[KLUG Members] multicast

Peter Buxton members@kalamazoolinux.org
Sat, 6 Sep 2003 02:29:19 -0400

Previous message: [KLUG Members] multicast
Next message: [KLUG Members] multicast
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 05, 2003 at 10:28:34AM -0400, John Pesce was only escaped
   alone to tell thee:

> > Netfilter is the greatest thing since sliced bread. It is also a source
> > of nefarious bugs. One Linux install at KLUG came to a stop when someone
> 
> Bugs are bad. This is a really important project.

Well, Netfilter doesn't necessarily HAVE bugs; but people do the
silliest things with rules and hamstring themselves. Notice I said the
*source* of bugs. ;-)

> > iptables -I 1 RH-Lokkit-0-50-INPUT -m pkttype --pkt-type multicast -j ACCEPT
> > rule chain at the very start. Try `ping 224.0.0.1` and tell me what
> > hosts answer on the two LANs, if any.
> 
> Same response from just eth2:
> 
> [root@rts rc.d]# ping -c 2 224.0.0.1
> PING 224.0.0.1 (224.0.0.1) 56(84) bytes of data.
> 64 bytes from 192.168.2.3: icmp_seq=1 ttl=64 time=0.258 ms
> 64 bytes from 192.168.2.12: icmp_seq=1 ttl=64 time=0.267 ms (DUP!)

Hmmm.

> Overhead is probibly bad. I need a very fast low delay solution for
> the multicast.

See the last point.

> hmm. not sure, but I see that it has GRE tunnel over the T1. They also
> are using IPSec over the T1 to encrypt the data.  I'm not sure what
> you mean by "speak PIM-DM to it"?

PIM-DM is a standard for routing multicast packets. It picks up
multicast packets, forwards them over unicast PIM-DM packets, and
another PIM-DM-capable router takes those packets and dumps them on some
interface. The two routers speak PIM-DM to each other.

> I was under the impression PIM-DM on a router meant that it took any
> multicast traffic on a port and dumped it on all its other ports
> whether there was a multicast client on that port or not.

> Is it easy to start up a router daemon and just tell it to toss any
> multicast over the wall as fast as it can?

Routers come in two classes: ones that redistribute packets to client
networks and ones that send packets to other routers which redistribute
them to client networks. And some are both. You'll have to download and
read the docs for each server to find out.

> The answer is none. It only forwards packets between the subnets.  I
> was planning to run ethereal on it to monitor traffic flow.

Then turn your server into a transparent bridge and have it join and
firewall the three networks. ethereal will work fine on it. It's the
simplest possible solution. Find out if RH offers the kernel with the
patch that allows netfilter to work on bridge packets.

-- 
-14
It's like looking at your past crimes at a parole
hearing. -- John Waters rewatches _Pink_Flamingos_

Previous message: [KLUG Members] multicast
Next message: [KLUG Members] multicast
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]