Mac Multicast
AT - 8000S
Introduction
IPM is a way to transmit IP datagrams from one source to many destinations on a local or wide area TCP/IP network
MAC Multicast - is the behavior of multicast transmission in a Layer 2 environment
Multicast is…
Multicast - communication between a single sender and multiple receivers (predefined group) on a network
Unicast v. Multicast
Source
Router
Source
Router
MulticastGroups
The IP Multicast Group Address
1 1 1 00 1 2 3
Multicast Group ID
31
Class D : 224.0.0.0 – 239.255.255.25511100000.0.0.0 – 11101111.1111111.1111111.1111111
Reserved Multicast Address Blocks –224.0.0.xxx – Routing protocols and other low level topology discovery and maintenance protocols
224.0.1.xxx – Internetwork control block
239.xxx.xxx.xxx - Administratively scoped address block
MAC Multicast Addresses
IEEE Ethernet Address Reserved for Multicast01-00-5e-00-00-00 through 01-00-5e-7F-FF-FF
•Multicast Ethernet addresses begin with the sequence of 01-00-5E (hex).•Mapping an IP multicast address to an Ethernet address places the low-order 23 bits of the IP multicast address into the low order 23 bits of the Ethernet address
Always 0 bit
9 Bits in IP address are not represented in MAC address
5 of the unused bits are group specific
MAC Multicast Forwarding
IGMP Snooping
MAC Multicast Forwarding
Like any L2 traffic – we would want MAC Multicast traffic to be forwarded only on links that either:
» Have stations directly attached which want to receive the specific multicast transmission
» That eventually lead to one or more such stations However, unlike classical Unicast switching, the source MAC of the
multicast packet cannot be used to register the MAC to the appropriate port(s)
Therefore, MAC multicast registration is performed by either:» Static entries» GMRP protocol» IGMP snooping
Multicast Management Protocols
Group Membership Protocol – runs between hosts and routers to update routers about the presence of group members on their directly attached subnetworks (e.g IGMP)
Multicast Routing Protocol – runs between multicast routers to define delivery paths that enable the forwarding of multicast datagrams across an internetwork (e.g DVMPR, MOSPF, PIM-DM, PIM-SM,CBT)
IGMP Snooping
IGMP snooping is (mostly) not an active protocolA switch does not initiate the process, but rather intercepts and
“reads” IGMP messagesIGMP – Internet Group Management ProtocolIGMP messages are messages transmitted between
workstations and L3 interfaces (routers) requesting and giving IP multicast registration information
A switch concludes which (Specific) ports should forward multicast traffic based on the IGMP messages
IGMP Operation
Periodic Host Membership queries
Routers periodically (1-2 min.) send out a host membership query to all hosts on LAN (address 224.0.0.1, TTL = 1, group address field all 0)
Note: In the pure Layer 2 Switching networks a host membership query must be sent either by Layer 2 Switching devices or by Servers
Each multicast capable host hears the query and starts a random delay timer for each group it belongs to
After timer expires host sends Host Membership Report to the multicast group address (TTL=1)
Host doesn’t send Report message if it already received a membership report before timer expired
Router receives all reports and registers groups on subnetwork
IGMP Message Format
Type0x11 – Membership Query0x12 – Ver 1 Membership Report0x16 – Ver 2 Membership Report0x17 – Leave Group0x22 – ver 3 membership report
Maximum Response Time(v2 addition) - The max time a host can wait before responding to a Membership Query (in 0.1 sec units)
Group AddressUsed in :Host Report\Leave Message – IP Multicast address of the group being reportedMembership Queries to a specific group (V2 addition)
ChecksumType Max Resp. TimeGroup Address
0 8 16 31
IP Multicast Service Model
Hosts
Routers
Group Membership Protocols (IGMP)
Multicast Routing Protocols (DVMRP, PIM)
IGMP
DVMRP, PIM
• IGMP report sent by one host suppresses sending by others
• Restrict to one report per group per LAN
• Host send reports when it first joins the group
IGMP Reports
IGMP Host Membership Report
Host A Host C Host DHost BMember of Group
224.65.10.54Timer=1Report
Member of Group224.65.10.54
Timer=2No Report
Member of Group224.65.10.54
Timer=4Cancel Report
Traffic for
224.65.10.54
IGMP Version Improvements
• IGMP v2:–Host sends leave message if it leaves the group and is the last member (reduces leave latency in comparison to v1), in response –Router sends Group specific queries to make sure there are no members present before stopping to forward data for the group for that subnet–Querier election - When there are more than one multicast routers on a LAN, only one (lowest IP) has to send the query.
• IGMP v3 (draft):–Enables a host to specify the IP addresses of the specific sources it wants/ doesn’t want to receive– Membership reports sent to switch
IGMP - Message Destination
Message Type
General Query
Group Specific Query
Membership Report
Leave Message
Destination Group
All Systems (224.0.0.1)
Group being queried
Group being reported
All Routers (224.0.0.2)
IGMP Snooping
As mentioned, switches use the information in the IGMP packets (namely IGMP Reports sent by hosts) to determine which segments should receive packets directed to the group address
The IGMP snooping provides the benefit of conserving bandwidth on segments of the network which do not have group members
Filtering operation is conducted per VLANCurrently no standard defined for snoopingSee http://www.ietf.org/internet-drafts/draft-ietf-magma-snoop-
11.txt
IGMP Snooping – Adding Entries
Switch intercepts IGMP Membership reports from hosts to routersHost membership report are forwarded to router and switch ports
(learned by switch) but not to hosts on other portsAs a result, the timer on all the hosts expire after receiving router’s query
and all hosts (except if connected on same port on device) send IGMP reports (different from regular IGMP)
When a switch receives a reports:» If first host reporting for group (no previous reports received) - creates a
MAC multicast group entry and adds the receiving port to it» If not first host reporting - port is added to existing group entry
IGMP Snooping – Deleting Entries
A port can be removed after one of the following:
» Switch does not hear an IGMP Report message from a port for a defined timeout
» Switch hears a leave message on a certain port and does not hear any reports for a (short) leave timeout
Port is removed from the group’s port list
If the removed port is the last entry – the group is removed from the group list
IGMP Snooping – Future Developments
Some Switches are Active Query Switches
Active Query Switches do not have to rely on routers to send the IGMP queries – since they know how to send periodic queries themselves
Therefore IGMP snooping will work flawlessly also in a pure L2 environment
MAC MulticastImplementation
Snooping Process
The system can support multicast filtering for up to 256 multicast groups. Additional multicast groups will be treated as unregistered.
User must enable the MAC multicast filtering per system to allow L2 Multicast groups registration (either static or via IGMP snooping)
For IGMP snooping to run on a specific VLAN, IGMP snooping must be enabled both on the entire device and on that specific VLAN
The MAC Multicast Table will be updated with snooping entries only if it received an IGMP General Query or DVMRP/PIM traffic on one the ports in the VLAN (learning will function per VLAN)
Snooping Process (cont.)
Once an IGMP Join message is received on a port, that port is registered as a member of that multicast group
The MAC multicast filtering table is updated with the IGMP snoop entries – and the multicast traffic is forwarded only on ports which registered as group members.
If a certain MAC Multicast Group has no members (none have registered yet) the device floods group traffic on all VLAN ports
Snooping process (cont.)
A port can leave a group either
» By receiving an explicit leave message from a station and waiting for a short timeout period to make sure no other stations on that segment are sending new Join messages
» A (long) timeout has expired and Join messages have not been received on the port
Once a port left the group – it is erased from the MAC Filtering table – and that group traffic will no longer be forwarded to it
Other port members of the group will continue to receive traffic as usual
Once all members left a certain group (explicitly or by timeout) traffic is once again flooded to all ports
Special Group Cases
IP multicast groups 224-239.128|0.0.xxx (mutual MAC multicast address 01-00-5e-00-00-xx) are treated differently than other multicast groups.
