Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide, Release 5.1.x
Implementing MLD Snooping
Downloads: This chapterpdf (PDF - 1.33MB) The complete bookPDF (PDF - 4.43MB) | Feedback

Implementing MLD Snooping

Implementing MLD Snooping

This module describes how to implement MLD snooping on the Cisco ASR 9000 Series Router.

Feature History for MLD Snooping

Release

Modification

Release 4.3.0

This feature was introduced.

MLD Snooping

Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at Layer 2. By snooping the MLD membership reports sent by hosts in the bridge domain, the MLD snooping application can set up Layer 2 multicast forwarding tables to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast traffic.

MLD snooping uses the information in MLD membership report messages to build corresponding information in the forwarding tables to restrict IPv6 multicast traffic at Layer 2. The forwarding table entries are in the form <Route, OIF List>, where:

  • Route is a <*, G> route or <S, G> route.
  • OIF List comprises all bridge ports that have sent MLD membership reports for the specified route plus all multicast router (mrouter) ports in the bridge domain.

For more information regarding MLD snooping, refer the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide.

Prerequisites for MLD Snooping

  • The network must be configured with a layer2 VPN.
  • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Restrictions for MLD Snooping

Following are the restrictions (features that are not supported):

  • MLD Snooping is supported only on L2VPN bridge domains.
  • Explicit host tracking.
  • Multicast Admission Control.
  • Security filtering.
  • Report rate limiting.
  • Multicast router discovery.

Advantages of MLD Snooping

Advantages of MLD Snooping

  • In its basic form, it reduces bandwidth consumption by reducing multicast traffic that would otherwise flood an entire VPLS bridge domain.
  • With the use of some optional configurations, it provides security between bridge domains by filtering the MLD reports received from hosts on one bridge port and preventing leakage towards the hosts on other bridge ports.

High Availability (HA) features for MLD

MLD supports the following HA features:

  • Process restarts
  • RP Failover
  • Stateful Switch-Over (SSO)
  • Non-Stop Forwarding (NSF)—Forwarding continues unaffected while the control plane is restored following a process restart or route processor (RP) failover.
  • Line card online insertion and removal (OIR)

Bridge Domain Support for MLD

MLD snooping operates at the bridge domain level. When MLD snooping is enabled on a bridge domain, the snooping functionality applies to all ports under the bridge domain, including:

  • Physical ports under the bridge domain.
  • Ethernet flow points (EFPs)—An EFP can be a VLAN, VLAN range, list of VLANs, or an entire interface port.
  • Pseudowires (PWs) in VPLS bridge domains.
  • Ethernet bundles—Ethernet bundles include IEEE 802.3ad link bundles and Cisco EtherChannel bundles. From the perspective of the MLD snooping application, an Ethernet bundle is just another EFP. The forwarding application in the Cisco ASR 9000 Series Routers randomly nominates a single port from the bundle to carry the multicast traffic.

Multicast Router and Host Ports

MLD snooping classifies each port as one of the following:

  • Multicast router ports (mrouter ports)—These are ports to which a multicast-enabled router is connected. Mrouter ports are usually dynamically discovered, but may also be statically configured. Multicast traffic is always forwarded to all mrouter ports, except when an mrouter port is the ingress port.
  • Host ports—Any port that is not an mrouter port is a host port.

Multicast Router Discovery for MLD

MLD snooping discovers mrouter ports dynamically. You can also explicitly configure a port as an emrouter port.

  • Discovery- MLD snooping identifies upstream mrouter ports in the bridge domain by snooping mld query messages and Protocol Independent Multicast Version 2 (PIMv2) hello messages. Snooping PIMv2 hello messages identifies mld nonqueriers in the bridge domain.
  • Static configuration—You can statically configure a port as an mrouter port with the mrouter command in a profile attached to the port. Static configuration can help in situations when incompatibilities with non-Cisco equipment prevent dynamic discovery.

Multicast Traffic Handling for MLD

The following tables describe the traffic handling behavior by MLD mrouters and host ports.

Table 1 Multicast Traffic Handling for a MLDv1 Querier

Traffic Type

Received on MRouter Ports

Received on Host Ports

IP multicast source traffic

Forwards to all mrouter ports and to host ports that indicate interest.

Forwards to all mrouter ports and to host ports that indicate interest.

MLD general queries

Forwards to all ports.

MLD group-specific queries

Forwards to all other mrouter ports.

Dropped

MLDv1 joins

Examines (snoops) the reports.

