07-31-2009 08:07 AM - edited 03-04-2019 05:37 AM
I have multicast set up on my LAN using vbricks.
I want to extend use of the vbricks to another site. To get to the remote site, the 4510 connects to a firewall locally, then hits the other firewall at the remote site, then to the 3750 user switch.
On my LAN, the vbricks are configured with the networks for access (including the remote site), the user switches have ip multicast routing and ip pim sparse dense mode on the vlan int.
I set up the remote side the same way except for the 3750 the command is ip multicast-routing distributed.
the firewall team says they don't see any multicast traffic coming from the 4510. Is there something I need to configure on the port that connects to the firewall?
Thank you
07-31-2009 08:20 AM
What type of FW?
Commonly, FWs do not support Multicast so to send Multicast traffic over a FW is often done with a GRE tunnel between Multicast routers.
We don't recommend using a 3750 switch with GRE tunnels so you will need a router at each end with Multicast routing enable to traverse the FW.
HTH,
__
Edison.
07-31-2009 12:08 PM
the juniper firewalls already have a tunnel built between the two sites.
07-31-2009 12:11 PM
The tunnels need to be built on the devices running Multicast and the tunnel itself will have PIM.
As I stated before, 3750 switch won't support GRE tunneling in hardware hence we don't recommend this design.
The only option is placing routers facing the FWs at each end - configure a GRE tunnel on these routers along with multicast routing.
08-04-2009 06:15 AM
So there is no way to point the multicast traffic for the remote site to the firewall interface, then it can tunnel the multicast? the firewall can do routing and tunneling. I wouldn't think we would need to add a extra router on both sides if the firewall will do the same thing.
08-04-2009 05:25 PM
Can you find out if this FW can run multicast natively?
If so, enable PIM and multicast in the FW and you are set.
If not, you need to tunnel multicast between devices.
__
Edison.
08-05-2009 05:11 AM
as far as i know they do. i looked up the specs - juniper ssg140 and ssg350m and they list pim and multicast.
i know they have a tunnel built because we go through a cloud. so should it be just a matter of them adding pim and multicast to the existing tunnel?
thank you
08-05-2009 05:49 AM
Enable PIM on the FW under the customer facing interface and the tunnel. Best aware PIM relies on the routing table and RPF can occur if the routing takes your multicast flow via interfaces without PIM enabled.
__
Edison.
08-11-2009 07:20 AM
the firewall team added multicast to the configuration and it is working for the most part.
When the users open up the vbrick application, they do not see the channels displayed but they can type in the multicast address and port number to veiw the video.
I found out that what is not making it though to the remote side is the Session Announcement Protocol(SAP)which uses 224.2.127.154 port 9875. Is there something I need to add to the config on the switches or something the firewall team needs to enable. They said that they dont even see any traffic for that IP coming in from my switch. They do of course, see all the multicast address info.
I wouldn't think I need to add anything, their firewall is directly connected to our switch on the same subnet as the vbricks.
08-11-2009 09:26 AM
I'm not familiar with such application thus I recommend contacting the vendor for configuration best practice.
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide