SupportDocumentationWLANACAirEngine 9700Configuration & CommissioningConfiguration Guide

Wireless Access Controller (AC and Fit AP) V200R019C00 CLI-based Configuration Guide

Understanding IGMP Snooping

Understanding IGMP Snooping

IGMP Snooping

Fundamentals

IGMP snooping is a basic Layer 2 multicast function that forwards and controls multicast traffic at Layer 2. IGMP snooping runs on a Layer 2 multicast device and analyzes IGMP messages exchanged between a Layer 3 device and hosts to set up and maintain a Layer 2 multicast forwarding table. The Layer 2 multicast device forwards multicast packets based on the Layer 2 multicast forwarding table.

As shown in Figure 8-324, after receiving multicast packets from a Layer 3 device Router, Switch at the edge of the access layer forwards the multicast packets to receiver hosts. If Switch does not run IGMP snooping, it broadcasts multicast packets at Layer 2. After IGMP snooping is configured, Switch forwards multicast packets only to specified hosts.

With IGMP snooping configured, Switch listens on IGMP messages exchanged between Router and hosts. It analyzes packet information (such as packet type, group address, and receiving interface) to set up and maintain a Layer 2 multicast forwarding table, and forwards multicast packets based on the Layer 2 multicast forwarding table.

Figure 8-324 Multicast packet transmission before and after IGMP snooping is configured on a Layer 2 multicast device

Basic Concepts

As shown in Figure 8-325, Router (Layer 3 device) receives multicast data from the multicast source and forwards the data to downstream devices. IGMP snooping is configured on SwitchA and SwitchB. HostA, HostB, and HostC are receiver hosts.

Figure 8-325 IGMP snooping ports

Figure 8-325 shows IGMP snooping ports. The following table describes these ports.

Table 8-165 IGMP snooping ports

Port Role

Function

Generation

Router port

Ports marked as blue points on SwitchA and SwitchB.

NOTE:

A router port is a port on a Layer 2 multicast device and connects to an upstream multicast router. "Router port" mentioned in this document does not refer to a port on a router.

A router port receives multicast packets from a Layer 3 multicast device such as a designated router (DR) or IGMP querier.

  • A dynamic router port is generated by IGMP snooping. A port becomes a dynamic router port when it receives an IGMP General Query message or PIM Hello message with any source address except 0.0.0.0. The PIM Hello messages are sent from the PIM port on a Layer 3 multicast device to discover and maintain neighbor relationships.

  • A static router port is manually configured.

Member port

Ports marked as yellow points on SwitchA and SwitchB.

A member port is a user-side port connecting to group members. A Layer 2 multicast device sends multicast data to the receiver hosts through member ports.

  • A dynamic member port is generated by IGMP snooping. A Layer 2 multicast device sets a port as a dynamic member port when the port receives an IGMP Report message.

  • A static member port is manually configured.

The router port and member port are outbound interfaces in Layer 2 multicast forwarding entries. A router port functions as an upstream interface, while a member port functions as a downstream interface. Port information learned through protocol packets is saved as dynamic entries, and port information manually configured is saved as static entries.

Besides the outbound interfaces, each entry includes multicast group addresses and VLAN IDs.
  • Multicast group addresses can be multicast IP addresses or multicast MAC addresses mapped from multicast IP addresses. In MAC address-based forwarding mode, multicast data may be forwarded to hosts that do not require the data because multiple IP addresses are mapped to the same MAC addresses. The IP address-based forwarding mode can prevent this problem.
  • The VLAN ID specifies a Layer 2 broadcast domain.

IGMP Snooping SSM Mapping

Compared to Any-Source Multicast (ASM), Source-Specific Multicast (SSM) conserves multicast addresses and has higher security. Only IGMPv3 support SSM. A host running IGMPv3 can specify multicast source addresses in IGMP Report messages. Some hosts can run only IGMPv1 or IGMPv2. To enable such hosts to obtain the SSM service, multicast devices need to provide the IGMP Snooping SSM mapping function.

IGMP snooping SSM mapping is Layer 2 SSM mapping on an IPv4 multicast network. After static SSM mapping entries are configured on a multicast device, the device can convert (*, G) information in IGMPv1 and IGMPv2 Report messages to (S, G) information to provide the SSM service for IGMPv1 and IGMPv2 hosts. S indicates the multicast source, G indicates the multicast group, and the asterisk (*) indicates any multicast source. By default, SSM group addresses range from 232.0.0.0 to 232.255.255.255. You can configure an SSM group policy to change the address range of SSM groups.