Reports for these groups are ignored, and traffic is flooded on all ports of the VLAN
However, if a static entry is configured for one of these groups – this registration will take affect and traffic for this Mac Multicast group will be forwarded only to that port(s).
Snooping and Multicast Settings
For each multicast group, the user can define a list of Forbiddenports. Forbidden ports will not be included in the multicast group (MAC Multicast filtering Table) even if IGMP snooping suggests they should.
Forbidden ports are preserved across resets.
The user may define ports as “forward all” which will cause them to forward a copy of any incoming frame with a MAC multicast destination address.
Snooping and Multicast Settings
A user can define static Multicast entries per port.
Static entries are per specific port in a certain VLAN and are preserved across reboots.
Multicast Groups defined as static on a port (per VLAN) will be forwarded on that port and VLAN even if there was no IGMP indication that the port belongs to that group.
User can define that a port will not automatically forward all traffic (even if it is an mrouter port)
Static and forbidden entries will only take effect if Multicast Filtering is enabled.
Snooping – Changing or Erasing a VLAN
MAC filtering and IGMP snooping are not available on Dynamically (GVRP) created VLAN
If a VLAN is removed from the system all snooping and static settings for that VLAN are erased
Snooping and Multicast Settings
Device level settings:
» Enable/disable multicast filtering (default – disable)
» Enable/disable IGMP snooping (default – disable)
Snooping and Multicast Settings
• VLAN Level settings: –Enable/disable IGMP snooping on the VLAN (default – disable)
–Enable/disable Mrouter listening (default – enable)
–Enable/disable the flooding of a specific unknown group (default is flooding), by setting it as registered group with no members
– Add/remove static MAC Multicast Forwarding entries for certain ports in the VLAN
–Enable/disable forwarding of all Multicasts groups for certain ports in the VLAN
– Enable/disable the automatic forwarding of all multicasts groups for certain ports in the VLAN (relevant for Mrouter ports)
– Add/remove Forbidden MAC Multicast entries for certain ports in the VLAN
Snooping and Multicast Settings
VLAN level – timer settings:
» Host timeout – period of time after which a port is removed from a group if no join messages have been received (range 1-2147483647 seconds; default 260)
» Leave timeout - the period of time after which a port, which received an IGMP Leave message, is removed from a group if no join messages have been received (range 1-2147483647 seconds; default 10); user can also configure “immediate leave”
» Mrouter timeout – period after which a VLAN assumes there are no Mrouters attached to one of its ports, if it did not receive any IGMP Queries/DVMRP/PIM (range 1-2147483647 seconds; default 300)
MAC Multicast – CLI Configuration
Device Level Configuration
Use the following Global Mode command to enable/disable multicast filtering on the device (default is disable):
bridge multicast filtering
no bridge multicast filtering
Use the following Global Mode command to enable/disable IGMP snooping on the device (default is disable) :
ip igmp snooping
no ip igmp snooping
Example – Device Level Configuration
Example – enabling MAC multicast filtering and IGMP snooping on the device:
Example – disabling MAC multicast filtering and IGMP snooping on the device:
console# configure
console(config)# bridge multicast filtering
console(config)# ip igmp snooping
console(config)# no bridge multicast filtering
console(config)# no ip igmp snooping
IGMP – VLAN Level Configuration
Use the following (VLAN) Interface Mode command to enable/disable IGMP Snooping on a certain VLAN:
ip igmp snooping
