packet dropped no route for ip multicast

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

packet dropped no route for ip multicast

Hi Team,

 

I have a multicast setup. I am able to see that the PIM neighbourship is completed and igmp membership also fine.

I can see my traffic in multicast fib with the correct incoming and outgoing interfaces. but the multicast packet is not reaching receiver, I can see a lot of packet drop in counter with detail "packet dropped no route for ip multicast". Any idea what will be the reason for this.

 

Thanks in advance.

Highlighted
Cyber Elite

@Abdul_Razaq,

Have you created a security policy to actually allow the traffic with the multicast group address? I believe that only when that's done you'll actually stop that counter from incrementing. 

Highlighted
L0 Member

Hi,

I am seeing this too. I have a pair of Linux boxes which generate multicast on 233.12.12.1 through 233.12.12.5. This is fed into the Palo Alto which hosts a RP with SPT threshold set to "never". A downstream Cisco ASA has Static Joins set up and exchanges PIM with the Palo Alto. This all seems fine - all five stream joins end up in the routing table.

 

admin@LHIRISMGTFWL01(active)> show routing multicast route

VIRTUAL ROUTER: mcast

flags: L - source is local
number of mfib entries shown: 13

group source flags incoming outgoing
----- ------ ----- -------- --------
233.12.12.1 0.0.0.0 PIM Register tunnel ae6.950
233.12.12.1 10.123.95.116 ae1.350 ae6.950
PIM Register tunnel
233.12.12.1 10.123.95.117 ae1.350 ae6.950
PIM Register tunnel
233.12.12.2 0.0.0.0 PIM Register tunnel ae6.950
233.12.12.2 10.123.95.116 ae1.350 ae6.950
PIM Register tunnel
233.12.12.2 10.123.95.117 ae1.350 ae6.950
PIM Register tunnel
233.12.12.3 0.0.0.0 PIM Register tunnel ae6.950
233.12.12.3 10.123.95.116 ae1.350 ae6.950
PIM Register tunnel
233.12.12.3 10.123.95.117 ae1.350 ae6.950
PIM Register tunnel
233.12.12.4 0.0.0.0 PIM Register tunnel ae6.950
233.12.12.4 10.123.95.116 ae1.350 ae6.950
PIM Register tunnel
233.12.12.4 10.123.95.117 ae1.350 ae6.950
PIM Register tunnel
233.12.12.5 0.0.0.0 PIM Register tunnel ae6.950

 

However the Palo Alto is dropping all traffic in the fifth stream (233.12.12.5)  with this counter incrementing:

flow_fwd_l3_mcast_drop 32 3 drop flow forward Packets dropped: no route for IP multicast

The security policy allows source from the Linux servers (any zone) and destination "multicast" and the Address of 233.12.12.0/29 which covers the group (any/any/any otherwise).

I can not work out why just this specific stream is being dropped. I have seen it working before.

Highlighted
L4 Transporter

hi @whiskerp ,

 

Can you check the RP address for the 5th flow and check whether you have a route in the firewall into the RP pointing to a PIM neighbor.

Highlighted
L0 Member

Hi, Sorry is there a specific command you'd like me to run? The RP is defined for groups 233.12.12.0/29 (and is hosted on this Palo Alto).

Both the source of the multicast and the Cisco ASA are locally connected (ie on Palo Alto interfaces)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!