Multicast Boot Strap Router (BSR)

Multicast Boot Strap Router (BSR)

737
Created On 08/10/20 20:34 PM - Last Modified 10/31/25 19:18 PM


Symptom


There is no option to configure the Next-Generation Firewall as a multicast Bootstrap Router (BSR.)

Environment


  • NFGW Hardware and VM-Series
  • Multicast environments
  • Multicast routing enabled on the NGFW.
  • PAN-OS

Cause


The firewall can be configured as a candidate Rendezvous Point (RP) in an a multicast domain that has one or more BSRs. However configuring the firewall as a BSR is not supported.

Resolution


Candidate RP can be configured on PAN-OS:

Network --> Virtual Routers --> Name --> Multicast --> Rendezvous Point


RP candidate config

Additional Information


In the screenshot depicted above the firewall is advertising itself as a candidate RP for the multicast group 224.0.0.0/5. The BSR then broadcasts this RP to other multicast/PIM devices in the network dynamically:
  
Nexus7004# show ip pim rp
PIM RP Status Information for VRF "default"
BSR: 10.20.30.1*, next Bootstrap message in: 00:00:19,
     priority: 64, hash-length: 30
Auto-RP disabled
BSR RP Candidate policy: None
BSR RP policy: None
Auto-RP Announce policy: None
Auto-RP Discovery policy: None

RP: 172.16.16.254, (0), uptime: 23:48:02, expires: 00:01:57,
  priority: 100, RP-source: 172.16.16.254 (B), group ranges:
      224.0.0.0/5

A downstream receiver and an upstream sender to this group are now able to join the shared tree and shortest path tree. In this topology both sender and receiver transit the firewall. Hence the shared tree and source tree can be seen on the firewall (RP for the multicast group)
  
admin@Lab32-52-PA-4050> show routing multicast pim state

VIRTUAL ROUTER:  default

(*, G):

group            RP               up time  upstream join st  upstream join timer  RPF interface    RPF next hop
-----            --               -------  ----------------  -------------------  -------------    ------------
224.0.1.2        172.16.16.254    8026.45  Joined            0.00                 0                0.0.0.0

(*, G, I):

group            interface        local membership join/prune st prune pending timer  join expiry timer    assert st    assert timer    assert winner addr assert winner metric
-----            ---------        ---------------- ------------- -------------------  -----------------    ---------    ------------    ------------------ --------------------
224.0.1.2        ethernet1/1      no               Join          0.00                 166.87               NoInfo       0.00            0.0.0.0            0

(S, G):

group            source           up time  upstream nbr     upstream join st  upstream join timer  RPF next hop     DR reg st         DR reg stop timer      SPT
-----            ------           -------  ------------     ----------------  -------------------  ------------     ---------         -----------------      ---
224.0.1.2        172.17.17.1      67.36    0.0.0.0          Joined            0.00                 172.17.17.1      Join              0.00                   yes

(S, G, rpt):

group            source           up time  upstream prune st upstream override timer
-----            ------           -------  ----------------- -----------------------
224.0.1.2        172.17.17.1      67.39    Pruned            0

(S, G, rpt, I):

group            source           interface        local membership join/prune st prune pending timer  join expiry timer


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V8uCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language