[j-nsp] IP fragmented PIM Registers dropped

[Phil Mayers]

All,

[I would deal with TAC, but an administrative error has meant our 
contract expired and I'm still waiting for the purchase order to go 
through (sigh) and thought I'd check here in the meantime.]

Basically a host on our network is transmitting full-size 1500 byte 
packets to a multicast group. The cisco (6509) serving as the PIM DR for 
that hosts' networks is encapsulating these and sending them via unicast 
to our M7i which is the RP. The resulting PIM Registers are 1508 bytes 
long, meaning the IP packet containing them is fragmented. The M7i is 
not "seeing" these PIM registers, so never sends the Register-stop, and 
thus the downstream router continues to encapsulate and raises the CPU a 
bit higher than normal. I've configured the register-rate-limit but of 
course the underlying fault is still there.

The PIM-SM config on both the M7i and the downstream routers is 
otherwise very well tested and functional in every respect.

I've tried a "tcpdump" from within "start shell" and it doesn't see the 
2nd fragments of the packets, though I'm not familiar enough with the 
Juniper to know if such a tcpdump is "definitive". The "show system 
statistics ip" "fragments discarded" counter is rising at about the 
right rate to account for them being received but dropped.

I've also used a tap on the link facing the M7i to verify that both IP 
fragments are leaving the previous hop, so it does seem to be an issue 
at the juniper side. The "router protect" ACL on lo0 should not (does 
not seem to) be hitting the traffic.

Any thoughts?