1

For testing purpose, in a big network where IT will shoot me if multicast data are not streamed in the right VLAN, I am trying to degrade multicast packets with a server running netem configuration.

In the examples below, 237.1.2.3:5000 stands for multicast destination address and port. As for now, I used it as a netem bridge this way (Current configuration):

                      ___________
                eth2 |   netem   | eth3
237.1.2.3:5000 ----->| (latency, |-----> 237.1.2.3:5000
                     |  drop...) |
                      -----------

My problem: to fit address plan, I would not be allowed to stream on output VLAN (linked to eth3) with an address reserved internally for source streams. Thus, I need to plug directly a cable to the device for which I want to provide a degraded multicast input

I was wondering how either Expected1 or Expected2 configuration could be achieved somehow, leaving the generic bridge mode away but preserving the netem stuff:

                       Expected1
                      ___________
                eth2 |   netem   | eth3
237.1.2.3:5000 ----->| (latency, |-----> 238.1.2.3:5000
                     |  drop...) |
                      -----------

                       Expected2
                      ___________
                eth2 |   netem   |
237.1.2.3:5000 ----->| (latency, |
237.1.2.4:5000 <-----|  drop...) |
                      -----------

I am pretty sure I have already done that with an old FreeBSD device before, but avoiding iptables and so on for quite a long makes me start over unfortunately... It was destination address based iptables rules if I remind properly, but I am not sure if it was multicast. If I need to filter on source address, that would not be a problem. But, if I can filter on destination address that's better since all our input streams are referenced by this field in our IP distribution list.

If it is possible,

  • Could you give some indication concerning the packets path inside the different spaces ?
  • Could you precise if you are mentioning source or destination addresses ?
  • Could you also please tell me if I will be able to see output packets with tcpdump directly or if I need to log onto another device of the network (regarding stack level or any other consideration since I don't remember properly the PREROUTING/POSTROUTING/... packet paths, especially in a configuration I will no do by myself).

Thanks,

--

# lsb_release -a
Description:    Debian GNU/Linux 7.2 (wheezy)

# grep -H CONFIG_IP_M /boot/config*
/boot/config-3.2.0-4-amd64:CONFIG_IP_MULTICAST=y
/boot/config-3.2.0-4-amd64:CONFIG_IP_MULTIPLE_TABLES=y
/boot/config-3.2.0-4-amd64:CONFIG_IP_MROUTE=y
/boot/config-3.2.0-4-amd64:CONFIG_IP_MROUTE_MULTIPLE_TABLES=y

# cat /proc/sys/net/ipv4/conf/*/rp_filter
0
0
0
0
0
0
0

# cat /proc/sys/net/ipv4/conf/eth*/mc_forwarding 
1
1
1
1
user1556814
  • 111
  • 2

0 Answers0