HPE Community
Comware Based
1752830 Members
3696 Online
108789 Solutions
New Discussion юеВ

Re: 5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

 
Manfred M.
Advisor

тАО04-11-2013 06:34 AM

тАО04-11-2013 06:34 AM

5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

We have implemented 2x 5820AF with IRF as a coreswitch with several vlans (among others) using multicast IGMP/PIM Dense Mode as the 'primary' functionality.

 

Now it becomes necessary to restrict unicast traffic to these vlans from all other sources for security purposes. This traffic should be handled by the firewall instead of the coreswitch. There is only a default route to the firewall configured at the coreswitch.

 

Our idea is to use Policy Based Routing in every vlan to send traffic for these specific vlans to the firewall.

 

The Layer 3 - IP Routing Configuration Guide says:

The PBR policy allows you to specify the next hop, priority, and default next hop to guide the forwarding

of packets that match specific ACLs. Only IPv4 unicast PBR is supported.

 

Questions:

- What does this mean:

  Will multicast traffic ignored by PBR completely?

  PBR handles only the unicast traffic?

- How could this be implemented?

- Is there a traffic impact on the other vlans with PBR in the interface?

 

Any advice would be very helpful!

Many thanks in advance for your ideas and help!

 

Best regards

Manfred M.

0 Kudos
2 REPLIES 2
Peter_Debruyne
Honored Contributor

тАО04-11-2013 06:53 AM

тАО04-11-2013 06:53 AM

Re: 5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

Maybe stupid suggestion, but if you are reducing the role of the core switch to a L2 device (since L3 is done by the firewall), why not let the firewall handle the multicast routing as well ?

It would save you all the trouble of the PBR ...

Manfred M.
Advisor

тАО04-16-2013 04:43 AM - edited тАО04-16-2013 04:43 AM

тАО04-16-2013 04:43 AM - edited тАО04-16-2013 04:43 AM

Re: 5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

This was one of my first ideas - but: the firewall does not support PIM/DM...

The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.