Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kaurg_FTNT
Staff
Staff

Created on ‎09-05-2023 09:22 PM Edited on ‎02-09-2024 05:26 AM By Community Manager

Article Id 272244

Troubleshooting Tip: IGMP and PIM commands and debug in Sparse-Mode

Description The article discusses IGMP and PIM commands and debug in PIM Sparse-Mode.
Scope Logs and command outputs run on FortiGate v7.0.12.
 

Diagram:

 

kaurg_FTNT_0-1693949172335.png

 

Rendezvous Point :10.104.0.140

FortiGate configuration should enable the multicast routing and have the required multicast policy to allow multicast traffic.

 

  • Once routers are configured with Sparse-Mode multicast PIM Hellos are sent by the multicast routers to address 224.0.0.13 to establish neighborship, the default interval is 30 sec which helps maintain the neighborship.
  • If no PIM Hello is received before Hold time (default value is 105 sec) expires the neighborship is lost.

 

kaurg_FTNT_1-1693949172335.png

 

kaurg_FTNT_2-1693949172336.png

 

  • Command to quickly check Rendezvous Point mapping. Confirm output with configuration under 'show router multicast'.

 

kaurg_FTNT_3-1693949172338.png

 

kaurg_FTNT_4-1693949172339.png

 

  • Check the IGMP Connected Group Membership. Once multicast receivers start sending the IGMPv2 JOIN or IGMPv2. Membership Report group the respective multicast address shows up in IGMP groups.
  • The 'Last Reporter' is the IP of the last receiver which sent the IGMPv2 packet for the respective multicast group (234.5.6.8) via interface 'mgmt'.

 

kaurg_FTNT_5-1693949172340.png

 

  • The multicast receivers will send the IGMPv2 Membership Report when they first join the multicast group and in response to multicast queries.

 

kaurg_FTNT_6-1693949172340.png

 

kaurg_FTNT_7-1693949172341.png

 

  • FortiGate will use the route for RP in the unicast routing-table to form IGMP neighborship.
  • The DR (Designated Router) is the router that will forward the PIM join message from the receiver to the RP (rendezvous point).

 

kaurg_FTNT_8-1693949172343.png

 

kaurg_FTNT_9-1693949172344.png

 

  • If there is no route in the unicast, routing-table for the RP, then the multicast debug will show that it has failed to get the neighbor for the multicast group.

 

kaurg_FTNT_10-1693949172346.png

 

  • Below is the expected debug when configuration is in place and multicast works. The debug shows IGMP is received followed by PIM-JOIN being sent to RP.

 

kaurg_FTNT_11-1693949172349.png

 

  • Use the below debugs for spare-mode multicast;

 

diagnose ip router pim-sm all enable

diagnose ip router pim-sm level info

diagnose debug enable en

 

  • PIM JOIN packet sent by FortiGate-1101E to multicast address 224.0.0.13 as seen in Wireshark capture:
kaurg_FTNT_12-1693949172350.png

 

kaurg_FTNT_13-1693949172351.png

 

  • PIM-SM debugs from FGT-B which is the source/server-side Designated Router (DR) shows that PIM JOIN/PRUNE has been received.

 

kaurg_FTNT_14-1693949172355.png

 

  • In the output of the command 'get router info multicast pim sparse-mode next-hopthe next-hops for all the multicast receivers and source and RP.

 

kaurg_FTNT_15-1693949172358.png

 

kaurg_FTNT_16-1693949172360.png

 

  • In the output of the command 'diag ip multicast mroute' the source for the respective multicast group.

 

kaurg_FTNT_17-1693949172362.png

 

kaurg_FTNT_18-1693949172363.png
2601
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.