HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

 
Manfred M.
Advisor

5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

We have implemented 2x 5820AF with IRF as a coreswitch with several vlans (among others) using multicast IGMP/PIM Dense Mode as the 'primary' functionality.

 

Now it becomes necessary to restrict unicast traffic to these vlans from all other sources for security purposes. This traffic should be handled by the firewall instead of the coreswitch. There is only a default route to the firewall configured at the coreswitch.

 

Our idea is to use Policy Based Routing in every vlan to send traffic for these specific vlans to the firewall.

 

The Layer 3 - IP Routing Configuration Guide says:

The PBR policy allows you to specify the next hop, priority, and default next hop to guide the forwarding

of packets that match specific ACLs. Only IPv4 unicast PBR is supported.

 

Questions:

- What does this mean:

  Will multicast traffic ignored by PBR completely?

  PBR handles only the unicast traffic?

- How could this be implemented?

- Is there a traffic impact on the other vlans with PBR in the interface?

 

Any advice would be very helpful!

Many thanks in advance for your ideas and help!

 

Best regards

Manfred M.

2 REPLIES
Peter_Debruyne
Honored Contributor

Re: 5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

Maybe stupid suggestion, but if you are reducing the role of the core switch to a L2 device (since L3 is done by the firewall), why not let the firewall handle the multicast routing as well ?

It would save you all the trouble of the PBR ...

Manfred M.
Advisor

Re: 5820AF: Policy Based Routing ignores multicast traffic with IGMP/PIM DM?

This was one of my first ideas - but: the firewall does not support PIM/DM...