Description | This article provides an explanation of the root cause and offers a solution for the 'No RPF neighbor' error that may occur when steering multicast traffic via SD-WAN interface members using the FortiOS v7.4 feature 'pim-use-sdwan'. |
Scope | FortiGate. |
Solution |
With the introduction of the 'pim-use-sdwan' option, FortiGate can leverage SD-WAN for PIM (Protocol Independent Multicast) operations, including the verification of RP (Rendezvous Point) neighbors and the transmission of multicast packets. SD-WAN rules can now steer multicast traffic.
config router multicast
In specific scenarios, particularly when multiple SD-WAN zones exist on the FortiGate with Internet circuits as members of 'Internet SD-WAN Zone' and VPN tunnels as members of 'VPN SD-WAN Zone', there is a possibility that Multicast PIM traffic may be routed incorrectly via the Internet circuits instead of the intended VPN tunnels. As a result, when a Multicast client requests a multicast stream through IGMP JOIN, FortiGate will refrain from transmitting the PIM JOIN as dictated by the SDWAN rule because there is no PIM neighborship established over the interfaces of Internet SD-WAN zone. FGT-BurnabyDot9 (root) # di ip router pim-sm all enable FGT-BurnabyDot9 (root) # diagnose ip router pim-sm level info FGT-BurnabyDot9 (root) # di de enable
config system sdwan |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.