Hi,
I would like to use a Raspberry Pi 4 as a Multicast Router, here is the network I like to realize:
The any source Multicast uses the IGMPv3 protocol (ttl=1) the UDP packages have a ttl of 16.
I have installed smcroute, so I can see the multicast routing, here is the show output:
root@OpenWrt:~# smcroutectl show
(*,G) Template Rules
ROUTE (S,G) IIF OIFS
(*, 225.3.2.1) eth0
(*, 225.0.0.0/24) eth0
(S,G) Rules
ROUTE (S,G) IIF OIFS
(192.168.1.42, 225.1.2.3) eth0
Kernel MFC Table
ROUTE (S,G) IIF OIFS
(192.168.1.42, 225.1.2.3) eth0
(192.168.101.201, 239.255.255.250) eth0.101
(192.168.101.240, 224.0.23.12) eth0.101
(192.168.101.201, 239.0.0.1) eth0.101
(192.168.101.140, 224.0.23.12) eth0.101
(192.168.102.150, 224.0.23.12) eth0.102
(192.168.100.235, 239.255.255.250) eth0.100
(192.168.101.240, 239.255.255.250) eth0.101
For testing, I have added all VLANs to the LAN Zone, if I add the Multicast Route manually with:
smcroutectl add eth0.99 224.0.23.12 eth0.101 eth0.102
smcroutectl add eth0.101 224.0.23.12 eth0.99 eth0.102
smcroutectl add eth0.102 224.0.23.12 eth0.99 eth0.101
the Multicast works as aspekted. Here are my Questions:
- How I can realize the Multicast 224.0.23.12 routing between the VLANs automatically?
- Do I need to add the VLANs to a bridge and create an interface for the bridge? Apart from Multicast communication, no other communication between the VLANs should be possible. But from the VLAN eth0.99 should be possible to communicate to all VLANs.
Here is my config:
root@OpenWrt:~# ubus call system board
{
"kernel": "5.4.179",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.4",
"board_name": "raspberrypi,4-model-b",
"release": {
"distribution": "OpenWrt",
"version": "21.02.2",
"revision": "r16495-bf0c965af0",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt 21.02.2 r16495-bf0c965af0"
}
}
root@OpenWrt:~# uci export network
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdb2:acc5:1bc9::/48'
config device
option name 'br-lan'
option type 'bridge'
option bridge_empty '1'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option type '8021q'
option ifname 'eth0'
option vid '10'
option name 'eth0.10'
config interface 'wan'
option proto 'dhcp'
option device 'eth0.10'
config device
option type '8021q'
option ifname 'eth0'
option vid '99'
option name 'eth0.99'
config device
option type '8021q'
option ifname 'eth0'
option vid '100'
option name 'eth0.100'
config device
option type '8021q'
option ifname 'eth0'
option vid '101'
option name 'eth0.101'
config device
option type '8021q'
option ifname 'eth0'
option vid '102'
option name 'eth0.102'
config interface 'MGMTknx'
option proto 'static'
option device 'eth0.99'
option ipaddr '192.168.99.1'
option netmask '255.255.255.0'
config interface 'GSA'
option proto 'static'
option device 'eth0.100'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
config interface 'WHG101'
option proto 'static'
option device 'eth0.101'
option ipaddr '192.168.101.1'
option netmask '255.255.255.0'
config interface 'WHG102'
option proto 'static'
option device 'eth0.102'
option ipaddr '192.168.102.1'
option netmask '255.255.255.0'
config device
option name 'eth0'
config device
option type 'bridge'
option name 'knx-br'
list ports 'eth0.101'
list ports 'eth0.102'
list ports 'eth0.99'
option bridge_empty '1'
option multicast_querier '1'
option query_interval '1500'
root@OpenWrt:~# uci export dhcp
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'GSA'
option interface 'GSA'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config dhcp 'MGMTknx'
option interface 'MGMTknx'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config dhcp 'WHG101'
option interface 'WHG101'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config dhcp 'WHG102'
option interface 'WHG102'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config host
option name 'abb-ipr'
option ip '192.168.101.140'
option mac '00:0C:DE:FF:FF:FA'
config host
option name 'abb-ipr'
option ip '192.168.102.150'
option mac '00:0C:DE:FF:FF:FB'
root@OpenWrt:~# uci export firewall
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'MGMTknx'
list network 'GSA'
list network 'WHG101'
list network 'WHG102'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
Thanks.