SRX Services Gateway
SRX Services Gateway

Static IGMP group and IGMP REPORT issue on SRX

‎11-19-2017 01:28 PM

Hi everyone,

 

Pleas consider following example:

 

SRX f0/5 200.200.200.20----200.200.200.2 f0/0 R2

Above we have confgured IGMP Static group 237.1.1.1  under f0/5 on SRX,  R2 sends IGMP general  Query but SRX will not send IGMP report about 237.1.1.1

 

root> monitor traffic interface fe-0/0/5 no-resolve no-timestamp matching igmp

Listening on fe-0/0/5, capture size 96 bytes

In IP 200.200.200.2 > 224.0.0.1: igmp query v2
Out IP 200.200.200.20 > 224.0.0.13: igmp v2 report 224.0.0.13
Out IP 200.200.200.20 > 224.0.0.22: igmp v2 report 224.0.0.22
Out IP 200.200.200.20 > 224.0.0.2: igmp v2 report 224.0.0.2

Out IP 200.200.200.20 > 224.0.0.1: igmp query v2
Out IP 200.200.200.20 > 224.0.0.1: igmp query v2

 

Additional info:

 

SRX Config:

root> show configuration | display set
set version 11.4R7.5
set system root-authentication encrypted-password "$1$FNZOHrui$SIlLbizu6WwnQTkFcjVV9."
set system name-server 208.67.222.222
set system name-server 208.67.220.220
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http interface vlan.0
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.0
set system services dhcp router 192.168.1.1
set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
set system services dhcp propagate-settings fe-0/0/0.0
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fe-0/0/0 unit 0
set interfaces fe-0/0/2 unit 0
set interfaces fe-0/0/3 unit 0 family inet
set interfaces fe-0/0/4 unit 0 family inet
set interfaces fe-0/0/5 unit 0 family inet address 200.200.200.20/24
set interfaces fe-0/0/6 unit 0
set interfaces fe-0/0/7 unit 0 family inet address 199.199.199.1/24
set interfaces lo0 unit 0 family inet
set interfaces vlan unit 0
set protocols igmp interface fe-0/0/5.0 static group 237.1.1.1
set protocols pim interface fe-0/0/5.0 mode dense
set security screen ids-option untrust-screen tcp syn-flood
set security policies from-zone ZOP to-zone ZOP policy T1 match source-address any
set security policies from-zone ZOP to-zone ZOP policy T1 match destination-address any
set security policies from-zone ZOP to-zone ZOP policy T1 match application any
set security policies from-zone ZOP to-zone ZOOPpolicy T1 then permit
set security policies from-zone ZOP to-zone ZOPpolicy T1 then log session-init
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone ZOP interfaces fe-0/0/5.0 host-inbound-traffic system-services all
set security zones security-zone ZOP interfaces fe-0/0/5.0 host-inbound-traffic protocols all

 

Am I missing something?

Thanks and have a nice day!!

 

1 REPLY 1
SRX Services Gateway

Re: Static IGMP group and IGMP REPORT issue on SRX

‎11-19-2017 02:54 PM

Hello,

AFAIK, there are 2 ways to force SRX in L3 mode to send IGMP group membership report for arbitrary group.

None of them require static IGMP group on upsgream-facing interface f0/5.

1/ Add "set protocols sap listen 237.1.1.1" line to SRX config.

1a/ it may not work in JUNOS 15.1+ releases, I found it is broken on MX in JUNOS 15.1+ for master logical system/LS but works in custom LS.

2/ Use "PIM-to-IGMP proxy" feature 

2a/ https://kb.juniper.net/InfoCenter/index?page=content&id=KB26801

Your SRX corresponds to SRX240b in the above example.

2b/ Also see https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/multicast-pim-to-igmp-tr...

HTH

Thx
Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !