Problem with IPTV on RB850Gx2

Wakko · Mon Nov 16, 2015 5:36 pm

Hi, all.

MikroTik RB450G router I have running since the year 2010 with simple configuration:

interfaces:
ether1: name=localnet		     (link to home network switch)
ether2: name=internet_wan1_link (link to GPON ONT (Interner Port))
ether3: name=internet_wan2		(link to reserved provider)
ether4: name=iptv_rt			   (link to GPON ONT (IPTV Port))
ether5: disabled=yes master-port=localnet name=reserved (no link)

I have installed this packages:

/system package print 
#   NAME                                                     VERSION
0   system                                                   6.33
1   security                                                 6.33
2   multicast                                                6.33
3   advanced-tools                                           6.33
4   dhcp                                                     6.33
5   ntp                                                      6.33
6   ppp                                                      6.33
7   ups                                                      6.33

Everything worked fine until today, now I bought a new router RB850Gx2 (second revision with SN 5*). I have Installed the same packages, copied configuration from my old router (/export ==> /import), switch all cables - everything works the same way as before.
Turn on the STB IPTV and notice that started intermittently image artifacts. If I turning on HD-channel - artifacts becomes significantly more. CPU utilization of the router have on the level of 3-5%. Turn off RB850Gx2, connect RB450G-everything works fine, no artifacts, CPU load in the area of 30%. Turn off RB450G, connect RB850Gx2 - artifacts comes again. Configuration is identical in both routers.

What could it be and how to fix it?

The complete configuration:

