I'm investigating into networking issues on a Cisco Fabric where multicast traffic originating from an streaming server is being flooded on all ports and the mcast groups aren't listed in the igmp table. Investigating packet captures it turns out that the frames use the mac address of the host's gateway instead of the 'official' 01-00-5E mac-address. I'm a dev with streaming knowledge and not a network engineer so I'm a bit puzzled how this would exactly happen and why this happens. With a simple Python script from here on an Ubuntu 18 box I observe the same behaviour:
tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes 12:51:46.280081 00:50:56:89:ab:8e > 64:9e:f3:aa:16:7f, ethertype IPv4 (0x0800), length 58: (tos 0x0, ttl 32, id 46040, offset 0, flags [DF], proto UDP (17), length 44) 10.15.254.133.36047 > 232.192.192.192.49410: [bad udp cksum 0xb23f -> 0x7d61!] UDP, length 1
so I would like to ask
- Why does this occur? As far as I can find online it's mentioned that multicast de facto uses the 01-00-5E addresses. In reality it doesn't, at least not by default. Is this maybe deprecated?
- How to fix this? Should this be fixed at the hosts, so somehow check the OS layer (the affected host uses Win 2k8 sadly enough)? Or, what I found so far, change the igmp lookup method to ip on the affected network nodes?
No comments:
Post a Comment