Configuring Multicast NAT

As shown in Figure 1, the FW divides the network into two multicast domains. Receivers are on the intranet, and the multicast source is on the extranet. Configuring multicast NAT on the FW enables intranet receivers to demand extranet resources and protects the multicast source against exposure to risks.

Figure 1 Networking diagram of multicast NAT

The limitations of multicast NAT are as follows:

• Both the intranet and the extranet must run the PIM-SM protocol. Other multicast routing protocols are not supported.
• The routes to the multicast source and MSDP peer must exist on the FW.
• You are advised to disable the switchover from the RPT to the SPT on the Designated Router (DR) on the intranet receiver side.

The requirements are as follows:

• The extranet interface (GE interface on the figure) of the FW is configured as the BSR boundary, ensuring that the intranet and extranet are two independent multicast domains and can elect RPs independently.
• The extranet interface of the FW serves as the logical RP of the intranet and establishes an MSDP peer with the extranet RP. In this way, the intranet RP can obtain the information about the multicast source.
• Configure multicast NAT on the FW. Upon receiving a multicast packet (S, G), the device translates the packet into (S', G) through NAT, and then forwards it. Ensure that routes to the address exist on other intranet devices. In this way, the data packets received by downstream devices can pass the RPF check and be forwarded normally.