search

pali / igmpproxy

IGMP multicast routing daemon
Other
150 stars 77 forks source link

igmpproxy seemingly bypassed for UDP stream #73

Open Eloque opened 4 years ago

Eloque commented 4 years ago

I have an KPN combined fibre internet/TV connection. It uses routed IPTV to provide tv service. As such I have IGMP snooping active on my two switches and configured igmpproxy on my firewall Ubuntu 18.04 box.

This is my config

quickleave

phyint eth0 disabled
phyint eth0.6 disabled
phyint ppp0 disabled

phyint enp5s0 downstream ratelimit 0 threshold 1

phyint vlan4 upstream  ratelimit 0  threshold 1
        altnet 0.0.0.0/0

A TV stream starts as unicast, but after a second or so, switches to multicast. I can see an UDP stream of about 8.000kb/s run on vlan4, but it never gets to enp5s0, hence the stream freezes. It's almost as if igmpproxy is ignored. However, as soon as I kill the igmpproxy, the stream also stops.

I would expect it to be forwarded from the vlan4 interface to the enp5s0 lan interface. But this does not happen. The issues is somewhere between the routing and igmpproxy. The routing is, for this test setup, permissive, as in the policy on all interface is ACCEPT.

iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             213.75.112.0/21
MASQUERADE  all  --  anywhere             anywhere

iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

This an overview of the network itself image

This is an overview of the current routing when igmpproxy is running;

Current routing table (Insert Route):
-----------------------------------------------------
#0: Dst: 225.0.71.1, Age:2, St: I, OutVifs: 0x00000001
#1: Dst: 224.3.2.6, Age:2, St: I, OutVifs: 0x00000001
#2: Dst: 224.0.252.127, Age:2, St: I, OutVifs: 0x00000001
#3: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001
#4: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000001
-----------------------------------------------------

I can see similar tables being active on the DSG-1100 units. I am looking at this issues from mulitple angles, but so far have not find a solution or cause.

pali commented 4 years ago

I can see an UDP stream of about 8.000kb/s run on vlan4, but it never gets to enp5s0

Can you check (e.g. via tcpdump) on ubuntu box that above UDP stream really is not available on enp5s0?

However, as soon as I kill the igmpproxy, the stream also stops.

This should prove that igmpproxy correctly received IGMP packets from enp5s0 for joining multicast group and also correctly forwarded join request to vlan4.

Two things could help:

Eloque commented 4 years ago

I will update and create the logs as well as run the tcpdump.

NikolayOst commented 4 years ago

Hi, Eloque I have near same setup also on kpn just run igmpproxy on openwrt.

1) if IGMP snooping is enabled on GS-1100-08? In my case it freesing then I remove mark in checkbox on my GS116ev2 and come back then I enable it again.

2) here is very helpfull manual with I use: https://www.benweb.eu/articles/technical/kpn-glasvezel-met-lede-openwrt-fork/

Eloque commented 4 years ago

Thanks for the comments;

  1. if IGMP snooping is enabled on GS-1100-08? In my case it freesing then I remove mark in checkbox on my GS116ev2 and come back then I enable it again.

IGMP Snooping is on. If I run the Experia box that came with the product, it works over those switches. So I am inclined to think the issue is in the router/Ubuntu box.

  1. here is very helpfull manual with I use: https://www.benweb.eu/articles/technical/kpn-glasvezel-met-lede-openwrt-fork/

I've read that one. It's either the igmpproxy or the iptables that are not working properly. I am investigating both.

Eloque commented 4 years ago

I've cloned from Git and build igmproxy.

I then ran the proxy while capturing the log. I can see on iptraf-ng that about 8000kb/s UDP traffic is generated but no traffic on the enp5s0 interface after the unicast period.

The log is from changing the channels 2 times. Both those times, video and sounds comes on, stutters, and then stops. Tge 192.168.40.78 ip is the target STB.

igmplog.txt