Multicast
-
is passing pfSense / stays level2.
Doesn't work that way, pfsense is a layer 3 device. Pfsense is not going to pass on vlan tags.. Nor layer 2 traffic..
Sniffing on pfsense is seeing the vlan traffic.. Then put switch in front of pfsense to send the STB vlan to the devices that are suppose to be on that vlan..
-
My problem is that it is mail traffic that's coming in and goes to a loadbalancer (MS) this loadbalancer use multicast.
So the router need to communicate to this multicast unit.I have tried to look into HAProxy, whit absolut not succes. The documentation I have found do not help me at all.
So if som body can point med to a HAproxy description, where you have one front ip number with multiple Ports to 2 or more servers in the backend that could help, as I cannot see pfsense handle this multicast problem.
Regards
Henning -
John, I know. The description of my network was over simplified. pfSense is not really in the middle of the 1G and 10G core switches.
I have a 1G-network towards most rooms and towards the ISP-device. That network is handled by the 1G-core. And I have a 10G network which connects my server, my nas and my main-PC.
Both (physical) networks are connected to pfSense for routing between the VLANs independent from the fact if they are located in the 1G or in the 10G domain.
pfSense is connected to the 1G-switch via a 1G-lagg and connected to the 10G-switch via a 10G-up and a 10G-down link. However there is also a direct (physical) connection between those two switches.
To take the TV-VLAN as example, is a vlan starting at the ISP-device, passing the 1G-core ending on one of the small Netgear switches in the living room.
Louis
-
-
Ok that makes sense.
To be honest I have no idea what @hsv is talking about.. Load balancer that uses multicast??
For example
host with multicast 192.168.0.10 it do not reply.
That is NOT a multicast address.. So I have a funny suspicion there is some misuse of terms going on.
-
-
Maybe if he sends some traffic to this device at 192.168.0.10, it multicasts the traffic that is sends on?
@hsv really going to need a bit more info.. What is this device, or what software are you running on 192.168.0.10.. What sort of traffic is it?
If you can not arp from pfsense, for this 192.168.0.10 address - then no your never going to be able to send it traffic.. To do anything with..
From the out side I have 4 NAT rules to direct the trafic to 192.168.0.10
Can you post those, so we can maybe glean some insight into what your trying to do exactly.
-
-
Hi
Yes the diagram is correct, but I only have 4 WAN, but I guess the problem will be the same.And yes pfsense can not resolve it to a MAC adresse.
Why I do not know.I have no problem on a windows client make arp -a and see the mac address to be:
03-bf-c0-a8-0b-e1Regards
Henning -
If pfsense can not arp then you have a connectivity issue..
How do you have this actually connected to pfsense.
If what your trying to do is the above, that has ZERO to do with multicast and pfsense.. What you loadbalancer does with unicast your traffic coming from the internet has nothing to do with pfsense talking to the LB..
You need to figure out what the problem is with basic connectivity from pfsense 192.168.0.1 and this IP at 192.168.0.10 which is your LB.. If pfsense can not even arp for that IP then they are not actually connected via the same L2 network, ie switch cable plugged into pfsense port?
How is 192.168.0.10 connected to this 192.168.0 network?
Now if this 192.168.0.10 is some sort of VIP? If pfsense can not arp for that IP, then it is impossible for it to send it traffic If your saying its just not arping - then setup a static arp entry for it on pfsense.. this 03-bf-c0-a8-0b-e1 mac
But there should be unicast mac for your cluster.. Why can you not use that?
Some details of how you have everything connected will help us help you.
-
Hi
How do I add a static arp to the arp list?
The setup is 3 virtual host where pfsense and a test windows server is placed on ESXi0 on ESXi1 and 2 the mail setup are running.
From the test server I can ping and resolve the LB but on Pfsense I cannot.So the network is working. I have for testing setup the Windows Test server with VLAN also so looked from VMware the 2 server are setup the same way.
Regards
Henning -
es the diagram is correct,
I used to deal with MS load balancer (especially multicast), long time ago...
