Hi everyone,
we observing a strange igmp snooping issue on our mikrotik switches. In essence we see the igmp snooping breaking on mikrotik switches which are not connected directly to the querier switch.
Let me describe the setup real quick:
We are using five CRS326-24S+2Q+ switches connected to each other operating as core switches (named CSW1 - 5). We have about 90 access switches (plus other stuff routers, servers etc.) connected to these core switches. Additionally we have a cisco switch connected to one of the core switches (CSW3) acting as an igmp querier. The cisco switch is connected to a iptv head station streaming multicast into a vlan. All core switches and other switches have igmp snooping enabled. All switches recognise the igmp querier.
The mikrotik switches all run on RouterOS 7.16.1.
We see the igmp snooping process failing on a core switch further up the chain though:
The systems are connected as follows: IPTV headend -> Cisco Switch -> CSW3 -> CSW4 -> Linux machine (tcpdump)
We use tcpdump to track multicast traffic on a port. After rebooting CSW4 everything works as expected for about 30 minutes or so. Our linux machine only receives the expected multicast traffic on the expected vlan (we used ffprobe / ffmpeg). After about 15 - 45 minutes the linux machine gets flooded with multicast traffic though (as does every other port on CSW4). It seems like the igmp snooping process crashed on the CSW4 switch. Looking at the MDB you can see the multicast groups and that the port of the linux machine is not listed as an on-port.
When we deactivate Unknown Multicast on the bridge of CSW4 the linux machine is not able to receive any multicast traffic at all.
If we do the same test connecting the linux machine to a port of csw3 igmp snooping works as expected.
Has anyone seen something similar before?
Here is an example config. I removed a few things like vlans etc. to anonymize.
we observing a strange igmp snooping issue on our mikrotik switches. In essence we see the igmp snooping breaking on mikrotik switches which are not connected directly to the querier switch.
Let me describe the setup real quick:
We are using five CRS326-24S+2Q+ switches connected to each other operating as core switches (named CSW1 - 5). We have about 90 access switches (plus other stuff routers, servers etc.) connected to these core switches. Additionally we have a cisco switch connected to one of the core switches (CSW3) acting as an igmp querier. The cisco switch is connected to a iptv head station streaming multicast into a vlan. All core switches and other switches have igmp snooping enabled. All switches recognise the igmp querier.
The mikrotik switches all run on RouterOS 7.16.1.
We see the igmp snooping process failing on a core switch further up the chain though:
The systems are connected as follows: IPTV headend -> Cisco Switch -> CSW3 -> CSW4 -> Linux machine (tcpdump)
We use tcpdump to track multicast traffic on a port. After rebooting CSW4 everything works as expected for about 30 minutes or so. Our linux machine only receives the expected multicast traffic on the expected vlan (we used ffprobe / ffmpeg). After about 15 - 45 minutes the linux machine gets flooded with multicast traffic though (as does every other port on CSW4). It seems like the igmp snooping process crashed on the CSW4 switch. Looking at the MDB you can see the multicast groups and that the port of the linux machine is not listed as an on-port.
When we deactivate Unknown Multicast on the bridge of CSW4 the linux machine is not able to receive any multicast traffic at all.
If we do the same test connecting the linux machine to a port of csw3 igmp snooping works as expected.
Has anyone seen something similar before?
Here is an example config. I removed a few things like vlans etc. to anonymize.
Code:
# 2025-03-12 14:34:59 by RouterOS 7.16.1## model = CRS326-24S+2Q+# serial number = XX/interface bridgeadd admin-mac=48:A9:8A:B4:D4:ED auto-mac=no comment=defconf frame-types=\ admit-only-vlan-tagged igmp-snooping=yes name=bridge port-cost-mode=short \ priority=0x1000 pvid=2 vlan-filtering=yes/interface ethernetset [ find default-name=sfp-sfpplus1 ] name="P1 - Uplink CSW3 (old m3cSW21)"set [ find default-name=sfp-sfpplus2 ] name="P2 - Uplink ASW8"set [ find default-name=sfp-sfpplus3 ] name="P3 - Uplink AGGSW1"set [ find default-name=sfp-sfpplus4 ] name="P4 - Uplink AGGSW2"set [ find default-name=sfp-sfpplus5 ] name="P5 - NVR2"set [ find default-name=sfp-sfpplus6 ] name="P6 - Uplink SAG1"set [ find default-name=sfp-sfpplus7 ] name="P7 - Uplink SAG2"set [ find default-name=sfp-sfpplus8 ] name="P8 - Uplink V"set [ find default-name=sfp-sfpplus9 ] name="P9 - Uplink AGGSW6"set [ find default-name=sfp-sfpplus10 ] name="P10 - Uplink AGGSW3"set [ find default-name=sfp-sfpplus11 ] name="P11 - Uplink AGGSW20"set [ find default-name=sfp-sfpplus12 ] name="P12 - NVR1"set [ find default-name=sfp-sfpplus13 ] name="P13 - Uplink AGGSW5"set [ find default-name=sfp-sfpplus14 ] name="P14 - Uplink VH04"set [ find default-name=sfp-sfpplus15 ] name="P15 - Uplink VH01"set [ find default-name=sfp-sfpplus16 ] name="P16 - Uplink CSW5"set [ find default-name=sfp-sfpplus17 ] name="P17 - Uplink AGGSW8"set [ find default-name=sfp-sfpplus18 ] name="P18 - Uplink AGGSW12"set [ find default-name=sfp-sfpplus19 ] name="P19 - Uplink AGGSW15"set [ find default-name=sfp-sfpplus20 ] name="P20 - Uplink VH03"set [ find default-name=sfp-sfpplus21 ] name="P21 - HM-NET-SW192"set [ find default-name=sfp-sfpplus22 ] name=\ "P22 - Uplink CSW1"set [ find default-name=sfp-sfpplus23 ] name="P23 - Uplink 2 WAN"set [ find default-name=sfp-sfpplus24 ] name="P24 - Uplink 1"/interface vlanadd interface=bridge name="vlan2 MGMT" vlan-id=2/interface listadd name=WANadd name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/system logging actionset 1 disk-file-name=log/interface bridge portadd bridge=bridge comment=defconf interface=ether1 internal-path-cost=10 \ path-cost=10 pvid=2add bridge=bridge comment=defconf interface=qsfpplus1-1 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=qsfpplus1-2 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=qsfpplus1-3 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=qsfpplus1-4 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=qsfpplus2-1 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=qsfpplus2-2 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=qsfpplus2-3 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=qsfpplus2-4 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf fast-leave=yes interface=\ "P1 - Uplink CSW3 (old m3cSW21)" internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface="P2 - Uplink ASW8" \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface="P3 - Uplink AGGSW1" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P4 - Uplink AGGSW2" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P5 - NVR2" internal-path-cost=10 \ path-cost=10 pvid=180add bridge=bridge comment=defconf interface="P6 - Uplink SAG1" \ internal-path-cost=10 path-cost=10 pvid=980add bridge=bridge comment=defconf interface="P7 - Uplink SAG2" \ internal-path-cost=10 path-cost=10 pvid=980add bridge=bridge comment=defconf interface="P8 - Uplink V" \ internal-path-cost=10 path-cost=10 pvid=7add bridge=bridge comment=defconf interface="P9 - Uplink AGGSW6" \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface="P10 - Uplink AGGSW3" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P11 - Uplink AGGSW20" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P12 - NVR1" internal-path-cost=\ 10 path-cost=10 pvid=180add bridge=bridge comment=defconf interface="P13 - Uplink AGGSW5" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf fast-leave=yes interface=\ "P14 - Uplink VH04" internal-path-cost=10 path-cost=10 pvid=74add bridge=bridge comment=defconf interface="P15 - Uplink VH01" \ internal-path-cost=10 path-cost=10 pvid=74add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \ interface="P16 - Uplink CSW5" internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface="P17 - Uplink AGGSW8" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P18 - Uplink AGGSW12" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P19 - Uplink AGGSW15" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P20 - Uplink VH03" \ internal-path-cost=10 path-cost=10 pvid=74add bridge=bridge comment=defconf interface="P21 - HM-NET-SW192" \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf fast-leave=yes interface=\ "P22 - Uplink CSW1 (old m3csw001)" internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf interface="P23 - Uplink 2 WAN" \ internal-path-cost=10 path-cost=10 pvid=2add bridge=bridge comment=defconf interface="P24 - Uplink 1" \ internal-path-cost=10 path-cost=10/ip firewall connection trackingset udp-timeout=10sStatistics: Posted by hannesclp — Wed Mar 12, 2025 7:54 pm