Wednesday, January 29, 2020

Determine the source of multicast stream

Hello,

I have small network in my home, which contains 1x router, 2x switch, 1x ap, some computers and phones. Aa I also have two servers in cluster (Proxmox) and one QNAP NAS storage, which I used to store the files.

Some months ago I started using IPTV, I have set-top box from Amiko company, and using it to watch television with Kodi. This box is placed on vlan6 (192.168.40.0/24) (which is in LAN segment of the picture) because I know the IPTV traffic should be in separate vlan.

Below you can see logical view of the entire network:

https://i.postimg.cc/Vkck6HB1/Home-networking.jpg

As you see, I'm using Mikrotik hEX as main router, to terminate the ISP public IP address, doing some firewall,NAT and routing stuff. As far the Internet is terminated here, I expect to see some multicast traffic because of IPTV, also Mikrotik have vlan6 enabled, but let see the configuration of the ports:

[admin@hellhound.home.lan] > interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS 0 R ;;; Link to ISP ether1 ether 1500 1596 2026 B8:69:F4:DB:DA:1A 1 RS ;;; Link to Cisco switch ether2 ether 1500 1596 2026 6C:3B:6B:59:94:1D 2 RS ;;; Link to Mikrotik access point ether3 ether 1500 1596 2026 6C:3B:6B:59:94:1E 3 X ;;; Unused ether4 ether 1500 1596 2026 6C:3B:6B:59:94:1F 4 X ;;; Unused ether5 ether 1500 1596 2026 6C:3B:6B:59:94:20 5 R bridge bridge 1500 1596 6C:3B:6B:59:94:1D 7 R ;;; Vlan2 (192.168.0.0/24) vlan2-tag vlan 1500 1592 6C:3B:6B:59:94:1D 8 R ;;; Vlan3 (192.168.10.0/24) vlan3-tag vlan 1500 1592 6C:3B:6B:59:94:1D 9 R ;;; Vlan4 (192.168.20.0/24) vlan4-tag vlan 1500 1592 6C:3B:6B:59:94:1D 10 R ;;; Vlan5 (192.168.30.0/24) vlan5-tag vlan 1500 1592 6C:3B:6B:59:94:1D 11 R ;;; Vlan6 (192.168.40.0/24) vlan6-tag vlan 1500 1592 6C:3B:6B:59:94:1D [admin@hellhound.home.lan] > 1 RS ;;; Link to Cisco switch name="ether2" driver-rx-byte=8 086 346 162 985 driver-rx-packet=8 497 403 137 driver-tx-byte=9 773 452 609 711 driver-tx-packet=9 060 307 937 rx-bytes=8 136 450 389 192 rx-packet=8 500 830 242 rx-too-short=0 rx-64=300 056 rx-65-127=3 184 053 446 rx-128-255=32 101 321 rx-256-511=108 841 856 rx-512-1023=15 702 206 rx-1024-1518=5 167 902 503 rx-too-long=0 rx-broadcast=635 679 rx-pause=0 rx-multicast=7 435 462 rx-fcs-error=0 rx-align-error=0 rx-fragment=0 rx-jabber=0 rx-drop=0 tx-bytes=9 809 890 367 273 tx-packet=9 058 500 770 tx-64=84 233 804 tx-65-127=2 421 432 836 tx-128-255=42 937 817 tx-256-511=137 437 551 tx-512-1023=47 563 760 tx-1024-1518=6 326 702 104 tx-broadcast=230 527 tx-pause=0 tx-multicast=1 576 570 tx-collision=0 tx-excessive-collision=0 tx-multiple-collision=0 tx-single-collision=0 tx-deferred=0 tx-late-collision=0 tx-drop=0 tx-fcs-error=0 2 RS ;;; Link to Mikrotik access point name="ether3" driver-rx-byte=24 904 213 698 driver-rx-packet=31 434 954 driver-tx-byte=117 049 286 733 driver-tx-packet=86 389 672 rx-bytes=25 030 676 572 rx-packet=31 351 349 rx-too-short=0 rx-64=9 944 483 rx-65-127=1 899 968 rx-128-255=3 695 745 rx-256-511=328 864 rx-512-1023=130 332 rx-1024-1518=15 440 208 rx-too-long=0 rx-broadcast=11 047 rx-pause=0 rx-multicast=77 204 rx-fcs-error=0 rx-align-error=0 rx-fragment=0 rx-jabber=0 rx-drop=0 tx-bytes=117 408 472 688 tx-packet=84 677 640 tx-64=5 586 151 tx-65-127=2 562 504 tx-128-255=807 744 tx-256-511=482 810 tx-512-1023=335 192 tx-1024-1518=76 615 271 tx-broadcast=121 167 tx-pause=0 tx-multicast=1 590 865 tx-collision=0 tx-excessive-collision=0 tx-multiple-collision=0 tx-single-collision=0 tx-deferred=0 tx-late-collision=0 tx-drop=0 tx-fcs-error=0

Ok, there is a bridge, which I used to do VLAN tagging things:

https://i.postimg.cc/RVp3XztR/Mikrotik-h-EX-Bridge.jpg

As you see, I'm sending all vlans to the Cisco switch. And I'm only tagging vlan2 and vlan4 to the AP.
So I don't expect to see any multicast traffic on AP interface, but in reality I do. I don't know why..