(we always use a hardware base load balancer, HA proxy )but I am interested in this topic...
no this will not work under pfSense.... (100%)
bring the theme under linux...https://github.com/google/seesaw
-
Hi
I have also come to the same conclusion that multicast and Pfsense is not the way to go, and start to setup HAProxy.But thanks for you suggestions.
Regards
Henning -
Pfsense is not the way to go, and start to setup HAProxy.
it took me a long time to understand what do you mean by original post, I apologize
just the way, it works...HA proxy
+++edit:
@hsv "but I only have 4 WAN, but I guess the problem will be the same."this does not matter
-
@daddygo do you have any tutorial on how I can configure Multicast? I have CISCO SG300 with 2 Vlan
thanks -
@n3xus_x3 Note that
- if source and destination is in the same vlan/subnet, it simply works. In case you have a bigger subnet and advanced switches you could/should use IGMP Snooping to prevent unnecessary traffic
- is your multicast source is in a different vlan/subnet, than:
- you need an application which forward the multicast messages between the involved vlan's. That is also where the problem is, since neither the actual IMGP-proxy nor the Netgate provided PIMD-version2 works!
- assuming you manage to get a working multicast deamon, you should configure pfSense to pass the related unicast traffic between the involved VLAN's
Personally I have multicast working between VLAN's based on an upcomming beta PIMD-version which I did compile myself (Trogobit (https://github.com/troglobit/pimd). So not so easy at all. I hope there will be a released and Netgate supported version in the future.
For info and in case you have the knowledge and are very brave, sources are on Trogobit (https://github.com/troglobit/pimd).
- Troglobit is working on an improved PIMD-version at the moment. It is beta and not supported by Netgate or Trogobit (not for FreeBSD), however in opposite to the actual pfSence IMGP-proxy and PIMD-version, it does work!
- To make it work you need some courage, knowledge, pfSence 2.5 and a FreeBSD development machine. If that is present, you can download the pimd source from github compile it and install it on your pfSense system from the commandline.
- To make it even more complex, .... the pfSense pimd application has two components beeing: the pfSense PIMD control/GUI- application and PIMD it-self. You also have to make some small changes to that pfSense PIMD control/GUI.
- Because it is still early beta!! and I do want to interfere with Troglobit or Netgate, I am >not< going to release my personal pimd-package in this stage. So for now you are on own.
My advice: unless someone has an alternative solution, I can only advice to wait or to place source and destination in the same vlan.
Louis
-
@louis2 Hi Louis2
thank you for the explanation . sorry but i'm slightly confused , I explain what I want to doMy pfsense configuration
Vlan50 192.168.50.0/24 (WiFi devices)
Vlan60 192.168.60.0/24 (CCTV)
LAN 192.168.1.0/24 ( IPTV , Emby)
LAN2 192.168.10.0/24 (wired systems)
DMZ 10.10.50.0/24Currently only some devices that are in VLAN50 , have access to some IP addresses that are on the network VLAN60 and LAN
My question is , do I need to configure pFsense and the switch (Cisco SG300) for Multicast to work properly? i want multicast between VLAN50 , VLAN60 , LAN .
I apologize if I have been confused
Thanks
Mark -
Since source and destination are in different VLAN's/subnets, without additional measures the communication will never work!
The source generates "hello I am a source" messages and distribute those in its own subnet/vlan. Those messages will never reach the client in the other subnet/vlan. So the client will not be aware of the source.
To change that you need an application which bridge the vlan's in regard to the multicast messages. And at this moment in time there is no working app available for pfSence to provide that function.
The only option I am aware of is the beta pimd version. But I would not advice to try that in your case.
Sincerely,
Louis
-
@louis2
You have been very clear, Thanks for your help. I will wait for the Trogobit project to be readycheers
Mark -
do you have any tutorial on how I can configure Multicast? I have CISCO SG300
Hi,
can also be solved on SG300, but MULTICAST handles it a little differently on it, I suggest the SG350 series it is a little more painless
BTW:
otherwise what are you using multicast for
