[j-nsp] Netscreen firewalls & multicast replication
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 17 08:54:47 EDT 2010
All,
Just a quick question...
We run a pair of Netscreen 5400s with M2 management boards and 10gig
modules, running ScreenOS 6.3, in routed mode.
A while back we discovered a documented limitation, specifically that
these firewalls don't have multicast replication hardware. You can run
them in one of two modes:
1. Multicast is done in hardware. In this mode, receivers must all be
on one outbound interface, and multicast is "faked", I guess by adding
/32 routes for the group pointing out of the output interface (as
opposed to a "proper" 64-bit (s,g) lookup) - this is "set flow multicast
install-hw-session".
2. Multicast is done in software. In this mode, things work as normal
but very high bit rates (e.g. a 20Mbit stream) can load the CPUs. This
is the default.
So, this is unfortunate but fine - I can live with that.
Question: do any later models of Juniper/Netscreen have multicast
replication hardware?
Do any other *vendors* have it?
Obviously transparent / layer2 mode doesn't have this issue, but we
don't want to run that for many reasons.
More information about the juniper-nsp
mailing list