Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Configuration example - Multicast PIM Sparse Mode

0

0

Article ID: KB28362 KB Last Updated: 29 Apr 2020Version: 2.0
Summary:

This article provides a basic configuration example of Multicast PIM sparse mode on a SRX.

Symptoms:

The configuration example is based on the following network topology.  All the Junos OS devices can be SRXs.  The example provided in the solution is for the LHR.



For an explanation of the above components, refer to KB21591 - Sample Multicast Network Topology with Junos OS devices.
Solution:

Below are the configuration steps for configuring Multicast on the LHR in the above network topology.

  1. Configure the interfaces on the SRX:

    set interfaces ge-0/0/10 unit 0 family inet address 192.168.10.1/24
    set interfaces ge-0/0/20 unit 0 family inet address 192.168.20.1/24
    set interfaces irb unit 100 family inet address 192.168.100.1/24
    set interfaces ge-0/0/15 unit 0 family ethernet-switching port-mode trunk vlan members all
    set vlans CLIENT vlan-id 100 l3-interface irb.100

    OSPF is used to create routing path between client and server:

    set protocols ospf area 0.0.0.0 interface ge-0/0/10.0
    set protocols ospf area 0.0.0.0 interface ge-0/0/20.0
    set protocols ospf area 0.0.0.0 interface irb.100

  2. Enable PIM on the interfaces and specify the mode as sparse. IGMP v2 is enabled by default on those interfaces, when PIM is enabled on the interface.

    set protocols pim rp static address 192.168.1.1
    set protocols pim interface ge-0/0/10.0 mode sparse
    set protocols pim interface ge-0/0/20.0 mode sparse
    set protocols pim interface irb.100 mode sparse

    set protocols igmp interface irb.100
     (not required as IGMP is enabled when PIM is configured, but we included this to remind administrators to configure it on the receiver side)

  3. Enable PIM as host inbound traffic for the relevant security zones. Also create the required address book entries:

    set security zones security-zone trust address-book address 192.168.100.0 192.168.100.0/24
    set security zones security-zone trust host-inbound-traffic protocols pim
    set security zones security-zone trust host-inbound-traffic protocols ospf
    set security zones security-zone trust interfaces ge-0/0/15.0
    set security zones security-zone trust interfaces irb.100
    set security zones security-zone trust interfaces ge-0/0/0.0

    set security zones security-zone untrust address-book address 224.100.100.100 224.100.100.100/32
    set security zones security-zone untrust host-inbound-traffic protocols pim
    set security zones security-zone untrust host-inbound-traffic protocols ospf
    set security zones security-zone untrust interfaces ge-0/0/10.0
    set security zones security-zone untrust interfaces ge-0/0/20.0

  4. Create a security policy to allow the traffic between the security zones:

    set security policies from-zone trust to-zone untrust policy p1 match source-address 192.168.100.0
    set security policies from-zone trust to-zone untrust policy p1 match destination-address 224.100.100.100
    set security policies from-zone trust to-zone untrust policy p1 match application junos-udp-any
    set security policies from-zone trust to-zone untrust policy p1 then permit

  5. If there are multiple intermediate devices between the source and the destination, make sure that the route to the source is given through the correct interface. Otherwise, the traffic will be dropped due to the RPF (Reverse Path Forwarding) check.

    Note: In versions of Junos OS that do not support Enhanced Layer 2 Software (ELS), irb interface is called a routed VLAN interface (RVI). Hence, replace irb.100 with vlan.100

Verification
  1. Verify the PIM join status and confirm that the upstream and downstream interfaces are correct:

    root@srx> show pim join extensive
    Instance: PIM.master Family: INET
    R = Rendezvous Point Tree, S = Sparse, W = Wildcard

    Group: 224.100.100.100
    Source: *
    RP: 192.168.1.1
    Flags: sparse,rptree,wildcard
    Upstream interface: fe-0/0/2.0  <----
    Upstream neighbor: 192.168.20.2
    Upstream state: Join to RP
    Uptime: 00:01:36
    Downstream neighbors:
    Interface: irb.100   <----

    192.168.100.1 State: Join Flags: SRW Timeout: Infinity
    Uptime: 00:01:36 Time since last Join: 00:01:36

    For more information on the PIM join message, refer to show pim join.

  2. Verify the Multicast routing table:

    root@srx> show multicast route
    Instance: master Family: INET

    Group: 224.100.100.100
    Source: 192.168.200.10/32
    Upstream interface: fe-0/0/2.0
    Downstream interface list:
    irb.100

    Instance: master Family: INET6

    For more information on the multicast route, refer to show multicast route.

  3. Verify the flow session:

    root@srx> show security flow session destination-prefix 224.100.100.100
    Session ID: 2636, Policy name: N/A, Timeout: 58, Valid
    In: 192.168.200.10/64587 --> 224.100.100.100/5024;udp, If: fe-0/0/2.0, Pkts: 0, Bytes: 0
    Out: 255.255.255.255/5024 --> 255.255.255.255/64587;udp, If: .local..0, Pkts: 0, Bytes: 0

    Session ID: 2637, Policy name: default-policy-00/2, Timeout: -1, Valid
    In: 192.168.200.10/64587 --> 224.100.100.100/5024;udp, If: fe-0/0/2.0, Pkts: 105, Bytes: 6300
    Out: 224.100.100.100/5024 --> 192.168.200.10/64587;udp, If: irb.100, Pkts: 0, Bytes: 0
    Total sessions: 2

Troubleshooting

KB21586 - Resolution Guide: Troubleshoot Multicast issue with Junos OS device configured as Layer 3 (running PIM protocol)

Technical Documentation

Modification History:

2020-04-28: Updated the config with irb interface, added a note for vlan, formatting edits.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search