forwarding multicast packets from one interface to another

[dbrb2]

Hello

We have a Cisco 3750

A machine on one interface generates udp packets addressed to a multicast IP and specified port, containing various status information in their payloads. I want to forward all these multicast packets to another interface on the same switch, so they can be monitored by another machine. I have been reading up on setting up pim, but have so far had no luck.

Can anyone give some advice on how best to proceed?

 

[Minue]

Hello
If the station isn't a multicast server,multicast routing won't work.It all depends on the type of application.If the machine that's monitoring just need to do packet sniffing you can use a (SPAN)port mirroring.If the two machines need to communicate you can use the "ip address-helper" command.

Regards

 

[dbrb2]

Hi,

The multicast traffic was, I believe, set up in the mists of time as a way of having multiple machines effectively broadcasting on different addresses on the same subnet without conflict.

The machine being monitored (or not) accepts commands on its unicast address, and I have set up a route succesfully to allow my monitoring machine to send unicast traffic from its subnet to the required interface for the monitored machine.

Unfortunately all the responses to these commands are encapsulated in udp packets with a multicats address, and they are not making their way back to the machine doing the monitoring.

If I set up port mirroring on the interface used by the monitoring box I would be able to see all the multicast traffic, but I would no longer be able to send any command back, since a mirrored port won't allow sending of data. So my current situation would be excatly reversed

It sounds then like the ip address-helper may be the way forward. I'm just about to go and have a look around the cisco pages to see if I can work that one out

 

[dbrb2]

Ok - that looks hopeful.

The only problem is it looks like helper-address will only forward trafitional broadcast traffic - whiel that is effectively what our data is, it uses a multicast IP address and an unusual port.

I see that I can specify a port to be forewarded, but it's not clear if I can tell it to forward traffic that is using a multicast rather than a broadcast IP (in our case the data is being sent as udp, IP address 224.0.0.4, port 902

Assuming I can use this command to forward such an IP,
that would make the cisco ios lines:

no ip forward-protocol udp 37
no ip forward-protocol udp 49
no ip forward-protocol udp 53
no ip forward-protocol udp 67
no ip forward-protocol udp 68
no ip forward-protocol udp 137
no ip forward-protocol udp 138

Disable all the standard ports

ip forward-protocol udp 901

This is the port we are interested in

interface subnetToBeMonitored
ip helper-address <machine doing the monitoring>

Forward all udp traffic on this port to the monitoring subnet, and then send it as a unicast to the monitoring machine

 

[dbrb2]

Nope...it seems that didnt't work. It looks like it only works with broadcast packets.

I did then try ip-multicast-helper to convert all multicasp packets arriving at the cisco interface to broadcast, which would then be sent to the monitoring interfacw, but either I got the commands wrong, or that failed too

 

[Minue]

Hello
Try the "ip directed-broadcast" command in the mean-time whislt I try to figure out what's going wrong.

Regards

 

[dbrb2]

OK:

The interface to which the machine i want to monitor is connected, and which is generating the multicast paskets, has the following interface config:

interface FastEthernet1/0/16
 no switchport
 ip address 1.2.3.254 255.255.255.0
 ip access-group location1 in
 ip multicast helper-map 224.0.0.4 3.4.5.255 111
 no ip mroute-cache

The interface on which I want to broadcast the multicast packets has the following config:

interface FastEthernet1/0/24
 no switchport
 ip address 3.4.5.254 255.255.255.0
 ip access-group group1 in
 ip directed-broadcast

Finally I have

access-list 111 permit udp 1.2.3.0 0.0.0.255 any

I expected that the above would mean any UDP packets addressed to 224.0.0.4 arriving on interface 16 would be rebroadcast on the subnet connected to interface 24.

A quick look at wireshark shows no rebroadcasting taking place however. I seem to be jinxed on this one

 

[Minue]

Hello
It would be best if you keep things simple for now,by taking out the access-list.So if I understood correctly you query this machine with unicast and it replies with multicast.What kind of application is this? I have never heard of such.Is this app always streaming multicast or only when query with unicast?

Regards

 

[dbrb2]

Hello,

Yes - the machine is one of a number of old bits of kit that essentially do the same job, but to balance the load across them they need to exchange status messages with one another.

This could be done by broadcast, but the original reason behind using multicast addresses seems to have been so that a number of independent groupings of machines could sit on the same subnet and still communicate, each transmitting on, and listening for, a different multicast address. I haven't seen it anywhere else either!

Each machine in a grouping accepts commands via their unicast address, and then broadcasts what it is doing to the others using the multicast address. Likewise each is kept appraised of what the other machines are up to by listening on that same multicast address.

As I say, very odd, but there it is.

The ip multicast-helper-map needs an access list parameter I think...