As shown in Figure 8-326, HostA runs IGMPv3, HostB runs IGMPv2, and HostC runs IGMPv1. HostB and HostC cannot run IGMPv3. To provide the SSM service for all the hosts on the network segment, configure IGMP Snooping SSM mapping on Switch.

Figure 8-326 Networking diagram of IGMP Snooping SSM mapping

The following table lists the SSM mapping entries configured on Switch.

Multicast Group Address

Mapping Multicast Source Address

232.1.1.0/24

10.10.1.1

232.1.2.0/24

10.10.2.2

232.1.3.0/24

10.10.3.3

When Switch receives Report messages from HostB and HostC, it checks whether the multicast group addresses in the messages are within the SSM group address range. If so, Switch generates (S, G) entries based on the SSM mappings, as shown in the following table.

Multicast Group Address in IGMPv1/IGMPv2 Report

Generated Multicast Forwarding Entry

232.1.1.1 (from HostC)

(10.10.1.1, 232.1.1.1)

232.1.2.2 (from HostB)

(10.10.2.2, 232.1.2.2)

When the multicast group address in a Report message is within the SSM group address range, but Switch no SSM mapping entry matching the multicast group address, it does not provide the SSM service and drops the Report message.

If the multicast group address in a Report message is out of the SSM group address range, Switch provides only the ASM service.

IGMP Snooping Proxy

Fundamentals

To reduce the number of IGMP messages transmitted on the network segments of user hosts, you can configure IGMP snooping proxy on a Layer 2 multicast device. Then the Layer 2 multicast device substitutes the upstream Layer 3 device to send IGMP Query messages to user hosts, and substitutes user hosts to send Report messages to the Layer 3 device. A device configured with IGMP snooping proxy functions as a host for its upstream device and a querier for its downstream hosts.

As shown in Figure 8-327, when Switch runs IGMP snooping, it forwards IGMP Query, Report, and Leave messages transparently to the upstream Router. When numerous hosts exist on the network, redundant IGMP messages increase the burden of Router.

With IGMP snooping proxy configured, Switch can terminate IGMP Query messages sent from Router and IGMP Report/Leave sent from downstream hosts. When receiving these messages, Switch constructs new messages to send them to Router.

Figure 8-327 Networking diagram of IGMP snooping proxy

After IGMP snooping proxy is deployed on the Layer 2 device, the Layer 3 device considers that it interacts with only one user. The Layer 2 device interacts with the upstream device and downstream hosts. The IGMP snooping proxy function conserves bandwidth by reducing IGMP message exchanges. In addition, IGMP snooping proxy functions as a querier to process protocol messages received from downstream hosts and maintain group memberships. This reduces the load of the upstream Layer 3 device.

Implementation

A device that runs IGMP snooping proxy sets up and maintains a Layer 2 multicast forwarding table and sends multicast data to hosts based on the multicast forwarding table. Table 8-166 describes how the IGMP snooping proxy device processes IGMP messages.

Table 8-166 received IGMP message processing by IGMP snooping proxy

IGMP Message

Processing Method

IGMP General Query message

The Layer 2 device sends the IGMP General Query message to all ports excluding the port receiving the message in a VLAN. The device generates an IGMP Report message based on the group memberships and sends the IGMP Report message to all router ports.

IGMP Group-Specific/Group-Source-Specific Query message

If the group specified in the message has member ports in the multicast forwarding table, the Layer 2 device responds with an IGMP Report message to all router ports.

IGMP Report message
  • If the multicast group matches no forwarding entry, the Layer 2 device creates a forwarding entry, adds the message receiving port to the outbound interface list as a dynamic member port, starts the aging timer, and sends an IGMP Report message to all router ports.
  • If the multicast group matches a forwarding entry and the message receiving is in the outbound interface list, the device resets the aging timer.
  • If the multicast group matches a forwarding entry, but the port is not in the outbound interface list, the Layer 2 device adds the port to the list as a dynamic router port, and starts the aging timer.

IGMP Leave message

The Layer 2 device sends a Group-Specific Query message to the port that receives the IGMP Leave message. The Layer 2 device sends an IGMP Leave message to all router ports only when the last member port is deleted from the forwarding entry.