2. Introduction
IPM is a way to transmit IP datagrams from one source to many
destinations on a local or wide area TCP/IP network
MAC Multicast - is the behavior of multicast transmission in a Layer 2
environment
3. Multicast is…
Multicast - communication between a single
sender and multiple receivers (predefined group)
on a network
5. The IP Multicast Group Address
Class D : 224.0.0.0 – 239.255.255.255
11100000.0.0.0 – 11101111.1111111.1111111.1111111
0 1 2 3 31
1 1 1 0 Multicast Group ID
Reserved Multicast Address Blocks –
224.0.0.xxx – Routing protocols and other low level topology discovery
and maintenance protocols
224.0.1.xxx – Internetwork control block
239.xxx.xxx.xxx - Administratively scoped address block
6. MAC Multicast Addresses
•Multicast Ethernet addresses begin with the sequence of 01-00-5E
(hex).
•Mapping an IP multicast address to an Ethernet address places the
low-order 23 bits of the IP multicast address into the low order 23
bits of the Ethernet address
9 Bits in IP
IEEE Ethernet Address Reserved for Multicast address are not
01-00-5e-00-00-00 through 01-00-5e-7F-FF-FF represented in
MAC address
Always 0
bit 5 of the
unused bits
are group
specific
8. MAC Multicast Forwarding
Like any L2 traffic – we would want MAC Multicast traffic to be
forwarded only on links that either:
» Have stations directly attached which want to receive the specific
multicast transmission
» That eventually lead to one or more such stations
However, unlike classical Unicast switching, the source MAC of the
multicast packet cannot be used to register the MAC to the
appropriate port(s)
Therefore, MAC multicast registration is performed by either:
» Static entries
» GMRP protocol
» IGMP snooping
9. Multicast Management Protocols
Group Membership Protocol – runs between hosts and routers to
update routers about the presence of group members on their
directly attached subnetworks (e.g IGMP)
Multicast Routing Protocol – runs between multicast routers to define
delivery paths that enable the forwarding of multicast datagrams
across an internetwork (e.g DVMPR, MOSPF, PIM-DM, PIM-
SM,CBT)
10. IGMP Snooping
IGMP snooping is (mostly) not an active protocol
A switch does not initiate the process, but rather intercepts and
“reads” IGMP messages
IGMP – Internet Group Management Protocol
IGMP messages are messages transmitted between
workstations and L3 interfaces (routers) requesting and giving
IP multicast registration information
A switch concludes which (Specific) ports should forward
multicast traffic based on the IGMP messages
11. IGMP Operation
Periodic Host Membership queries
Routers periodically (1-2 min.) send out a host membership
query to all hosts on LAN (address 224.0.0.1, TTL = 1, group
address field all 0)
Note: In the pure Layer 2 Switching networks a host membership query must be
sent either by Layer 2 Switching devices or by Servers
Each multicast capable host hears the query and starts a
random delay timer for each group it belongs to
After timer expires host sends Host Membership Report to the
multicast group address (TTL=1)
Host doesn’t send Report message if it already received a
membership report before timer expired
Router receives all reports and registers groups on
subnetwork
12. IGMP Message Format
0 8 16 31
Type Max Resp. Time Checksum
Group Address
Type Maximum Response Time
0x11 – Membership Query (v2 addition) - The max time a host
0x12 – Ver 1 Membership Report can wait before responding to a
0x16 – Ver 2 Membership Report Membership Query (in 0.1 sec units)
0x17 – Leave Group
0x22 – ver 3 membership report
Group Address
Used in :
Host ReportLeave Message – IP Multicast address of the group being
reported
Membership Queries to a specific group (V2 addition)
13. IP Multicast Service Model
Group Membership Protocols (IGMP)
Hosts
IGMP
Routers
DVMRP,
PIM
Multicast Routing Protocols (DVMRP, PIM)
14. IGMP Reports
• IGMP report sent by one host suppresses sending by others
• Restrict to one report per group per LAN
• Host send reports when it first joins the group
IGMP Host Membership Report
Traffic for
224.65.10.54
Host A Host B Host C Host D
Member of Group Member of Group Member of Group
224.65.10.54 224.65.10.54 224.65.10.54
Timer=1 Timer=2 Timer=4
Report No Report Cancel Report
15. IGMP Version Improvements
• IGMP v2:
–Host sends leave message if it leaves the group and is the last
member (reduces leave latency in comparison to v1), in
response
–Router sends Group specific queries to make sure there are no
members present before stopping to forward data for the group
for that subnet
–Querier election - When there are more than one multicast
routers on a LAN, only one (lowest IP) has to send the query.
• IGMP v3 (draft):
–Enables a host to specify the IP addresses of the specific
sources it wants/ doesn’t want to receive
– Membership reports sent to switch
16. IGMP - Message Destination
Message Type Destination Group
General Query All Systems (224.0.0.1)
Group Specific Query Group being queried
Membership Report Group being reported
Leave Message All Routers (224.0.0.2)
17. IGMP Snooping
As mentioned, switches use the information in the IGMP packets
(namely IGMP Reports sent by hosts) to determine which
segments should receive packets directed to the group address
The IGMP snooping provides the benefit of conserving bandwidth
on segments of the network which do not have group members
Filtering operation is conducted per VLAN
Currently no standard defined for snooping
See http://www.ietf.org/internet-drafts/draft-ietf-magma-snoop-
11.txt
18. IGMP Snooping – Adding Entries
Switch intercepts IGMP Membership reports from hosts to routers
Host membership report are forwarded to router and switch ports
(learned by switch) but not to hosts on other ports
As a result, the timer on all the hosts expire after receiving router’s query
and all hosts (except if connected on same port on device) send IGMP
reports (different from regular IGMP)
When a switch receives a reports:
» If first host reporting for group (no previous reports received) - creates a
MAC multicast group entry and adds the receiving port to it
» If not first host reporting - port is added to existing group entry
19. IGMP Snooping – Deleting Entries
A port can be removed after one of the following:
» Switch does not hear an IGMP Report message from a port for a
defined timeout
» Switch hears a leave message on a certain port and does not
hear any reports for a (short) leave timeout
Port is removed from the group’s port list
If the removed port is the last entry – the group is removed from
the group list
20. IGMP Snooping – Future Developments
Some Switches are Active Query Switches
Active Query Switches do not have to rely on routers to send the
IGMP queries – since they know how to send periodic queries
themselves
Therefore IGMP snooping will work flawlessly also in a pure L2
environment
22. Snooping Process
The system can support multicast filtering for up to 256 multicast
groups. Additional multicast groups will be treated as
unregistered.
User must enable the MAC multicast filtering per system to allow
L2 Multicast groups registration (either static or via IGMP
snooping)
For IGMP snooping to run on a specific VLAN, IGMP snooping
must be enabled both on the entire device and on that specific
VLAN
The MAC Multicast Table will be updated with snooping entries
only if it received an IGMP General Query or DVMRP/PIM traffic
on one the ports in the VLAN (learning will function per VLAN)
23. Snooping Process (cont.)
Once an IGMP Join message is received on a port, that port is
registered as a member of that multicast group
The MAC multicast filtering table is updated with the IGMP snoop
entries – and the multicast traffic is forwarded only on ports which
registered as group members.
If a certain MAC Multicast Group has no members (none have
registered yet) the device floods group traffic on all VLAN ports
24. Snooping process (cont.)
A port can leave a group either
» By receiving an explicit leave message from a station and waiting
for a short timeout period to make sure no other stations on that
segment are sending new Join messages
» A (long) timeout has expired and Join messages have not been
received on the port
Once a port left the group – it is erased from the MAC Filtering
table – and that group traffic will no longer be forwarded to it
Other port members of the group will continue to receive traffic as
usual
Once all members left a certain group (explicitly or by timeout)
traffic is once again flooded to all ports
25. Special Group Cases
IP multicast groups 224-239.128|0.0.xxx (mutual MAC multicast
address 01-00-5e-00-00-xx) are treated differently than other
multicast groups.
Reports for these groups are ignored, and traffic is flooded on all
ports of the VLAN
However, if a static entry is configured for one of these groups – this
registration will take affect and traffic for this Mac Multicast group
will be forwarded only to that port(s).
26. Snooping and Multicast Settings
For each multicast group, the user can define a list of Forbidden
ports. Forbidden ports will not be included in the multicast group
(MAC Multicast filtering Table) even if IGMP snooping suggests they
should.
Forbidden ports are preserved across resets.
The user may define ports as “forward all” which will cause them to
forward a copy of any incoming frame with a MAC multicast
destination address.
27. Snooping and Multicast Settings
A user can define static Multicast entries per port.
Static entries are per specific port in a certain VLAN and are
preserved across reboots.
Multicast Groups defined as static on a port (per VLAN) will be
forwarded on that port and VLAN even if there was no IGMP
indication that the port belongs to that group.
User can define that a port will not automatically forward all traffic
(even if it is an mrouter port)
Static and forbidden entries will only take effect if Multicast Filtering
is enabled.
28. Snooping – Changing or Erasing a VLAN
MAC filtering and IGMP snooping are not available on Dynamically
(GVRP) created VLAN
If a VLAN is removed from the system all snooping and static settings
for that VLAN are erased
30. Snooping and Multicast Settings
• VLAN Level settings:
–Enable/disable IGMP snooping on the VLAN (default – disable)
–Enable/disable Mrouter listening (default – enable)
–Enable/disable the flooding of a specific unknown group (default
is flooding), by setting it as registered group with no members
– Add/remove static MAC Multicast Forwarding entries for certain
ports in the VLAN
–Enable/disable forwarding of all Multicasts groups for certain
ports in the VLAN
– Enable/disable the automatic forwarding of all multicasts groups
for certain ports in the VLAN (relevant for Mrouter ports)
– Add/remove Forbidden MAC Multicast entries for certain ports in
the VLAN
31. Snooping and Multicast Settings
VLAN level – timer settings:
» Host timeout – period of time after which a port is removed from a
group if no join messages have been received (range 1-2147483647
seconds; default 260)
» Leave timeout - the period of time after which a port, which received
an IGMP Leave message, is removed from a group if no join
messages have been received (range 1-2147483647 seconds;
default 10); user can also configure “immediate leave”
» Mrouter timeout – period after which a VLAN assumes there are no
Mrouters attached to one of its ports, if it did not receive any IGMP
Queries/DVMRP/PIM (range 1-2147483647 seconds; default 300)
33. Device Level Configuration
Use the following Global Mode command to enable/disable
multicast filtering on the device (default is disable):
bridge multicast filtering
no bridge multicast filtering
Use the following Global Mode command to enable/disable
IGMP snooping on the device (default is disable) :
ip igmp snooping
no ip igmp snooping
34. Example – Device Level Configuration
Example – enabling MAC multicast filtering and IGMP snooping on the
device:
console# configure
console(config)# bridge multicast filtering
console(config)# ip igmp snooping
Example – disabling MAC multicast filtering and IGMP snooping on the
device:
console(config)# no bridge multicast filtering
console(config)# no ip igmp snooping
35. IGMP – VLAN Level Configuration
Use the following (VLAN) Interface Mode command to enable/disable
IGMP Snooping on a certain VLAN:
ip igmp snooping
no ip igmp snooping
» Note that snooping can be enabled only on static VLANs
To enable/disable Mrouter Listening on a VLAN use:
ip igmp snooping mrouter learn-pim-dvmrp
no ip igmp snooping mrouter learn-pim-dvmrp
36. IGMP– VLAN Level Configuration
Use the following VLAN Interface command to set the host time out
parameter (“no” form sets to default):
ip igmp snooping host-time-out time-out
no ip igmp snooping host-time-out
» Timeout parameter is in seconds
Use the following VLAN Interface command command to set the
Mrouter time out parameter on a VLAN (“no” form sets to default):
ip igmp snooping mrouter-time-out time-out
no ip igmp snooping mrouter-time-out
37. Example – VLAN Level Configuration
Example – enabling IGMP snooping for VLAN 3 and setting the host, leave
and Mrouter timeout:
console(config)# interface vlan 3
console(config-if)# ip igmp snooping
console(config-if)# ip igmp snooping host-time-out 150
console(config-if)# ip igmp snooping leave-time-out 12
console(config-if)# ip igmp snooping mrouter-time-out 250
console(config-if)#
38. Multicast – Group Registration
Example – defining in VLAN 4 that ports 11-14 will forward all traffic,
then removing port 13 from the list
console(config)# interface vlan 4
console(config-if)# bridge multicast forward-all add ethernet 1/e11-14
console(config-if)# bridge multicast forward-all remove ethernet 1/e13
console(config-if)#
Example – returning to default in VLAN 4 – no ports forward all
console# configure
console(config)# interface vlan 4
console(config-if)# no bridge multicast forward-all
39. Example – Group Registration
Example:defining in VLAN 5
» multicast group 01:00:5e:01:02:05 will be registered with no
group members
» address 01:00:5e:01:02:15 will be statically configured on ports
5-8 of the VLAN
» Removing port 5 from the above list
console(config)# interface vlan 5
console(config-if)# bridge multicast address 01:00:5e:01:02:05
console(config-if)# bridge multicast address 01:00:5e:01:02:15 add ethernet 1/e(5-8)
console(config-if)# bridge multicast address 01:00:5e:01:02:15 remove ethernet 1/e5
40. Multicast – Group Registration
The “no” form of the command returns all ports in the VLAN to default
(dynamic registration) for a certain group:
no bridge multicast address {mac-multicast-address | ip-multicast-
address}
Example – returning all ports to default of dynamic learning for
address 01:00:5e:01:02:15:
console(config)# interface vlan 5
console(config-if)# no bridge multicast address 01:00:5e:01:02:15
41. Multicast – Show Commands
Use the following EXEC mode command to view if filtering is
enabled/disabled for a VLAN and the port forward all settings:
show bridge multicast filtering vlan-id
NOTE: a port which is an Mrouter port will be displayed as forward(d)
– forward all “dynamic”
42. Multicast – Show Commands
Use the following command to view the MAC address table according
to VLAN:
show bridge multicast address-table [vlan vlan-id] [address
mac-multicast-address | ip-multicast-address] [format ip
| format mac ]
Note: any or all of the optional parameters (VLAN, address
or format) can be used. Default format is MAC
43. Multicast CLI – Show Commands
Example – filtering (forward all) information for VLAN 3:
console# show bridge multicast filtering 3
Filtering: Enabled
VLAN: 3
Port Forward-All
Static Status
------ --------- ---------
1/e1 - Filter
1/e2 Forbidden Filter
1/e3 Forward Forward(s)
1/e4 Forward(d)
1/e6 - Filter
Note that port 4 is an Mrouter port (forwards all dynamic)
44. Multicast – Show Commands
Use the following command to view the entry of a specific IP/MAC
multicast address:
show bridge multicast address-table {address mac-multicast-
address | ip-multicast-address} format {ip | mac}
Use the following command to view the entry of all multicast entries
(by MAC or by IP):
show bridge multicast address-table format {ip | mac}
Note: if the IP format is used – up to 32 IP Multicast addresses will
have the same entry.
45. Example – Show Commands
Example – showing information of table in MAC format:
console# show bridge multicast address-table format mac
Vlan MAC address type Ports
------- ----------------- -------- ------------------------------
2 01:00:5e:01:02:05 static 1/e1-2
3 01:00:5e:01:02:05 static 1/e7-8
4 01:00:5e:01:12:13 static 1/e9-10
Forbidden ports for multicast addresses:
Vlan MAC address Ports
------- ----------------- ------------------------------
3 01:00:5e:01:02:05 1/e5-6
4 01:00:5e:01:12:13 1/e11-12
46. Example – Show Commands
Example – showing multicast forwarding table in IP format (notice each
entry is for a few IP addresses):
console# show bridge multicast address-table format ip
Vlan IP address type Ports
------- ----------------- -------- ------------------------------
2 224-239.129|1.2.5 static 1/e1-2
3 224-239.129|1.2.5 static 1/e7-8
Forbidden ports for multicast addresses:
Vlan IP address Ports
------- ----------------- ------------------------------
2 224-239.129|1.2.5 1/e3-4
3 224-239.129|1.2.5 1/e5-6
47. Example– Show Commands
Example – showing information of specific multicast MAC
01:00:5e:01:02:05
console# show bridge multicast address-table address 01:00:5e:01:02:05 format mac
Vlan MAC address type Ports
------- ----------------- -------- ------------------------------
2 01:00:5e:01:02:05 static 1/e1-2
3 01:00:5e:01:02:05 static 1/e7-8
Forbidden ports for multicast addresses:
Vlan MAC address Ports
------- ----------------- ------------------------------
2 01:00:5e:01:02:05 1/e3-4
3 01:00:5e:01:02:05 1/e5-6
48. Multicast – Show Commands
Use the following EXEC mode command to view the general IGMP
snooping setting of a VLAN:
show ip igmp snooping interface vlan-id
Use the following command to view the IGMP snooping group
entries:
show ip igmp snooping groups [vlan vlan-id] [address ip-
multicast-address]
Note: entries can be displayed for the device, for a specific VLAN
and/or for a specific IP Multicast address
Use the following command to view the dynamically learned
MROUTER interfaces:
show ip igmp snooping mrouter [interface vlan-id]
49. Multicast CLI – Show Commands
Example – showing general IGMP snooping information for VLAN 3:
console# show ip igmp snooping interface 3
IGMP Snooping is globaly enabled
IGMP Snooping is enabled on VLAN 3
IGMP host timeout is 260 sec
IGMP Immediate leave is disabled. IGMP leave timeout is 10 sec
IGMP mrouter timeout is 300 sec
Automatic learning of multicast router ports is enabled
50. Multicast CLI – Show Commands
Example – showing IGMP snooping entries for:
» Device
» VLAN 2
» IP multicast group 224.1.2.3
onsole# show ip igmp snooping groups
Vlan IP Address Querier Ports
------- ----------------- ------- ------------------------------
console# show ip igmp snooping groups vlan 2
Vlan IP Address Querier Ports
------- ----------------- ------- ------------------------------
console# show ip igmp snooping groups address 224.1.2.3
Vlan IP Address Querier Ports
------- ----------------- ------- ------------------------------
53. Example 1 - Requirements
AT - 8000S has 2 user groups – high school (VID 2) and College
(VID 3)
AT - 8000S is connected by port 1/e1 acting as an uplink to a
multicast router. 1/e1 uplink is in (VLAN) trunk mode
Both groups can receive multicast transmission.
Members of VID 2 are barred from certain IP multicast groups which
are known to be restricted
Members of VID 3 can receive any multicast transmission but system
admin supervises the contents of these transmissions
54. Example 1 - Configuration
Config IGMP MAC Special Multicasts
Interface
Device Enable Enable ------
snooping filtering
VID 2 = Enable ------
1/e1-10 (access), 1/g1 snooping
(trunk)
VID 3 = Enable ------ Forward all groups to
1/e11-20 (access), snooping interface 1/e20 (admin
1/g1(trunk) port)
56. Example 1 – CLI cont’
console(config)# ip igmp snooping
console(config)# bridge multicast filtering
console(config)# interface vlan 2
console(config-if)# ip igmp snooping
console(config-if)# exit
console(config)# interface vlan 3
console(config-if)# ip igmp snooping
console(config-if)# bridge multicast forward-all add ethernet 1/e20
57. Example 1 – CLI cont’
console# show bridge multicast address-table vlan 2 format ip
Vlan IP address type Ports
------ ----------------------- -------- ------------------------------
2 224-239.131|3.3.3 static
58. Example 1 – CLI cont’
console# show bridge multicast filtering 3
Filtering: Enabled
VLAN: 3
Port Forward-All
Static Status
------ --------- ---------
1/e11 - Filter
e12 - Filter
….
….
1/e20 Forward Forward(s)
1/g1 - Forward(d)
60. Possible Problem Solution
problem description
In example 1 no Non of the ports 1. Use show ip igmp snooping interface command to verify if
multicast traffic is in VID2 and VID IGMP snooping is enabled on device and VLAN. Use ip igmp
received 3 receive any snooping on device and VLAN to enable IGMP snooping.
multicast 2. Use show ip igmp snooping mrouter or show ip igmp
transmission snooping groups command to verify that a Multicast Router
(sending queries or IPM Protocol) is connected to one of the
VLAN ports. If needed – configure IGMP/DVMR on the router
connected to one of the interfaces.
3. Use show bridge multicast filtering command to verify that
MAC multicast filtering is enabled. Use bridge multicast
filtering to enable filtering.
61. Possible problem Problem Solution
description
VLAN 2 (in VLAN 2 is 1. Use show ip igmp snooping groups vlan command to see
example 1) functioning whether VLAN 3 has any registrations:
receives properly but 1. If there are no registrations – check that igmp
Multicast VLAN 3 does snooping is enabled on VLAN 3.
transmission but not receive any
VLAN 3 does not. multicast traffic 2. If there are registrations check if an mrouter is
connected to VLAN 3;
62. Possible Problem Solution
problem description
Ports receive A port sent igmp 1. Use show ip igmp snooping groups to verify that no
traffic for join messages registration has been made (from another station?) for the
multicast groups for 4 groups but additional groups.
they did no receives traffic 2. Use show bridge multicast filtering to check if the port is
request for 10 groups configured to forward all traffic. Use bridge multicast
forward-all remove command to change this status.
3. Use show ip igmp snooping mrouter to check if port is an
mrouter port (receives all multicast traffic)
4. Use show bridge multicast address-table address
command to check if addressed are configured statically on
the port. Use bridge multicast address x.x.x.x remove
command to remove entires
5. Check if some of the Multicast IP received on the port are
translated to the same MAC address (Multicast IP to MAC
translation)
6. Check if group is of type 224-239.128|0.0.xxx
63. Possible Problem Solution
problem description
Unregistered A certain 1. Examine the source for the multicast flow. If it originated from
groups are not multicast flow is a layer 3 interface (e.g. a layer 3 interface of a Router
flooded to all transmitted on a connected to the device), then traffic is probably “blocked” at
ports in VLAN VLAN. Although the layer 3 level, since IGMP join messages have not been
none of the received on the Layer 3 interface.
stations sent join 2. If the multicast server is from within the Layer 2 network
messages, the (within the VLAN) Use show bridge multicast address-table
flow is not address command to check if this flow (according to IP/MAC
flooded and multicast address) has a static entry in this VLAN (empty
none of the ports group or forbidden port). In such a case the group is not
receive the flow considered to be empty, so flow is not flooded