07-14-2021 02:21 PM
Hello,
We are having a multicast problem with our PA. It is an informacast application that needs to use multicast. Our server is in the data center on Nexus.
We saw that Multicast FIB on the Palo Alto FW was not being created.
We saw that multicast packets coming from the source to multicast group were not being marked with an egress interface, this probably is because we do not have the S,G FIB entry to determine the outgoing interface the FW must sent these packets
A Device will create S,G state once a PIM S,G join is received.
We did a packet capture on the PA Firewall and on the cisco Nexus7700 C7706 device, which is outside the PA.
We see the pim join arrive to the PALO alto on the capture we took on the PA.
We see that for Group: mcast group address a Join to source (S) was done to source addres. This PIM join is intended for upstream-neighbor which is the ip of the PA FW on the outside vlan.
We also see this packet arrived on the correct vlan, with a valid neighbor on the PA.
Is there a reason why is the device not creating mcast FIB entry once the PIM join is received?
05-10-2022 07:59 AM
There is a reverse path check done on the address for the rendevous point. If this is asymetric, pim wont work.
05-10-2022 07:59 AM
There is a reverse path check done on the address for the rendevous point. If this is asymetric, pim wont work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
