Poor multicast over Tunnel - Page 2

KGrev · ‎10-26-2023

Hi,

I have a cellular router (IR809G) with a tunnel setup. I'm trying to view a multicast video over that tunnel. It does appear but the video quality is very poor. I'm in a great reception area and speed tests from the router into the network hover around ~50meg. The video file is 480p mp4. Other paths from the core router(rp) can view this feed fine but the path through the tunnel is the issue. Are there any requirements for a tunnel connection for multicast to flow properly? Ive attached some details from the spoke and core routers. I hope it is helpful.

Is it interesting that the tunnel does not show a DR for pim? My other pim interfaces on the router do show DR (they are removed from the text)

Thank you for any advice.

Joseph W. Doherty · ‎11-01-2023

What you want to accomplish is any traffic that will transit the tunnel will not be fragmented.

How that is accomplished, varies, including setting MTU at source.

KGrev · ‎11-01-2023

@Joseph W. Doherty Here is what I have on the router currently.

interface Tunnel10
description LTE_10_to_4500X
bandwidth 10000
ip address 10.2.55.2 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1430
ip pim sparse-mode
ip tcp adjust-mss 1400
ip ospf message-digest-key 1 md5 7 xxxxxxxxx
ip ospf 10 area 0
tunnel source Loopback0
tunnel destination 10.2.5.130
end
!
interface Cellular0
ip address negotiated
ip access-group ACL-INFRASTRUCTURE in
ip access-group ACL-INFRASTRUCTURE out
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip tcp adjust-mss 1460
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer watch-group 1
async mode interactive
crypto ipsec client ezvpn TEST

The other end of the tunnel matches.

Whats weird is the video stream can be changed down to a very small video with mtu 1000. When I wirshark the client on the distant end of the tunnel, I can clearly see packet length of 982 with fragmentation. I can also set the stream to 1340 and see packets with length 1358 with fragmentation.

Joseph W. Doherty · ‎11-01-2023

I don't understand exactly what's happening. A tunnel within a tunnel?

Your MTU and adjust-mss settings don't make sense even without possibly tunneling within another tunnel.

If the transit path has (or may have) a restriction within a restriction, you want to configure for that too.

Your Wireshark results do appear odd, but probably explainable if we correctly understood how transit packets are being treated.

I can explain in general, including using examples, how to configure for "hits" to MTU, but cannot provide specifics without specific information.

What you could try is removing you IP MTU settings, and use an extended ping, using sizes from 500 to 1500, in increments of 100, and examine Wireshark results.

KGrev · ‎11-01-2023

@Joseph W. DohertyThese routers are using an older vpn setup called EZVPN. It doesn't allow multicast by default. So I'm having to tunnel through that vpn just for multicast. I've always struggled with understanding how to adjust mtu so any help is greatly appreciated.

When I remove the mtu settings should I remove them from the tunnel and the Cellular interface? Also should I ping from the local tunnel ip to the distant tunnel ip "10.2.55.1"?

Thank you for your help

KGrev · ‎11-01-2023

@Joseph W. Doherty So I have removed all mtu/mss settings from the tunnel and cellular interface and sent incrementing pings with df from a laptop through the tunnel and from the cellular router tunnel ip to the internal router tunnel ip. Here are my results:

cellular router tunnel ip local to tunnel ip distant(inside): Fragmentation starts at 1477, they are passed at 1476

at the same time, the laptop ping will fail after 1448, Wireshark shows anything higher than that as "no response" then shows fragmentation at exactly 1473.

I hope this is helpful

Joseph W. Doherty · ‎11-01-2023

You might try IP mtu 1400 and ip tcp adjust-mss 1360 on your tunnel and VPN interfaces.

Also a mtu of 1400 at video source device (might need host reboot).

Giuseppe Larosa · ‎11-03-2023

Hello @KGrev ,

>> cellular router tunnel ip local to tunnel ip distant(inside): Fragmentation starts at 1477, they are passed at 1476

this is 24 bytes overhead by GRE Encapsulation used in your tunnel 10 . The tunnel you use to carry multicast

if I'm not lost in this long thread it makes sense. What is strange are the wireshark captures showing fragments with any MTU settings.

Hope to help

Giuseppe

Joseph W. Doherty · ‎11-03-2023

"cellular router tunnel ip local to tunnel ip distant(inside): Fragmentation starts at 1477, they are passed at 1476

this is 24 bytes overhead by GRE Encapsulation used in your tunnel 10 . The tunnel you use to carry multicast"

I noticed that too, but there's the cellular connection using SLIP and a EasyVPN tunnel using IPSec encryption too. I suspect we may have a tunnel within a tunnel

I suggested using a 1400 MTU, hopefully to handle the GRE and EasyVPN encapsulation overhead assuming we've also have, at least, 1500 physical MTU.

The forgoing I doubt will help with video, but it might make for expected fragmentation results.

If we obtain consistent fragmentation results, video might be dealt with by adjusting source's MTU.

KGrev · ‎11-03-2023

@Joseph W. DohertyDo you have a recommendation for the cellular interface? Does it need to be adjusted? Thank you

Joseph W. Doherty · ‎11-03-2023

Same settings as GRE tunnel.

KGrev · ‎11-03-2023

@Joseph W. Dohertysorry this is taking me so long. After my last message I saved the config on both ends then turned off the cellular router to go home from work. The next day i turned it right back on and I havent been able to restore the tunnel since then.

Georg Pauwen · ‎11-03-2023

Hello,

this thread is quite long, so I might have missed this, but the problem might be that you are not using dynamic but rather static tunneling. I somewhere recall that EZVPN requires DVTIs for multicasting. Have you posted the entire router configuration already ?

KGrev · ‎11-03-2023

@Joseph W. Doherty @Giuseppe Larosa @Georg Pauwen Thanks for helping me. I really wish i wasn't taking so long to understand my issues here.

Currently the tunnel is back up and I'm testing again.

I've attached my current config. The ACL's are any/any currently and ikev2 and ospf arent in use.

@Georg Pauwen Could you explain what you mean in your comment about DVTI's?

@Giuseppe Larosa I agree the always fragmented data is very interesting. Other pc's around in the physical network are able to view the video seemingly fine.

KGrev · ‎11-07-2023

@Joseph W. DohertySorry i didn't update you. I have the cellular interface set the same as the tunnel. No change.

Thank you for your help.

Joseph W. Doherty · ‎11-07-2023

If no change is still multicast issue, didn't expect that to change.

However, what does Wireshark show for received fragmentation sizes? No change too?