How to solve RPF check failure when using HSRP in Nexus56K?
I am trying to activate pim sm multicast routing between a firewall cluster (non cisco) and two nexus 5648 (no vpc).
Firewall cluster has one ip address (in each zone), nexus use hsrp (in each vrf).
Well known multicast problem: firewall drops pim and multicast traffic because of failing rpf check.
How can we solve this?
We see the following possibilities:
using a dynamic routing protocol instead of static routing with HSRP -> not wanted by security team probably
deactivating RPF-check on firewall -> not supported probably
static routing without hsrp, instead of this two static routes on firewall with next hops = physical ip addresses of the nexus. Prefer one of this routes on firewall, use health check to monitor nexus and change to second one if health check to first one fails. -> not supported maybe. more workaround character than solution
using static multicast routes on firewall (like mroute in ios), also two, with health checks. For unicast routing still use with HSRP. -> better than 3. but not supported probably
exchanging nexus by a different router system which does not need HSRP, maybe Cat6K with VSS -> high costs
exchanging nexus by a different router system which supports HSRP aware PIM -> high costs
Does anybody know a different hopefully easy trick to solve this issue?
how do we restrict a router interfaces from directly connected to Some vlans? can any one help me to figureout?the question is Router should not have interfaces directly connected to Vlan 30 and Vlan 40
I've got a one problem. Me and my friend have the same ISP. I checked my External IP address at WhatIsMyIp.com and my friend do it to. And we saw we have the same External IP.So my question is can 2 routers have the same External IP address?If i'm right 2...
LISP Protocol (Location Identifier Separation Protocol)! - The LISP protocol has become a brilliant stardom with the digital transformation that we are now experiencing. - Today we will talk about the LISP protocol and its advantages and method of p...
SD-Access provides automated end-to-end services (such as segmentation, quality of service, and analytics) for user, device, and application traffic. SD-Access automates user policy so organizations can ensure the appropriate access control and applicati...
Purpose: This document shows you how to create a group-based security policy in Cisco DNA Center.
Security policies determine the types of network traffic permitted or denied between scalable groups. Scalable groups are a critical compo...