The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure Internet Group Management Protocol (IGMP) snooping on a Cisco NX-OS device.
Note | We recommend that you do not disable IGMP snooping on the device. If you disable IGMP snooping, you might see reduced multicast performance because of excessive false flooding within the device. |
IGMP snooping software examines Layer 2 IP multicast traffic within a VLAN to discover the ports where interested receivers reside. Using the port information, IGMP snooping can reduce bandwidth consumption in a multi-access LAN environment to avoid flooding the entire VLAN. IGMP snooping tracks which ports are attached to multicast-capable routers to help the routers forward IGMP membership reports. The IGMP snooping software responds to topology change notifications. By default, IGMP snooping is enabled on the device.
This figure shows an IGMP snooping switch that sits between the host and the IGMP router. The IGMP snooping switch snoops the IGMP membership reports and Leave messages and forwards them only when necessary to the connected IGMP routers.
The IGMP snooping software operates upon IGMPv1, IGMPv2, and IGMPv3 control plane packets where Layer 3 control plane packets are intercepted and influence the Layer 2 forwarding behavior.
The Cisco NX-OS IGMP snooping software has the following proprietary features:
Source filtering that allows forwarding of multicast packets based on destination and source IP addresses
Multicast forwarding based on IP addresses rather than the MAC address
Optimized multicast flooding (OMF) that forwards unknown traffic to routers only and performs no data-driven state creation
For more information about IGMP snooping, see RFC 4541.
Both IGMPv1 and IGMPv2 support membership report suppression, which means that if two hosts on the same subnet want to receive multicast data for the same group, the host that receives a member report from the other host suppresses sending its report. Membership report suppression occurs for hosts that share a port.
If no more than one host is attached to each VLAN switch port, you can configure the fast leave feature in IGMPv2. The fast leave feature does not send last member query messages to hosts. As soon as the software receives an IGMP leave message, the software stops forwarding multicast data to that port.
IGMPv1 does not provide an explicit IGMP leave message, so the software must rely on the membership message timeout to indicate that no hosts remain that want to receive multicast data for a particular group.
Note | The software ignores the configuration of the last member query interval when you enable the fast leave feature because it does not check for remaining hosts. |
The IGMPv3 snooping implementation on Cisco NX-OS supports full IGMPv3 snooping, which provides constrained flooding based on the (S, G) information in the IGMPv3 reports. This source-based filtering enables the device to constrain multicast traffic to a set of ports based on the source that sends traffic to the multicast group.
By default, the software tracks hosts on each VLAN port. The explicit tracking feature provides a fast leave mechanism. Because every IGMPv3 host sends membership reports, report suppression limits the amount of traffic that the device sends to other multicast-capable routers. When report suppression is enabled, and no IGMPv1 or IGMPv2 hosts requested the same group, the software provides proxy reporting. The proxy feature builds the group state from membership reports from the downstream hosts and generates membership reports in response to queries from upstream queriers.
Even though the IGMPv3 membership reports provide a full accounting of group members on a LAN segment, when the last host leaves, the software sends a membership query. You can configure the parameter last member query interval. If no host responds before the timeout, the software removes the group state.
When PIM is not enabled on an interface because the multicast traffic does not need to be routed, you must configure an IGMP snooping querier to send membership queries. You define the querier in a VLAN that contains multicast sources and receivers but no other active querier.
The querier can be configured to use any IP address in the VLAN.
As a best practice, a unique IP address, one that is not already used by the switch interface or the Hot Standby Router Protocol (HSRP) virtual IP address, should be configured so as to easily reference the querier.
Note | The IP address for the querier should not be a broadcast IP address, multicast IP address, or 0 (0.0.0.0). |
When an IGMP snooping querier is enabled, it sends out periodic IGMP queries that trigger IGMP report messages from hosts that want to receive IP multicast traffic. IGMP snooping listens to these IGMP reports to establish appropriate forwarding.
The IGMP snooping querier performs querier election as described in RFC 2236. Querier election occurs in the following configurations:
You can define multiple virtual routing and forwarding (VRF) instances for IGMP snooping.
You can use the show commands with a VRF argument to provide a context for the information displayed. The default VRF is used if no VRF argument is supplied.
For information about configuring VRFs, see the Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.
IGMP snooping has the following prerequisites:
IGMP snooping has the following guidelines and limitations:
Layer 3 IPv6 multicast routing is not supported.
Layer 2 IPv6 multicast packets will be flooded on the incoming VLAN.
You must disable IGMP optimized multicast flooding (OMF) for IPv6 multicast networks that require multicast forwarding over a Layer 2 network.
You must disable IGMP optimized multicast forwarding on VLANs that require forwarding of IPv6 packets.
If you are configuring vPC peers, the differences in the IGMP snooping configuration options between the two devices have the following results:
If IGMP snooping is enabled on one device but not on the other, the device on which snooping is disabled floods all multicast traffic.
A difference in multicast router or static group configuration can cause traffic loss.
The fast leave, explicit tracking, and report suppression options can differ if they are used for forwarding traffic.
If a query parameter is different between the devices, one device expires the multicast state faster while the other device continues to forward. This difference results in either traffic loss or forwarding for an extended period.
If an IGMP snooping querier is configured on both devices, only one of them will be active because an IGMP snooping querier shuts down if a query is seen in the traffic.
You must enable the ip igmp snooping group-timeout command when you use the ip igmp snooping proxy general-queries command. We recommend that you set it to "never". Otherwise, you might experience multicast packet loss.
Note | If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. |
Note | You must enable IGMP snooping globally before any other commands take effect. |
To affect the operation of the IGMP snooping process globally, you can configure the optional IGMP snooping parameters described in the following table:
Notes for IGMP Snooping Parameters
The following are additional notes about some of the IGMP snooping parameters.
IGMP Snooping Proxy parameter
To decrease the burden placed on the snooping switch during each IGMP general query (GQ) interval, the Cisco NX-OS software provides a way to decouple the periodic general query behavior of the IGMP snooping switch from the query interval configured on the multicast routers.
You can configure the device to consume IGMP general queries from the multicast router, rather than flooding the general queries to all the switchports. When the device receives a general query, it produces proxy reports for all currently active groups and distributes the proxy reports over the period specified by the MRT that is specified in the router query. At the same time, independent of the periodic general query activity of the multicast router, the device sends an IGMP general query on each port in the VLAN in a round-robin fashion. It cycles through all the interfaces in the VLAN at the rate given by the following formula.
Rate = {number of interfaces in VLAN} * {configured MRT} * {number of VLANs}
When queries are run in this mode, the default MRT value is 5,000 milliseconds (5 seconds). For a device that has 500 switchports in a VLAN, it would take 2,500 seconds (40 minutes) to cycle through all the interfaces in the system. This is also true when the device itself is the querier.
This behavior ensures that only one host responds to a general query at a given time, and it keeps the simultaneous reporting rate below the packet-per-second IGMP capability of the device (approximately 3,000 to 4,000 pps).
Note | When you use this option, you must change the ip igmp snooping group-timeout parameter to a high value or to never time out. |
The ip igmp snooping proxy general-queries [mrt] command causes the snooping function to proxy reply to general queries from the multicast router while also sending round-robin general queries on each switchport with the specified MRT value. (The default MRT value is 5 seconds.)
IGMP Snooping Group-timeout parameter
Configuring the group-timeout parameter disables the behavior of an expiring membership based on three missed general queries. Group membership remains on a given switchport until the device receives an explicit IGMP leave on that port.
The ip igmp snooping group-timeout {timeout | never} command modifies or disables the behavior of an expiring IGMP snooping group membership after three missed general queries.
Command or Action | Purpose | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Step 1 | configure terminal
Example: switch# configure terminal switch(config)# | |||||||||||||||||||||
Step 2 |
|
The following commands can be used to configure IGMP snooping. | ||||||||||||||||||||
Step 3 | copy running-config startup-config
Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
To affect the operation of the IGMP snooping process per VLAN, you can configure the optional IGMP snooping parameters described in this table.
Enables IGMP snooping on a per-VLAN basis. The default is enabled.
|
|||
Access group |
Filters IGMP packets at the snooping layer. The default is disabled. |
||
Tracks IGMPv3 membership reports from individual hosts for each port on a per-VLAN basis. The default is enabled. |
|||
Enables the software to remove the group state when it receives an IGMP leave report without sending an IGMP query message. This parameter is used for IGMPv2 hosts when no more than one host is present on each VLAN port. The default is disabled. |
|||
Configures the group membership timeout for the specified VLANs. |
|||
Sets the interval that the software waits after sending an IGMP query to verify that no hosts that want to receive a particular multicast group remain on a network segment. If no hosts respond before the last member query interval expires, the software removes the group from the associated VLAN port. Values range from 1 to 25 seconds. The default is 1 second. |
|||
Configures optimized multicast flooding (OMF) on specified VLANs. The default is enabled. |
|||
Configures IGMP snooping proxy for the specified VLANs. The default is 5 seconds. |
|||
Report policy |
Filters IGMP packets at the snooping layer. The default is disabled. |
||
Configures a snooping querier on an interface when you do not enable PIM because multicast traffic does not need to be routed. You can also configure the following values for the snooping querier: |
|||
Limits the membership report traffic sent to multicast-capable routers on a per-VLAN basis. When you disable report suppression, all IGMP reports are sent as-is to multicast-capable routers. The default is enabled. |
|||
Configures a static connection to a multicast router. The interface to the router must be in the selected VLAN. |
|||
Configures the Layer 2 port of a VLAN as a static member of a multicast group. |
|||
Configures link-local groups suppression on a per-VLAN basis. The default is enabled. |
|||
Configures IGMPv3 report suppression and proxy reporting on a per-VLAN basis. The default is enabled per VLAN. |
|||
Note | You configure the IGMP snooping parameters that you want by using this configuration mode; however, the configurations apply only after you specifically create the specified VLAN. See the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide for information on creating VLANs. |
Command or Action | Purpose | |||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Step 1 |
configure
terminal
Example: switch# configure terminal switch(config)# | |||||||||||||||||||||||||||||||||||||||||||||||
Step 2 | ip igmp snooping
Example: switch(config)# ip igmp snooping |
Enables IGMP snooping. The default is enabled.
| ||||||||||||||||||||||||||||||||||||||||||||||
Step 3 | vlan configuration
vlan-id
Example: switch(config)# vlan configuration 2 switch(config-vlan-config)# |
Configures the IGMP snooping parameters you want for the VLAN. These configurations do not apply until you create the specified VLAN. | ||||||||||||||||||||||||||||||||||||||||||||||
Step 4 |
|
These commands configure IGMP snooping parameters. | ||||||||||||||||||||||||||||||||||||||||||||||
Step 5 | copy running-config startup-config
Example: switch(config)# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
Command | Description |
---|---|
show ip igmp snooping groups [source [group] | group [source]] [vlan vlan-id] [detail] |
|
Displays IGMP snooping explicit tracking information by VLAN. |
You can display the IGMP snooping statistics using these commands.
Command |
|
---|---|
Displays IGMP snooping statistics. You can see the virtual port channel (vPC) statistics in this output. |
|
show ip igmp snooping {report-policy | access-group} statistics [vlan vlan] |
Displays detailed statistics per VLAN when IGMP snooping filters are configured. |
You can clear the IGMP snooping statistics using these commands.
Command |
|
---|---|
clear ip igmp snooping {report-policy | access-group} statistics [vlan vlan] |
Note | The configurations in this section apply only after you create the specified VLAN. See the Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide for information on creating VLANs. |
The following example shows how to configure the IGMP snooping parameters:
config t ip igmp snooping vlan configuration 2 ip igmp snooping ip igmp snooping explicit-tracking ip igmp snooping fast-leave ip igmp snooping last-member-query-interval 3 ip igmp snooping querier 172.20.52.106 ip igmp snooping report-suppression ip igmp snooping mrouter interface ethernet 2/1 ip igmp snooping static-group 230.0.0.1 interface ethernet 2/1 ip igmp snooping link-local-groups-suppression ip igmp snooping v3-report-suppression
The following example shows how to configure prefix lists and use them to filter IGMP snooping reports:
ip prefix-list plist seq 5 permit 224.1.1.1/32 ip prefix-list plist seq 10 permit 224.1.1.2/32 ip prefix-list plist seq 15 deny 224.1.1.3/32 ip prefix-list plist seq 20 deny 225.0.0.0/8 eq 32 vlan configuration 2 ip igmp snooping report-policy prefix-list plist interface Ethernet 2/2 ip igmp snooping report-policy prefix-list plist interface Ethernet 2/3
In the above example, the prefix-list permits 224.1.1.1 and 224.1.1.2 but rejects 224.1.1.3 and all the groups in the 225.0.0.0/8 range. The prefix-list is an implicit "deny" if there is no match. If you wish to permit everything else, add ip prefix-list plist seq 30 permit 224.0.0.0/4 eq 32.
The following example shows how to configure route maps and use them to filter IGMP snooping reports:
route-map rmap permit 10 match ip multicast group 224.1.1.1/32 route-map rmap permit 20 match ip multicast group 224.1.1.2/32 route-map rmap deny 30 match ip multicast group 224.1.1.3/32 route-map rmap deny 40 match ip multicast group 225.0.0.0/8 vlan configuration 2 ip igmp snooping report-policy route-map rmap interface Ethernet 2/4 ip igmp snooping report-policy route-map rmap interface Ethernet 2/5
In the above example, the route-map permits 224.1.1.1 and 224.1.1.2 but rejects 224.1.1.3 and all the groups in the 225.0.0.0/8 range. The route-map is an implicit "deny" if there is no match. If you wish to permit everything else, add route-map rmap permit 50 match ip multicast group 224.0.0.0/4.