This article provides information on how to troubleshoot the multicast traffic flow issue, when the following error is received in debug igmp all:
PIMSM: Received events 10
trust-vr: PIMSM Static RP for this group is not available
trust-vr: PIMSM RP for group 239.192.41.55 not found in zone Trust
Requirements:
- Pass multicast traffic over the VPN.
- PIM is used for multicast routing.
Setup:
192.168.3.4 (sender and RP)-192.168.3.1(trust)(eth0/1)Fw-1(eth0/2)—tun.1-10.10.10.194-11.11.11.34-tun.2-(eth0/2)Fw-2(eth0/1)--192.168.2.1-192.168.2.3(receiver)
When the following command is issued, firewall 1 is receiving traffic from the sender with the 239.192.41.55 multicast group on eth0/. But due to no RP set being available, traffic is dropped:
Firewall 1>debug igmp all
## 2012-05-08 22:24:16 : PIMSM: Received events 10
## 2012-05-08 22:24:16 : trust-vr: PIMSM Process IGMP Join for G=239.192.41.55 on ifp=ethernet0/1
## 2012-05-08 22:24:16 : trust-vr: PIMSM Group RPSet is not available
## 2012-05-08 22:24:16 : trust-vr: PIMSM Static RP for this group is not available
## 2012-05-08 22:24:16 : trust-vr: PIMSM RP for group 239.192.41.55 not found in zone Trust
## 2012-05-08 22:24:16 : trust-vr: PIMSM No Group Entry for 239.192.41.55 zone=Trust
## 2012-05-08 22:24:16 : trust-vr: PIMSM zone Trust No 239.192.41.55 Grp entry
## 2012-05-08 22:24:16 : trust-vr: PIMSM Destination Address is Zero
## 2012-05-08 22:24:16 : trust-vr: PIMSM No Group Entry for 239.192.41.55 zone=Trust
## 2012-05-08 22:24:16 : trust-vr: PIMSM zone Trust No 239.192.41.55 Grp entry
## 2012-05-08 22:24:16 : trust-vr: PIMSM Group RPSet is not available
## 2012-05-08 22:24:16 : trust-vr: PIMSM Static RP for this group is not available
## 2012-05-08 22:24:16 : trust-vr: PIMSM RP for group 239.192.41.55 not found in zone Trust
## 2012-05-08 22:24:16 : No RP Information for this Group 239.192.41.55
## 2012-05-08 22:24:16 : PIMSM: Received events 10
## 2012-05-08 22:24:17 : PIMSM: Received events 10
## 2012-05-08 22:24:17 : PIMSM: Received events 10
The error message is generated when the access list of routes does not have an entry for this Multicast Group IP.
The 224.192.41.55/32 route is verified in the list of multicast routes. The error message is generated, when the access list of routes does not have entry for this IP.
Delete multicast policy, then add this address to the access list. The commands are as follows:
unset multicast-group-policy from "Trust" mgroup-list 5 to "Untrust" pim-message bsr-static-rp join-prune bi-directional
set vrouter "trust-vr"
set access-list 5
set access-list 5 permit ip 239.192.41.55/32 2
Note: If the user is still unaware of the Multicast Group that they can send, a whole subnet can also be configured.
set multicast-group-policy from "Trust" mgroup-list 5 to "Untrust" pim-message bsr-static-rp join-prune bi-directional
Note: This issue occurs especially when multicast traffic is working for some traffic and not working for other traffic when they are of the same type.
Here, the first step is to check the multicast group IP address, which the sender is sending in both cases. If they are different, then most likely the issue is the missing multicast group IP entry in the access-list.
2021-01-05: Removed EOL products.