no ip igmp snooping» Note that snooping can be enabled only on static VLANs
To enable/disable Mrouter Listening on a VLAN use:
ip igmp snooping mrouter learn-pim-dvmrp
no ip igmp snooping mrouter learn-pim-dvmrp
IGMP– VLAN Level Configuration
Use the following VLAN Interface command to set the host time out parameter (“no” form sets to default):
ip igmp snooping host-time-out time-out
no ip igmp snooping host-time-out» Timeout parameter is in seconds
Use the following VLAN Interface command command to set the Mrouter time out parameter on a VLAN (“no” form sets to default):
ip igmp snooping mrouter-time-out time-out
no ip igmp snooping mrouter-time-out
Example – VLAN Level Configuration
Example – enabling IGMP snooping for VLAN 3 and setting the host, leave and Mrouter timeout:
console(config)# interface vlan 3
console(config-if)# ip igmp snooping
console(config-if)# ip igmp snooping host-time-out 150
console(config-if)# ip igmp snooping leave-time-out 12
console(config-if)# ip igmp snooping mrouter-time-out 250
console(config-if)#
Multicast – Group Registration
Example – defining in VLAN 4 that ports 11-14 will forward all traffic, then removing port 13 from the list
Example – returning to default in VLAN 4 – no ports forward all
console(config)# interface vlan 4
console(config-if)# bridge multicast forward-all add ethernet 1/e11-14
console(config-if)# bridge multicast forward-all remove ethernet 1/e13
console(config-if)#
console# configure
console(config)# interface vlan 4
console(config-if)# no bridge multicast forward-all
Example – Group Registration
Example:defining in VLAN 5
» multicast group 01:00:5e:01:02:05 will be registered with no group members
» address 01:00:5e:01:02:15 will be statically configured on ports 5-8 of the VLAN
» Removing port 5 from the above list
console(config)# interface vlan 5
console(config-if)# bridge multicast address 01:00:5e:01:02:05
console(config-if)# bridge multicast address 01:00:5e:01:02:15 add ethernet 1/e(5-8)
console(config-if)# bridge multicast address 01:00:5e:01:02:15 remove ethernet 1/e5
Multicast – Group Registration
The “no” form of the command returns all ports in the VLAN to default (dynamic registration) for a certain group:
no bridge multicast address {mac-multicast-address | ip-multicast-address}
Example – returning all ports to default of dynamic learning for address 01:00:5e:01:02:15:
console(config)# interface vlan 5
console(config-if)# no bridge multicast address 01:00:5e:01:02:15
Multicast – Show Commands
Use the following EXEC mode command to view if filtering is enabled/disabled for a VLAN and the port forward all settings:
show bridge multicast filtering vlan-id
NOTE: a port which is an Mrouter port will be displayed as forward(d) – forward all “dynamic”
Multicast – Show Commands
Use the following command to view the MAC address table according to VLAN:
show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ip-multicast-address] [format ip| format mac ]
Note: any or all of the optional parameters (VLAN, addressor format) can be used. Default format is MAC
Multicast CLI – Show Commands
Example – filtering (forward all) information for VLAN 3:
Note that port 4 is an Mrouter port (forwards all dynamic)
console# show bridge multicast filtering 3
Filtering: Enabled
VLAN: 3
Port Forward-All
Static Status
------ --------- ---------
1/e1 - Filter
1/e2 Forbidden Filter
1/e3 Forward Forward(s)
1/e4 Forward(d)
1/e6 - Filter
Multicast – Show Commands
Use the following command to view the entry of a specific IP/MAC multicast address:
show bridge multicast address-table {address mac-multicast-address | ip-multicast-address} format {ip | mac}
Use the following command to view the entry of all multicast entries (by MAC or by IP):
show bridge multicast address-table format {ip | mac}
Note: if the IP format is used – up to 32 IP Multicast addresses will have the same entry.
Example – Show Commands
Example – showing information of table in MAC format:
console# show bridge multicast address-table format mac
Vlan MAC address type Ports
------- ----------------- -------- ------------------------------
2 01:00:5e:01:02:05 static 1/e1-2
3 01:00:5e:01:02:05 static 1/e7-8
4 01:00:5e:01:12:13 static 1/e9-10
Forbidden ports for multicast addresses:
Vlan MAC address Ports
------- ----------------- ------------------------------
3 01:00:5e:01:02:05 1/e5-6
4 01:00:5e:01:12:13 1/e11-12
Example – Show Commands
Example – showing multicast forwarding table in IP format (notice each entry is for a few IP addresses):
console# show bridge multicast address-table format ip
Vlan IP address type Ports
------- ----------------- -------- ------------------------------
2 224-239.129|1.2.5 static 1/e1-2
3 224-239.129|1.2.5 static 1/e7-8
Forbidden ports for multicast addresses:
Vlan IP address Ports
------- ----------------- ------------------------------
2 224-239.129|1.2.5 1/e3-4
3 224-239.129|1.2.5 1/e5-6
Example– Show Commands
Example – showing information of specific multicast MAC 01:00:5e:01:02:05
console# show bridge multicast address-table address 01:00:5e:01:02:05 format mac
Vlan MAC address type Ports
------- ----------------- -------- ------------------------------
2 01:00:5e:01:02:05 static 1/e1-2
3 01:00:5e:01:02:05 static 1/e7-8
Forbidden ports for multicast addresses:
Vlan MAC address Ports
------- ----------------- ------------------------------
2 01:00:5e:01:02:05 1/e3-4
3 01:00:5e:01:02:05 1/e5-6
Multicast – Show Commands
Use the following EXEC mode command to view the general IGMP snooping setting of a VLAN:
show ip igmp snooping interface vlan-id
Use the following command to view the IGMP snooping group entries:
show ip igmp snooping groups [vlan vlan-id] [address ip-multicast-address]
Note: entries can be displayed for the device, for a specific VLAN and/or for a specific IP Multicast address
Use the following command to view the dynamically learned MROUTER interfaces:
show ip igmp snooping mrouter [interface vlan-id]
Multicast CLI – Show Commands
Example – showing general IGMP snooping information for VLAN 3:
console# show ip igmp snooping interface 3
IGMP Snooping is globaly enabled
IGMP Snooping is enabled on VLAN 3
IGMP host timeout is 260 sec
IGMP Immediate leave is disabled. IGMP leave timeout is 10 sec
IGMP mrouter timeout is 300 sec
Automatic learning of multicast router ports is enabled
Multicast CLI – Show Commands
Example – showing IGMP snooping entries for:
» Device
» VLAN 2
» IP multicast group 224.1.2.3
onsole# show ip igmp snooping groups
Vlan IP Address Querier Ports
------- ----------------- ------- ------------------------------
console# show ip igmp snooping groups vlan 2
Vlan IP Address Querier Ports
------- ----------------- ------- ------------------------------
console# show ip igmp snooping groups address 224.1.2.3
Vlan IP Address Querier Ports
------- ----------------- ------- ------------------------------
Mac MulticastExamples
AT - 8000S
VID#2
VID#3
MRouter
Port g1
Example 1 - Requirements
AT - 8000S has 2 user groups – high school (VID 2) and College (VID 3)
AT - 8000S is connected by port 1/e1 acting as an uplink to a multicast router. 1/e1 uplink is in (VLAN) trunk mode
Both groups can receive multicast transmission. Members of VID 2 are barred from certain IP multicast groups which
are known to be restrictedMembers of VID 3 can receive any multicast transmission but system
admin supervises the contents of these transmissions
Example 1 - Configuration
IGMP MAC Special Multicasts
Device Enable snooping
Enable filtering
------
VID 2 = 1/e1-10 (access), 1/g1
(trunk)
Enable snooping
------
VID 3 = 1/e11-20 (access),
1/g1(trunk)
Enable snooping
------ Forward all groups to interface 1/e20 (admin
port)
InterfaceConfig
Example 1 - CLI
console(config)# vlan database
console(config-vlan)# vlan 2-3
console(config-vlan)# exit
console(config)# interface range ethernet 1/e(1-10)
console(config-if)# switchport access vlan 2
console(config-if)# exit
console(config)# interface range ethernet 1/e(11-20)
console(config-if)# switchport access vlan 3
console(config-if)# exit
console(config)# interface ethernet 1/g1
console(config-if)# switchport mode trunk
console(config-if)# switchport trunk allowed vlan add 2-3
console(config-if)# exit
Example 1 – CLI cont’
console(config)# ip igmp snooping
console(config)# bridge multicast filtering
console(config)# interface vlan 2
console(config-if)# ip igmp snooping
console(config-if)# exit
console(config)# interface vlan 3
console(config-if)# ip igmp snooping
console(config-if)# bridge multicast forward-all add ethernet 1/e20
Example 1 – CLI cont’
console# show bridge multicast address-table vlan 2 format ip
Vlan IP address type Ports
------ ----------------------- -------- ------------------------------
2 224-239.131|3.3.3 static
Example 1 – CLI cont’
console# show bridge multicast filtering 3
Filtering: Enabled
VLAN: 3
Port Forward-All
Static Status
------ --------- ---------
1/e11 - Filter
e12 - Filter
….
….
1/e20 Forward Forward(s)
1/g1 - Forward(d)
Mac Multicast Troubleshooting
Possible problem
Problem description
Solution
In example 1 no multicast traffic is received
Non of the ports in VID2 and VID 3 receive any multicast transmission
1. Use show ip igmp snooping interface command to verify if IGMP snooping is enabled on device and VLAN. Use ip igmp snooping on device and VLAN to enable IGMP snooping.
2. Use show ip igmp snooping mrouter or show ip igmp snooping groups command to verify that a Multicast Router (sending queries or IPM Protocol) is connected to one of the VLAN ports. If needed – configure IGMP/DVMR on the router connected to one of the interfaces.
3. Use show bridge multicast filtering command to verify that MAC multicast filtering is enabled. Use bridge multicast filtering to enable filtering.
Possible problem Problem description
Solution
VLAN 2 (in example 1) receives Multicast transmission but VLAN 3 does not.
VLAN 2 is functioning properly but VLAN 3 does not receive any multicast traffic
1. Use show ip igmp snooping groups vlan command to see whether VLAN 3 has any registrations:
1. If there are no registrations – check that igmp snooping is enabled on VLAN 3.
2. If there are registrations check if an mrouter is connected to VLAN 3;
Possible problem
Problem description
Solution
Ports receive traffic for multicast groups they did no request
A port sent igmp join messages for 4 groups but receives traffic for 10 groups
1. Use show ip igmp snooping groups to verify that no registration has been made (from another station?) for the additional groups.
2. Use show bridge multicast filtering to check if the port is configured to forward all traffic. Use bridge multicast forward-all remove command to change this status.
3. Use show ip igmp snooping mrouter to check if port is an mrouter port (receives all multicast traffic)
4. Use show bridge multicast address-table address command to check if addressed are configured statically on the port. Use bridge multicast address x.x.x.x removecommand to remove entires
5. Check if some of the Multicast IP received on the port are translated to the same MAC address (Multicast IP to MAC translation)
6. Check if group is of type 224-239.128|0.0.xxx
Possible problem
Problem description
Solution
Unregistered groups are not flooded to all ports in VLAN
A certain multicast flow is transmitted on a VLAN. Although none of the stations sent join messages, the flow is not flooded and none of the ports receive the flow
1. Examine the source for the multicast flow. If it originated from a layer 3 interface (e.g. a layer 3 interface of a Router connected to the device), then traffic is probably “blocked” at the layer 3 level, since IGMP join messages have not been received on the Layer 3 interface.
2. If the multicast server is from within the Layer 2 network (within the VLAN) Use show bridge multicast address-table address command to check if this flow (according to IP/MAC multicast address) has a static entry in this VLAN (empty group or forbidden port). In such a case the group is not considered to be empty, so flow is not flooded
Backup Slides