The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This module describes how to implement MLD snooping on the Cisco ASR 9000 Series Router.
Release |
Modification |
---|---|
Release 4.3.0 |
This feature was introduced. |
Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at Layer 2. By snooping the MLD membership reports sent by hosts in the bridge domain, the MLD snooping application can set up Layer 2 multicast forwarding tables to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast traffic.
MLD snooping uses the information in MLD membership report messages to build corresponding information in the forwarding tables to restrict IPv6 multicast traffic at Layer 2. The forwarding table entries are in the form <Route, OIF List>, where:
Route is a <*, G> route or <S, G> route.
OIF List comprises all bridge ports that have sent MLD membership reports for the specified route plus all multicast router (mrouter) ports in the bridge domain.
For more information regarding MLD snooping, refer the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide.
The network must be configured with a layer2 VPN.
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Following are the restrictions (features that are not supported):
Advantages of MLD Snooping
In its basic form, it reduces bandwidth consumption by reducing multicast traffic that would otherwise flood an entire VPLS bridge domain.
With the use of some optional configurations, it provides security between bridge domains by filtering the MLD reports received from hosts on one bridge port and preventing leakage towards the hosts on other bridge ports.
MLD supports the following HA features:
MLD snooping operates at the bridge domain level. When MLD snooping is enabled on a bridge domain, the snooping functionality applies to all ports under the bridge domain, including:
Physical ports under the bridge domain.
Ethernet flow points (EFPs)—An EFP can be a VLAN, VLAN range, list of VLANs, or an entire interface port.
Pseudowires (PWs) in VPLS bridge domains.
Ethernet bundles—Ethernet bundles include IEEE 802.3ad link bundles and Cisco EtherChannel bundles. From the perspective of the MLD snooping application, an Ethernet bundle is just another EFP. The forwarding application in the Cisco ASR 9000 Series Routers randomly nominates a single port from the bundle to carry the multicast traffic.
MLD snooping classifies each port as one of the following:
Multicast router ports (mrouter ports)—These are ports to which a multicast-enabled router is connected. Mrouter ports are usually dynamically discovered, but may also be statically configured. Multicast traffic is always forwarded to all mrouter ports, except when an mrouter port is the ingress port.
Host ports—Any port that is not an mrouter port is a host port.
MLD snooping discovers mrouter ports dynamically. You can also explicitly configure a port as an emrouter port.
Discovery- MLD snooping identifies upstream mrouter ports in the bridge domain by snooping mld query messages and Protocol Independent Multicast Version 2 (PIMv2) hello messages. Snooping PIMv2 hello messages identifies mld nonqueriers in the bridge domain.
Static configuration—You can statically configure a port as an mrouter port with the mrouter command in a profile attached to the port. Static configuration can help in situations when incompatibilities with non-Cisco equipment prevent dynamic discovery.
The following tables describe the traffic handling behavior by MLD mrouters and host ports.
Traffic Type |
Received on MRouter Ports |
Received on Host Ports |
---|---|---|
IP multicast source traffic |
Forwards to all mrouter ports and to host ports that indicate interest. |
Forwards to all mrouter ports and to host ports that indicate interest. |
MLD general queries |
Forwards to all ports. |
— |
MLD group-specific queries |
Forwards to all other mrouter ports. |
Dropped |
MLDv1 joins |
Examines (snoops) the reports. |
Examines (snoops) the reports. |
MLDv2 reports |
Ignores |
Ignores |
MLDv1 leaves |
Invokes last member query processing. |
Invokes last member query processing. |
Traffic Type |
Received on MRouter Ports |
Received on Host Ports |
---|---|---|
IP multicast source traffic |
Forwards to all mrouter ports and to host ports that indicate interest. |
Forwards to all mrouter ports and to host ports that indicate interest. |
MLD general queries |
Forwards to all ports. |
— |
MLD group-specific queries |
If received on the querier port floods on all ports. |
— |
MLDv1 joins |
Handles as MLDv2 IS_EX{} reports. |
Handles as MLDv2 IS_EX{} reports. |
MLDv2 reports |
||
MLDv1 leaves |
Handles as MLDv2 IS_IN{} reports. |
Handles as MLDv2 IS_IN{} reports. |
1.
configure
2.
mld
snooping profile
profile-name
3. Optionally, add commands to override default configuration values.
4.
commit
To activate MLD snooping on a bridge domain, attach a MLD snooping profile to the desired bridge domain as explained here.
1.
configure
2.
l2vpn
3.
bridge group
bridge-group-name
4.
bridge-domain
bridge-domain-name
5.
mld snooping profile
profile-name
6.
commit
To deactivate MLD snooping from a bridge domain, remove the profile from the bridge domain using the following steps:
Note | A bridge domain can have only one profile attached to it at a time. |
1.
configure
2.
l2vpn
3.
bridge group
bridge-group-name
4.
bridge-domain
bridge-domain-name
5.
no mld snooping
6.
commit
MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.
Note | Static mrouter port configuration is a port-level option and should be added to profiles intended for ports. It is not recommended to add mrouter port configuration to a profile intended for bridge domains. |
1.
configure
2.
mld snooping profile
profile-name
3.
mrouter
4.
commit
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure
| |
Step 2 | mld snooping profile
profile-name Example:
RP/0/RSP0/CPU0:router(config)# mld snooping profile mrouter-port-profile
|
Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile. |
Step 3 | mrouter Example:
RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# mrouter
|
Configures a port as a static mrouter port. |
Step 4 |
commit
|
To prevent multicast routing protocol messages from being received on a port and, therefore, prevent a port from being a dynamic mrouter port, follow these steps. Note that both router guard and static mrouter commands may be configured on the same port.
MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.
Note | Router guard configuration is a port-level option and should be added to profiles intended for ports. It is not recommended to add router guard configuration to a profile intended for bridge domains. To do so would prevent all mrouters, including MLD queriers, from being discovered in the bridge domain. |
1.
configure
2.
mld snooping profile
profile-name
3.
router-guard
4.
commit
5.
show mld snooping profile
profile-name
detail
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure
| |
Step 2 | mld snooping profile
profile-name Example:
RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile
|
Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile. |
Step 3 | router-guard Example:
RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# router-guard
|
Protects the port from dynamic discovery. |
Step 4 |
commit
| |
Step 5 | show mld snooping profile
profile-name
detail Example:
RP/0/RSP0/CPU0:router# show mld snooping profile host-port-profile detail
|
(Optional) Displays the configuration settings in the named profile. |
To add the MLD snooping immediate-leave option to an MLD snooping profile, follow these steps.
1.
configure
2.
mld snooping profile
profile-name
3.
immediate-leave
4.
commit
5.
show mld snooping profile
profile-name
detail
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure
| |
Step 2 | mld snooping profile
profile-name Example:
RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile
|
Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile. |
Step 3 | immediate-leave Example:
RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# immediate-leave
|
Enables the immediate-leave option. |
Step 4 |
commit
| |
Step 5 | show mld snooping profile
profile-name
detail Example:
RP/0/RSP0/CPU0:router# show mld snooping profile host-port-profile detail
|
(Optional) Displays the configuration settings in the named profile. |
MLD snooping must be enabled on the bridge domain for this procedure to take effect.
1.
configure
2.
mld snooping profile
profile-name
3.
system-ip-address
ip-addr
4.
internal-querier
5.
commit
6.
show mld snooping profile
profile-name
detail
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure
| |
Step 2 | mld snooping profile
profile-name Example:
RP/0/RSP0/CPU0:router(config)# mld snooping profile internal-querier-profile
|
Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile. |
Step 3 | system-ip-address
ip-addr Example:
RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# system-ip-address 10.1.1.1
|
Configures an IP address for internal querier use. The default system-ip-address value (0.0.0.0) is not valid for the internal querier. You must explicitly configure an IP address. |
Step 4 | internal-querier Example:
RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# internal-querier
|
Enables an internal querier with default values for all options. |
Step 5 |
commit
| |
Step 6 | show mld snooping profile
profile-name
detail Example:
RP/0/RSP0/CPU0:router# show mld snooping profile internal-querier-profile detail
|
(Optional) Displays the configuration settings in the named profile. |
To add one or more static groups or MLDv2 source groups to an MLD snooping profile, follow these steps.
MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.
1.
configure
2.
mld snooping profile
profile-name
3.
static-group
group-addr [source
source-addr]
4. Repeat the previous step, as needed, to add more static groups.
5.
commit
Command or Action | Purpose | |
---|---|---|
Step 1 |
configure
| |
Step 2 | mld snooping profile
profile-name Example:
RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile
|
Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile. |
Step 3 |
static-group
group-addr [source
source-addr] Example:
RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# static-group 239.1.1.1 source 10.0.1.1
|
Configures a static group. |
Step 4 | Repeat the previous step, as needed, to add more static groups. |
(Optional) Adds additional static groups. |
Step 5 |
commit
|
Create two profiles:
mld snooping profile bridge_profile ! mld snooping profile port_profile mrouter !
Configure two physical interfaces for L2 support.
interface GigabitEthernet0/8/0/38 negotiation auto l2transport no shut ! ! interface GigabitEthernet0/8/0/39 negotiation auto l2transport no shut ! !
Add interfaces to the bridge domain. Attach bridge_profile to the bridge domain and port_profile to one of the Ethernet interfaces. The second Ethernet interface inherits MLD snooping configuration attributes from the bridge domain profile.
l2vpn bridge group bg1 bridge-domain bd1 mld snooping profile bridge_profile interface GigabitEthernet0/8/0/38 mld snooping profile port_profile interface GigabitEthernet0/8/0/39 ! ! !
Verify the configured bridge ports.
show mld snooping port
This example assumes that the front-ends of the bundles are preconfigured. For example, a bundle configuration might consist of three switch interfaces, as follows:
interface Port-channel1 ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 channel-group 1 mode on ! interface GigabitEthernet0/0/0/3 channel-group 1 mode on !
Configure two MLD snooping profiles.
mld snooping profile bridge_profile ! mld snooping profile port_profile mrouter !
Configure interfaces as bundle member links.
interface GigabitEthernet0/0/0/0 bundle id 1 mode on negotiation auto ! interface GigabitEthernet0/0/0/1 bundle id 1 mode on negotiation auto ! interface GigabitEthernet0/0/0/2 bundle id 2 mode on negotiation auto ! interface GigabitEthernet0/0/0/3 bundle id 2 mode on negotiation auto !
Configure the bundle interfaces for L2 transport.
interface Bundle-Ether 1 l2transport ! ! interface Bundle-Ether 2 l2transport ! !
Add the interfaces to the bridge domain and attach MLD snooping profiles.
l2vpn bridge group bg1 bridge-domain bd1 mld snooping profile bridge_profile interface bundle-Ether 1 mld snooping profile port_profile interface bundle-Ether 2 ! ! !
Verify the configured bridge ports.
show mld snooping port