[j-nsp] NetScreen/Juniper problem

Chris Roberts croberts at bongle.co.uk
Tue Mar 28 07:43:50 EST 2006 

Apologies for anyone also on nn at qorbit for this cross-posting, I figured I'd
post this here now aswell.

We're trying to get multicast working on a Juniper/NetScreen 25 running
ScreenOS 5.3.0r1.0.

We have PIM-SM successfully established, and the upstream Cisco route is
forwarding traffic for the particular multicast group to the NetScreen
ethernet3 (Untrust zone/trust-vr) interface. This interface does not seem to
be recognizing/registering the multicast data traffic:
Hardware 64-bit counters for interface ethernet3:
in bytes                 772953924749 |  out bytes
1554508676111
in ucast                   2205056934 |  out ucast
3381480232
in mcast                            0 |  out mcast
0
in bcast                            0 |  out bcast
0

When we debug flow all, with an ffilter setup for our source, we see the
following:
****** 5250133.0: <Untrust/ethernet3> packet received [1356]******
  ipid = 0(0000), @c7d44110
  packet passed sanity check.
  ethernet3:132.185.236.60/32783->233.122.227.201/5554,17<Root>
  existing session found. sess token 6
  flow got session.
  flow session id 25564
  POLL_DROP_PAK: vlist 0x14337c4, 0x14336e8
  super fast vector 3
****** 5250133.0: <Untrust/ethernet3> packet received [1356]******
  ipid = 0(0000), @c7d45110
  packet passed sanity check.
  ethernet3:132.185.236.60/32783->233.122.227.201/5554,17<Root>
  existing session found. sess token 6
  flow got session.
  flow session id 25564
  POLL_DROP_PAK: vlist 0x14337c4, 0x14336e8
****** 5250133.0: <Untrust/ethernet3> packet received [1356]******
  ipid = 0(0000), @c7d45910
  packet passed sanity check.
  ethernet3:132.185.236.60/32783->233.122.227.201/5554,17<Root>
  existing session found. sess token 6
  flow got session.
  flow session id 25564
  POLL_DROP_PAK: vlist 0x14337c4, 0x14336e8

This leads me to believe we may be dropping this traffic at the NetScreen?
Would could this be? We have the following multicast routes for this group:
(*, 233.122.227.201)  RP 217.154.130.100 02:00:38/-         Flags: LF
  Zone            : Untrust
  Upstream        : ethernet3           State          : Joined
  RPF Neighbor    : 217.154.52.38       Expires        : 00:00:23
  Downstream      :
  ethernet1    02:00:38/-         Join         233.122.227.201  FC

(132.185.236.60/27, 233.122.227.201)   02:00:37/00:02:54  Flags: TLF
  Zone            : Untrust
  Upstream        : ethernet3           State          : Joined
  RPF Neighbor    : 217.154.52.38       Expires        : 00:00:24
  Downstream      :
  ethernet1    02:00:37/-         Join         233.122.227.201
132.185.236.60 FC

Which leads me to believe all is okay. Yet no multicast traffic appearing on
ethernet1.

I'm pretty sure this must be a bug, can anyone else shed any light, or give
me any ideas on what else I could check? We have at times seen a few packets
from this stream passed, but it has been random and sporadic and only a few
packets.

Cheers,
Chris.

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.3.2/293 - Release Date: 26/03/2006

More information about the juniper-nsp mailing list