Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX is not propagating the (S,G) route to the upstream switch

0

0

Article ID: KB30187 KB Last Updated: 29 Apr 2015Version: 1.0
Summary:

When trying to establish PIM neighborship between SRX and a Cisco switch that is running the Hot Standby Router Protocol (HSRP), SRX fails to install the Cisco IP as an upstream PIM neighbor. Due to this, SRX is not propagating the (S,G) information to the upstream device.

Symptoms:

In the following topology, Cisco is running HSRP and hence the interface connected to the SRX will have both HSRP IP and the physical IP configured on it. 


                                                                                                         Physical IP 10.10.10.54
                    10.20.30.40                                                                HSRP IP     10.10.10.45
RP ---------- Router R1  -------------reth31.0  SRX  reth30.0-----------Cisco switch ------------------------Multicast source
                              |                                                                                                                               172.16.127.90
             Multicast Receivers

You might run into an issue where the upstream neighborship will not be complete under pim join. Because of this, the upstream device will be able to build the (S,G) route for this multicast group. The SRX downstream device is showing the correct (S,G) route.

From the following command, you will notice that for mcast group 239.0.0.9 and source 172.16.127.90, the upstream interface does not list the Cisco IP address:

show pim join extensive

Group: 239.0.0.9
Source: *
RP: 149.176.234.112
Flags: sparse,rptree,wildcard
Upstream interface: reth31.0
Upstream neighbor: 10.245.139.42
Upstream state: Join to RP
Uptime: 00:17:30
Downstream neighbors:
Interface: reth30.0
149.176.218.245 State: Join Flags: SRW Timeout: 165
Uptime: 00:17:30 Time since last Join: 00:00:45

Group: 239.0.0.9
Source: 172.16.127.90
Flags: sparse
Upstream interface: unknown (no nexthop)  <<< The upstream interface is not showing up
Upstream neighbor: unknown
Upstream state: None
Keepalive timeout:
Uptime: 00:17:39
Downstream neighbors:
Interface: reth31.0
10.20.30.40 State: Join Flags: S Timeout: 156
Uptime: 00:17:39 Time since last Join: 00:00:53

Under PIM neighbors, notice that the PIM is established with IP 10.10.10.45, which is the HSRP IP:

root@SRX> show pim neighbors
Instance: PIM.master
B = Bidirectional Capable, G = Generation Identifier,
H = Hello Option Holdtime, L = Hello Option LAN Prune Delay,
P = Hello Option DR Priority, T = Tracking Bit

Interface IP V Mode Option Uptime Neighbor addr
reth30.0 4 2 HPG 24w5d20h 10.10.10.45 <<< HSRP IP
reth31.0 4 2 HPG 67w6d0h 10.20.30.40

Notice that the route to multicast source 172.16.127.90 from SRX is correctly pointing to the upstream Cisco switch, but to its physical IP address 10.10.10.54 and not to its HSRP address:

root@SRX# run show route 172.16.127.90

inet.0: 271 destinations, 272 routes (270 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.127.90/32 *[Static/5] 00:00:27
> to 10.10.10.54 via reth30.0
<<< Physical IP 10.10.10.54

Cause:

The reason for this issue is that PIM is being established using Cisco's HSRP IP, but the route towards the multicast source from the SRX is pointing towards the actual physical IP address of the Cisco switch.

Solution:

You need to modify the route to reach the source of the traffic to the next-hop IP as the HSRP address of the Cisco switch, or alternatively establish PIM neighborship over the physical IP address of the Cisco switch.

set routing-options static route 172.16.127.90/32 next-hop 10.10.10.45
commit

root@SRX# run show route 172.16.127.90

inet.0: 271 destinations, 272 routes (270 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.127.90/32 *[Static/5] 00:00:12
> to 10.10.10.45 via reth30.0

show pim join extensive group 239.0.0.9

Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 239.0.0.9
Source: *
RP: 149.176.234.112
Flags: sparse,rptree,wildcard
Upstream interface: reth31.0
Upstream neighbor: 10.245.139.42
Upstream state: Join to RP
Uptime: 01:54:34
Downstream neighbors:
Interface: reth30.0
149.176.218.245 State: Join Flags: SRW Timeout: 181
Uptime: 01:54:34 Time since last Join: 00:00:29

Group: 239.0.0.9
Source: 172.16.127.90
Flags: sparse
Upstream interface: reth30.0
Upstream neighbor: 10.10.10.45  <<< Now the upstream is being listed correctly
Upstream state: None, Join to Source
Keepalive timeout:
Uptime: 01:54:43
Downstream neighbors:
Interface: reth31.0
10.20.130.40 State: Join Flags: S Timeout: 178
Uptime: 01:54:43 Time since last Join: 00:00:32
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search