Layer 2 Multicast Forwarding Entries Fail to Be Created for SSM Group Addresses on an S5700 Switch

Publication Date:  2015-11-02 Views:  418 Downloads:  0
Issue Description
After IGMP snooping is configured on an S5700 switch, the traffic volume sent from user-side interfaces is equal to the traffic volume received on the uplink interface. Actually, a downstream user requires only one multicast flow (about 10 Mbit/s).

The configuration on the S5700 switch is as follows:

vlan 100 
igmp-snooping enable  
igmp-snooping querier enable 

interface Eth-Trunk1 
port link-type trunk 
port trunk allow-pass vlan 2 to 4094 

interface GigabitEthernet0/0/36 
port link-type access 
port default vlan 100 
#
Handling Process
1. Run the display interface brief command to check traffic statistics on uplink and downlink interfaces.

<Switch> display interface brief
Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors 
Eth-Trunk1                  up    up         43%     0%          0          0 
  GigabitEthernet0/0/45     up    up       0.01%  0.01%          0          0 
  GigabitEthernet0/0/46     up    up         87%  0.01%          0          0 //The uplink interface is an Eth-trunk, and its member interfaces work at 1000 Mbit/s.
...... 
GigabitEthernet0/0/5        up    up       0.01%    87%          3          0 //This interface is not connected to multicast users and it works at 1000 Mbit/s.
...... 
GigabitEthernet0/0/36       up    up       0.01%    87%          0          0 //This interface is connected to multicast users and it works at 1000 Mbit/s.
...... 
GigabitEthernet0/0/5 current state : UP 
Line protocol current state : UP 
...... 
Output:  5355181997 packets, 7400771612471 bytes 
  Unicast:                          0,  Multicast:                  5355181048 
  Broadcast:                      949,  Jumbo:                               0 
  Discard:                   13234141,  Pause:                               0 
GigabitEthernet0/0/36 current state : UP 
Line protocol current state : UP 
...... 
Output:  937621743 packets, 1295759811022 bytes 
  Unicast:                          0,  Multicast:                   937607079 
  Broadcast:                    14664,  Jumbo:                               0 
  Discard:                   22114287,  Pause:                               0 
GigabitEthernet0/0/46 current state : UP 
Line protocol current state : UP 
...... 
Input:  4607758512 packets, 6386285035581 bytes 
  Unicast:                          0,  Multicast:                  4607758512 
  Broadcast:                        0,  Jumbo:                               0 
  Discard:                          0,  Pause:                               0

The traffic statistics show that the traffic volume received on the uplink interface is the same as the traffic volume sent from user-side interfaces. The data packets are multicast packets, and non-multicast users also receive these packets. The possible cause is that these packets are unknown multicast packets and are broadcast to all the interfaces in the same VLAN.

2. By default, a switch broadcasts unknown multicast packets in a VLAN. After the switch is configured to drop unknown multicast traffic (using the multicast drop-unknown command in the VLAN view), the traffic volume on user-side interfaces should decrease. However, multicast users cannot receive the multicast traffic they request after the configuration is performed.

3. No (*, G) entries are available on the group member ports.
[Switch] display igmp-snooping port-info 
Info: There is no group port information.
No Layer 2 multicast forwarding entries are available in the forwarding table.
[Switch] display l2-multicast forwarding-table vlan 100 
Info: There is no forwarding-table information.

4. Packet information obtained on the multicast user's client shows that the Report messages sent from the user are IGMPv2 Report messages but the group address in the Report messages is 232.0.21.40, a source-specific multicast (SSM) group address.

Root Cause
V100R005 of fixed switches adds the support for IGMP snooping SSM mapping and SSM policy. According to RFC 4607, addresses on the 232/8 network segment (232.0.0.0-232.255.255.255) are SSM group addresses. Multicast forwarding entries can be created for multicast addresses on this network segment only when a source address is specified.

In V100R005 and later versions, a fixed switch cannot create multicast forwarding entries after receiving IGMPv2 Report messages with multicast addresses on the 232/8 network segment. After the switch is configured to drop unknown multicast traffic, users cannot receive multicast data they request.
Solution
1. Run the igmp-snooping ssm-policy acl xxx command in the VLAN and specify an empty ACL in the command. Then all multicast addresses are considered non-SSM group addresses, and (*, G) entries can be created for 232.X.X.X groups.

2. Run the igmp-snooping version 3 and igmp-snooping ssm-mapping enable commands in the VLAN to map 232.X.X.X group addresses to specified source addresses, so that (S, G) entries can be created for these group addresses.

After solution 1 is used, the S5700 switch can create Layer 2 multicast forwarding entries and forward multicast traffic normally.
Suggestions
1. When a switch fails to create Layer 2 multicast forwarding entries, collect the following information for fault location:

a. Software version, model, and configuration of the switch.
b. Run the debugging igmp-snooping report command to enable IGMP snooping
    Report message debugging and view the debugging information to check whether the switch has received   Report messages and how these Report messages are processed.

2. In V100R003 and earlier versions of the S series switches, multicast forwarding entries can be created based on IGMPv2 Report messages with SSM group addresses.

In V100R005 and later versions, multicast forwarding entries can be created based on IGMPv2 Report messages with SSM group addresses only when a source address is specified.

If a switch fails to create multicast forwarding entries, check whether the request group addresses are SSM group addresses.

END