Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

The firewall could not create the mroute (S,G) correctly

0

0

Article ID: KB10928 KB Last Updated: 23 Jun 2010Version: 3.0
Summary:
The firewall could not create the mroute (S,G), although mroute (*,G) has been created correctly.
Symptoms:
The customer configured PIM on the firewall.  The group 224.6.5.112 (*,G) was created correctly, but when the source 10.10.72.60 occurs, the (S,G) mroute (10.10.72.60/32, 224.6.5.112) could not be created.
In other words, the (10.10.72.60/32, 224.6.5.112) state is not joined and has been pruned.

PIM command output and debugs looked as follows:
get mroute

(*, 224.6.5.112)  RP 10.0.0.1          14:16:58/-         Flags: F 
  Zone            : Trust         
  Upstream        : ethernet1/1         State          : Joined   
  RPF Neighbor    : 10.200.252.34       Expires        : 00:00:41
  Downstream      :
  ethernet1/3 14:15:59/00:03:23  Join         0.0.0.0          F

(10.10.72.60/32, 224.6.5.112)         14:16:58/-         Flags: EY 
  Zone            : N/A           
  Upstream        : N/A                 State          : Not Joined
  RPF Neighbor    : local               Expires        : -
  Downstream      :
  ethernet1/3 14:15:59/00:03:23  Join         0.0.0.0            10.10.72.60 P


PIM neighbor:
Neighbor        Interface          Uptime     Expire     DR-priority GenId
-----------------------------------------------------------------------------
10.200.252.34   ethernet1/1        49d;01:00:40 00:01:42   1           2157225597
10.200.252.35   ethernet1/1        49d;01:00:40 00:01:13   1           2199033411
10.200.2.61     ethernet1/3        8d;20:51:39 00:01:25   1           2617589657

Debug output:
## 2008-01-01 14:19:31 : internal-vr: PIMSM DATA received on ethernet1/1 from Src=10.10.72.60 for Grp=224.6.5.112 due wrong iif
## 2008-01-01 14:19:31 : internal-vr: PIMSM zone Trust Grp node for Grp 224.6.5.112 Found
## 2008-01-01 14:19:31 : internal-vr: PIMSM route found for Src=10.10.72.60, Grp=224.6.5.112 zone=Trust
## 2008-01-01 14:19:31 : internal-vr: PIMSM zone Trust Grp node for Grp 224.6.5.112 Found
## 2008-01-01 14:19:31 : internal-vr: PIMSM route found for Src=10.10.72.60, Grp=224.6.5.112 zone=Trust
## 2008-01-01 14:19:31 : internal-vr: PIMSM DATA 10.10.72.60->224.6.5.112 interface=ethernet1/1
## 2008-01-01 14:19:31 : internal-vr: PIMSM zone Trust Grp node for Grp 224.6.5.112 Found
## 2008-01-01 14:19:31 : internal-vr: PIMSM (*,G) Route Entry found for Src=10.10.72.60 Grp=224.6.5.112 zone=Trust
## 2008-01-01 14:19:31 : internal-vr: PIMSM (*,G)/(*,*,RP) entry found Src=10.10.72.60, Grp=224.6.5.112
## 2008-01-01 14:19:31 : internal-vr: PIMSM NextHop for 10.10.72.60 is 10.200.2.60 ifp ethernet1/3
## 2008-01-01 14:19:31 : internal-vr: PIMSM injecting mcast pak into flow in=ethernet1/1 out=null
## 2008-01-01 14:19:31 : internal-vr: PIMSM Iif matches with the (*,G)/(*,*) entry
## 2008-01-01 14:19:31 : MRT: mroute 10.10.72.60->224.6.5.112 iif=ethernet1/1 not found

Solution:
When the source starts to appear, the firewall will check the unicast routing information to reach the source.  Notice in the routing table, the next hop is 10.200.2.60 for the route of the source 10.10.72.0/24, which needs to be one of the PIM  neighbor IP. But the PIM neighbor is 10.200.2.61.

Routing information about the source:
=============================
* 178     10.10.72.0/24     eth1/3     10.200.2.60   S   20      1     Root
PIM neighbor:
===========
Neighbor        Interface          Uptime     Expire     DR-priority GenId
-----------------------------------------------------------------------------
10.200.252.34   ethernet1/1        49d;01:00:40 00:01:42   1           2157225597
10.200.252.35   ethernet1/1        49d;01:00:40 00:01:13   1           2199033411
10.200.2.61     ethernet1/3        8d;20:51:39 00:01:25    1           2617589657

 
The solution is changing the route's (10.10.72.0/24) next hop  as 10.200.2.61.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search