我创建了一个实验室来对PIM-SM和BSR遇到的问题进行故障排除。通过两个瞻博网络SSG5(6.3.0r17)连接了两个站点,这些站点的配置足以解决当前的问题(以下配置)。发送站点具有充当RP和BSR(在下面的配置)的模拟Cisco 3600,另一个站点具有接收器。

source --- (fa0/0)R1(fa1/0) --- (bg0)FW1(e0/0) === (e0/0)FW2(bg0) --- receiver


我的问题如下:FW2没有了解BSR,因此也没有学习RP信息。

FW1可以很好地了解BSR: br />
FW1-> get vrouter trust-vr protocol pim bsr
 Zone : Trust
-----------------
 Bootstrap Router address : 10.1.1.1
  BSR hash mask length    : 0
  BSR priority            : 0
  BSR timer expires in    : 00:01:31
  BSR up time             : 00:01:37


通过以下两行在FW2上指定静态RP可以解决问题,只是为了表明PIM可以正常工作:

FW2-> get vrouter trust-vr protocol pim bsr
 Zone : Trust
-----------------
 Bootstrap Router address : 0.0.0.0
  BSR hash mask length    : 0
  BSR priority            : 0
  BSR timer expires in    : -


我误解了一些基本知识吗? FW2上的debug pim all正在记录“找不到针对组的RP”类型的消息和两个防火墙之间的问候,但没有任何异常。一种创建可折叠部分的方法,对于文本墙很抱歉!):

R1:

set vrouter trust-vr access-list 1 permit ip 224.0.0.0/4 1
set vrouter trust-vr protocol pim zone trust rp address 10.1.1.1 mgroup-list 1



ip multicast-routing
interface FastEthernet0/0
    ip address 10.1.1.1 255.255.255.0
    ip pim sparse-mode
    no shutdown
interface FastEthernet1/0
    ip address 172.16.1.2 255.255.255.0
    ip pim sparse-mode
    no shutdown
router ospf 1
    network 0.0.0.0 255.255.255.255 area 0.0.0.5
    exit
ip pim bsr-candidate FastEthernet0/0 0
ip pim rp-candidate FastEthernet0/0


FW2:

# interfaces
set interface ethernet0/0 ip 1.1.1.1/24
set interface bgroup0 ip 172.16.1.1/24
set interface bgroup0 route
set interface tunnel.1 zone trust
set interface tunnel.1 ip unnumbered interface bgroup0
# vpn
set ike gateway "GW" address 1.1.1.2 main outgoing-interface ethernet0/0 preshare password sec-level basic
set vpn "VPN" gateway "GW" sec-level basic
set vpn "VPN" monitor optimized rekey
set vpn "VPN" bind interface tunnel.1
set vpn "VPN" proxy-id local-ip 172.16.1.0/24 remote-ip 172.16.2.0/24 any
# ospf
set vrouter trust-vr protocol ospf
set vrouter trust-vr protocol ospf area 0.0.0.5
set vrouter trust-vr protocol ospf enable
set interface bgroup0 protocol ospf area 0.0.0.5
set interface bgroup0 protocol ospf enable
set interface tunnel.1 protocol ospf area 0.0.0.5
set interface tunnel.1 protocol ospf enable
# pim
set vrouter trust-vr protocol pim
set vrouter trust-vr protocol pim enable
set interface bgroup0 protocol pim
set interface bgroup0 protocol pim enable
set interface tunnel.1 protocol pim
set interface tunnel.1 protocol pim enable


编辑

将隧道绑定到“不信任”区域并添加多播策略也允许多播流量流过,但是我仍然希望将隧道保留在“信任”区域中。

FW1和FW2: br />
我也已经确认在“信任”区域上禁用了区域内阻止,这是默认设置。