| [net] FiOS tv hardware: Broadcast stormsI enabled the Windows Firewall, with logging dropped packets to a file, even though I am behind the supplied DLINK hardware file wall.
What I discovered is that the TV hardware wired into the ethernet network is broadcast storming all machines on the subnet. My firewall logs quickly filled up with repeats of the following 3 TIMES every second!
2006-06-15 14:24:29 DROP UDP 169.254.1.33 255.255.255.255 21302 21302 1504 - - - - - - - RECEIVE
2006-06-15 14:24:33 DROP UDP 169.254.1.195 255.255.255.255 21302 21302 1504 - - - - - - - RECEIVE
Utilizing netcat, I was able to capture the following from these broadcasts:
<HmaNetConfig>
<MsgFmtRev>2</MsgFmtRev>
<MsgContRev>2</MsgContRev>
<NetStatus>0</NetStatus>
<HmaDevice>
<DevStatus>0</DevStatus>
<MACAddr>00159AC9A90A</MACAddr>
<IPAddr>169.254.1.33</IPAddr>
<NetworkMaster>Master</NetworkMaster>
<UnitAddr>0012307E2E</UnitAddr>
<DeviceType>2</DeviceType>
<SettopNodeID>1</SettopNodeID>
<NetConnectType>1</NetConnectType>
<MocaNodeID>0</MocaNodeID>
<MocaVersion>02.51</MocaVersion>
<HmaAuth>No</HmaAuth>
<HmaContSupport>SDonly</HmaContSupport>
<NumContSes>0</NumContSes>
</HmaDevice>
<HmaDevice>
<DevStatus>3</DevStatus>
<MACAddr>00159AC9D599</MACAddr>
<IPAddr>169.254.1.195</IPAddr>
<UnitAddr>001230874C</UnitAddr>
<DeviceType>2</DeviceType>
<SettopNodeID>2</SettopNodeID>
<NetConnectType>1</NetConnectType>
<MocaNodeID>254</MocaNodeID>
<MocaVersion>02.51</MocaVersion>
<HmaAuth>No</HmaAuth>
<HmaContSupport>SDonly</HmaContSupport>
<NumContSes>0</NumContSes>
</HmaDevice>
<HmaDevice>
<DevStatus>3</DevStatus>
<MACAddr>00159A53C9C2</MACAddr>
<IPAddr>169.254.1.143</IPAddr>
<UnitAddr>0015F70BA3</UnitAddr>
<DeviceType>1</DeviceType>
<SettopNodeID>3</SettopNodeID>
<NetConnectType>1</NetConnectType>
<MocaNodeID>254</MocaNodeID>
<MocaVersion>02.51</MocaVersion>
<HmaAuth>No</HmaAuth>
<HmaContSupport>SDorHD</HmaContSupport>
<NumContSes>0</NumContSes>
</HmaDevice>
</HmaNetConfig>
My "guess" is that this traffic is from the cable TV boxes, spamming for some sort of configuration information, its not IP addresses since that traffic would (should) be on a different port number than 21302.
The cable boxes themselves are only connected to the coax, however there is a small motorola bridging device that bridges ethernet to coax. This is required for the on-demand features to work, I am told.
How can I eliminate this broadcast storm?
Thanks in Advance:
Richard Underscore Siemers 2
at verizon
dot net |
|
|
|
O1OOO1O
join:2005-12-23
Lewisville, TX | Thats MOCA traffic between the STBs and the NIM, you can't kill it. All MOCA devices are constantly talking to each other, and from what understand one of the devices establishes itself as master, while everything else is just a node, and based on usage any of the devices is capable of establishing itself as a master. Although this traffic is not useful currently, once VZ implements the whole home DVR functionality, this traffic will become useful, so you can stream DVR playback to other STBs in your home. |
|
| Shouldn't MOCA traffic be limited to the coaxial network and not broadcasting on my ethernet subnet? Its transmitting packets to 255.255.255.255 on the ETHERNET side of things.
I'll put the NIM behind my old linksys NAT firewall if I have to just to isolate the broadcasts, but I was hoping for a software configuration option. |
|
DMS1
join:2005-04-06
Carrollton, TX | said by Richard_Siemers2 :
Shouldn't MOCA traffic be limited to the coaxial network and not broadcasting on my ethernet subnet? Its transmitting packets to 255.255.255.255 on the ETHERNET side of things.
I'll put the NIM behind my old linksys NAT firewall if I have to just to isolate the broadcasts, but I was hoping for a software configuration option.
The NIM is a layer 2 switch, not a layer 3 router. Therefore, it will pass broadcast packets from one side to the other. If you do anything to block this then you'll most likely lose the TV guide, VOD and PPV, because all of these require communication between the STBs (Coax) and the ONT (Ethernet). |
|
| reply to Richard_Siemers2
said by Richard_Siemers2 :
How can I eliminate this broadcast storm? You could setup a separate vlan for just those components that need to talk.
BTW, 3 UDP packets per second may be annoying but I don't think it warrants the label "broadcast storm" which to me implies a level of traffic that seriously impacts a network. |
|
 Woof Woof9I Miss Brother Iz
join:2004-09-01
Keller, TX
2 edits | reply to Richard_Siemers2
Looking at the XML, I'm guessing you have 2 SD receivers, and one HD receiver (or HD DVR).
Looks like the SD box at 169.254.1.33 has declared itself as the master.
Is your subnet scheme 169.254.1.x? That seems odd. The STBs acts as though they can't get an address via DHCP from your router (192.168.x.x, 10.0.x.x, whatever), so the STBs are self assigning addresses in the 169.254.1 range. I'd be curious to see what happens if you unplug ( not just turn off) all the boxes, then plug them back in to see if they grab an address via DHCP. You DO have DHCP enabled on the port that the NIM plugs into I hope!
Not that this will reduce traffic or anything, but the numbers looked odd. Who knows, maybe if they aren't using self assigned addresses, they will settle down.
I'd have to agree... each box sending this info out once a second is puny and not worth woying about. |
|
1 edit | said by Woof Woof9:Is your subnet scheme 169.254.1.x? That seems odd. The STBs acts as though they can't get an address via DHCP from your router (192.168.x.x, 10.0.x.x, whatever), so the STBs are self assigning addresses in the 169.254.1 range. I just stumbled across this thread, and it made me curious. So, I set up Ethereal to listen on my network after FIOS TV was installed.
I can see two IP addresses on the LAN that I didn't expect:
169.254.1.160
169.254.1.96
The MAC addresses associated with these IPs are assigned to Motorola CHS, and are the same as what the ActionTec router reports as hosts on the coaxial network. But, these 169.45.1.* addresses are apparently in addition to the IPs that were handed out to the the STBs by the DHCP server in the router: 192.168.1.101 and 192.168.1.102. The 192.168.1.* IPs are "live", as I can ping them from my laptop. But, I can't ping 169.254.1.* IPs, due to the routing on my network.
I'm sure I'm not seeing all of the frames sent/received by these 169.254.1.* IPs, as the only ones I'm capturing are broadcast frames. One set is an ARP request for .96 from .160, to which .96 replies with its MAC address.
Another is a UDP frame from .96 to .255 port 5000, which is interpreted as a "Cross Point Frame Injector" by Ethereal. I suspect that's because the frame and/or port number was mis-classified by Ethereal -- the only reference I can find to it on the 'Net is "a CNT proprietary protocol to carry Fibre Channel data over UDP".
I also captured a frame that contains XML similar to what was posted at the beginning of this thread.
According to RFC 3330 (»www.rfc-editor.org/rfc/rfc3330.txt):
169.254.0.0/16 - This is the "link local" block. It is allocated for communication between hosts on a single link. Hosts obtain these addresses by auto-configuration, such as when a DHCP server may not be found.
Apparently, the STB's are communicating among themselves using these IP addresses, and only using the addresses obtained from the router (via DHCP) to talk to the outside world. |
|
O1OOO1O
join:2005-12-23
Lewisville, TX | You would be correct in that assessment. 192.x addresses are for communication with the IPG / VOD servers; while the 169 addresses are local link (MOCA). If you pull up diagnostics on a HD or DVR box, you can see which 169 address is in use by each STB (HMA Connected Home). If you have a NIM, it would self assign itself a 169.254.1.2 address. |
|
| reply to Richard_Siemers2
Hi.
Maybe this is similar to the issues I am having with my router log since installing the FIOS TV. Unplugging the NIM100 stops the errors.
This is from my log:
[INFO] Fri Aug 04 07:57:03 2006 Dropped packet from 169.254.1.82 to 169.254.1.255 that was received from the wrong network interface (IP address spoofing)
[INFO] Fri Aug 04 07:57:03 2006 Dropped packet from 169.254.1.188 to 169.254.1.255 that was received from the wrong network interface (IP address spoofing)
[INFO] Fri Aug 04 07:57:00 2006 Dropped packet from 169.254.1.146 to 169.254.1.255 that was received from the wrong network interface (IP address spoofing)
The 'errors' don't affect any operation of my STBs or Video On Demand. They do get their own IP addresses from my DHCP just fine. The errors are just annoying as it fills my router log up so quickly, and if I'm looking for an XBOX Live problem, for example, I can't find the errors because every 3 seconds or so I get the other errors.
Don in Tampa |
|
1 edit | said by dnaegele:Maybe this is similar to the issues I am having with my router log since installing the FIOS TV. Unplugging the NIM100 stops the errors. Yes, it's the reason you are getting log entries in your router. It's not really an error -- it's just "leakage". These packets in question are broadcast packets (sent to x.x.x.255), and apparently the NIM is forwarding them across the bridge it creates to the 192.168.x.x network (or whatever your internal network address might be).
The NIM probably shouldn't be forwarding most local link broadcast messages. I can't think of a reason why it needs to forward frames sent to 169.254.1.255. However, not forwarding frames to 255.255.255.255 will cause a problem, starting with the inability to get an IP address from your router's DHCP server. |
|
patcat88
join:2002-04-05
Jamaica, NY
kudos:1 | reply to O1OOO1O
said by O1OOO1O:You would be correct in that assessment. 192.x addresses are for communication with the IPG / VOD servers; while the 169 addresses are local link (MOCA). If you pull up diagnostics on a HD or DVR box, you can see which 169 address is in use by each STB (HMA Connected Home). If you have a NIM, it would self assign itself a 169.254.1.2 address. Why would the NIM be assigned a IP if its a dumb ethernet bridge? |
|
O1OOO1O
join:2005-12-23
Lewisville, TX | said by patcat88:Why would the NIM be assigned a IP if its a dumb ethernet bridge? Self assigned. Not assigned from a DHCP server. The dlink assigns IPs in the range of 192.168.0.50-?? for set top boxes, and 192.168.0.100-199 for other TCP/IP devices.
The NIM assigns itself a 169.254.1.2 address. |
|
DMS1
join:2005-04-06
Carrollton, TX | reply to patcat88
said by patcat88:Why would the NIM be assigned a IP if its a dumb ethernet bridge? It's not totally dumb. It has a management interface that can be used to configure it by connecting the Ethernet port directly to a PC. |
|
