How to connect ISP IPTV STB on router at Location B, with the following network topology?

Hi to everyone!

Sorry if this seems blunt. But it is like so.

Please, take a close look at this picture:

Thank you.

1 Like

After squinting for quite a while, I realize that there is no IPTV box in the diagram.

I assume you want to layer 2 trunk the TV box back to your non-OpenWrt main router and then somehow route it to the TV provider. I would approach this by first making sure that the TV network works properly with the TV box connected directly to the main router. Routing it to the TV provider can be tricky and since you're not using OpenWrt, it is outside the scope of this forum.

After that works, then your plan to add another VLAN and configure the switch at Location B should work like any of the other VLANs that you already have working.

Sending VLANs through an unmanaged switch is not a good practice. Some switches are "transparent" and will pass tagged packets unchanged. Others may drop all tagged packets and it won't work. In the first case there is no potential to isolate networks for security since all VLANs appear on all ports.

Hi, and thank you very much for your feedback.

Yes, it is quite a detailed network topology, and it took me a while to produce it. I am sorry to have made you squint so much.

Well, I've tested it and that STB works both on the wired ports of BOTH the ISP fiber router gateway, AND the HUAWEI K562, wireless repeater (and this was to my amazement, since I was not expecting that it would work on the HUAWEI K562, since it connects to the ISP router by means of a wireless connection).

So, if your assumption about the insecurity of the unmanaged switch holds, then I should remove this switch from the equation, and purchase some other (managed) switch, would it be so? Could I try to debug some more if there is any 'interference' between the location B router VLAN.40 and the non OpenWrt router?

Thank you very much for your help!

The TV box needs to work on the downstream side of the non-OpenWrt main router. You have not tested that yet. Your approach so far was to set up a network for it and route it. Or you could merely bridge the TV VLAN through it to the WAN side and make it passively part of the upstream network.

Hi,

Sorry for having mixed this up.

Yes I haven't tested it yet with the downstream non OpenWrt router.

Maybe it could work on the generic untagged interface. I will try that at once.

Meanwhile, (again) I don't quite follow you when you refer 'bridge the TV VLAN through it to the WAN side and make it passively part of the upstream network'

(What I understand by this is that I should create an additional bridge interface that would unite the downstream TV VLAN with the upstream ISP ROUTER LAN). I was looking for a way to do it without compromising the actual topology that I have. And there you are saying that it could be one way to do it. That is comforting somehow.
Thank you.

I am going to investigate that path and also check if the ISP STB can work behind that ARCH Router.

See you soon.

Hi, @mk24, now, I've tested the scenario with the ISP STB connected to the ARCH ROUTER. Unsuccessfully. So I believe that the first issue I have to solve is with the ARCH ROUTER itself.

Since it is a systemd-networkd managed system, what, if any, suggestions for reading, would you, @mk24, care to give?

Mind you, as this seems the right thing to do, I am going to forward this same issue/question, to the Arch Linux forums.

Nevertheless, since this spans several environments, I think that it is still advisable that the global outcome should be reported on all the pertaining (support) forums. This is why I am placing this question here on OpenWrt as well.

Thank you.

Hello again @mk24 .

I've been absent from this forum somehow because I've been losing my mind about trying to accomplish the deed of getting that ISP IPTV STB behind those network routers I've described earlier. Also I've edited the first post so that the image doesn't end up being so difficult to look at. Maybe you've noticed that already, and do forgive me for not doing that originally, it was a mishap.

Well, moving on, I've installed x86 EFI image on a flash pen and booted it up.

Did some testing and I can positively affirm that the x86 machine can handle that ISP STB alright.

Since it has two "adapters" (?) I can connect the x86 router up to the ISP gateway on one adapter and serve the IPTV down through the second adapter. I think I only had to set one bridge uniting lan with wan and be mindful that it had the settings for the igmp snooping and igmp version 3 enabled. Do not quote me about being sure if the x86 version had already the igmpproxy utility installed, because, unfortunately I'm not sure right now. That's how mixed up already I am after spending literally several days on this setup. Insane isn't it... Oh well ...

So I established that the x86 machine can handle the direct connection.

My questions now are:

How can I "export" that connection onto a subrouter.

Mind you I need to connect those 2 routers so that at least the subrouter can offer both Internet to its clients and the ISP IPTV STB service as well.

My presumptions right now are that:

  1. I need to set up a (only one?) trunk vlan between the x86 and the other openwrt router? Why the "only one" question? Because I think I have to set up igmp snooping for the STB to work properly. But this snooping can only be set on a bridge device, right? So maybe I should make at least 2 bridges. Both on top of vlan configured interfaces. How many trunk vlan bridges could there exist on a 801q device? (Does this seem feasible/doable?)

Can you @mk24 , (or anyone else reading these awkward lines, that may have some insight to this setup), mind to help somehow?

Thank you!

Hi to everyone!