  • If report suppression is enabled, forwards first join for a new group or first join following a general query for an existing group.
  • If report suppression is disabled, forwards on all mrouter ports.

Examines (snoops) the reports.

  • If report suppression is enabled, forwards first join for a new group or first join following a general query for an existing group.
  • If report suppression is disabled, forwards on all mrouter ports.

MLDv2 reports

Ignores

Ignores

MLDv1 leaves

Invokes last member query processing.

Invokes last member query processing.

Table 2 Multicast Traffic Handling for a MLDv2 Querier

Traffic Type

Received on MRouter Ports

Received on Host Ports

IP multicast source traffic

Forwards to all mrouter ports and to host ports that indicate interest.

Forwards to all mrouter ports and to host ports that indicate interest.

MLD general queries

Forwards to all ports.

MLD group-specific queries

If received on the querier port floods on all ports.

MLDv1 joins

Handles as MLDv2 IS_EX{} reports.

Handles as MLDv2 IS_EX{} reports.

MLDv2 reports

  • If proxy reporting is enabled—For state changes or source-list changes, generates a state change report on all mrouter ports.
  • If proxy reporting is disabled—Forwards on all mrouter ports.
  • If proxy reporting is enabled—For state changes or source-list changes, generates a state change report on all mrouter ports.
  • If proxy reporting is disabled—Forwards on all mrouter ports.

MLDv1 leaves

Handles as MLDv2 IS_IN{} reports.

Handles as MLDv2 IS_IN{} reports.

Creating a MLD Snooping Profile

SUMMARY STEPS

    1.    configure

    2.    mld snooping profile profile-name

    3.    Optionally, add commands to override default configuration values.

    4.    Use the commit or end command.


DETAILED STEPS
     Command or ActionPurpose
    Step 1 configure


    Example:
    RP/0/RSP0/CPU0:router# configure
     

    Enters global configuration mode.

     
    Step 2 mld snooping profile profile-name


    Example:
    RP/0/RSP0/CPU0:router(config)# mld snooping profile default-bd-profile
    
    
     

    Enters MLD snooping profile configuration mode and creates a named profile.

    The default profile enables MLD snooping. You can commit the new profile without any additional configurations, or you can include additional configuration options to the profile. You can also return to the profile later to add configurations, as described in other tasks in this module.

     
    Step 3Optionally, add commands to override default configuration values. 

    If you are creating a bridge domain profile, consider the following:

    • An empty profile is appropriate for attaching to a bridge domain. An empty profile enables MLD snooping with default configuration values.
    • You can optionally add more commands to the profile to override default configuration values.
    • If you include port-specific configurations in a bridge domain profile, the configurations apply to all ports under the bridge, unless another profile is attached to a port.

    If you are creating a port-specific profile, consider the following:

    • While an empty profile could be attached to a port, it would have no effect on the port configuration.
    • When you attach a profile to a port, MLD snooping reconfigures that port, overriding any inheritance of configuration values from the bridge-domain profile. You must repeat the commands in the port profile if you want to retain those configurations.

    You can detach a profile, change it, and reattach it to add commands to a profile at a later time.

     
    Step 4 Use the commit or end command.  

    commit—Saves the configuration changes and remains within the configuration session.

    end—Prompts user to take one of these actions:
    • Yes— Saves configuration changes and exits the configuration session.
    • No—Exits the configuration session without committing the configuration changes.
    • Cancel—Remains in the configuration mode, without committing the configuration changes.
     

    Activating MLD Snooping on a Bridge Domain

    To activate MLD snooping on a bridge domain, attach a MLD snooping profile to the desired bridge domain as explained here.

    SUMMARY STEPS

      1.    configure

      2.    l2vpn

      3.    bridge group bridge-group-name

      4.    bridge-domain bridge-domain-name

      5.    mld snooping profile profile-name

      6.    Use the commit or end command.


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 configure


      Example:
      RP/0/RSP0/CPU0:router# configure
       

      Enters global configuration mode.

       
      Step 2l2vpn


      Example:
      RP/0/RSP0/CPU0:router(config)# l2vpn
      
      
       

      Enters Layer 2 VPN configuration mode.

       
      Step 3bridge group bridge-group-name


      Example:
      RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group GRP1
      
      
       

      Enters Layer 2 VPN VPLS bridge group configuration mode for the named bridge group.

       
      Step 4bridge-domain bridge-domain-name


      Example:
      RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain ISP1
      
      
       

      Enters Layer 2 VPN VPLS bridge group bridge domain configuration mode for the named bridge domain.

