Results 1 to 9 of 9

Thread: Required dual-NIC setup, having tough time getting NDI to only hit one

  1. #1
    Registered User
    Join Date
    Apr 2012
    Location
    Cleveland, OH
    Posts
    30

    Required dual-NIC setup, having tough time getting NDI to only hit one

    Have a production truck. Each workstation has 20Gbit fiber NIC for internal LAN , 1Gbit NIC for WheatNet audio (entire truck is audio over IP: http://wheatstone.com/blades-ip-audi...ology-overview), which needs to be on its own network.

    The 20Gbit NICs are connected to Ubiquiti switch and USG-Pro router. Plenty of bandwidth for NDI. Default gateway is 192.168.10.1

    The 1Gbit WheatNet NICs connect to an isolated Cisco switch - no router. No default gateway. 192.168.87.x subnet

    Everything works fine in this setup, except for NDI. NDI will use Fiber sometimes, and WheatNet sometimes. This is problematic, as we need the WheatNet network to be exclusively audio, and because they are 1Gbit I'd rather not have NDI going over them.

    No matter what I'ver tried over the past two days, I can not get NDI to only use the Fiber NICs.

    These are all Windows 10 Pro machines. Fiber metric is set at 1. WheatNet metric set at 2000. So it should five preference to Fiber, but it still uses both (sometimes a machine will be receiving NDI on Fiber while simultaneously sending on WheatNet).

    This has been killing me for past 2 days. There must be some way to get it to stick to only the 192.168.10.1 fiber subnet, but I can't get it to work no matter what I've tried.

    Any ideas?

    Thanks!

  2. #2
    NDI will use multiple NICs automatically.

    However, if you want to stop it from using a particular NIC, you can setup a firewall rule to block traffic on port 5353/UDP on the NIC you don't want NDI to use. This port is used by the auto discovery mechanism of NDI.
    Kane Peterson
    Key Accounts Sales Engineer
    NewTek, Inc.

  3. #3
    Registered User
    Join Date
    Apr 2012
    Location
    Cleveland, OH
    Posts
    30
    Will give that a shot later today and report back. Thanks!

  4. #4
    Registered User
    Join Date
    Apr 2012
    Location
    Cleveland, OH
    Posts
    30
    UDP 5353? I blocked it on the entire 192.168.87.0/24 subnet, but NDI is still getting through.

    Screengrab attached shows NDI Studio Monitor receiving on the top (correct network) at 121 Mbps.

    Unfortunately it also shows NDI Scan Converter sending 49.7 Mbps on the bottom network (WheatNet audio).

    Any suggestions of what else to look at on my end?

    Click image for larger version. 

Name:	ndi_wheatnet.PNG 
Views:	17 
Size:	62.5 KB 
ID:	137833

  5. #5
    Registered User
    Join Date
    Apr 2012
    Location
    Cleveland, OH
    Posts
    30
    As a follow-up, I tried blocking UDP 5353 both inbound and outbound for the IP's associated with the NIC I want to block. It always gets through.

    If I block UDP 5353 globally, it does indeed block discovery.

    Is discovery somehow still getting through on the other subnet, but routing to WheatNet?

    Stumped.
    Last edited by RoverRadio; 09-05-2017 at 06:47 PM.

  6. #6
    I'll have to give it a try myself, but I'm going off the information found in this thread.

    http://forums.newtek.com/showthread....a-specific-NIC

    -UPDATE-

    I just tried the Windows firewall, which when I blocked 5353/UDP I got no NDI traffic at all, so it appears that works. However, from what I can find the Windows firewall cannot limit a rule to a specific network interface, so it looks like a 3rd party firewall would be required.

    Something else that might work is to block 5353/UDP globally, then use the NDI Access Manager tool and point it at the only IP address that you want communication over. I've not tried this, but I think this should work.
    Last edited by kanep; 09-05-2017 at 07:22 PM.
    Kane Peterson
    Key Accounts Sales Engineer
    NewTek, Inc.

  7. #7
    Registered User
    Join Date
    Apr 2012
    Location
    Cleveland, OH
    Posts
    30
    I'll pick up on this tomorrow. Symantec Endpoint allows per-NIC rules. I'll see what I can get working on this end, but it was a miserable failure today unfortunately.

  8. #8
    Registered User
    Join Date
    Apr 2012
    Location
    Cleveland, OH
    Posts
    30
    UPDATE: I *think* I finally got this to work as desired.

    As noted above, Windows Firewall doesn't allow per-adapter rules.

    In order to get this to work, install Symantec Endpoint (you'll need to put Symantec Endpoint Manager on a system on your LAN somewhere, and the client on your target system(s)).

    In Manager create a new Firewall rule. You need to assign it to the MAC address(es) of the target adapters you want to enforce.

    Create a rule that Allows All traffic from everywhere. Then create a rule on top of that that blocks UDP 5353 both in/out from all sources/destinations.

    After that, in NDI Access Manager manually enter the IP addresses of sources you wish to Receive from on all computers you want to be able to receive.

    And pray.

    P.S. As I am sure has been pointed out, there should really be a built-in function of NDI (in either host applications or Access Manager somehow) to select what NIC's you want to allow. Set with a few clicks instead of jumping through all the above hoops. It is not uncommon whatsoever in larger facilities do have 2 or 3 NICs per machine...I'd consider the routing of NDI traffic to a specific NIC a critical function. Add VPN, etc. into the mix and you've got all sorts of headaches.

    Thanks for the help!

  9. #9
    Glad you got it working. In the link I posted above, the plan is to add this support into NDI. It appears that with having multiple operating systems to support, this feature it isn't a simple as it might seem to implement.
    Kane Peterson
    Key Accounts Sales Engineer
    NewTek, Inc.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •