The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Your software release
may not support all the features documented in this module. For the latest
caveats and feature information, see Bug Search Tool and the release notes for
your platform and software release. To find information about the features
documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this
module.
Use Cisco Feature
Navigator to find information about platform support and Cisco software image
support. To access Cisco Feature Navigator, go to
http://www.cisco.com/go/cfn.
An account on Cisco.com is not required.
Prerequisites for IGMP State Limit
IP multicast is enabled and the Protocol Independent Multicast (PIM) interfaces are configured using the tasks described
in the "Configuring Basic IP Multicast" module of the
IP Multicast: PIM Configuration Guide.
ALL ACLs must be configured. For information, see the see the " Creating an IP Access List and Applying It to an Interface
" module of the
Security Configuration Guide: Access Control Lists guide.
Restrictions for IGMP State Limit
You can configure only one global limit per device and one limit per interface.
Information About IGMP State Limit
IGMP State Limit
The IGMP State Limit feature allows for the configuration of IGMP state limiters, which impose limits on mroute states resulting
from IGMP membership reports (IGMP joins) on a global or per interface basis. Membership reports exceeding the configured
limits are not entered into the IGMP cache. This feature can be used to prevent DoS attacks or to provide a multicast CAC
mechanism in network environments where all the multicast flows roughly utilize the same amount of bandwidth.
Note
IGMP state limiters impose limits on the number of mroute states resulting from IGMP, IGMP v3lite, and URL Rendezvous Directory
(URD) membership reports on a global or per interface basis.
IGMP State Limit Feature Design
Configuring IGMP state limiters in global configuration mode specifies a global limit on the number of IGMP membership reports
that can be cached.
Configuring IGMP state limiters in interface configuration mode specifies a limit on the number of IGMP membership reports
on a per interface basis.
Use ACLs to prevent groups or channels from being counted against the interface limit. A standard or an extended ACL can be
specified. A standard ACL can be used to define the (*, G) state to be excluded from the limit on an interface. An extended
ACLs can be used to define the (S, G) state to be excluded from the limit on an interface. An extended ACL also can be used
to define the (*, G) state to be excluded from the limit on an interface, by specifying 0.0.0.0 for the source address and
source wildcard--referred to as (0, G)--in the permit or deny statements that compose the extended access list.
You can only configure one global limit per device and one limit per interface.
Mechanics of IGMP State Limiters
The mechanics of IGMP state limiters are as follows:
Each time a router receives an IGMP membership report for a particular group or channel, the Cisco IOS software checks to
see if either the limit for the global IGMP state limiter or the limit for the per interface IGMP state limiter has been reached.
If only a global IGMP state limiter has been configured and the limit has not been reached, IGMP membership reports are honored.
When the configured limit has been reached, subsequent IGMP membership reports are then ignored (dropped) and a warning message
in one of the following formats is generated:
%IGMP-6-IGMP_GROUP_LIMIT: IGMP limit exceeded for <group (*, group address)> on <interface type number> by host <ip address>
%IGMP-6-IGMP_CHANNEL_LIMIT: IGMP limit exceeded for <channel (source address, group address)> on <interface type number> by host <ip address>
If only per interface IGMP state limiters are configured, then each limit is only counted against the interface on which
it was configured.
If both a global IGMP state limiter and per interface IGMP state limiters are configured, the limits configured for the per
interface IGMP state limiters are still enforced but are constrained by the global limit.
How to Configure IGMP State Limit
Configuring IGMP State Limiters
Note
IGMP state limiters impose limits on the number of mroute states resulting from IGMP, IGMP v3lite, and URD membership reports
on a global or per interface basis.
Configuring Global IGMP State Limiters
Perform this optional task to configure one global IGMP state limiter per device.
SUMMARY STEPS
enable
configureterminal
ipigmplimitnumber
end
showipigmpgroups
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global configuration mode.
