Configuring PIM in Gaia Portal

Important - In a ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.

Configuring PIM Modes

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the PIM Global Settings section:

    1. Select Sparse Mode (SM).

    2. Click Apply.

  3. In the PIM Interfaces section, add the applicable interfaces.

    See the Configuring PIM on Interfaces section below.

  4. Optional: In the Advanced Options section, configure the applicable settings.

    See the Configuring PIM Advanced Options section below.

  5. Optional: In the Bootstrap and Rendezvous Point Settings section, configure the applicable settings.

    See the Configuring PIM Bootstrap and Rendezvous Point Settings section below.

  6. Configure the Static Multicast Routes.

    See Static Multicast Routes.

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the PIM Global Settings section:

    1. Select Dense Mode (DM).

    2. Select the State Refresh to use state refresh messages to delay timing out prune state of multicast traffic that has no active receivers. This helps suppress the flood-and-prune cycle inherent to Dense Mode.

    3. Click Apply.

  3. In the PIM Interfaces section, add the applicable interfaces.

    1. Click Add.

    2. In the Interface field, select the interface, on which you want to run PIM.

    3. Optional: To configure this interface to use the VRRP Virtual IP address, select Use Virtual address.

    4. Optional: in the DR Priority (Designated Router priority) field, enter a new priority between 0 and 4294967295.

    5. Click Save.

  4. Optional: In the Advanced Options section, configure the applicable settings.

    See the Configuring PIM Advanced Options section below.

  5. Configure the Static Multicast Routes.

    See Static Multicast Routes.

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the PIM Global Settings section:

    1. Select Source-Specific Multicast (SSM).

    2. Click Apply.

  3. In the PIM Interfaces section, add the applicable interfaces.

    See the Configuring PIM on Interfaces section below.

  4. Optional: In the Advanced Options section, configure the applicable settings.

    See the Configuring PIM Advanced Options section below.

  5. Optional: In the Bootstrap and Rendezvous Point Settings section, configure the applicable settings.

    See the Configuring PIM Bootstrap and Rendezvous Point Settings section below.

  6. Configure the Static Multicast Routes.

    See Static Multicast Routes.

Configuring PIM on Interfaces

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. Select the PIM Mode.

    See Configuring PIM Modes.

  3. In the PIM Interfaces section, click Add.

    Alternatively, select the configure interface and click Edit.

  4. Configure the applicable settings.

    Parameter

    Description

    Interface

    Specifies the interface, on which to enable PIM.

    Use Virtual Address

    Select this option to use the VRRP Virtual IP address on this interface:

    • PIM runs on this interface only after the router becomes a VRRP Master after a failover.

    • Creates the neighbor relationship with the Virtual IP, if the router is a VRRP Master. The VRRP Master in the VRRP pair sends Hello messages that include the Virtual IP as the source address and processes PIM control messages from routers that neighbor the VRRP pair.

    Note - You cannot configure this option when ClusterXL is enabled.

    Range: Enabled, or Cleared

    Default: Cleared

    DR Priority

    The Designated Router priority advertised in the PIM Hello messages that are sent on the interface.

    This is used for DR selection on a LAN.

    The router with the highest priority is selected as the designated router.

    To break a tie, the DR is selected on the basis of the highest IP address.

    If even one router does not advertise a DR priority configured, the DR election is based on the IP address.

    Note - To make sure that a PIM neighbor supports DR Priority:

    1. Run this command in Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.:

      show pim neighbor <IP Address of Neighbor>

    2. For neighbors that advertise a DR selection priority value, this message shows in the summary:

      DRPriorityCapable Yes

    Range: 0-4294967295

    Default: 1

  5. Click Save.

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the PIM Interfaces section, select the interface.

  3. Click Delete.

    There is no prompt to confirm.

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the PIM Interfaces section, click Delete All.

  3. Click OK to confirm.

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the PIM Interfaces section, click Restart All.

