Week 07

Our solution is to design secure multicast app tire traffic using Fortinet firewall. this week i am going to looking at design consideration about this firewall set up at production.

Main points of Multicast Network Design has mentioned in below,

• Two Application servers (Multicast sources) are resided at Application tire and they are constantly sending application data encapsulated in a UDP multicast packet.

•Each server’s multicast stream carried out via separate Vlan into the App tire switch which is also called Trust Switch and the vlans are extended to the Firewall as firewall would be next hop address for these multicast streams.

•Two physical firewalls to be worked as a cluster in active-standby mode.

•Protocol independent PM-SM (source specific multicast) to be used in this design and RP (Rendezvous Point)are set in three layers in the design. In that way, multicast domains are segmented. RP for App tire resides inFirewall.

•RP redundancy to be performed with anycast RP.

•Untrust switches layer included in this design for stack scalability. More App tires can be connected to Untrust switch segment and this will be single point of layer for receivers at southbound

•Untrust switch tire has its own multicast domain.

•Multicast receivers are connected to the southbound distribution switch and Untrust switch tire would be boundary for their multicast.

•All the switches and firewall to be procured from industrial leading vendors with low latency specification

• Packet flow – multicast packet from source reach to first-hop router which is firewall and get registered in RP. Multicast receiver at southbound send IGMP join with requesting multicast source eventually it get registered at RP at distribution switches. Finally, it will reach upstream firewall where the packet to be inspect against multicast policies then flood the stream to the receiver.