User Tools

Site Tools


doc:howto:udp_multicast

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:udp_multicast [2013/04/20 06:47]
gatak
doc:howto:udp_multicast [2015/01/11 00:08] (current)
lystor altnet fix
Line 1: Line 1:
 +====== IPTV / UDP multicast ======
 +Lots of ISPs provide their users with an IPTV service, usually done via IPv4 UDP multicasting. This document aims to explain how to make it work for most common scenarios.
  
 +===== Basic concepts =====
 +When a host wants to start receiving UDP multicast traffic, it needs to subscribe itself to a "UDP multicast group"​. Control of multicast groups is archived with IGMP protocol. Once a host is subscribed, all the traffic for this group is sent to it using [[http://​en.wikipedia.org/​wiki/​IP_multicast#​Layer_2_delivery|broadcast L2 frames]]. This detail is important because common bridges just pass all the broadcast traffic to all the ports. So if you use Linux to bridge wireless and wired networks (usual scenario for home LANs) and you subscribe to a multicast group from one of the wired clients, the wireless will be hogged too. Luckily, starting from 2.6.34, the kernel has IGMP snooping feature for the software bridges (disabled by default in OpenWrt) which should prevent unnecessary traffic on ports that were not actually subscribing.
 +
 +Another important consideration is that multicasting over wireless doesn'​t usually work as one might expect since it uses the lowest possible bitrate (to enable all clients to "​hear"​ it) and also employs special tricks for power-saving. Basically, this makes multicasting useless for IPTV.
 +
 +===== Solutions =====
 +Thanks to IGMP snooping, igmpproxy should no longer cause wifi hogging and so you can have both igmpproxy and udpxy configured and running, accessing IPTV over wifi with udpxy when needed.
 +
 +Please note, that IGMP snooping is only available when **kmod-bridge** package is installed.
 +
 +==== IGMP proxy ====
 +If your client is behind NAT, it can't subscribe to multicast directly, so it needs some kind of proxy to do it for him. OpenWrt comes with [[http://​sourceforge.net/​projects/​igmpproxy|igmpproxy utility]] to do that automatically. ​
 +
 +First you need to install package - opkg install igmpproxy
 +
 +
 +You need to edit ''/​etc/​config/​igmpproxy''​ according to your setup:
 +<​code>​
 +config igmpproxy
 +        option quickleave 1
 +
 +config phyint
 +        option network wan
 +        option direction upstream
 +        list altnet 0.0.0.0/0
 +
 +config phyint
 +        option network lan
 +        option direction downstream
 +</​code>​
 +
 +
 +=== Network interface settings ===
 +
 +You need to enable IGMP snooping on your LAN interface:
 +
 +<​code>​
 +config interface lan
 +        option type bridge
 +        option igmp_snooping 1
 +        ...
 +</​code>​
 +
 +=== Firewall settings ===
 +You also need to allow IGMP from wan interface and to forward multicast traffic by something like this:
 +<​code>​
 +config rule
 +        option src      wan
 +        option proto    igmp
 +        option target ​  ​ACCEPT
 +config rule
 +        option src      wan
 +        option proto    udp
 +        option dest     lan
 +        option dest_ip ​ 224.0.0.0/4
 +        option target ​  ​ACCEPT
 +        option family ​  ipv4
 +</​code>​
 +
 +=== Force IGMP version ===
 +Example how to force openwrt kernel to use IGMPv2 on all interfaces. By default IGMPv3 is used.
 +
 +Add to /​etc/​sysctl.conf:​
 +<​code>​
 +net.ipv4.conf.all.force_igmp_version=2
 +</​code>​
 +
 +==== udpxy ====
 +This is an alternative way which allows you to access udp multicast streams over TCP connection. As such, it works nicely both over wired and wireless links.
 +
 +You can start it with something like:
 +<​code>​
 +#!/bin/sh /​etc/​rc.common
 +# Copyright (C) 2010 OpenWrt.org
 +
 +START=99
 +STOP=10
 +
 +IGMP_OPTS="​-p 8080 -a 192.168.2.1"​
 +IGMP_BIN="/​usr/​bin/​udpxy"​
 +PID_F="/​var/​run/​udpxy.pid"​
 +
 +start() {
 +        echo "​Starting udpxy"
 +        start-stop-daemon -S -x $IGMP_BIN -p $PID_F -b -m -- $IGMP_OPTS
 +}
 +
 +stop() {
 +        echo "​Stopping udpxy"
 +        start-stop-daemon -K -x $IGMP_BIN -p $PID_F -q
 +}
 +</​code>​
 +
 +This tells udpxy to use port 8080 to accept http connections and to bind to interface which has 192.168.2.1 address (br-lan in my case).
 +
 +Now when you want to access e.g. ''<​nowiki>​rtp://​@239.64.64.58:​1234</​nowiki>''​ , you can tell your player to connect to ''<​nowiki>​http://​192.168.2.1:​8080/​udp/​239.64.64.58:​1234</​nowiki>''​ and it'll just work.
 +
 +=== Firewall configuration ===
 +As with igmpproxy you need to accept IGMP traffic and also you need to allow it for INPUT:
 +<​code>​
 +config rule
 +        option src      wan
 +        option proto    igmp
 +        option target ​  ​ACCEPT
 +config rule
 +        option src      wan
 +        option proto    udp
 +        option dest_ip ​ 224.0.0.0/4
 +        option target ​  ​ACCEPT
 +</​code>​
 +
 +
 +=== Using igmpproxy and udpxy together ===
 +When using igmpproxy together with udpxy, firewall rules must be combined. ​ You need three firewall rules:
 +<​code>​
 +config rule
 +        option src      wan
 +        option proto    igmp
 +        option target ​  ​ACCEPT
 +config rule
 +        option src      wan
 +        option proto    udp
 +        option dest     lan
 +        option dest_ip ​ 224.0.0.0/4
 +        option target ​  ​ACCEPT
 +config rule
 +        option src      wan
 +        option proto    udp
 +        option dest_ip ​ 224.0.0.0/4
 +        option target ​  ​ACCEPT
 +</​code>​
 +
 +==== Multicast forwading ====
 +With IGMP snooping, multicast forwarding is disabled for bridges. One pure bridge solution is to disable multicast_snooping. ​
 +
 +Add the following in /​etc/​rc.local<​code>​echo "​0"​ > /​sys/​devices/​virtual/​net/​br-lan/​bridge/​multicast_snooping</​code>​ Replace **br-lan** with your actual bridge interface, sometimes also called **br0**.
 +
 +This will forward all multicast packets to all ports on your bridge, making igmpproxy or udpxy unnecessary. In large networks, this may not be desirable.
 +
 +===== IPv6 ======
 +
 +IPv6 uses MLD see [[wp>​Multicast_Listener_Discovery]]