I've “managed” to have a workaround for this issue:

I am using, currently, the Cudy WR2100, MediaTek MT7621 ver:1 eco:3, that I was using to test that setup, but in a different situation, as a “workaround” solution.

Furthermore, I gave up wanting to do what apparently is impossible, to head on to some other solution (which, BTW seems to be working satisfactorily):

The “solution” (apparently) is to use relayd and a direct “wireless connection” to the ISP router gateway, to set up a “wireless” (to wired) transparent bridge between that router gateway and the ISP's own STB. It is working alright, although there are some doubts, (caveats, perhaps), that are “bugging” me and unsettling my otherwise cheerful moment.

I am referring to enormous traffic on the involved interfaces: almost 400 GB in almost 8 hours!!! (Isn't this somehow strange/awkward/or unsustainable by the router's hardware)???

And the second consideration: Could I, use the other OpenWrt router instead of this one, to perform this “relayd” work? What I mean by this is:

Since it is already an access point to “subnetworks” that are “layered under” the main ISP's managed network, if I would then (conceptually, at least) provide a direct connection from the subrouters to the main ISP one, (and by that way, circumventing my own router that I have set to manage the subnets already in place), wouldn't I be hindering completely the preexisting network topology? I am thinking of network loops and the like, and in effects such as complete wreak of my network. Does this make sense? Or on the other hand, would it be alright to try to figure it out?

Finally, as a token of my appreciation, here is the whole configuration narrative that I used, along with its configuration files and other settings:

First, by your preferred fashion (luci web interface or by opkg method), install these packages:

luci-proto-relay
igmpproxy

Then, making sure to adapt to your hardware and network topology/addressing space:

# cat /etc/config/network :



config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd3a:7eb7:e821::/48'
option packet_steering '1'

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option igmp_snooping '1'
option multicast '1'
option igmpversion '3'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'

config interface 'wwan'
option proto 'static'
option ipaddr '192.168.115.242'
option netmask '255.255.255.0'
option gateway '192.168.115.254'
list dns '192.168.115.254'

config interface 'relay_bridge'
option proto 'relay'
option ipaddr '192.168.115.242'
list network 'lan'
list network 'wwan'

config device
option name 'phy1-sta0'
option multicast '1'

# cat /etc/config/igmpproxy :


config igmpproxy
        option quickleave '1'

config phyint
        option network 'wwan'
        option zone 'wwan'
        option direction 'upstream'
        option altnet '0.0.0.0/0'

config phyint
        option network 'lan'
        option zone 'lan'
        option direction 'downstream'
        option altnet '192.168.115.0/24'

# cat /etc/config/dhcp :



# yes, that is right, the file should look like this with empty lines!

# cat /etc/config/firewall :


# yes, that is right, the file should look like this with empty lines (as well)!

Then, enable (but also disable) the necessary services:

# /etc/init.d/relayd enable
# /etc/init.d/relayd start


# /etc/init.d/igmpproxy enable
# /etc/init.d/igmpproxy start


# /etc/init.d/firewall disable
# /etc/init.d/firewall stop


# /etc/init.d/dnsmasq disable
# /etc/init.d/dnsmask stop

And check if they are like so:

# service

Usage: service <service> [command]
/etc/init.d/boot                   enabled         stopped
/etc/init.d/bootcount              enabled         stopped
/etc/init.d/cron                   enabled         stopped
/etc/init.d/dnsmasq               disabled         stopped
/etc/init.d/done                   enabled         stopped
/etc/init.d/dropbear               enabled         running
/etc/init.d/firewall              disabled         stopped
/etc/init.d/gpio_switch            enabled         stopped
/etc/init.d/igmpproxy              enabled         running
/etc/init.d/led                    enabled         stopped
/etc/init.d/log                    enabled         running
/etc/init.d/network                enabled         running
/etc/init.d/odhcpd                 enabled         running
/etc/init.d/packet_steering        enabled         stopped
/etc/init.d/relayd                 enabled         running
/etc/init.d/rpcd                   enabled         running
/etc/init.d/sysctl                 enabled         stopped
/etc/init.d/sysfixtime             enabled         stopped
/etc/init.d/sysntpd                enabled         running
/etc/init.d/system                 enabled         stopped
/etc/init.d/ucitrack               enabled         stopped
/etc/init.d/uhttpd                 enabled         running
/etc/init.d/umount                 enabled         stopped
/etc/init.d/urandom_seed           enabled         stopped
/etc/init.d/urngd                  enabled         running
/etc/init.d/wpad                   enabled         running

Finally, reboot the router and (hopefully) behold!

Thank you for your attention/reading, and my only questions for now, before I set this thread as solved, are the ones that I made above (on this same post). Do they have a solution? If not, then, I will return here to set this thread issue as solved. Even if not addressing the original question, in fact it seems to me, that it is in a satisfactory status now.

Thank you all for reading and see you all (hopefully) soon!

Cheers!

2 Likes