All things related to multicast

[debbie fligor <>]

We're trying to switch from using a mulitcast bypass around our  
firewalls to sending the multicast traffic through them. No, we don't  
feel like it needs to go through the firewalls, but the new core  
routers we got have a frustrating feature where if you use any static  
mroutes, it can't populate the rest of the multicast routing table  
with the unicast routing table, so a default mroute to the bypass  
requires us to hand configure every subnet with an mroute in every  
core router, which is really annoying (to put it mildly).  Apparently  
changing this on the routers is not possible so we would like our  
multicast default to match the unicast default route, which goes  
through the firewalls.

we built it in our lab, and got it working with a single path on  
slightly newer code, but when we tried to do it for real in our dual  
path exit (firewalls in active-active) existing multicast connections  
stayed working but new connections wouldn't come up. We're going to  
have the switch vendor come in to help us debug the problem, but if  
anyone has known issues or ideas we'd love to hear them.

The firewalls are netscreen 5200's, the RPs are ciscos and the L2 and  
L3 switches are all Foundry.  All ideas are appreciated (and yes, for  
our next bid static mroutes working together with dynamic routing  
protocols to update the mcast routing table will be a requirement).




-----
-debbie
Debbie Fligor, n9dn       Network Engineer, CITES, Univ. of Il
email: 

          <http://www.uiuc.edu/ph/www/fligor>
"Every keystroke can be monitored. And the computers never forget."