24 Aug

IGMP Snooping on single switch

The IGMP Snooping is a nice feature to limit propagation of multicast traffic in Layer 2 Ethernet network. It listens to IGMP (Internet Group Management Protocol) messages traversing the network to learn about source and receivers. Using this information switch builds a map of links where it replicates the multicast frames. What if we do not have this feature enabled? The switch will treat multicast frames as an unknown type and will broadcast over all active ports no matter is there is receiver interested in frames from the particular multicast group or not.

IGMP Snooping on a single switch is useful to limit propagation of multicast frames when source and receivers are in same layer 2 broadcast domain, in the same VLAN. IGMP Snooping is enabled on Cisco switches by default, but it does not mean it will work out-of-box.

Initial configuration

In this article, I will use small network created in Cisco VIRL

IGMP Snooping on Single Switch Topology

IGMP Snooping on Single Switch Topology

I will use the Ostinato node as a source of multicast traffic on group 239.0.1.9. Check my Generate multicast traffic in VIRL using Ostinato post where I described how to use it. The two IOS routers will act as multicast receivers. All devices are connected to single IOS switch in VLAN 2. Let’s start the multicast traffic at a rate of 10 packets per second.

Let’s make the iosv-2 router a receiver for this multicast group

interface GigabitEthernet0/1
 ip igmp join-group 239.0.1.9

Right now we do not yet have the source streaming the multicast traffic, but if we enable debugging then we can see that IGMP Snooping correctly detected the IGMP Report message

*Aug 14 19:38:46.705: IGMPSN: Received IGMPv2 Report for group 239.0.1.9 received on Vlan 2, port Gi1/0
*Aug 14 19:38:46.706: IGMPSN: group: Received IGMPv2 report for group 239.0.1.9 from Client 10.0.0.3 received on Vlan 2, port Gi1/0
*Aug 14 19:38:46.706: IGMPSN: group: Skip client info adding - ip 10.0.0.3, port_id Gi1/0, on vlan 2
*Aug 14 19:38:46.706: IGMPSN: No mroute detected: Drop IGMPv2 report for group 239.0.1.9 from client 10.0.0.3 received on Vlan 2, port Gi1/0

In the output, we see the parameters of IGMP message, but also in the last line, we find information that no mroute was detected. As a result, the switch will not use the information. If we now start the multicast flow, we can see additional error messages in debug output

*Aug 14 19:44:43.089: IGMPSN: MCAST IP address 239.0.1.9, MAC address 0100.5e00.0109
*Aug 14 19:44:43.089: IGMPSN: Can not Locate gce 0100.5e00.0109, on Vlan 2

Let’s initiate the multicast traffic at a rate of 10 packets per second and observe the counters on the switch

GigabitEthernet0/3 is up, line protocol is up (connected)
30 second input rate 5000 bits/sec, 10 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec 

GigabitEthernet1/0 is up, line protocol is up (connected)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec 

GigabitEthernet1/1 is up, line protocol is up (connected)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec

As you can see the multicast flow is received by the switch but not propagated anywhere. That is the behavior of the Cisco VIRL. On physical devices, the actual result depends on the platform. Some switches may act the same, but other will just broadcast multicast traffic out of every active port.

 

Disable IGMP Snooping

Let’s now disable IGMP snooping on the whole switch

iosvl2-1(config)#no ip igmp snooping

Now let’s look at multicast traffic again

GigabitEthernet0/3 is up, line protocol is up (connected)
30 second input rate 5000 bits/sec, 10 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec

GigabitEthernet1/0 is up, line protocol is up (connected)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 5000 bits/sec, 10 packets/sec 

GigabitEthernet1/1 is up, line protocol is up (connected)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 5000 bits/sec, 10 packets/sec

As you can see traffic is now forwarded out of all active ports, so it is reaching the iosv-3 router even if it did not register to receive multicast group. That is something we should expect. Switch treats all multicast frames as one with an unknown destination (no entry in CAM) and broadcasts it out of every active port.

Because we do not have a multicast router in our network, we need to do some trick and make switch think we have it. This way we will make IGMP Snooping work

 

Solution 1 – enable IGMP querier on the switch

This feature allows Layer 2 switch to send out periodic IGMP queries into the network segments. On Ethernet segments, the multicast router sends periodic queries checking if there are any active receivers. Enabling the querier feature makes switch consider itself as a mrouter.

Note: This feature is not available on Cisco VIRL 

switch(config)#ip igmp snooping querier

If we look at the outputs

switch#show ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
2 10.0.0.250 v2 Switch

switch#show ip igmp snooping mrouter
Vlan ports
---- -----
2 Switch

So the switch find itself as both the querier and the mrouter which is enough to use IGMP Snooping feature

 

Solution 2 – Enable PIM on Layer3 interface

The other solution requires the introduction of SVI interface for VLAN where we want to enable IGMP Snooping. Then we can enable PIM on the SVI interface making our switch the multicast router as well.

interface Vlan2
 ip address 10.0.0.250 255.255.255.0
 ip pim sparse-dense-mode

Let’s look at IGMP Snooping outputs again

iosvl2-1#sh ip igmp snooping mrouter
Vlan ports
---- -----
2 Router

iosvl2-1#sh ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
2 10.0.0.250 v2 Router

iosvl2-1#sh ip igmp snooping groups
Vlan Group Version Port List
---------------------------------------------------------
2 239.0.1.9 v2 Gi1/0

The switch again finds itself as both the querier and the mrouter. That means it will forward the multicast traffic only to the registered receivers. The downside is we now have Layer 3 switch, and if we ever expand this network segment, we must take into consideration.

Alternatively, you can statically configure one of the switch ports as mrouter port.

iosvl2-1(config)#ip igmp snooping vlan 2 mrouter interface GIgabitEthernet 0/3

You may also set static MAC entries on the switch but let’s face it – it is not a flexible way!

 

 

 

Leave a Reply

%d bloggers like this: