Symptom

The "RPF failed" counter in the output of the "show mfib count" command increases when the outgoing interface list (OIL) of an mroute is Null. In the case when OIL is Null, the expected behavior is that the "Other drops" in the output of the "show mfib count" command increases. The "Other drops" among other drop counters includes OIF-null. Consider this example and its topology of traffic flow: Source-------[inside:ASA/FTD:outside]---------Rendezvous Point (RP)----------Receivers (clients) In this case ASA/FTD is the First Hop Router (FHR). #show mroute Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, L - Local, I - Received Source Specific Host Report, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT Timers: Uptime/Expires Interface state: Interface, State (192.0.2.1, 224.1.2.3), 00:00:13/00:03:16, flags: SPF <========= Mroute has P (pruned) flag Incoming interface: inside RPF nbr: 192.0.2.1 Outgoing interface list: Null <========= OIL is Null ASA(config)# show capture capture capi type raw-data trace interface inside [Capturing - 6370 bytes] match icmp any any 49 packets captured <========== 1: 22:49:01.972804 192.0.2.1 > 224.1.2.3 icmp: echo request <========== Ingress multicast packets 2: 22:49:03.972865 192.0.2.1 > 224.1.2.3 icmp: echo request 3: 22:49:05.971370 192.0.2.1 > 224.1.2.3 icmp: echo request 4: 22:49:07.971629 192.0.2.1 > 224.1.2.3 icmp: echo request 5: 22:49:09.970942 192.0.2.1 > 224.1.2.3 icmp: echo request 6: 22:49:11.970713 192.0.2.1 > 224.1.2.3 icmp: echo request 7: 22:49:13.970332 192.0.2.1 > 224.1.2.3 icmp: echo request 8: 22:49:15.972300 192.0.2.1 > 224.1.2.3 icmp: echo request 9: 22:49:17.971614 192.0.2.1 > 224.1.2.3 icmp: echo request ... ASA(config)# show mfib 224.1.2.3 count IP Multicast Statistics 7 routes, 3 groups, 0.33 average sources per group Forwarding Counts: Pkt Count/Pkts per second/Avg Pkt Size/Kilobits per second Other counts: Total/RPF failed/Other drops(OIF-null, rate-limit etc) Group: 224.1.2.3 Source: 192.0.2.1, Forwarding: 0/0/0/0, Other: 14/13/1 <=========== RPF failed counter increases Tot. shown: Source count: 1, pkt count: 0 ... ASA(config)# show mfib 224.1.2.3 count IP Multicast Statistics 7 routes, 3 groups, 0.33 average sources per group Forwarding Counts: Pkt Count/Pkts per second/Avg Pkt Size/Kilobits per second Other counts: Total/RPF failed/Other drops(OIF-null, rate-limit etc) Group: 224.1.2.3 Source: 192.0.2.1, Forwarding: 0/0/0/0, Other: 17/16/1 <=========== RPF failed counter increases Tot. shown: Source count: 1, pkt count: 0 ASA(config)# In the output of the "debug mfib pak" these logs are shown: May 21 2022 22:47:00: %ASA-7-711001: MFIB: Pkt (192.0.2.1,224.1.2.3) from inside (PS) dropping May 21 2022 22:47:02: %ASA-7-711001: MFIB: Pkt (192.0.2.1,224.1.2.3) from inside (PS) dropping May 21 2022 22:47:04: %ASA-7-711001: MFIB: Pkt (192.0.2.1,224.1.2.3) from inside (PS) dropping May 21 2022 22:47:06: %ASA-7-711001: MFIB: Pkt (192.0.2.1,224.1.2.3) from inside (PS) dropping May 21 2022 22:47:08: %ASA-7-711001: MFIB: Pkt (192.0.2.1,224.1.2.3) from inside (PS) dropping

Conditions

All conditions must match: 1. Multicast routing is enabled on ASA/FTD. 2. In the multicast traffic flow the ASA/FTD is the FHR, or intermediary hop, but not RP. 3. For the multicast group of interest, there are no receivers, i.e. the OIL in the output of the "show mroute" command is Null: #show mroute Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, L - Local, I - Received Source Specific Host Report, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT Timers: Uptime/Expires Interface state: Interface, State (192.0.2.1, 224.1.2.3), 00:00:13/00:03:16, flags: SPF <========= Mroute is pruned Incoming interface: inside RPF nbr: 198.51.100.1 Outgoing interface list: Null <========= OIL is Null

Workaround

None.

Further Problem Description