Dynamic routing tab

Definitions

  • Multicast source: source sender (e.g., video camera).
  • Multicast receiver: receiver of multicast traffic (subscribed to the multicast group).
  • Multicast group: multicast address (private, public, SSM).
  • (S,G) - multicast (Source, Group): source IP address and multicast group address pair.
  • IGMP (Internet Group Management Protocol): protocol used by a multicast receiver to subscribe to or unsubscribe from a multicast group.
  • PIM (Protocol Independent Multicast): family of multicast IP routing protocols.
  • PIM-SM (PIM Sparse Mode): version of PIM that builds a distribution tree. This is a scalable version of the protocol, making it possible to manage multiple sources. The distribution tree can be:
    • In shared mode, by going through a Rendez-vous Point (Shared Tree or RPT),
    • Set up by recalculating the shortest path tree (SPT), through unicast routing.
  • PIM-SSM (PIM Source-Specific Multicast): version of PIM in which receivers know the source. When the receiver subscribes, the source IP address and multicast group address pair will be formed directly. This protocol is easier to set up than PIM-SM (no RP involved), but requires IGMPv3 and is meant for a more restricted application type.
  • RP (Rendez-vous Point): role held by a PIM-SM router. The RP is contacted to discover and indicate the multicast source.
    The SNS firewall can play this role.
  • BSR (BootStrap Router): role held by a PIM router. The BSR is elected from a list of candidates. Once it is elected, it will gather candidacies for the role of RP, then shares the table of multicast group/RP associations with other routers.
    The SNS firewall can play this role.

Interfaces & candidate rendez-vous points (dynamic RPs)

This section defines all the interfaces involved in dynamic multicast routing:

  • Source and/or destination interfaces using the IGMP protocol,
  • IGMP protocol versions that these interfaces can accept for source advertisements or receiver subscriptions and unsubscriptions,
  • Interfaces used by a firewall acting as a candidate dynamic rendez-vous point (RP) and associated multicast groups,
  • Interfaces used by a firewall acting as a candidate bootstrap router (BSR).

To allow packets originating from these protocols going to the firewall’s interfaces, the Allow IGMP and PIM packets to be received for dynamic multicast routing to function implicit filter rule must be enabled. It is enabled by default.

Possible operations

Select all Selects all the lines shown in the grid to delete them in a single action.
Add Inserts a line after a selected line to add an interface.
Delete Deletes the selected line.
Edit selection This button makes it possible to edit the selected line.

Rule grid

Interface

Interface involved in multicast routing:

  • Interface used for IGMP announcements (subscription or unsubscription requests from multicast receivers).
    Example: in and out interface on the firewall.
  • Interfaces used for RP candidacies (C-RP).
    You are advised to use local loopback interfaces that have been defined for this purpose.
    These interfaces must have routable IP addresses.
IGMP version

Versions of the IGMP protocol that this interface can accept for subscription or unsubscription requests from multicast receivers.

Possible choices are:

  • IGMP v2 only,
  • IGMP v2 and IGMP v3.
DR priority

The Designated Router (DR) is the border router (last router encountered before a multicast source or multicast receiver) that forwards subscription requests to the RP. DRs are elected.

Indicate the priority assigned to the firewall in its candidacy to act as the DR for a given multicast group.

IMPORTANT
The interface with the lowest priority number will have the highest priority among all candidates.
If both interfaces have the same priority, the interface with the highest IP address will have priority.
C-RP (Candidate Rendez-vous Point) Select this checkbox to enable the firewall's candidacy to the role of RP for the associated multicast group.
Priority C-RP (Candidate Rendez-vous Point)

IMPORTANT
The interface with the lowest priority number will have the highest priority among all candidates.
If both interfaces have the same priority, the interface with the highest IP address will have priority.
Multicast groups Specify the multicast group associated with the C-RP.

Adding an interface

NOTE
Bridges and bridged interfaces cannot be selected as multicast interfaces.

To add an interface to the list of interfaces participating in dynamic multicast routing:

  1. Select the line in the grid under which you want to create a new entry.
  2. Click on Add.
  3. Select the interface.
  4. Select the IGMP protocol version allowed for this interface: IGMP v2 only or IGMP v2 and IGMP v3.

