source --- (fa0/0)R1(fa1/0) --- (bg0)FW1(e0/0) === (e0/0)FW2(bg0) --- receiver
我的问题如下:FW2没有了解BSR,因此也没有学习RP信息。
FW1可以很好地了解BSR: br />
FW1-> get vrouter trust-vr protocol pim bsr
Zone : Trust
-----------------
Bootstrap Router address : 10.1.1.1
BSR hash mask length : 0
BSR priority : 0
BSR timer expires in : 00:01:31
BSR up time : 00:01:37
通过以下两行在FW2上指定静态RP可以解决问题,只是为了表明PIM可以正常工作:
FW2-> get vrouter trust-vr protocol pim bsr
Zone : Trust
-----------------
Bootstrap Router address : 0.0.0.0
BSR hash mask length : 0
BSR priority : 0
BSR timer expires in : -
我误解了一些基本知识吗? FW2上的
debug pim all
正在记录“找不到针对组的RP”类型的消息和两个防火墙之间的问候,但没有任何异常。一种创建可折叠部分的方法,对于文本墙很抱歉!):R1:
set vrouter trust-vr access-list 1 permit ip 224.0.0.0/4 1
set vrouter trust-vr protocol pim zone trust rp address 10.1.1.1 mgroup-list 1
ip multicast-routing
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip pim sparse-mode
no shutdown
interface FastEthernet1/0
ip address 172.16.1.2 255.255.255.0
ip pim sparse-mode
no shutdown
router ospf 1
network 0.0.0.0 255.255.255.255 area 0.0.0.5
exit
ip pim bsr-candidate FastEthernet0/0 0
ip pim rp-candidate FastEthernet0/0
FW2:
# interfaces
set interface ethernet0/0 ip 1.1.1.1/24
set interface bgroup0 ip 172.16.1.1/24
set interface bgroup0 route
set interface tunnel.1 zone trust
set interface tunnel.1 ip unnumbered interface bgroup0
# vpn
set ike gateway "GW" address 1.1.1.2 main outgoing-interface ethernet0/0 preshare password sec-level basic
set vpn "VPN" gateway "GW" sec-level basic
set vpn "VPN" monitor optimized rekey
set vpn "VPN" bind interface tunnel.1
set vpn "VPN" proxy-id local-ip 172.16.1.0/24 remote-ip 172.16.2.0/24 any
# ospf
set vrouter trust-vr protocol ospf
set vrouter trust-vr protocol ospf area 0.0.0.5
set vrouter trust-vr protocol ospf enable
set interface bgroup0 protocol ospf area 0.0.0.5
set interface bgroup0 protocol ospf enable
set interface tunnel.1 protocol ospf area 0.0.0.5
set interface tunnel.1 protocol ospf enable
# pim
set vrouter trust-vr protocol pim
set vrouter trust-vr protocol pim enable
set interface bgroup0 protocol pim
set interface bgroup0 protocol pim enable
set interface tunnel.1 protocol pim
set interface tunnel.1 protocol pim enable
编辑
将隧道绑定到“不信任”区域并添加多播策略也允许多播流量流过,但是我仍然希望将隧道保留在“信任”区域中。
FW1和FW2: br />
我也已经确认在“信任”区域上禁用了区域内阻止,这是默认设置。