08-17-2017 05:38 AM - edited 08-17-2017 05:49 AM
There is a bunch of really good information on these forums, but it is in several different posts in different threads, and to pay back all of the good advice that I got from those I thought I would help future Fioptics customers by summarizing my learnings here.
Fioptics use of multicast is pretty simple. They do not use VLAN tags, and all IGMP is sourced at 10.0.0.0/8 and targeted at 188.8.131.52/8, so all you need to do is setup the upstream and downstream proxy, and add the firewall rules, and you're good.
You need to add a couple of rules or you won't get any traffic to proxy. On the WAN_IN you need to accept UDP packets from 10.0.0.0/8 destined for 184.108.40.206/8. On the WAN_LOCAL you need to accept all IGMP protocol packets.
If you don't want to flood the network with extra traffic, turn on IGMP snooping on the networks in the controller, which will limit traffic on the swtiches.
USG-PRO (4 port)
configure set protocols igmp-proxy interface eth2 alt-subnet 10.0.0.0/8 set protocols igmp-proxy interface eth2 role upstream set protocols igmp-proxy interface eth0 alt-subnet 220.127.116.11/8 set protocols igmp-proxy interface eth0 role downstream edit protocols igmp-proxy set interface eth2 threshold 1 set interface eth0 threshold 1 commit save exit
configure set protocols igmp-proxy interface eth0 role upstream set protocols igmp-proxy interface eth0 alt-subnet 10.0.0.0/8 set protocols igmp-proxy interface eth1 role downstream set protocols igmp-proxy interface eth1 alt-subnet 18.104.22.168/8 edit protocols igmp-proxy set interface eth0 threshold 1 set interface eth1 threshold 1 commit save exit
show ip multicast mfc show ip multicast interfaces
08-20-2017 06:15 AM
Don't forget, with a USG you need to dump those portions of config into config.gateway.json in your cloudkey/unifi controller for it to remain permanent.
08-25-2017 02:52 PM
I'm curious if you are using the Fioptics gear at all. There's a MoCA on my unit that feeds out to my STB's. I can obviously get a MoCA of my own, but figured I'd ask how you're configured. At one point, I planned to set the Fioptics gear to just leverage the DHCP from the USG, but since I never got the Multicast working, I kinda gave up. Here's a pic of the back of my device. The yellow line is the WAN line from Fiotpics, the black goes out to my Cisco switch for the house.
08-25-2017 03:21 PM
08-29-2017 02:37 PM
So I'm testing this out and my stupid MoCa I got is DOA. It's not powering up. Any pointers on maybe using the old Fioptics device as the MoCa? I tried just running the thing to my old fiber modem from my network switch to the Internet port with the default settings and the TV's aren't working They load to that 11/20 setting.
08-29-2017 03:25 PM
08-30-2017 11:26 AM
I must be doing something wrong on my side. I have setup an ethernet test STB (still waiting on the broken MoCa to be replaced). The test STB box just sits at the 11/20 screen and never boots. Below is a grab of the mfc and interface after I ran the setup. As you can see, my eth0 is WAN and eth1 is LAN. I ran the USG 3 (lite) script and all the configs applied fine. My firewall rules match yours 100%. I'm not a network expert, but this looks like it's trying to work, but the box won't boot. The STB with ethernet is setup as 192.168.1.32.
08-30-2017 12:12 PM
Here are my interfaces - but you won't get the packets without the rules... (I have a bunch of VLANs)
Brett@rt-UniFi-USG---USGPro4:~$ show ip multicast interfaces
Intf BytesIn PktsIn BytesOut PktsOut Local
eth0 0.00b 0 0.00b 0 192.168.10.1
eth2 168.00KB 218 0.00b 0 22.214.171.124
eth0.150 0.00b 0 0.00b 0 192.168.150.1
eth0.99 0.00b 0 0.00b 0 192.168.99.1
eth0.88 0.00b 0 0.00b 0 192.168.88.1
eth0.60 0.00b 0 0.00b 0 192.168.60.1
eth0.50 0.00b 0 0.00b 0 192.168.50.1
eth0.40 0.00b 0 0.00b 0 192.168.40.1
eth0.30 0.00b 0 0.00b 0 192.168.30.1
eth0.20 0.00b 0 168.00KB 218 192.168.20.1
And my multicast
Brett@rt-UniFi-USG---USGPro4:~$ show ip multicast mfc
Group Origin In Out Pkts Bytes Wrong
126.96.36.199 10.32.130.232 eth2 eth0.20 78 39.87KB 0
188.8.131.52 10.33.5.36 eth2 eth0.20 87 114.11KB 0
184.108.40.206 10.32.130.232 eth2 eth0.20 86 39.25KB 0
220.127.116.11 192.168.20.47 --
18.104.22.168 192.168.20.200 --
22.214.171.124 126.96.36.199 --
188.8.131.52 192.168.20.60 --
184.108.40.206 192.168.10.44 --
220.127.116.11 18.104.22.168 --
22.214.171.124 126.96.36.199 --
188.8.131.52 184.108.40.206 --
220.127.116.11 18.104.22.168 --
08-30-2017 12:18 PM
Hey man - Houston takes all precedence. Thanks for the help, but good luck down there. I have friends down there too. Crazy stuff!
I have to F up my entire network for testing, so I can't really send you a live interfaces grab. But I can tell you I only EVER saw 1 packet go in/out. But that was it. It appeared to go across the WAN/LAN just fine.
You don't think this is a situation where I should be spoofing my Fioptics router MAC or anything like that do you? It's wierd that I could see just the 1 packet.
BTW - after I loop the Fioptics modem back in, ethernet to the STB works just fine on my network, so it's not a switch or ethernet issue.
09-08-2017 05:14 PM
Thanks for the writeup on this.
For VOD - I believe you need the RTSP helper module, which doesn't seem to get loaded by default.
set system conntrack modules rtsp enable
I tested VOD before adding this - and got nothing after hitting play. Once I added this, VOD programs would play.
PS: Perhaps it's assumed as most residential gateways would have this - but I think you need to make sure you have UPNP enabled as well. I turned on the upnp2 service (with NAT-PMP as well). I can see the STB's requesting pinholes via this.
01-17-2018 09:10 AM
One other thing I ran into - igmpproxy seems to die sometimes (and video will freeze). I verified this with 'ps'. I believe disabling it on interfaces where it's not needed helps/fixes this. I've added this config and it hasn't died since. In my case I have the 3rd eth port, and two VPN tunnel ifaces, so I did:
set protocols igmp-proxy interface eth2 role disabled set protocols igmp-proxy interface tun0 role disabled set protocols igmp-proxy interface vtun0 role disabled
To make sure it's running, check with ps:
ubnt@erl-fioptics:~$ ps auxw | grep igmp | grep -v grep root 16469 0.0 0.1 1968 552 ? S Jan15 0:28 /sbin/igmpproxy /etc/igmpproxy.conf