    5. NOTE
    If you wish to use the PIM-SSM protocol, you must choose IGMP v2 and IGMP v3 because only IGMP v3 is compatible with this protocol.

  5. Specify the priority assigned to this interface.
    This concept of priority is important in an architecture with multiple access, in which several SNS firewalls or routers manage dynamic multicast routing over the same local network. In fact, priority makes it possible to elect the Designated Router (DR), which will then send requests to the RP via the interface with the highest priority.

    NOTE
    The interface with the lowest priority number will have the highest priority in routing multicast traffic.
    If both interfaces have the same priority, the interface with the highest IP address will have priority.

  6. If you want the firewall to participate in RP elections with this interface, select Be a candidate for the Rendez-vous Point (RP). In this case, complete the configuration by selecting:
    • A C-RP (Candidate Rendez-vous Point) priority,
    • One or several multicast groups for which the firewall will act as the RP, if it is elected.

Possible interactions

Some operations listed in the taskbar can be performed by right-clicking on the grid of interfaces:

  • Add,
  • Delete,
  • Edit selection

PIM-SM settings

Be a candidate for the Bootstrap Router (BSR) role

The presence of a Bootstrap Router (BSR) is essential in a configuration that uses dynamic Rendez-vous Points (RPs), as it manages the RP election process:

  • Collects candidacies from C-RPs,
  • Elects RPs for each multicast group,
  • Announces the RPs in charge of the various multicast groups.

When a a BSR is already configured on the network, the SNS firewall cannot be a candidate to this role.

If you want the SNS firewall to be eligible for election as a BSR, use this grid:

Address Select the network interface on the firewall that will be used as the firewall’s identifier in the election mechanism.

It may be an interface on the firewall (example: Firewall_out), but you are advised to use local loopback IP addresses that have been specifically defined for such a purpose, as they do not depend on physical interfaces that may have varying statuses.

This interface must have been declared in the interfaces involved in multicast routing.

Loopback interfaces can be defined in Network > Virtual interfaces > Loopback tab.
More information on creating loopback interfaces.
Priority

This concept of priority is important in an architecture for which several devices are BSR candidates - the device that has the interface with the highest priority will be elected.

IMPORTANT
The interface with the highest number will have the highest priority.
If both interfaces have the same priority, the interface with the highest IP address will have priority.

Static Rendez-vous Points (RP)

NOTE
Multicast groups must be very thoroughly managed (no address overlaps tolerated) so that the RP election mechanism can be used while static RPs are being defined.

If you wish to define static Rendez-vous Points (without going through an election mechanism), use this grid.

Possible operations:

  • To add a static RP definition, click on Add, then fill in the two fields below:
Range

Multicast address range (multicast group) that the static RP will manage.

This may be a group of addresses or a range that includes the multicast IP addresses of videosurveillance cameras, for example.
This range may either be an existing custom range defined in the firewall’s network objects, or can be created directly from this grid.
Address

IP address of the RP in charge of the specified multicast group.

It may be an interface on the firewall (example: Firewall_out), but you are advised to use local loopback IP addresses that have been specifically defined for such a purpose, as they do not depend on physical interfaces that may have varying statuses.

This interface must have been declared in the interfaces involved in multicast routing.

Loopback interfaces can be defined in Network > Virtual interfaces > Loopback tab.
More information on creating loopback interfaces.

IMPORTANT
Every static RP entry (IP address) has to be identical on all devices involved in the multicast routing of the range in question.

  • To delete a static RP definition, select the corresponding line and click on Delete.
  • To delete all static RP definitions, click on Select all, then on Delete.

NOTE
There is a disadvantage to using static RPs: there is no redundancy if the RP in charge of the specified multicast group is down.

Advanced configuration

Interval between two Hello messages Interval (in seconds) between two Hello packets sent to other devices that manage the PIM protocol.
The default value is 30 seconds.
Interval between two IGMP requests Interval (in seconds) between two requests for the purpose of gathering subscription requests from multicast receivers or detecting ended subscriptions.
The default value is 5 seconds.