IGMP Snooping

NVIDIA MLNX-GW User Manual for NVIDIA Skyway Appliance v8.2.2200

The Internet Group Multicast Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. The host joins a multicast-group by sending a join request message towards the network router, and responds to queries sent from the network router by dispatching a join report.

A given port can be either manually configured to be a MRouter port or it can be dynamically manifested when having received a query, hence, the network router is connected to this port. All IGMP Snooping control packets received from hosts (joins/leaves) are forwarded to the MRouter port, and the MRouter port updates its multicast-group database accordingly. Each dynamically learned multicast group will be added to all of the MRouter ports on the switch.

As many as 5K multicast groups can be created on the switch.

IGMP snooping can be configured to establish multicast group memberships.

  1. Enable IGMP snooping globally. Run:

    Copy
    Copied!
                

    switch (config) # ip igmp snooping

  2. Enable IGMP snooping on a VLAN. Run:

    Copy
    Copied!
                

    switch (config) # vlan 2 switch (config vlan 2) # ip igmp snooping

A Multicast Router (MRouter) port on can be defined on a VLAN in one of the methods described below:

  • To change the interface switchport to trunk:

    1. Enable IGMP snooping globally. Run:

      Copy
      Copied!
                  

      switch (config) # ip igmp snooping

    2. Change the interface switchport mode of the port (the interface is member of VLAN 1 by default). Run:

      Copy
      Copied!
                  

      switch (config) # interface ethernet 1/1 switch (config interface ethernet 1/1) # switchport mode trunk

    3. Change back to config mode. Run:

      Copy
      Copied!
                  

      switch (config interface ethernet 1/1) # exit switch (config) #

    4. Define the MRouter port on the VLAN. Run:

      Copy
      Copied!
                  

      switch (config) # vlan 2 switch (config vlan 2) # ip igmp snooping mrouter interface ethernet 1/1

  • To change the interface switchport to hybrid:

    1. Enable IGMP snooping globally. Run:

      Copy
      Copied!
                  

      switch (config) # ip igmp snooping

    2. Create a VLAN. Run:

      Copy
      Copied!
                  

      switch (config) # vlan 200 switch (config vlan 200) #

    3. Change back to config mode. Run:

      Copy
      Copied!
                  

      switch (config vlan 200) # exit switch (config) #

    4. Change the interface switchport mode of the port (the interface is member of VLAN 1 by default). Run:

      Copy
      Copied!
                  

      switch (config) # interface ethernet 1/22 switch (config interface ethernet 1/22) # switchport mode hybrid

    5. Attach the VLAN to the port’s interface. Run:

      Copy
      Copied!
                  

      switch (config interface ethernet 1/22) # switchport mode hybrid allowed-vlan 200 switch (config interface ethernet 1/22) #

    6. Change to config mode again. Run:

      Copy
      Copied!
                  

      switch (config interface ethernet 1/22) # exit switch (config) #

    7. Define the MRouter port on the VLAN. Run:

      Copy
      Copied!
                  

      switch (config) # vlan 200 switch (config vlan 200) # ip igmp mrouter interface ethernet 1/22

  • To change the interface switchport to access:

    1. Enable IGMP snooping globally. Run:

      Copy
      Copied!
                  

      switch (config) # ip igmp snooping

    2. Create a VLAN. Run:

      Copy
      Copied!
                  

      switch (config) # vlan 200 switch (config vlan 200) #

    3. Change back to config mode. Run:

      Copy
      Copied!
                  

      switch (config vlan 200) # exit switch (config) #

    4. Change the interface switchport mode of the port (the interface is member of VLAN 1 by default). Run:

      Copy
      Copied!
                  

      switch (config) # interface ethernet 1/22 switch (config interface ethernet 1/22) # switchport mode access

    5. Attach the VLAN to the port’s interface. Run:

      Copy
      Copied!
                  

      switch (config interface ethernet 1/22) # switchport access vlan 200

    6. Change to config mode again. Run:

      Copy
      Copied!
                  

      switch (config interface ethernet 1/22) # exit

    7. Define the MRouter port on the VLAN. Run:

      Copy
      Copied!
                  

      switch (config) # vlan 200 switch (config vlan 200) # ip igmp mrouter interface ethernet 1/22

IGMP Snooping Querier complements the IGMP snooping functionality. IGMP Snooping Querier is used to support IGMP snooping in a VLAN where PIM and IGMP are not configured because the multicast traffic does not need to be routed. When IGMP Snooping Querier is enabled, IGMP queries are sent out periodically by the switch through all ports in the VLAN and to which hosts wishing to receive IP multicast traffic respond with IGMP report messages. IGMP Snooping Querier must be used in conjunction with IGMP snooping as IGMP snooping listens to these IGMP reports to establish appropriate forwarding.

To configure IGMP Snooping Querier:

  1. Enable the IGMP snooping on the switch. Run:

    Copy
    Copied!
                

    switch (config) # ip igmp snooping

  2. Create a VLAN and enable IGMP Snooping on VLAN. Run:

    Copy
    Copied!
                

    switch (config) # vlan 10 switch (config vlan 10)# ip igmp snooping

  3. Enable the IGMP snooping querier on a specific VLAN. Run:

    Copy
    Copied!
                

    switch (config vlan 10)# ip igmp snooping querier

  4. Set the query interval time. Run:

    Copy
    Copied!
                

    switch (config vlan 10)# ip igmp snooping querier query-interval 100

  5. (Optional) Verify the IGMP snooping querier configuration. Run:

    Copy
    Copied!
                

    switch (config vlan 10)# show ip igmp snooping querier Snooping querier information for VLAN 10   IGMP Querier Present Querier IP address: 1.1.1.2 Query interval: 125 Response interval: 100 Group membership interval: 1 Robustness: 2 Version: 2

In some environments, devices attached to a switch (such as hosts or other switches) cannot be managed by the switch administrator. This can lead to IGMP resources misconfiguration or abuse and is an operational behavior and security concern.
This is common in shared network infrastructures, where a 3rd party is connected to the switch to access resources that are made available via that network device.

IGMP Snooping Querier Guard enables the switch administrator to define a filter to discard IGMP Membership Query messages, allowing it to be selected as the IGMP querier by ignoring the received messages. Connecting a device to an interface where this filter is defined stops the IGMP Querier election process that allows a 3rd party device to trigger the local interface to be demoted from being the IGMP querier.

IGMP Snooping Querier Guard can be configured on specific interfaces such as a port, MLAG port channel, or port channel. It only works when "igmp snooping" is enabled.

To configure IGMP Snooping Querier Guard on a specific interface, do the following:

  1. Enable the IGMP snooping on the switch. Run:

    Copy
    Copied!
                

    switch (config) # ip igmp snooping

  2. Enable IGMP snooping querier-guard on a specific interface. Run:

    Copy
    Copied!
                

    switch (config interface ethernet 1/1) # ip igmp snooping querier-guard

© Copyright 2023, NVIDIA. Last updated on Nov 15, 2023.