Archive

Posts Tagged ‘Multicast’

How to automate a change of NetBIOS settings in properties of a network connection in Windows

June 4, 2015 2 comments

NetBIOS and LLMNR protocols is a really bad legacy in Windows (from security perspective). They should be disabled in all networks where DNS is sufficient means of name resolution.

There are three options:
Read more…

Advertisements

Multicast on Checkpoint R76 Gaia + Palo Alto and Cisco

May 21, 2014 Leave a comment

Just finished troubleshooting of multicast issues (no traffic received at all) with a subscriber sitting on a DMZ behind Checkpoint Gaia R76 and source being a couple of hops away behind another firewall – a Palo Alto box. Both firewalls were sitting on top of L2 Cisco kit (Catalysts & Nexuses)

Long story short here are few things to take away from the exercise:

  • IPS on that stupid Checkpoint even being globally disabled on the firewall is blocking PIM traffic (hello packets) and thus neighbour relationships do not form on PIM. Solution: enable IPS, find the rule blocking PIM, disable it, disable IPS. LOL!!!
  • When you enable IGMP on Gaia boxes which are part of HA group (in this case it was VRRP; ClusterXL might be different) declare your multicast group as local and specify VRRP VIP, not the IP of the box itself;
  • Enable PIM not only on the interface facing PIM next hop but also  on the interface facing the subscriber (alongside with IGMP) otherwise it looks like Cisco kit is not aware where to send IGMP Joins (which are destined to 224.0.0.22) puts them into a sink hole;
  • Pay attention to the IGMP version that you enable on Checkpoint interfaces facing the client. Do a packet capture to double-check. In my case the subscriber was sending v.3 despite the rest of the setup configured for ASM.

As a bonus here is a couple of commands useful on Palo Alto box for some light multicast troubleshooting:

 show routing multicast pim neighbour – to see your neighbours

show routing multicast pim statistics – to see your hello packets (both received and sent)

show routing multicast pim state – to see PIM state for your groups

(sorry, omitting Checkpoint stuff as it’s too much writing and I do not really like them – notes above should be sufficient to make it work anyway)

Simple configuration of Anycast RP

July 12, 2012 Leave a comment

MSDP is invaluable protocol when you need to keep your multicast flowing no matter what happens to your RP – just keep few of them up and running at all times.

On RP1:


ip pim rp-address 10.10.10.1
!
Interface loopback 0
Ip address 10.10.10.1 255.255.255.255
!
Interface loopback 1
Ip address 10.11.11.1 255.255.255.255
!
Ip msdp peer 10.11.11.2 connect-source loopback 1
Ip msdp originator-id loopback 1

On RP2:
ip pim rp-address 10.10.10.1
!
Interface loopback 0
Ip address 10.10.10.1 255.255.255.255
!
Interface loopback 1
Ip address 10.11.11.2 255.255.255.255
!
Ip msdp peer 10.11.11.1 connect-source loopback 1
Ip msdp originator-id loopback 1

Obviously you can have more then 2 RPs – analogy is clear.

Configuration on all other routers would be:


Ip pim rp-address 10.10.10.1
No ip pim dm-fallback

Categories: Cisco, LAN Tags: , ,

How to verify PIM-SM operation

November 7, 2011 Leave a comment

Here are the steps to verify operation of a shared tree multicast.

Last hop router (closest to receiver):
Read more…

Categories: Cisco Tags: , , ,