Due to Telus pushing converged edge to my area, I had to finally figure out how to make this work. Before, there was 'trickle' 10kbits internet that allowed Xbox Live sign-in but it is gone now. Calling in for assistance they wanted me to buy internet or to replace the Xboxes with CIS330s. (And it took two hours to figure this out because they first blamed Xbox Live being down and then claimed that nothing changed on their network until confirmed by a network engineer who was not forthcoming with the Solutions Department.)
(This is only necessary when using Xboxes as STBs as the Cisco boxes do not need internet.)
The Fortigate did not work and I had to use pfSense. I am going to try a Netscreen (Juniper) device at a later date. (It has IGMP proxying unlike the Fortigate.)
Right now however there are some tweaks I would like to look into.
I tried to talk to the loyalty department to request an Alcatel CellPipe. I currently am using the Actiontec with the modified firmware but would rather not have to rely on that (and I am sure Telus would prefer that I do not mess with their hardware). Any other way to obtain a modem only or get official bridge support? (I know, wishful thinking.)
The second part is to more tightly control the firewall policies. Technically the unicast part of the TV (first ~30secs of a channel) can be over any internet connection but I would like to send it to Telus. I have started to make a spreadsheet detailing all the channels (that I have) with the Unicast, Multicast source and Multicast destination addresses. If anyone would like to contribute to this or if there is any other interested parties that would like this info, let me know. Specifically, if someone like Symtex could help, it would save me a lot of work.
Without the full list, it currently looks something like this:
Unicast (outgoing request from STB) sends to 207.148.139.x, port 47806 UDP. Unfortunately, these seem to be random and do not correlate with below.
Multicast source comes from 207.148.140/141/142.x and 207.228.116/117.x, port 47811 UDP.
Multicast destinations match up to a corresponding source in a vary logical manner (last two octets have a matching pattern): 232.9.0/1/2.x = 207.148.140/141/142.x and 232.9.8/9.x = 207.228.116/117.x, port 6288 UDP
(Example: ABC Seattle HD, ch 604, comes from 207.228.116.129:47811 and sends to 232.9.8.129:6288)
There is also at least 3 NTP servers and 1 HTTP server that are used frequently. (I assume the HTTP is for the guide but I haven't bothered to packet capture that yet.) The NTP queries are sent frequently -- once a minute.
Lastly, there seems to be 5 heartbeat servers (207.228.125.52-56) that send to MCast 232.239.0.10 (both source and dest port 3042 UDP).
I haven't had to make a complete list to get the TV to work as I opened up /24 for each range I found to be in use but I would like to fix this as I doubt Telus is using that many. (All the netblocks still seem to have cadvision dialup hostnames btw.)
Anyway, if anyone wants to provide more information or get a working copy of my list, or more info about my current firewall rules, let me know. (I don't want to be the only crazy one doing this.)
Thanks.
↧