# nov/16/2015 16:44:32 by RouterOS 6.33
# software id = DVR8-SSFW
#
/interface ethernet
set [ find default-name=ether1 ] name=localnet
set [ find default-name=ether2 ] name=internet_wan1_link
set [ find default-name=ether3 ] name=internet_wan2
set [ find default-name=ether4 ] name=iptv_rt
set [ find default-name=ether5 ] disabled=yes master-port=localnet name=\
    reserved
/interface pppoe-client
add disabled=no interface=internet_wan1_link name=internet_wan1
/interface pptp-client
add connect-to=vpn.work disabled=no name=vpn_work
/ip firewall layer7-protocol
add name=dns-forward-vpn-work regexp=".work.ru|[0-9]+.[0-9]+.[0-9]+.10.in-addr.arpa"
add name=dns-forward-iptv-rt regexp=".iptv.provider.ru|[0-9]+.[0-9]+.20.172.in-addr.arpa"
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=localnet-dhcp-pool ranges=192.168.200.200-192.168.200.254
/ip dhcp-server
add address-pool=localnet-dhcp-pool disabled=no interface=localnet \
    lease-time=1d name=localnet-dhcp
/ip address
add address=192.168.200.1/24 interface=localnet network=192.168.200.0
add address=4.4.4.4/24 interface=internet_wan2 network=4.4.4.0
/ip dhcp-client
add add-default-route=no disabled=no interface=iptv_rt use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.200.2 comment=nas.local.domain.ru mac-address=\
    00:11:22:33:44:55
add address=192.168.200.3 comment=nas2.local.domain.ru mac-address=\
    00:11:22:33:44:66
/ip dhcp-server network
add address=192.168.200.0/24 dns-server=192.168.200.1 domain=local.domain.ru \
    gateway=192.168.200.1 ntp-server=192.168.200.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.200.1 name=gate.local.domain.ru
add address=192.168.200.2 name=nas.local.domain.ru
add address=192.168.200.3 name=nas2.local.domain.ru
/ip firewall address-list
add address=192.168.200.0/24 list=Allowed-Internet
add address=192.168.200.221 list=WAN1_preferred
add address=192.168.200.222 list=WAN2_preferred
add address=91.102.16.156 list=Blocked-IPs
add address=91.240.163.39 list=Blocked-IPs
add address=193.65.64.241 list=Blocked-IPs
add address=60.169.78.38 list=Blocked-IPs
add address=192.168.200.0/24 list=Allowed-VPN
add address=192.168.200.0/24 list=Allowed-IPTV
/ip firewall filter
add action=drop chain=input src-address-list=Blocked-IPs
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input dst-port=53 in-interface=internet_wan1 protocol=\
    udp
add action=drop chain=input dst-port=53 in-interface=internet_wan2 protocol=\
    udp
add action=drop chain=input dst-port=22 in-interface=internet_wan1 protocol=\
    tcp src-address-list=!Allowed-SSH
add action=drop chain=input dst-port=22 in-interface=internet_wan2 protocol=\
    tcp src-address-list=!Allowed-SSH
add action=drop chain=input dst-port=8291 in-interface=internet_wan1 \
    protocol=tcp src-address-list=!Allowed-WinBox
add action=drop chain=input dst-port=8291 in-interface=internet_wan2 \
    protocol=tcp src-address-list=!Allowed-WinBox
add chain=input protocol=icmp
add action=drop chain=input dst-address=239.255.255.250 protocol=igmp
add chain=input protocol=igmp
add chain=input dst-port=5000 protocol=udp
add chain=input
add action=drop chain=forward src-address-list=Blocked-IPs
add chain=forward connection-state=established
add chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid
add chain=forward
add chain=output
/ip firewall mangle
add action=mark-routing chain=output comment=\
    "Mark routing for router's replies" connection-mark=WAN1_connection \
    new-routing-mark=WAN1_traffic
add action=mark-routing chain=output connection-mark=WAN2_connection \
    new-routing-mark=WAN2_traffic
add action=mark-connection chain=prerouting comment=\
    "Mark all connections that are initiated from outside" connection-mark=\
    no-mark in-interface=internet_wan1 new-connection-mark=WAN1_connection
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=internet_wan2 new-connection-mark=WAN2_connection
add action=mark-routing chain=prerouting comment=\
    "Mark special address lists routing" connection-mark=no-mark dst-port=\
    22,25,143,465,993 in-interface=localnet new-routing-mark=WAN2_traffic \
    protocol=tcp
add action=mark-routing chain=prerouting connection-mark=no-mark \
    in-interface=localnet new-routing-mark=WAN1_traffic src-address-list=\
    WAN1_preferred
add action=mark-routing chain=prerouting connection-mark=no-mark \
    in-interface=localnet new-routing-mark=WAN2_traffic src-address-list=\
    WAN2_preferred
add action=mark-routing chain=prerouting comment=\
    "Mark routing for upload packets from marked connections" \
    connection-mark=WAN1_connection new-routing-mark=WAN1_traffic \
    src-address-list=Allowed-Internet
add action=mark-routing chain=prerouting connection-mark=WAN2_connection \
    new-routing-mark=WAN2_traffic src-address-list=Allowed-Internet
add action=mark-packet chain=prerouting comment="DNS (Forward Domains)" \
    dst-port=53 layer7-protocol=dns-forward-vpn-work new-packet-mark=\
    DNS-VPN-WORK_traffic protocol=udp
add action=mark-packet chain=prerouting dst-port=53 layer7-protocol=\
    dns-forward-iptv-rt new-packet-mark=DNS-IPTV-RT_traffic protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="Internet NAT" out-interface=\
    internet_wan1 src-address-list=Allowed-Internet
add action=masquerade chain=srcnat out-interface=internet_wan2 \
    src-address-list=Allowed-Internet
add action=masquerade chain=srcnat comment="VPN NAT" out-interface=vpn_work \
    src-address-list=Allowed-VPN
add action=masquerade chain=srcnat comment="IPTV NAT" out-interface=iptv_rt \
    src-address-list=Allowed-IPTV
add action=dst-nat chain=dstnat comment="DNS (Forward Domains)" dst-port=53 \
    packet-mark=DNS-VPN-WORK_traffic protocol=udp to-addresses=10.0.0.1 \
    to-ports=53
add action=dst-nat chain=dstnat dst-port=53 packet-mark=DNS-IPTV-RT_traffic \
    protocol=udp to-addresses=10.100.0.1 to-ports=53
/ip route
add check-gateway=ping distance=2 gateway=internet_wan1 routing-mark=\
    WAN1_traffic
add check-gateway=ping distance=2 gateway=4.4.4.1 routing-mark=\
    WAN2_traffic
add check-gateway=ping distance=3 gateway=internet_wan1
add check-gateway=ping distance=4 gateway=4.4.4.1
add distance=2 dst-address=10.0.0.0/8 gateway=vpn_work
add distance=1 dst-address=10.100.0.0/16 gateway=10.100.0.1
add distance=1 dst-address=5.5.0.0/16 gateway=iptv_rt
/ip service
set telnet disabled=yes
set ftp address=192.168.200.0/24
set www address=192.168.200.0/24
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=localnet type=internal
add interface=internet_wan1 type=external
add disabled=yes interface=internet_wan2 type=external
/routing igmp-proxy
set query-interval=1m
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=iptv_rt upstream=yes
add interface=localnet
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+03:00
/system ntp client
set enabled=yes primary-ntp=85.21.78.23 secondary-ntp=216.171.120.36
/system ntp server
set enabled=yes
/system ups
add alarm-setting=none name=ups port=serial0
/tool romon port
set [ find default=yes ] cost=100 forbid=no interface=all secrets=""
add cost=100 disabled=yes forbid=no interface=all secrets=""

jkaberg · Sat Jul 23, 2016 6:40 pm

Hi,

did you ever solve this? I'm also seeing artifacts on my STB, and our config's are very much alike

