

Hi!

I have the following topology in my network
multicast-from-sites.png
A, B and C are three different places (remotes) joined with wireguard tunnels. In site A, there is a multicast server feeding traffic into local bridge by IGMP Proxy, where it can be used with no problem. Local bridge in A contains local ports + one VXLAN, to transport this multicast traffic from A, to B and C (it could be routed using PIM, but I am not clear about how to use this protocol yet). To do it, I have created two different VTEPs, pointing to wireguard's end of tunnel IP. As expected, receivers from B and C can get this multicast traffic and use it as if they were part of A network (in fact, propagating the whole L2 segment from one place to the other). Problem comes with the behavior of the multicast traffic. Whenever B or C request to stream something, both tunnels (VTEPs, so, the wireguard ones) get flooded with multicast. So, if B is requesting a stream of XMbps, VXLAN is consuming 2XMbps, and both wireguard tunnels get traffic. If C also request to stream something, now VXLAN traffic is x4, and 2x for each wireguard tunnel. So let's say the traffic each of the endpoints are requesting, it is sent to both ends, no matter what.

Question is: is this a normal expected behavior with VXLANs or bug? Bear in mind all bridges have (A, B, C) have IGMP Snooping working.

I have tried using local addresses, using different ports for interfaces and VTEPs, etc... an the only solution for stopping the behavior was to create 2xVXLANs (with a different VNIs) on A, each with its own single VTEP, both bridged into A local bridge (downstream interface for IGMP proxy). That way, with a single VXLAN + VTEP per each remote, I can successfully request multicast without duplicating traffic. But in my opinion this is against point to multipoint VXLAN concept, and makes no sense.
I also have real doubts on how to use parameters "Group" and "Interface" inside a VXLAN. I cannot really understand how this can be used (if possible) to mitigate this, or in general how these are used at all.

Mikrotik guys, or anyone with experiences in VXLAN, any suggestion? Shall I open this as a bug?

Find below the current configuration causing issues
# Site A
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=ether1 upstream=yes
add interface=bridge

/interface vxlan
add name=vxlan-multicast port=8472 vni=100
/interface vxlan vteps
add interface=vxlan-multicast port=8472 remote-ip=172.17.0.1
add interface=vxlan-multicast port=8472 remote-ip=172.17.0.5

/interface bridge
add igmp-snooping=yes name=bridge
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=vxlan-multicast


# Site B
/interface vxlan
add name=vxlan-multicast port=8472 vni=100 
/interface vxlan vteps
add interface=vxlan-multicast port=8472 remote-ip=172.17.0.2

/interface bridge
add igmp-snooping=yes name=bridge-multicast
/interface bridge port
add bridge=bridge-multicast interface=ether2
add bridge=bridge-multicast interface=vxlan-multicast


# Site C
/interface vxlan
add name=vxlan-multicast port=8472 vni=100 
/interface vxlan vteps
add interface=vxlan-multicast port=8472 remote-ip=172.17.0.6

/interface bridge
add igmp-snooping=yes name=bridge-multicast
/interface bridge port
add bridge=bridge-multicast interface=ether2
add bridge=bridge-multicast interface=vxlan-multicast

Thanks!
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Google [Bot], johnson73, mhn6868, sted and 76 guests