Fortinet Community

topcu · ‎01-24-2019

Hi,

does someone know a solution, how to handle the problem, when the routing table next hop via an PIM upstream Router is different from the PIM neighbor IP adressess?

This problem occurs, when the routing table next hop on the FortiGate is a virtual HSRP address, but the PIM neighbor adresses are the real IP adresses. The Reverse Path Forwarding Check will fail in this case and no multicast path will be built up.

Cisco "HSRP aware PIM" is not an option, because it is not available on our Nexus Routers. Another options would be dynamic routing between FG and Routers or clustering the routers via vPC. But I am looking for other solutions on the FG.

Is it possible, to disable the RPF for multicast on the FG?

Many thanks in advance!

Hakan

Benoit_Rech_FTNT · ‎01-24-2019

Hi Hakan,

you can check this KB article: https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34555&sliceId=...

Benoit

topcu · ‎01-27-2019

Hi Benoit,

Benoit_Rech_FTNT wrote:
you can check this KB article: ...

Many thanks, but this does not match our scenario. Our FG is not a First- or Last-Hop Router, it does not process IGMP or PIM Registering. It has no idea about the RP, works only intermediate with PIM Join and Prune Messages. We already tested the scenario with a static default route to the real Router IP addresses. Yes, this works, but this overrides the HSRP redundancy. If it would be possible, to disable the RPF check for PIM, this would be an idea. But I have no idea, if this is possible.

Best regards. Hakan

Benoit_Rech_FTNT · ‎01-29-2019

Hi Hakan,

unfortunately, there is no way to disable RPF check for multicast on the FortiGate, and you don't have the notion of mroute (multicast routes).

Best regards, Benoit

Fortinet Community

Multicast PIM Neigborship to HRSP Routers - RPF failure