All things related to multicast

["Todd Chapman" <>]

Debbie,

We have the same issue here. It turns out that the Foundry L3 code does not
properly set the PIM-SM bit and the Netscreen firewall then drops the
packets. This is a bug that Foundry is aware of. What version of code are
you running? We are running 7.6.04L. I believe the bug is resolved in
7.8.0E. We attempted to upgrade to this version and ran into another bug
with the number of BGP communities being limited to 64. At this time, we are
still running the 7.6.04 version, anxiously awaiting the version with all
the right fixes in place. Foundry is testing at this time and expects to
release it mid-February.

Hope this helps.

Todd Chapman
UC Davis NOC  

-----Original Message-----
From: debbie fligor 
[mailto:]
 
Sent: Wednesday, January 24, 2007 8:36 AM
To: wg-multicast List
Cc: debbie fligor
Subject: a Netscreen firewall question

We're trying to switch from using a mulitcast bypass around our firewalls to
sending the multicast traffic through them. No, we don't feel like it needs
to go through the firewalls, but the new core routers we got have a
frustrating feature where if you use any static mroutes, it can't populate
the rest of the multicast routing table with the unicast routing table, so a
default mroute to the bypass requires us to hand configure every subnet with
an mroute in every core router, which is really annoying (to put it mildly).
Apparently changing this on the routers is not possible so we would like our
multicast default to match the unicast default route, which goes through the
firewalls.

we built it in our lab, and got it working with a single path on slightly
newer code, but when we tried to do it for real in our dual path exit
(firewalls in active-active) existing multicast connections stayed working
but new connections wouldn't come up. We're going to have the switch vendor
come in to help us debug the problem, but if anyone has known issues or
ideas we'd love to hear them.

The firewalls are netscreen 5200's, the RPs are ciscos and the L2 and
L3 switches are all Foundry.  All ideas are appreciated (and yes, for our
next bid static mroutes working together with dynamic routing protocols to
update the mcast routing table will be a requirement).




-----
-debbie
Debbie Fligor, n9dn       Network Engineer, CITES, Univ. of Il
email: 

          <http://www.uiuc.edu/ph/www/fligor>
"Every keystroke can be monitored. And the computers never forget."