[c-nsp] How to tune multicast RPF checking?

Tantsura, Jeff jeff.tantsura at capgemini.com
Fri Nov 26 04:26:04 EST 2004 

Starting with 6.2 you could configure PIX as IGMP proxy so GRE is not
needed
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_c
onfiguration_guide_chapter09186a00800eb71e.html#wp1055115

Jeff

With kind regards/ met vriendelijke groeten,
--------------------------------------------------------
Jeff Tantsura
CCIE #11416
Senior Consultant
Capgemini Nederland BV
Tel: +31(0)30 689 2866
Mob:+31(0)6 4588 6858
Fax: +31(0)30 689 6565
--------------------------------------------------------


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matti Saarinen
Sent: Friday, November 26, 2004 9:53 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] How to tune multicast RPF checking?


We have a network setup where multicast is transported through PIX via
GRE tunnel. Now, I have some difficulties in tuning the RPF checking of
the multicast packets

The network looks roughly like this


rtrA --- fw --- (small network: rtrB + 2 routers) --- rtrB (Cat6500)
   \                                                         /
    \--------------- GRE tunnel for multicast --------------/


On rtrA there are static mroutes pointing to the tunnel, It consis of
the prefixes that are behind the PIX. On the rtrB there is a mroute
towards 0/0 that points to tunnel as well. The default route is
generated by the PIX and advertised via OSPF which is the IGP used.
The RP is rtrB which is a Cat6500 and there are six other routers as
well.

Now, when a host in our internal network starts sending multicast
traffic the traffic will be dropped when it reaches the RP due the RPF
check. This due the fact that the default mroute overrides the more
specific routes learned via OSPF because of the lower administrative
distance. If I set a more specific static mroute pointing towards the
source the RPF check succeeds and the multicast traffic flows correctly.

Setting up a static mroute for every network in which there might be a
multicast source gets really soon annoying. Is there any way to make the
RPF check work on the RP without the static mroutes? I know in JUNOS I
could configure a special RIB for RPF but can I configure a similar one
in IOS?


Cheers,


--
- Matti -
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.

More information about the cisco-nsp mailing list