Information About IGMP Snooping
Note |
We recommend that you do not disable IGMP snooping on the device. If you disable IGMP snooping, you might see reduced multicast performance because of excessive false flooding within the device. |
IGMP snooping software examines Layer 2 IP multicast traffic within a VLAN to discover the ports where interested receivers reside. Using the port information, IGMP snooping can reduce bandwidth consumption in a multiaccess LAN environment to avoid flooding the entire VLAN. IGMP snooping tracks which ports are attached to multicast-capable routers to help the routers forward IGMP membership reports. The IGMP snooping software responds to topology change notifications. By default, IGMP snooping is enabled on the device.
This figure shows an IGMP snooping switch that sits between the host and the IGMP router. The IGMP snooping switch snoops the IGMP membership reports and leave messages and forwards them only when necessary to the connected IGMP routers.
The IGMP snooping software operates upon IGMPv1, IGMPv2, and IGMPv3 control plane packets where Layer 3 control plane packets are intercepted and influence the Layer 2 forwarding behavior.
For more information about IGMP, see Configuring IGMP.
The Cisco NX-OS IGMP snooping software has the following proprietary features:
-
Source filtering that allows forwarding of multicast packets based on destination and source IP.
-
Multicast forwarding based on IP addresses rather than MAC addresses.
-
Beginning with Cisco Release 5.2(1) for the Nexus 7000 Series devices, multicast forwarding alternately based on the MAC address
-
Optimized multicast flooding (OMF) that forwards unknown traffic to routers only and performs no data-driven state creation.
IGMPv1 and IGMPv2
Both IGMPv1 and IGMPv2 support membership report suppression, which means that if two hosts on the same subnet want to receive multicast data for the same group, then the host that receives a member report from the other host suppresses sending its report. Membership report suppression occurs for hosts that share a port.
If no more than one host is attached to each VLAN switch port, you can configure the fast leave feature in IGMPv2. The fast leave feature does not send last member query messages to hosts. As soon as the software receives an IGMP leave message, the software stops forwarding multicast data to that port.
IGMPv1 does not provide an explicit IGMP leave message, so the software must rely on the membership message timeout to indicate that no hosts remain that want to receive multicast data for a particular group.
Note |
The software ignores the configuration of the last member query interval when you enable the fast leave feature because it does not check for remaining hosts. |
IGMPv3
The IGMPv3 snooping implementation on Cisco NX-OS supports full IGMPv3 snooping, which provides constrained flooding based on the (S, G) information in the IGMPv3 reports. This source-based filtering enables the device to constrain multicast traffic to a set of ports based on the source that sends traffic to the multicast group.
By default, the software tracks hosts on each VLAN port. The explicit tracking feature provides a fast leave mechanism. Because every IGMPv3 host sends membership reports, report suppression limits the amount of traffic that the device sends to other multicast-capable routers. When report suppression is enabled, and no IGMPv1 or IGMPv2 hosts requested the same group, the software provides proxy reporting. The proxy feature builds the group state from membership reports from the downstream hosts and generates membership reports in response to queries from upstream queriers.
Even though the IGMPv3 membership reports provide a full accounting of group members on a LAN segment, when the last host leaves, the software sends a membership query. You can configure the parameter last member query interval. If no host responds before the timeout, the software removes the group state.
IGMP Snooping Querier
When PIM is not enabled on an interface because the multicast traffic does not need to be routed, you must configure an IGMP snooping querier to send membership queries. You define the querier in a VLAN that contains multicast sources and receivers but no other active querier.
The querier can be configured to use any IP address in the VLAN.
As a best practice, a unique IP address, one that is not already used by the switch interface or the HSRP VIP, should be configured so as to easily reference the querier. In a vPC configuration too, the querier IP should be unique on the vPC primary and secondary.
Note |
The IP address for the querier should not be a broadcast IP, multicast IP, or 0(0.0.0.0). |
When an IGMP snooping querier is enabled, it sends out periodic IGMP queries that trigger IGMP report messages from hosts that want to receive IP multicast traffic. IGMP snooping listens to these IGMP reports to establish appropriate forwarding.
The IGMP snooping querier performs querier election as described in RFC 2236. A querier election occurs in the following configurations:
-
When there are multiple switch queriers configured with the same subnet on the same VLAN on different switches.
-
When the configured switch querier is in the same subnet as with other Layer 3 SVI queriers.
Static Multicast MAC Address
Beginning with the Cisco Release 5.2(1) for the Nexus 7000 Series devices, you configure an outgoing interface statically for a multicast MAC address. Also, you can configure the IGMP snooping to use a MAC-based lookup mode.
Previously, the system performs the lookup on a Layer 2 multicast table using the destination IP address rather than the destination MAC address. However, some applications share a single unicast cluster IP and multicast cluster MAC address. The system forwards traffic destined to the unicast cluster IP address by the last-hop router with the shared multicast MAC address. This action can be accomplished by assigning a static multicast MAC address for the destination IP address for the end host or cluster.
The default lookup mode remains IP, but you can configure the lookup type to MAC address-based. You can configure the lookup mode globally or per VLAN:
-
If the VDC contains ports from only an M-Series module and the global lookup mode is set to IP, VLANs can be set to either one of the two lookup modes. But, if the global lookup mode is set to a MAC address, the operational lookup mode for all the VLANs changes to MAC-address mode.
-
If the VDC contains ports from both an M-Series module and an F-Series module and if you change the lookup mode to a MAC address in any VLAN, the operation lookup mode changes for all of the VLANs to a MAC-address based. With these modules in the chassis, you have the same lookup mode globally and for the VLANs. Similarly, if the global lookup mode is MAC-address based, the operational lookup mode for all VLAN is also MAC-address based.
Note
Changing the lookup mode is disruptive. Multicast forwarding is not optimal until all multicast entries are programmed with the new lookup mode. Also, when 32 IP addresses are mapped to a single MAC address, you might see suboptimal forwarding on the device.
IGMP Snooping with VDCs and VRFs
A virtual device context (VDC) is a logical representation of a set of system resources. Within each VDC, you can define multiple virtual routing and forwarding (VRF) instances. One IGMP process can run per VDC. The IGMP process supports all VRFs in that VDC and performs the function of IGMP snooping within that VDC.
You can use the show commands with a VRF argument to provide a context for the information displayed. The default VRF is used if no VRF argument is supplied.
For information about configuring VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide.
For information about configuring VRFs, see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide.
IGMP Snooping across VPLS Domains
Beginning with Cisco Release 6.2(2) for the Nexus 7000 Series devices, IGMP snooping can be configured across Virtual Private LAN Service (VPLS) domains. The IGMP Snooping across VPLS Domains feature enables snooping of the IGMP packets on the pseudowire and on the Layer 2 side of the network for optimal delivery of the multicast packets.
A pseudowire is a point-to-point connection between pairs of Provider Edge (PE) devices. A pseudowire emulates services like Ethernet over an underlying core multiprotocol label switching (MPLS) network through encapsulation into a common MPLS format. A pseudowire allows carriers to converge their services to an MPLS network by encapsulating services into a common MPLS format.
By snooping IGMP packets received on a link, the device sends multicast packets only to interested end points. Once an IGMP packet going over the Layer 2 link is snooped, it is passed to the control plane. The control plane will add the link on which it was received to the multicast group. The IGMP packets coming on the pseudowire are also snooped and sent to the control plane. The control plane then adds the pseudowire to the multicast group. When a multicast packet is received, it will be sent only to the multicast group instead of flooding the VLAN.