  3. Click OK to confirm.

Configuring PIM Advanced Options

These settings are optional.

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the Advanced Options section, click Edit Settings.

  3. Configure the applicable settings.

    Parameter

    Description

    Hello Interval

    Interval between PIM Hello messages that are sent on a multicast-capable interface.

    Hello messages are addressed to the All-PIM-Routers multicast group (224.0.0.13), so that PIM routers may discover neighbors on a multi-access network.

    Range: 1-21845 seconds

    Default: 30 seconds

    Data Interval

    The life-time of a new PIM forwarding entry.

    Subsequently, the life of the entry is extended in different ways based on the location of this router in the network.

    For example, in some cases the receipt of PIM control messages (periodic join/prune messages) extends the life of the entry and in others the presence of local senders of multicast traffic prevents the deletion of the entry.

    Range: 11-3600 seconds

    Default: 210 seconds

    Assert Interval

    If an assert battle on an upstream interface results in the selection of a PIM neighbor other than the unicast reverse-path-forwarding (RPF) neighbor towards the source of the data traffic (for which the assert battle was generated) as the designated forwarder on that interface, then the winner is used as the upstream neighbor for all subsequent join/prune messages.

    This change is timed-out after expiry of the assert interval.

    Range: 1-3600 seconds

    Default: 180 seconds

    Join Prune Interval

    Interval between sending Join/Prune messages.

    Range: 1-3600 seconds

    Default: 60 seconds

    Join Prune Delay Interval

    The maximal interval from the time when the unicast Reverse Path Forwarding (RPF) neighbor (towards a source or the RP) changes, and a triggered Join/Prune message is sent.

    Range: 1-3600 seconds

    Default: 5 seconds

    Parameter

    Description

    Direct

    OSPF

    Kernel

    Static

    RIP

    BGP

    Compares the cost of protocols to find which router will forward multicast data packets on a multi-access LAN.

    These values are used in assert messages sent out on a LAN when a router detects data packets on an interface other than the incoming interface towards the source of the data.

    These values must be the same for all routers on a multi-access LAN that run the same protocol.

    Therefore, the default values were specially configured to match those of other implementations.

    • Range: 0-255

    • Defaults:

      • BGP: 170

      • Direct: 0

      • Kernel: 40

      • OSPF: 10

      • RIP: 100

      • Static: 60

    Parameter

    Description

    State Refresh Interval

    For Dense Mode, the interval at which state refresh messages are sent for multicast traffic originated by directly-connected sources.

    Range: 1-255 seconds

    Default: 60 seconds

    State Refresh TTL

    For Dense Mode, the time-to-live (TTL) placed in the state refresh messages originated for multicast traffic from directly-connected sources.

    You can use this value to limit the forwarding of state refresh messages in the network.

    In the absence of user configuration, it is derived from the multicast data.

    Range: 1-255

    Default: None

    Parameter

    Description

    Register Suppression Interval

    The mean interval between receipt of a register-stop and the time when registers can be sent again.

    A lower value means more frequent register bursts at the rendezvous point.

    A higher value means a longer join latency for new receivers.

    Range: 60-3600 seconds

    Default: 60

    CRP Advertise Interval

    The interval between which candidate-rendezvous point routers send candidate-rendezvous point advertisements to the elected bootstrap router.

    Range: 1-3600 seconds

    Default: 60 seconds

  4. Click Save.

Configuring PIM Bootstrap and Rendezvous Point Settings

These settings are optional.

  1. From the left navigation tree, click Advanced Routing > PIM.

  2. In the PIM Global Settings section, in the PIM Protocol field, select one these:

    • Sparse Mode (SM)

    • Source Specific Multicast (SSM)

  3. In the Bootstrap and Rendezvous Point Settings section, click Edit Settings.

  4. To enable the router as a Bootstrap Router:

    1. Select Enable Bootstrap Router.

      If enabled, this router is a candidate bootstrap router (C-BSR). All candidate Rendezvous Points (C-RPs) send C-RP-Advertisements to the selected bootstrap router (BSR).