Step 3
ipigmplimitnumber
Example:
Device(config)# ip igmp limit 150
Configures a global limit on the number of mroute states resulting from IGMP membership reports (IGMP joins).
Step 4
end
Example:
Device(config-if)# end
Ends the current configuration session and returns to privileged EXEC mode.
Step 5
showipigmpgroups
Example:
Device# show ip igmp groups
(Optional) Displays the multicast groups with receivers that are directly connected to the device and that were learned through
IGMP.
Configuring Per Interface IGMP State Limiters
Perform this optional task to configure a per interface IGMP state limiter.
SUMMARY STEPS
enable
configureterminal
interfacetypenumber
ipigmplimitnumber [exceptaccess-list]
Do one of the following:
exit
end
showipigmpinterface [typenumber]
showipigmpgroups
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global configuration mode.
Step 3
interfacetypenumber
Example:
Device(config)# interface GigabitEthernet0/0
Enters interface configuration mode.
Specify an interface that is connected to hosts.
Step 4
ipigmplimitnumber [exceptaccess-list]
Example:
Device(config-if)# ip igmp limit 100
Configures a per interface limit on the number of mroutes states created as a result of IGMP membership reports (IGMP joins).
Step 5
Do one of the following:
exit
end
Example:
Device(config-if)# exit
Device(config-if)# end
(Optional) Ends the current configuration session and returns to global configuration mode. Repeat steps 3 and 4 to configure
a per interface limiter on another interface.
Ends the current configuration session and returns to privileged EXEC mode.
Step 6
showipigmpinterface [typenumber]
Example:
Device# show ip igmp interface
(Optional) Displays information about the status and configuration of IGMP and multicast routing on interfaces.
Step 7
showipigmpgroups
Example:
Device# show ip igmp groups
(Optional) Displays the multicast groups with receivers that are directly connected to the device and that were learned through
IGMP.
Configuration examples for IGMP State Limit
Configuring IGMP State
Limiters Example
The following
example shows how to configure IGMP state limiters to provide multicast CAC in
a network environment where all the multicast flows roughly utilize the same
amount of bandwidth.
This example uses
the topology illustrated in the figure.
In this example, a
service provider is offering 300 Standard Definition (SD) TV channels. Each SD
channel utilizes approximately 4 Mbps.
The service
provider must provision the Gigabit Ethernet interfaces on the PE router
connected to the Digital Subscriber Line Access Multiplexers (DSLAMs) as
follows: 50% of the link’s bandwidth (500 Mbps) must be available to
subscribers of the Internet, voice, and video on demand (VoD) service offerings
while the remaining 50% (500 Mbps) of the link’s bandwidth must be available to
subscribers of the SD channel offerings.
Because each SD
channel utilizes the same amount of bandwidth (4 Mbps), per interface IGMP
state limiters can be used to provide the necessary CAC to provision the
services being offered by the service provider. To determine the required CAC
needed per interface, the total number of channels is divided by 4 (because
each channel utilizes 4 Mbps of bandwidth). The required CAC needed per
interface, therefore, is as follows:
500Mbps / 4Mbps =
125 mroutes
Once the required
CAC is determined, the service provider uses the results to configure the per
IGMP state limiters required to provision the Gigabit Ethernet interfaces on
the PE router. Based on the network’s CAC requirements, the service provider
must limit the SD channels that can be transmitted out a Gigabit Ethernet
interface (at any given time) to 125. Configuring a per interface IGMP state
limit of 125 for the SD channels provisions the interface for 500 Mbps of
bandwidth, the 50% of the link’s bandwidth that must always be available (but
never exceeded) for the SD channel offerings.
The following
configuration shows how the service provider uses a per interface mroute state
limiter to provision interface Gigabit Ethernet 0/0/0 for the SD channels and
Internet, Voice, and VoD services being offered to subscribers:
interface GigabitEthernet0/0/0
description --- Interface towards the DSLAM ---
.
.
.
ip igmp limit 125
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use
these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products
and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.