Open Alt0S04 opened 2 months ago
Try to add 224.1.1.1 or all multicast range to a forward chain and direct it to the nflog group 2. I am testing multicast streaming through FRR DMVPN now. If I do not forward the stream to the nflog group, GRE header has dst address - multicast address. If I forward the stream to nflog, it has the correct GRE header. Something like this:
table ip filter {
chain INPUT {
type filter hook input priority filter; policy accept;
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
oifname "tunnel1" ip daddr 224.1.1.1/32 log group 2
oifname "tunnel1" ip daddr 224.1.1.1/32 drop
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
oifname "tunnel1" ip daddr 224.0.0.0/24 log group 2
oifname "tunnel1" ip daddr 224.0.0.0/24 drop
}
}
Hello Apostoliuk,
I tried your solution, which involved adding a configuration in nftables.conf, but it didn’t solve the issue on my end.
My main problem is that I can only get multicast traffic to flow in one direction in my DMVPN. Multicast 1 can send a video to Multicast 2, but not the other way around. I’m not sure if this issue is due to the type of PIM I used or because I’m using a DMVPN.
Description
Hello, I am currently testing multicast video streaming through a DMVPN using a Cisco Hub and two Spoke FRR. I'm stuck in my tests because only the Hub to Spoke direction works, whereas I'd be more interested in the Spoke to Hub direction. Unfortunately, this direction doesn't work with my current configuration and I've searched and searched, but I can't find a solution. I am using OSPF as a routing protocol, and it is working very well through the DMVPN.
Here's a diagram of my topology:
To make things easier to understand, I'll only be talking about the Hub and a single Spoke (FRR-Spoke-1). To generate multicast streams, I use VLC on Windows machines on both sides of the topology. In the Hub --> Spoke direction, I ask Multicast 1 to broadcast and Multicast 2 to receive. This works very well and I can see the stream reaching Multicast 2:
I've done the opposite operation for the Spoke --> Hub direction (Multicast 2 --> Multicast 1), and I have two possible scenarios:
1: If I run the test quickly (about 5 minutes) after first diffuse in the Hub --> Spoke direction, the broadcast works and I see the stream passing through, but I also see the registration request to the RP (HUB) passing through at the same time:
2: If I run the test without having broadcast in the Hub --> Spoke direction beforehand or too long afterwards, the broadcast doesn't work and I get Register-Stops from the RP:
I would like to clarify that I have tried the NHRP authentication recently added to my topology, so the issue is not related to this command. Below, you will find the configuration of my Cisco HUB and my FRR Spoke. I am using tagged sub-interfaces on both sides of my topology for the clients behind my Hub and Spoke. I also tried without the sub-interfaces, but I encountered the same issue. Thank you in advance for the help provided 👍
HUB Cisco :
Spoke FRR (frr.conf)
Spoke FRR (interfaces.conf)
Spoke FRR (nftables.conf)
Version
How to reproduce
1: Reproduce the explained topology 2: Broadcast first from HUB --> SPK, then from SPK --> HUB to achieve scenario 1 3: Broadcast only from SPK --> HUB to achieve scenario 2
Expected behavior
Broadcast working as expected (SPK --> HUB)
Actual behavior
Broadcast not working as expected (SPK --> HUB)
Additional context
No response
Checklist