      The BSR then disseminates this information in bootstrap messages across the PIM domain.

      To prevent a single point of failure, configure more than one router in a domain as a candidate BSR.

      Default: Cleared

    2. Optional: Enter the Local Address of the bootstrap router.

      Address used for the C-BSR state machine and the bootstrap messages.

      Important:

      • On a single Security Gateway, this address can be that of the PIM interfaces or an address configured on the loopback interface. If an address from the loopback interface is used, do not select an address in the 127/8 address range.

      • In ClusterXL Cluster MemberClosed Security Gateway that is part of a cluster. or VRRP Cluster Member, you must configure the Cluster Virtual IP address configured on this PIM interface.

      Range: Address of PIM interface, or a non 127.0.0.0/8 loopback address.

      Default: The IP address of one of the interfaces on which PIM is enabled. The default does not apply on Cluster Members.

    3. Optional: Enter the Local Preference.

      The priority advertised in C-BSR messages.

      The candidate bootstrap router with the highest priority value is selected as the bootstrap router for the domain.

      The C-RP with the lowest priority has the highest preference.

      The highest priority value is 0.

      Range: 0-255

      Default: 0

  5. To enable the router as a Candidate Rendezvous Point:

    1. Select Enable Candidate RP to configure GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. as a candidate rendezvous point router.

    2. Optional: Enter the Local Address of the Candidate Rendezvous Point router.

      Address used for the C-RP state machine and in the C-RP-Advertisements sent to the elected bootstrap router.

      Important:

      • On a single Security Gateway, this address can be that of the PIM interfaces or an address configured on the loopback interface. If an address from the loopback interface is used, do not select an address in the 127/8 address range.

      • In ClusterXL Cluster Member or VRRP Cluster Member, you must configure the Cluster Virtual IP address configured on this PIM interface.

      Range: Address of PIM interface or a non 127.0.0.0/8 loopback address.

      Default: Selects the IP address of one of the interfaces on which PIM is enabled. The default does not apply on Cluster Members.

    3. Optional: Enter the Local Preference.

      The priority of this C-RP.

      All PIM routers select the same RP for a multicast group address from the list of C-RPs received in the bootstrap messages from the elected BSR.

      The lower the Local Preference of the C-RP, the higher the priority.

      Range: 0-255

      Default: 0

    4. Optional: Click Add to configure a Multicast Group and Subnet mask for which this router is designated as the candidate rendezvous point.

      • Multicast Group

        The multicast IP address of the group(s), for which this rendezvous point is responsible.

        Range: Dotted-quad ([224-239].[0-255].[0-255].[0-255])

        Default: 224.0.0.0/4

      • Subnet mask

        Mask length.

        Range: 1-32

        Default: None

  6. To enable the router as a Static Rendezvous Point:

    1. Select Enable Static RP.

    2. Optional: Click Add to enter the Static Rendezvous Point IP address.

      If an associated multicast group and prefix is not configured, the Static Rendezvous Point (RP) is considered to be responsible for all multicast groups (224.0.0.0/4).

      This needs to be consistent with the RP information at other routers in a multicast domain irrespective of the RP-dissemination mechanism (bootstrap or autoRP) used.

      Note - The static RP overrides the RP information received from other RP-dissemination mechanisms, such as bootstrap routers.

      Range: Any IP address

      Default: None

    3. Optional: Click Add to configure a Multicast Group and Subnet mask for which this router is designated as the static rendezvous point.

      • Multicast Group

        The multicast IP address of the group(s), for which this rendezvous point is responsible.

        Range: Dotted-quad ([224-239].[0-255].[0-255].[0-255])

        Default: 224.0.0.0/4

      • Subnet mask

        Mask length.

        Range: 1-32

        Default: None

  7. Click Save.