IGMP
- IP protocol 2, TTL = 1
- does not use Router Alert option in version 1, afterwards – implemented
- timers:
- query response interval: 10s default (for v1 – const)
- query interval: 60s default (IOS)
- group memebership interval: 180s default (3 * query), timeout for group activity
- last member query:
- max response time for group-specific query
- interval between two consecutive group-specific queries
- 1s default
- v1 router present timeout: activity of v1 rrouter from v2 router standpoint
- old host present:
- group membership interval
- time when group is considered v1
- reset by v1 report
- v1 hosts do not understand v2 ⇒ no report suppression for v1 because of v2 reports
- src IP = 0.0.0.0 does not participate in querier selection (usually switch with IGMP snooping)
- querier is responsible for querying (control plane), may not send traffic (data plane)
(config)# ip multicast-routing; enables IGMP and PIM
(config-if)# ip pim sparse-mode|dense-mode|sparse-dense-mode
(config-if)# ip pim neighbor-filter <ACL>
; version 2 by default
(config-if)# igmp version <n>
; 60s by default
(config-if)# igmp query-interval <sec>
; SSM with version 3; join the group; process-switched
(config-if)# igmp join-group <group IP> [source <unicast IP>]
; sends traffic for mcast group even without clients; fast-switched
(config-if)# igmp static-group <group IP>
(config-if)# igmp access-group <ACL>
; useful towards switch with IGMP snooping
(config-if)# igmp immediate-leave group-list <ACL>
; 2 default
(config-if)# igmp last-member-query-count <LMQC>
; 1000ms default
(config-if)# igmp last-member-query-interval <ms>
; 120s default
(config-if)# igmp querier-timeout <sec>
(config-if)# igmp query-interval <sec>
; 10s default
(config-if)# igmp query-max-response-time <sec>
; reroutes Report and Leave to IP as from itself; requires PIM/IGMP on egress interface; stub multicast routing
(config-if)# igmp helper-address <IP>
; v1 and v2, speeds up leave; requires global cmd
(config-if)# igmp explicit-tracking; (*, 224.1.1.1), host 0.0.0.0 ≠ any (only (*,G) ≠ (*,G) + (S,G)) (config-ext-nacl)# deny host 0.0.0.0 host 224.1.1.1 ; not checked because (*,G) is denied ⇒ (S,G) is also denied; sequence is not important: first, (*,G) is looked up, if it is permitted – look up (S,G) (config-ext-nacl)# permit any host 224.1.1.1
; if no mcast traffic hits entry, it is removed after 3 mins by default
# show ip mroute [<mcast IP>] [summary]
# show ip igmp interface <intf>
# show ip igmp groupsIGMPv1
- RFC 1112
- membership query:
- dst = 224.0.0.1, TTL = 1
- every 60s by default (IOS, RFC – 125s)
- membership report
- report suppression: if other host has responded to query, no need to send report yourself
- 1 report per group
- sent to group address, TTL = 1
- unsolicited report: on joining the group host sends report for group address to group address
- no process for leaving a group, only timeout = 3 * query interval
- no querier election, every router sends queries
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ver | Type | Unused | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Group address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Version = 0x1
Type:
- query
- report
IGMPv2
- RFC 2236
- group-specific query:
- sent to group address
- send on receiving leave
- check whether the group is still listened to
- by default 2 messages with interval of last member query interval (1s default)
- leave: dst IP = 224.0.0.2
- IGMP querier:
- lowest IP
- at first, every router considers itself querier, stopping to do so after receiving query from lower IP
- query response time:
- field in query
- max time for host to respond
- real time for response is selected randomly within query response time window
- v1 compatibility:
- enabled when v2 router receives v1 membership report
- per group
- all clients are considered v1
- leaves are ignored
- if v1 routers are present, v2 version routers has to be manually downgraded to v1 because of querier selection
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Max resp time | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Group address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Type:
- 0x11 – query:
- general: group address = 0.0.0.0
- group-specific: group address = mcast
- 0x16 – v2 report
- 0x12 – v1 report
- 0x17 – leave
Max response time:
- set only in query (in other messages = 0)
- units – 0.1s
IGMPv3
- RFC 3376
- SSM
- sends report/leave to 224.0.0.22, no suppression
- sparse-mode routers can listen to SPT directly without going through RP first, Joins are sent directly to src
# show ip igmp ssm-mappingIGMPv3 query
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (0x11) | Max resp time | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Group address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Rsv |S| QRV | QQIC | Number of sources |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source address 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source address n |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Max response code:
- < 128: unit of 0.1s
- ≥ 128: 1 || exp (3 bits) || mant (4 bits)
S:
- suppress router side
- on router only
- on receiving – use common timers, not from QRV
QRV:
- querier robustness variable
- 2 default
- acceptable number of lost packets (QRV – 1)
- increases leave latency
QQIC:
- querier’s query interval code
- same measure as for max response code
IGMPv3 report
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type (0x22) | Reserved | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Number of group records |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Group record 1 /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Group record n /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+IGMPv3 group record
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Record type | Aux data len | Number of sources |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Multicast address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source address 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source address n |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Auxiliary data /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Record type:
- current state:
- type 1: mode is include
- type 2: mode is exclude
- filter-mode change:
- type 3: to include
- type 4: to exclude
- source-list change:
- type 5: allow new sources
- type 6: block old sources
Auxiliary data length: units of 32bit words
Auxiliary data: if length = 0, then it’s not included (default)
MVR
- mutlicast VLAN replication
- specifies multicast VLAN that passes mcast traffic for all other VLANs
- on receiving mcast only last switch copies traffic to client ports
- decreases load when same traffic is requested by several VLANs
(config)# mvr
(config)# mvr group <mcast IP>
(config)# mvr vlan <VLAN>(config-if)# mvr type source|receiver# show mvr interface
# show mvr membersIGMP snooping
- switch has to be L3 to process traffic efficiently (otherwise traffic is passed through CPU, not ASICs)
- for IGMPv3 it’s enough to listen to a single group (224.0.0.22)
- router interface:
- IGMP general query, OSPF, PIM, HSRP, DVMRP
- if messages from 1) are received, interface is added to ALL groups
- receiving IGMP report:
- port is added to the group
- Report is forwarded to router if this is the first port in group
- receiving IGMP leave:
- port is removed from group if no clients are present on it
- leave is not forwarded on uplink
- sends general query to the port; if report is received, leave is ignored, otherwise port is removed from the group (protection against hub)
- general query is sent to all ports in VLAN
- report is not sent to hosts ⇒ breaks report suppression but only from host to switch
- if no ports are listening for the group, switch sends leave for the group via router port
- mcast traffic is copies only to downstream ports
- mcast addresses can be manually added to CAM
- queries from router are answered directly by switch for active groups; queries are not forwarded further because switch is a querier itself
- 0.0.0.0 – special src IP, used for queries
- X.0.0.X or X.128.0.X are not listened to (MAC overlaps with reserved groups, using such overlapping groups – bad design)
; by default off in IOS, IOS XR; enabled in NX-OS by default
(config-if)# ip igmp snooping [vlan <VLAN>]
; 1s by default
(config-if)# ip igmp snooping last-member-query-interval <ms>
; supress query, on access switch, when hosts are connected directly
(config-if)# ip igmp snooping vlan <VLAN> immediate-leave
; v1 and v2 hosts, speeds up leave (v1 and v2 hosts are tracked and known)
(config-if)# ip igmp snooping vlan <VLAN> explicit-tracking# show ip igmp snooping vlan <VLAN>
# show ip igmp snooping groups [vlan <VLAN>]
# show ip igmp snooping mrouter [vlan <VLAN>]PIM snooping
- alternative to IGMP snooping for PIM between routers
(config)# ip pim snooping
; traffic is sent towards DR only for those groups that were requested via Join; default – send all mcast to DR; must not be disabled if mcast sources are present in segment
(config)# no ip pim snooping dr-floog; requires IGMP snooping, PIM-SM or SSM or BD; in case of BD traffic is sent only to DF; SVI interface (config-if)# ip pim snooping
# show ip pim snoopingSSM mapping
- translates IGMPv1 and IGMPv2 report into IGMPv3 report adding source to them
- DNS-based mapping performs reverse DNS lookup on group address (default domain: in-addr.arpa)
(config)# ip igmp ssm-map enable
; on default; DNS-based mapping
(config)# ip igmp ssm-map query dns
; ACL – groups, IP – source address
(config)# ip igmp ssm-map static <ACL> <IP>
(config)# ip domain multicast <DOMAIN>(config-if)# ip igmp version 3
(config-if)# ip igmp static-group <GROUP> source ssm-map# show ip igmp ssm-mappingIGMP proxy
- to bypass unidirectional upstream links (PIM neighborship impossible)
- downstream router accepts upstream as querier, sends him unicast report from unidirectional link address
- upstream selects querier address from non-unidirectional links
- upstream allows unicast reports with TTL ≠ 1
- on report receipt upstream adds unidirectional link to OIL
- unidirectional link – satellite link
; on UDL, both ends
(config-if)# ip igmp unidirectional-link
; downstream, on the interface where Joins are received; INTF – proxy with IP and PIM
(config-if)# ip igmp mroute-proxy <INTF>
; downstream, on INTF
(config-if)# ip igmp proxy-service
; downstream, on INTF
(config-if)# ip igmp helper-address udl <UDL intf>Mtrace
- uses IGMP Request/Response messages ⇒ requires PIM enabled on interface
- Request is sent upstream
- Response is sent by FHR or router that cannot forward Request
- can detect control plane errors: mcast disabled, static routing
- cannot detect data plane errors: split-horizon on NBMA
- mroute can be used as a temporary hotfix – does not affect unicast
Networking and IT 