       
      Step 5mld snooping profile profile-name


      Example:
      RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# mld snooping profile default-bd-profile
      
      
       

      Attaches the named MLD snooping profile to the bridge domain, enabling MLD snooping on the bridge domain.

       
      Step 6 Use the commit or end command.  

      commit—Saves the configuration changes and remains within the configuration session.

      end—Prompts user to take one of these actions:
      • Yes— Saves configuration changes and exits the configuration session.
      • No—Exits the configuration session without committing the configuration changes.
      • Cancel—Remains in the configuration mode, without committing the configuration changes.
       

      Deactivating MLD Snooping on a Bridge Domain

      To deactivate MLD snooping from a bridge domain, remove the profile from the bridge domain using the following steps:


      Note


      A bridge domain can have only one profile attached to it at a time.


      SUMMARY STEPS

        1.    configure

        2.    l2vpn

        3.    bridge group bridge-group-name

        4.    bridge-domain bridge-domain-name

        5.    no mld snooping

        6.    Use the commit or end command.


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 configure


        Example:
        RP/0/RSP0/CPU0:router# configure
         

        Enters global configuration mode.

         
        Step 2l2vpn


        Example:
        RP/0/RSP0/CPU0:router(config)# l2vpn
        
        
         

        Enters Layer 2 VPN configuration mode.

         
        Step 3bridge group bridge-group-name


        Example:
        RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group GRP1
        
        
         

        Enters Layer 2 VPN VPLS bridge group configuration mode for the named bridge group.

         
        Step 4bridge-domain bridge-domain-name


        Example:
        RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain ISP1
        
        
         

        Enters Layer 2 VPN VPLS bridge group bridge domain configuration mode for the named bridge domain.

         
        Step 5no mld snooping


        Example:
        RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# no mld snooping
        
        
         

        Detaches the MLD snooping profile from the bridge domain, disabling MLD snooping on that bridge domain.

        Note   

        Only one profile can be attached to a bridge domain at a time. If a profile is attached, MLD snooping is enabled. If a profile is not attached, MLD snooping is disabled.

         
        Step 6 Use the commit or end command.  

        commit—Saves the configuration changes and remains within the configuration session.

        end—Prompts user to take one of these actions:
        • Yes— Saves configuration changes and exits the configuration session.
        • No—Exits the configuration session without committing the configuration changes.
        • Cancel—Remains in the configuration mode, without committing the configuration changes.
         

        Configuring Static Mrouter Ports (MLD)

        Before You Begin

        MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.


        Note


        Static mrouter port configuration is a port-level option and should be added to profiles intended for ports. It is not recommended to add mrouter port configuration to a profile intended for bridge domains.


        SUMMARY STEPS

          1.    configure

          2.    mld snooping profile profile-name

          3.    mrouter

          4.    Use the commit or end command.


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 configure


          Example:
          RP/0/RSP0/CPU0:router# configure
           

          Enters global configuration mode.

           
          Step 2mld snooping profile profile-name


          Example:
          RP/0/RSP0/CPU0:router(config)# mld snooping profile mrouter-port-profile
          
          
           

          Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

           
          Step 3mrouter


          Example:
          RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# mrouter
          
          
           

          Configures a port as a static mrouter port.

           
          Step 4 Use the commit or end command.  

          commit—Saves the configuration changes and remains within the configuration session.

          end—Prompts user to take one of these actions:
          • Yes— Saves configuration changes and exits the configuration session.
          • No—Exits the configuration session without committing the configuration changes.
          • Cancel—Remains in the configuration mode, without committing the configuration changes.
           

          Configuring Router Guard (MLD)

          To prevent multicast routing protocol messages from being received on a port and, therefore, prevent a port from being a dynamic mrouter port, follow these steps. Note that both router guard and static mrouter commands may be configured on the same port.

          Before You Begin

          MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.


          Note


          Router guard configuration is a port-level option and should be added to profiles intended for ports. It is not recommended to add router guard configuration to a profile intended for bridge domains. To do so would prevent all mrouters, including MLD queriers, from being discovered in the bridge domain.


          SUMMARY STEPS

            1.    configure

            2.    mld snooping profile profile-name

            3.    router-guard

            4.    Use the commit or end command.

            5.    show mld snooping profile profile-name detail


          DETAILED STEPS
             Command or ActionPurpose
            Step 1 configure


            Example:
            RP/0/RSP0/CPU0:router# configure
             

            Enters global configuration mode.

             
            Step 2mld snooping profile profile-name


            Example:
            RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile
            
            
             

            Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

             
            Step 3router-guard


            Example:
            RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# router-guard
            
            
             

            Protects the port from dynamic discovery.

             
            Step 4 Use the commit or end command.  

            commit—Saves the configuration changes and remains within the configuration session.

            end—Prompts user to take one of these actions:
            • Yes— Saves configuration changes and exits the configuration session.
            • No—Exits the configuration session without committing the configuration changes.
            • Cancel—Remains in the configuration mode, without committing the configuration changes.
             
            Step 5show mld snooping profile profile-name detail


            Example:
            RP/0/RSP0/CPU0:router# show mld snooping profile host-port-profile detail
            
            
             

            (Optional) Displays the configuration settings in the named profile.

             

            Configuring Immediate-leave for MLD

            To add the MLD snooping immediate-leave option to an MLD snooping profile, follow these steps.

            SUMMARY STEPS

              1.    configure

              2.    mld snooping profile profile-name

              3.    immediate-leave

              4.    Use the commit or end command.

              5.    show mld snooping profile profile-name detail


            DETAILED STEPS
               Command or ActionPurpose
              Step 1 configure


              Example:
              RP/0/RSP0/CPU0:router# configure
               

              Enters global configuration mode.

               
              Step 2mld snooping profile profile-name


              Example:
              RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile
              
              
               

              Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

               
              Step 3immediate-leave


              Example:
              RP/0/RSP0/CPU0:router(config-mld-snooping-profile)# immediate-leave
              
              
               

              Enables the immediate-leave option.

              • If you add this option to a profile attached to a bridge domain, it applies to all ports under the bridge.
              • If you add this option to a profile attached to a port, it applies to the port.
               
              Step 4 Use the commit or end command.  

              commit—Saves the configuration changes and remains within the configuration session.

              end—Prompts user to take one of these actions:
              • Yes— Saves configuration changes and exits the configuration session.
              • No—Exits the configuration session without committing the configuration changes.
              • Cancel—Remains in the configuration mode, without committing the configuration changes.
               
              Step 5show mld snooping profile profile-name detail


              Example:
              RP/0/RSP0/CPU0:router# show mld snooping profile host-port-profile detail
              
              
               

              (Optional) Displays the configuration settings in the named profile.

               

              Configuring Internal Querier for MLD

              Before You Begin

              MLD snooping must be enabled on the bridge domain for this procedure to take effect.

              SUMMARY STEPS

                1.    configure

                2.    mld snooping profile profile-name

                3.    system-ip-address ip-addr

                4.    internal-querier

                5.    Use the commit or end command.

                6.    show mld snooping profile profile-name detail


              DETAILED STEPS
                 Command or ActionPurpose
                Step 1 configure


                Example:
                RP/0/RSP0/CPU0:router# configure
                 

                Enters global configuration mode.

                 
                Step 2mld snooping profile profile-name


                Example:
                RP/0/RSP0/CPU0:router(config)# mld snooping profile internal-querier-profile
                
                
                 

                Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

                 
                Step 3system-ip-address ip-addr


                Example:
                RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# system-ip-address 10.1.1.1
                
                
                 

                Configures an IP address for internal querier use. The default system-ip-address value (0.0.0.0) is not valid for the internal querier. You must explicitly configure an IP address.

                 
                Step 4internal-querier


                Example:
                RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# internal-querier
                
                
                 

                Enables an internal querier with default values for all options.

                 
                Step 5 Use the commit or end command.  

                commit—Saves the configuration changes and remains within the configuration session.

                end—Prompts user to take one of these actions:
                • Yes— Saves configuration changes and exits the configuration session.
                • No—Exits the configuration session without committing the configuration changes.
                • Cancel—Remains in the configuration mode, without committing the configuration changes.
                 
                Step 6show mld snooping profile profile-name detail


                Example:
                RP/0/RSP0/CPU0:router# show mld snooping profile internal-querier-profile detail
                
                
                 

                (Optional) Displays the configuration settings in the named profile.

                 

                Configuring Static Groups for MLD

                To add one or more static groups or MLDv2 source groups to an MLD snooping profile, follow these steps.

                Before You Begin

                MLD snooping must be enabled on the bridge domain for port-specific profiles to affect MLD snooping behavior.

                SUMMARY STEPS

                  1.    configure

                  2.    mld snooping profile profile-name

                  3.    static-group group-addr [source source-addr]

                  4.    Repeat the previous step, as needed, to add more static groups.

                  5.    Use the commit or end command.


                DETAILED STEPS
                   Command or ActionPurpose
                  Step 1 configure


                  Example:
                  RP/0/RSP0/CPU0:router# configure
                   

                  Enters global configuration mode.

                   
                  Step 2mld snooping profile profile-name


                  Example:
                  RP/0/RSP0/CPU0:router(config)# mld snooping profile host-port-profile
                  
                  
                   

                  Enters MLD snooping profile configuration mode and creates a new profile or accesses an existing profile.

                   
                  Step 3 static-group group-addr [source source-addr]


                  Example:
                  RP/0/RSP0/CPU0:router(config-mld-snooping- profile)# static-group 239.1.1.1 source 10.0.1.1
                  
                  
                   

                  Configures a static group.

                  • If you add this option to a profile attached to a bridge domain, it applies to all ports under the bridge.
                  • If you add this option to a profile attached to a port, it applies to the port.
                   
                  Step 4Repeat the previous step, as needed, to add more static groups.  

                  (Optional) Adds additional static groups.

                   
                  Step 5 Use the commit or end command.  

                  commit—Saves the configuration changes and remains within the configuration session.

                  end—Prompts user to take one of these actions:
                  • Yes— Saves configuration changes and exits the configuration session.
                  • No—Exits the configuration session without committing the configuration changes.
                  • Cancel—Remains in the configuration mode, without committing the configuration changes.
                   

                  Configuring MLD Snooping

                  1. Create two profiles:
                    mld snooping profile bridge_profile
                    !
                    mld snooping profile port_profile
                       mrouter
                    !
                    
                    
                  2. Configure two physical interfaces for L2 support.
                    interface GigabitEthernet0/8/0/38
                       negotiation auto
                       l2transport
                       no shut
                       !
                    !
                    interface GigabitEthernet0/8/0/39
                       negotiation auto
                       l2transport
                       no shut
                       !
                    !
                    
                    
                  3. Add interfaces to the bridge domain. Attach bridge_profile to the bridge domain and port_profile to one of the Ethernet interfaces. The second Ethernet interface inherits MLD snooping configuration attributes from the bridge domain profile.
                    l2vpn
                      bridge group bg1
                         bridge-domain bd1
                         mld snooping profile bridge_profile
                         interface GigabitEthernet0/8/0/38
                           mld snooping profile port_profile
                         interface GigabitEthernet0/8/0/39
                         !
                      !
                    !
                    
                    
                  4. Verify the configured bridge ports.
                    show mld snooping port
                    
                    

                  Configuring MLD Snooping on Ethernet Bundles

                  1. This example assumes that the front-ends of the bundles are preconfigured. For example, a bundle configuration might consist of three switch interfaces, as follows:
                        interface Port-channel1
                        !
                    interface GigabitEthernet0/0/0/0
                        !
                    interface GigabitEthernet0/0/0/1
                    !
                        interface GigabitEthernet0/0/0/2
                           channel-group 1 mode on
                        !
                        interface GigabitEthernet0/0/0/3
                           channel-group 1 mode on
                        !
                    
                    
                  2. Configure two MLD snooping profiles.
                           mld snooping profile bridge_profile
                           !
                           mld snooping profile port_profile
                              mrouter
                           !
                    
                    
                  3. Configure interfaces as bundle member links.
                           interface GigabitEthernet0/0/0/0
                             bundle id 1 mode on
                             negotiation auto
                           !
                           interface GigabitEthernet0/0/0/1  
                             bundle id 1 mode on
                             negotiation auto
                           !
                           interface GigabitEthernet0/0/0/2
                             bundle id 2 mode on
                             negotiation auto
                           !
                           interface GigabitEthernet0/0/0/3
                             bundle id 2 mode on
                             negotiation auto
                           !
                    
                    
                  4. Configure the bundle interfaces for L2 transport.
                    interface Bundle-Ether 1
                              l2transport
                              !
                           !
                           interface Bundle-Ether 2
                              l2transport
                              !
                           !
                    
                    
                  5. Add the interfaces to the bridge domain and attach MLD snooping profiles.
                           l2vpn
                             bridge group bg1
                                bridge-domain bd1
                                mld snooping profile bridge_profile
                                interface bundle-Ether 1
                                  mld snooping profile port_profile
                                interface bundle-Ether 2
                                !
                             !
                          !
                    
                    
                  6. Verify the configured bridge ports.
                    show mld snooping port