[c-nsp] How to tune multicast RPF checking?

[Matti Saarinen]

We have a network setup where multicast is transported through PIX via
GRE tunnel. Now, I have some difficulties in tuning the RPF checking
of the multicast packets

The network looks roughly like this


rtrA --- fw --- (small network: rtrB + 2 routers) --- rtrB (Cat6500)
   \                                                         /
    \--------------- GRE tunnel for multicast --------------/


On rtrA there are static mroutes pointing to the tunnel, It consis of
the prefixes that are behind the PIX. On the rtrB there is a mroute
towards 0/0 that points to tunnel as well. The default route is
generated by the PIX and advertised via OSPF which is the IGP used.
The RP is rtrB which is a Cat6500 and there are six other routers as
well.

Now, when a host in our internal network starts sending multicast
traffic the traffic will be dropped when it reaches the RP due the RPF
check. This due the fact that the default mroute overrides the more
specific routes learned via OSPF because of the lower administrative
distance. If I set a more specific static mroute pointing towards the
source the RPF check succeeds and the multicast traffic flows
correctly.

Setting up a static mroute for every network in which there might be a
multicast source gets really soon annoying. Is there any way to make
the RPF check work on the RP without the static mroutes? I know in
JUNOS I could configure a special RIB for RPF but can I configure a
similar one in IOS?


Cheers,


-- 
- Matti -