Help: Tunneling multicast

I want to tunnel multicast DNS (zeroconf/rendezvous, multicast
group 224.0.0.251, port 5353) between four subnets. The routers
connecting these subnets do not route multicast, and I don't
control the router. But I do have linux boxes in all four
subnets. Is there a simple way for me to tunnel multicast
between the subnets over unicast packets, making use of something
like vtun or something that makes use of the Linux 2.4 tap/tun
interface??

Thanks!
--
Bev A. Kupf
"The lyfe so short, the craft so long to lerne" -- Chaucer
Tintin turns 75 <http://www.tintin.com>

: "Bev A. Kupf" <(E-Mail Removed)>
: I want to tunnel multicast DNS (zeroconf/rendezvous, multicast group
: 224.0.0.251, port 5353) between four subnets. The routers connecting
: these subnets do not route multicast, and I don't control the router.
: But I do have linux boxes in all four subnets. Is there a simple way
: for me to tunnel multicast between the subnets over unicast packets,
: making use of something like vtun or something that makes use of the
: Linux 2.4 tap/tun interface??

Dunno about that. But you should be able to run mrouted on the
linux boxen, which should do the trick. Not that I have extensive
experience with mrouted, but even though you don't have access
to THE routers, you can start up your OWN routing demons to
supplement them. On the other hand, mrouted isn't free,
and isn't trivial to use (though there's a linux howto on it).

Other possibilities are mtunnel and udptunnel. But these are more
intended to tunnel specific sessions in the rtp protocol. But they
might, or a trivial tweak to them might, do what you need with less
arcane incantations required th an mrouted. I've used tinkered versions
of udptunnel for this-n-that (but still rtp sessions, so nothing like
DNS). So these may or may not work. And be aware of the usual warnings
that apply to udptunnel, ie, tunneling a packet-orinted protocol over a
stream-orinted protocol can have unfortunate results, performance-wise.

( use google to find 'em )


Wayne Throop (E-Mail Removed) http://sheol.org/throopw

On Mon, 26 Jan 2004 00:32:32 GMT,
Wayne Throop ((E-Mail Removed)) wrote:
>: "Bev A. Kupf" <(E-Mail Removed)>
>: I want to tunnel multicast DNS (zeroconf/rendezvous, multicast group
>: 224.0.0.251, port 5353) between four subnets. The routers connecting
>: these subnets do not route multicast, and I don't control the router.
>: But I do have linux boxes in all four subnets. Is there a simple way
>: for me to tunnel multicast between the subnets over unicast packets,
>: making use of something like vtun or something that makes use of the
>: Linux 2.4 tap/tun interface??
>
> Dunno about that. But you should be able to run mrouted on the
> linux boxen, which should do the trick. Not that I have extensive
> experience with mrouted, but even though you don't have access
> to THE routers, you can start up your OWN routing demons to
> supplement them.

Explain this a little? What do you mean "start up your OWN routing
daemons to supplement them"? Each of my linux boxes has a single
interface (eth0) hooked up to the subnet that it is in. I don't
have a single box with four interfaces - one in each subnet.

I have looked into mrouted. It supports tunneling, but only one
tunnel interface (as far as I can tell). And I cannot get mrouted
to route multicast over one physical (eth0) and four virtual (tun)
interfaces.

--
Bev A. Kupf
"The lyfe so short, the craft so long to lerne" -- Chaucer
Tintin turns 75 <http://www.tintin.com>

"Bev A. Kupf" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I want to tunnel multicast DNS (zeroconf/rendezvous, multicast
> group 224.0.0.251, port 5353) between four subnets. The routers
> connecting these subnets do not route multicast, and I don't
> control the router. But I do have linux boxes in all four
> subnets. Is there a simple way for me to tunnel multicast
> between the subnets over unicast packets, making use of something
> like vtun or something that makes use of the Linux 2.4 tap/tun
> interface??

You can use a simple GRE tunnel. I've done it with a Cisco on
the other end but matching endpoints on Linux should work as
well. See the 'ip' command for details. Here is the sequence I
needed on the Linux side:

insmod ip_gre
ip tunnel add tun0 mode gre remote 192.168.254.1 local 10.200.1.14 ttl 30
ip link set tun0 up multicast on
ip addr add 192.168.253.26 dev tun0
ip route add 192.168.253.25/32 dev tun0
smcroute -d
sleep 3
smcroute -j tun0 224.1.193.1
smcroute -a tun0 10.207.196.190 224.1.193.1 eth0

This creates the GRE interface with local ip 192.168.253.26 and the
remote endpoint is 192.168.253.1. (This goes over the internet but
I already had an unrelated VPN tunnelling the private addresses). It
acts like any other interface once installed.

I forget where I found the smcroute command but google should locate
it. It lets you assign static multicast routes for the linux-native PIM
routing. The above setup says to accept group 224.1.193.1 from source
address 10.207.196.190 over the GRE tunnel and forward onto eth0.
You might prefer mrouted or if you have a router capable of acting as
a rendevous point there is a sparse-mode PIM router around that
should work.

---
Les Mikesell
(E-Mail Removed)

: "Bev A. Kupf" <(E-Mail Removed)>
: Explain this a little? What do you mean "start up your OWN routing
: daemons to supplement them"? Each of my linux boxes has a single
: interface (eth0) hooked up to the subnet that it is in. I don't have
: a single box with four interfaces - one in each subnet.

That's a fairly normal circumstance for tunneling.
You can configure a node as a router, and have it send the packets along
inside UDP (or other protocols) packets to routers elsewhere. In essence,
this wraps the eligable packets in notional envelopes, and sends them
to someprocess elsewhere. Normally these packets-in-an-envelope
would go back out the eth0 interface.

Excuse me if you already knew all that and I'm mistaking the question.

: I have looked into mrouted. It supports tunneling, but only one
: tunnel interface (as far as I can tell).

Hrm. I'm surprised. I though for sure it'd do multiple tunnels.
Since lots of the internet doesn't route multicast, having multicast
routing demons handle multiple tunnels is pretty much required.

But as I say, my needs are more modest, so while I read *about* mrouted,
I haven't actually set it up. I've used the more modest tunneling tools
mtunnel and udptunnel.


Wayne Throop (E-Mail Removed) http://sheol.org/throopw