The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
IP multicast is enabled and the Protocol Independent Multicast (PIM) interfaces are configured using the tasks described
in the "Configuring Basic IP Multicast" module of the IP Multicast: PIM Configuration Guide.
ALL ACLs must be configured. For information, see the see the " Creating an IP Access List and Applying It to an Interface
" module of the Security Configuration Guide: Access Control Lists guide.
Restrictions for IGMP State Limit
You can configure only one global limit per device and one limit per interface.
Information About IGMP State Limit
This section provides information about IGMP state limit.
IGMP State Limit
The IGMP State Limit feature allows for the configuration of IGMP state limiters, which impose limits on mroute states resulting
from IGMP membership reports (IGMP joins) on a global or per interface basis. Membership reports exceeding the configured
limits are not entered into the IGMP cache. This feature can be used to prevent DoS attacks or to provide a multicast CAC
mechanism in network environments where all the multicast flows roughly utilize the same amount of bandwidth.
Note
IGMP state limiters impose limits on the number of mroute states resulting from IGMP, IGMP v3lite, and URL Rendezvous Directory
(URD) membership reports on a global or per interface basis.
IGMP State Limit Feature Design
Configuring IGMP state limiters in global configuration mode specifies a global limit on the number of IGMP membership reports
that can be cached.
Configuring IGMP state limiters in interface configuration mode specifies a limit on the number of IGMP membership reports
on a per interface basis.
Use ACLs to prevent groups or channels from being counted against the interface limit. A standard or an extended ACL can be
specified. A standard ACL can be used to define the (*, G) state to be excluded from the limit on an interface. An extended
ACLs can be used to define the (S, G) state to be excluded from the limit on an interface. An extended ACL also can be used
to define the (*, G) state to be excluded from the limit on an interface, by specifying 0.0.0.0 for the source address and
source wildcard--referred to as (0, G)--in the permit or deny statements that compose the extended access list.
You can only configure one global limit per device and one limit per interface.
Mechanics of IGMP State Limiters
The mechanics of IGMP state limiters are as follows:
Each time a router receives an IGMP membership report for a particular group or channel, the Cisco IOS software checks to
see if either the limit for the global IGMP state limiter or the limit for the per interface IGMP state limiter has been reached.
If only a global IGMP state limiter has been configured and the limit has not been reached, IGMP membership reports are honored.
When the configured limit has been reached, subsequent IGMP membership reports are then ignored (dropped) and a warning message
in one of the following formats is generated:
%IGMP-6-IGMP_GROUP_LIMIT: IGMP limit exceeded for <group (*, group address)> on <interface type number> by host <ip address>
%IGMP-6-IGMP_CHANNEL_LIMIT: IGMP limit exceeded for <channel (source address, group address)> on <interface type number> by host <ip address>
If only per interface IGMP state limiters are configured, then each limit is only counted against the interface on which
it was configured.
If both a global IGMP state limiter and per interface IGMP state limiters are configured, the limits configured for the per
interface IGMP state limiters are still enforced but are constrained by the global limit.
How to Configure IGMP State Limit
This section describes how to configure IGMP state limit.
Configuring IGMP State Limiters
IGMP state limiters impose limits on the number of mroute states resulting from IGMP, IGMP v3lite, and URD membership reports
on a global or per interface basis.
Configuring Global IGMP State Limiters
Perform this optional task to configure one global IGMP state limiter per device.
Procedure
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global configuration mode.
Step 3
ipigmplimitnumber
Example:
Device(config)# ip igmp limit 150
Configures a global limit on the number of mroute states resulting from IGMP membership reports (IGMP joins).
Step 4
end
Example:
Device(config-if)# end
Ends the current configuration session and returns to privileged EXEC mode.
Step 5
showipigmpgroups
Example:
Device# show ip igmp groups
(Optional) Displays the multicast groups with receivers that are directly connected to the device and that were learned through
IGMP.
Configuring Per Interface IGMP State Limiters
Perform this optional task to configure a per interface IGMP state limiter.
Procedure
Command or Action
Purpose
Step 1
enable
Example:
Device> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configureterminal
Example:
Device# configure terminal
Enters global configuration mode.
Step 3
interfacetypenumber
Example:
Device(config)# interface GigabitEthernet 1/0/0
Enters interface configuration mode.
Specify an interface that is connected to hosts.
Step 4
ipigmplimitnumber [exceptaccess-list]
Example:
Device(config-if)# ip igmp limit 100
Configures a per interface limit on the number of mroutes states created as a result of IGMP membership reports (IGMP joins).
Step 5
Do one of the following:
exit
end
Example:
Device(config-if)# exit
Device(config-if)# end
(Optional) Ends the current configuration session and returns to global configuration mode. Repeat steps 3 and 4 to configure
a per interface limiter on another interface.
Ends the current configuration session and returns to privileged EXEC mode.
Step 6
showipigmpinterface [typenumber]
Example:
Device# show ip igmp interface
(Optional) Displays information about the status and configuration of IGMP and multicast routing on interfaces.
Step 7
showipigmpgroups
Example:
Device# show ip igmp groups
(Optional) Displays the multicast groups with receivers that are directly connected to the device and that were learned through
IGMP.
Configuration examples for IGMP State Limit
This section show configuration examples of IGMP state limit.
Configuring IGMP State Limiters Example
The following example shows how to configure IGMP state limiters to provide multicast CAC in a network environment where
all the multicast flows roughly utilize the same amount of bandwidth.
This example uses the topology illustrated in the figure.
Note
Although the following illustration and example uses routers in the configuration, any device (router or switch) can be used.
In this example, a service provider is offering 300 Standard Definition (SD) TV channels. Each SD channel utilizes approximately
4 Mbps.
The service provider must provision the Gigabit Ethernet interfaces on the PE router connected to the Digital Subscriber
Line Access Multiplexers (DSLAMs) as follows: 50% of the link’s bandwidth (500 Mbps) must be available to subscribers of the
Internet, voice, and video on demand (VoD) service offerings while the remaining 50% (500 Mbps) of the link’s bandwidth must
be available to subscribers of the SD channel offerings.
Because each SD channel utilizes the same amount of bandwidth (4 Mbps), per interface IGMP state limiters can be used to
provide the necessary CAC to provision the services being offered by the service provider. To determine the required CAC needed
per interface, the total number of channels is divided by 4 (because each channel utilizes 4 Mbps of bandwidth). The required
CAC needed per interface, therefore, is as follows:
500Mbps / 4Mbps = 125 mroutes
Once the required CAC is determined, the service provider uses the results to configure the per IGMP state limiters required
to provision the Gigabit Ethernet interfaces on the PE router. Based on the network’s CAC requirements, the service provider
must limit the SD channels that can be transmitted out a Gigabit Ethernet interface (at any given time) to 125. Configuring
a per interface IGMP state limit of 125 for the SD channels provisions the interface for 500 Mbps of bandwidth, the 50% of
the link’s bandwidth that must always be available (but never exceeded) for the SD channel offerings.
The following configuration shows how the service provider uses a per interface mroute state limiter to provision interface
Gigabit Ethernet 0/0/0 for the SD channels and Internet, Voice, and VoD services being offered to subscribers:
interface GigabitEthernet0/0/0
description --- Interface towards the DSLAM ---
.
.
.
ip igmp limit 125
Additional References
Related Documents
Related Topic
Document Title
For complete syntax and usage information for the commands used in this chapter.
See the IP Multicast Routing Commands section of the Command Reference (Catalyst 9200 Series Switches)
Feature History for IP Multicast Optimization: IGMP State Limit
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release
Feature
Feature Information
Cisco IOS XE Fuji 16.9.2
IP Multicast Optimization: IGMP State Limit
The IGMP State Limit feature allows for the configuration of IGMP state limiters, which impose limits on mroute states resulting
from IGMP membership reports (IGMP joins) on a global or per interface basis. Membership reports exceeding the configured
limits are not entered into the IGMP cache.
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator,
go to https://cfnng.cisco.com/