Wakko · Sat Jul 23, 2016 8:06 pm

Hi,

did you ever solve this? I'm also seeing artifacts on my STB, and our config's are very much alike

Hi!
Yes, I already solve it.
I turned off my new RB850Gx2 and turned on back my old RB450G.
Technical support say what this trouble _may be_ resolved only in ROS v7.0.

lvnona · Tue Sep 20, 2016 12:54 am

Hei Wakko! Privet

Need your help brother

I have RB2011UiAS-RM and local home network with one of the ports I want to connect MAG 254 for IPTV.
What is proper way to configure RouterBoard for IPTV.

Spasibo,
Norm

R1CH · Wed Sep 21, 2016 1:48 am

Interesting. I've been using a multicast disk cloning setup which goes through an RB850Gx2 and noticed the throughput was significantly less than I'd hoped for, with the UDP sender reporting ~10-15% retransmissions. Will have to try replacing it at some point and seeing if it fixes the issue. I wouldn't be too surprised if there were issues, I found a very strange bug where it eats UDP DNS packets too (fix is on the way hopefully!).

josu · Mon Oct 03, 2016 11:21 am

Hello,

Is this solved?

I want to change the 450G wit a RB850Gx2. I use IPTV too.

Kind regards.

Wakko · Mon Oct 03, 2016 11:25 am

Is this solved?

I want to change the 450G wit a RB850Gx2. I use IPTV too.

No, it's not solved yet.

josu · Mon Oct 03, 2016 11:29 am

Is this solved?

I want to change the 450G wit a RB850Gx2. I use IPTV too.
No, it's not solved yet.

Thanks,

And could we send this issue to developers?

Or have support from Mikrotik?

Kind regards.

Wakko · Mon Oct 03, 2016 11:31 am

And could we send this issue to developers?

Or have support from Mikrotik?

MikroTik support knows about this issue, but they couldn't help us.
They says what this issue _may be_ fixed in ROS 7.0..

josu · Mon Oct 03, 2016 12:33 pm

Thanks for the reply.

Enviado desde mi MI 5 mediante Tapatalk

magchiel · Mon Oct 03, 2016 1:06 pm

For what it's worth: I have two RB850Gx2 successfully configured with IPTV (s/n 4*) running without issues, both bridged (purely VLAN-based) as well as routed (with IGMP proxy).

NathanA · Mon Oct 03, 2016 1:19 pm

MikroTik support knows about this issue, but they couldn't help us.
They says what this issue _may be_ fixed in ROS 7.0..

This sounds very strange to me. If it works on RB450G in 6.x, why would it work any different on an RB850Gx2 if it wasn't a driver bug?

Did MT support explain in detail what the underlying problem is?

-- Nathan

Wakko · Mon Oct 03, 2016 1:21 pm

MikroTik support knows about this issue, but they couldn't help us.
They says what this issue _may be_ fixed in ROS 7.0..
This sounds very strange to me. If it works on RB450G in 6.x, why would it work any different on an RB850Gx2 if it wasn't a driver bug?

Did MT support explain in detail what the underlying problem is?

RB450G has only one CPU core, but RB850Gx2 has two CPU cores.
Problem with IPTV is "reordering packets".

NathanA · Mon Oct 03, 2016 1:27 pm

RB450G has only one CPU core, but RB850Gx2 has two CPU cores.
Problem with IPTV is "reordering packets".

Ah! Got it. So the problem might manifest itself on any multicore MikroTik?

-- Nathan

timberwolf · Thu Apr 20, 2017 9:24 pm

Did anyone ever revisit or verify this with newer versions?
I had some issues with reordering with 6.34(if I'm not mistaken) which could be worked around by disabling one core in RouterBoot.
Didn't retry this later on, as I then shelved the RB850Gx2.

Problem with IPTV on RB850Gx2

Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: RE: Re: Problem with IPTV on RB850Gx2

Re: RE: Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2

Re: RE: Re: Problem with IPTV on RB850Gx2

Re: RE: Re: Problem with IPTV on RB850Gx2

Re: RE: Re: Problem with IPTV on RB850Gx2

Re: Problem with IPTV on RB850Gx2