https://i.postimg.cc/y8XYSXvR/Mikrotik-h-EX-Ether3-Winbox.jpg

Look that, how much multicast traffic I have on ether3, which is connected to ether1 on AP. I can show different picture with the same kind of information:

https://i.postimg.cc/grbmxnh4/Mikrotik-h-EX-Ether3.jpg

Ok, we didn't said anything about cisco equipment, here is the configuration:

interface GigabitEthernet0/1 description Cisco-SG200-08 switchport trunk allowed vlan 2-6 switchport mode trunk ! interface GigabitEthernet0/2 description Do-Not-Work shutdown ! interface GigabitEthernet0/3 description QNAP-TS-431P switchport access vlan 2 switchport mode access ! interface GigabitEthernet0/4 description MikroTik-hEX switchport mode trunk ! interface GigabitEthernet0/5 description proxmox-node-1 switchport trunk native vlan 7 switchport mode trunk ! interface GigabitEthernet0/6 description proxmox-node-2 switchport trunk native vlan 7 switchport mode trunk ! interface Vlan1 no ip address ! interface Vlan2 no ip address ! interface Vlan3 no ip address ! interface Vlan4 no ip address ! interface Vlan5 ip address 192.168.30.6 255.255.255.0 ! interface Vlan6 no ip address ! ############################################################# 2960g#show interfaces GigabitEthernet 0/1 GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0022.bd38.b481 (bia 0022.bd38.b481) Description: Cisco-SG200-08 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 367 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 2000 bits/sec, 2 packets/sec 71462641 packets input, 34064842246 bytes, 0 no buffer Received 1185327 broadcasts (1173073 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 1173073 multicast, 0 pause input 0 input packets with dribble condition detected 179474379 packets output, 252015506771 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out 2960g# 2960g#show interfaces GigabitEthernet0/3 GigabitEthernet0/3 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0022.bd38.b483 (bia 0022.bd38.b483) Description: QNAP-TS-431P MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 435 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 62000 bits/sec, 7 packets/sec 5 minute output rate 55000 bits/sec, 13 packets/sec 1870379854 packets input, 2240692066739 bytes, 0 no buffer Received 141380 broadcasts (101038 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 101038 multicast, 119 pause input 0 input packets with dribble condition detected 1923167326 packets output, 1771972517143 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out 2960g# GigabitEthernet0/4 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0022.bd38.b484 (bia 0022.bd38.b484) Description: MikroTik-hEX MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 6/255, rxload 6/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1134 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 26340000 bits/sec, 3254 packets/sec 5 minute output rate 26607000 bits/sec, 3289 packets/sec 8974430609 packets input, 9809117899373 bytes, 0 no buffer Received 1803510 broadcasts (1601913 multicasts) 0 runts, 1809976 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 1601913 multicast, 0 pause input 0 input packets with dribble condition detected 8508259561 packets output, 8135592732093 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out 2960g# 2960g#show interfaces GigabitEthernet0/5 GigabitEthernet0/5 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0022.bd38.b485 (bia 0022.bd38.b485) Description: proxmox-node-1 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 6/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:04, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 249 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 897000 bits/sec, 1193 packets/sec 5 minute output rate 25555000 bits/sec, 2168 packets/sec 4569823856 packets input, 2655578181223 bytes, 0 no buffer Received 1005668 broadcasts (604305 multicasts) 17 runts, 0 giants, 0 throttles 17 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 604305 multicast, 4171 pause input 0 input packets with dribble condition detected 6100296857 packets output, 7939546009895 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out 2960g#

You can see the counters, broadcasts and multicast.
The picture attached below are saying exactly the same:

https://i.postimg.cc/d3yJQ8hL/Cisco-2960-G-Gigabit-Ethernet0-1.jpg
https://i.postimg.cc/wBwqwxKT/Cisco-2960-G-Gigabit-Ethernet0-3.jpg
https://i.postimg.cc/LX7HMy6c/Cisco-2960-G-Gigabit-Ethernet0-4.jpg
https://i.postimg.cc/mDhbJxR3/Cisco-2960-G-Gigabit-Ethernet0-5.jpg

We didn't said anything about IGMP on the Cisco switch, but there is no any configuration related to that, I mean the configuration is running on it's defaults.

2960g#show ip igmp snooping Global IGMP Snooping configuration: ------------------------------------------- IGMP snooping : Enabled IGMPv3 snooping (minimal) : Enabled Report suppression : Enabled TCN solicit query : Disabled TCN flood query count : 2 Robustness variable : 2 Last member query count : 2 Last member query interval : 1000 Vlan 1: -------- IGMP snooping : Enabled IGMPv2 immediate leave : Disabled Multicast router learning mode : pim-dvmrp CGMP interoperability mode : IGMP_ONLY Robustness variable : 2 Last member query count : 2 Last member query interval : 1000 Vlan 2: -------- IGMP snooping : Enabled IGMPv2 immediate leave : Disabled Multicast router learning mode : pim-dvmrp CGMP interoperability mode : IGMP_ONLY Robustness variable : 2 Last member query count : 2 Last member query interval : 1000

So on, so forth for all vlan's and interfaces.
There is no IGMP querier configured, no filters, simply nothing.

Regarding the articles which I've read in Internet, because vlan snooping is enables, the vlan flow have to be restricted only to his vlan (broadcast domain), but why I'm seeing all of this broadcast, multicast on AP's interface? There is no such vlan configured to pass through.

Same applies for QNAP port, even the QNAP port is in access mode, it doesn't care about vlan at all.
So maybe I missed some basic things, but I'm not network guy, I just like to play with networking and servers.

Any help/advice will be appreciated.
Thanks.



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)