Export PDF
What Is IGMP Snooping?
Internet Group Management Protocol (IGMP) snooping is a Layer 2 IPv4 multicast protocol. It listens to multicast protocol packets exchanged between the upstream Layer 3 multicast device and downstream hosts to maintain outbound interfaces of multicast packets. Based on the outbound interface information, IGMP snooping manages and controls the multicast forwarding at the data link layer.
Why Do We Need IGMP Snooping?
In most cases, especially in a LAN, multicast packets must pass through Layer 2 devices. In the following figure, multicast packets must pass through a Layer 2 switch between multicast users and the router (Layer 3 multicast device).
IGMP snooping network
After receiving multicast packets from the router, the switch forwards the multicast packets to the receivers. The destination address of multicast packets is a multicast group address. The switch cannot learn multicast MAC addresses, so it broadcasts multicast packets in the broadcast domain. All hosts in the broadcast domain will receive the multicast packets, regardless of whether they are members of the multicast group. This wastes network bandwidth and threatens network security.
IGMP snooping solves this problem. With IGMP snooping enabled, a Layer 2 multicast device can listen to and analyze IGMP messages between multicast users and the upstream router. The Layer 2 multicast device sets up Layer 2 multicast forwarding entries to control multicast data forwarding. In this way, multicast data is not broadcast on the Layer 2 network.
What Are Application Scenarios of IGMP Snooping?
Network Description
In the following figure, multiple multicast sources, such as Source1 and Source2, exist on a PIM network. The sources provide multicast video services for users on the LAN. HostA and HostC want to receive video data in multicast mode. To prevent multicast data from being broadcast on the LAN, IGMP snooping needs to be configured on the Layer 2 switch to accurately forward multicast data on the Layer 2 network. This prevents bandwidth waste and network information leakage.
IGMP snooping network
Deployed Features
You can deploy the following features to accurately forward multicast data on the network:
- PIM and IGMP on the Layer 3 multicast router to route multicast data to user segments.
- IGMP snooping on the Layer 2 switch to set up and maintain a Layer 2 multicast forwarding table, based on which multicast data can be forwarded to specified users.
- IGMP snooping proxy (after configuring IGMP snooping) on the switch to release the router from processing a large number of IGMP messages.
- IGMP snooping SSM mapping on the switch to provide the SSM service for hosts running IGMPv1 or IGMPv2. Layer 2 SSM mapping must be combined with Layer 3 SSM mapping on the IGMP querier to ensure multicast data forwarding. You must configure Layer 3 SSM mapping entries on the IGMP querier.
How Does Route Monitoring Group Work?
IGMP snooping is a basic Layer 2 multicast function that controls multicast traffic forwarding at the data link layer. IGMP snooping runs on a Layer 2 multicast device and analyzes IGMP messages exchanged between a Layer 3 device and hosts to set up and maintain a Layer 2 multicast forwarding table. The Layer 2 multicast device forwards multicast packets based on the Layer 2 multicast forwarding table.
In the following figure, the switch at the edge of the access layer forwards the multicast packets sent from the router (Layer 3 device) to receiver hosts. If the switch does not run IGMP snooping, it broadcasts multicast packets at Layer 2. After IGMP snooping is configured, the switch forwards multicast packets only to specified hosts.
With IGMP snooping configured, the switch listens to IGMP messages exchanged between the router and hosts. It analyzes packet information (such as packet type, group address, and receiving interface) to set up and maintain a Layer 2 multicast forwarding table, based on which it forwards multicast packets.
Multicast packet transmission before and after IGMP snooping is configured on a Layer 2 multicast device
IGMP snooping port roles
In the following figure, the router (Layer 3 device) receives multicast data from the multicast source and forwards the data to downstream devices. IGMP snooping is configured on SwitchA and SwitchB. Hosts A, B, and C are receiver hosts.
IGMP snooping ports
Port Role |
Function |
Generation |
|---|---|---|
Router port Ports marked as blue circles on SwitchA and SwitchB |
A router port receives multicast packets from a Layer 3 multicast device such as a designated router (DR) or IGMP querier. |
|
Member port Ports marked as yellow squares on SwitchA and SwitchB |
A member port is a user-side port connected to group members. A Layer 2 multicast device sends multicast data to receiver hosts through member ports. |
|
Router ports and member ports are outbound interfaces in Layer 2 multicast forwarding entries. A router port is an upstream interface, while a member port is a downstream interface. Port information learned through protocol packets is saved as dynamic entries. Manually configured port information is saved as static entries.
- Multicast group addresses can be multicast IP addresses or multicast MAC addresses mapped from multicast IP addresses. In MAC address-based forwarding mode, multicast data may be forwarded to hosts that do not require the data because multiple IP addresses are mapped to the same MAC address. The IP address-based forwarding mode can prevent this problem.
- A VLAN ID specifies a Layer 2 broadcast domain. After multicast VLAN is configured, the inbound VLAN ID is the multicast VLAN ID, and the outbound VLAN ID is a user VLAN ID. If multicast VLAN is not configured, both the inbound and outbound VLAN IDs are the ID of the VLAN to which a host belongs.
Implementation
A Layer 2 multicast device running IGMP snooping processes received IGMP protocol packets in different ways to set up Layer 2 multicast forwarding entries.
IGMP Working Phase |
IGMP Message Received on a Layer 2 Device |
Processing Method |
|---|---|---|
General query The IGMP querier periodically sends General Query messages (with destination address 224.0.0.1) to all hosts and routers on the local network segment, to check which multicast groups have members on the network segment. |
IGMP General Query message |
A Layer 2 multicast device forwards IGMP General Query messages to all ports except the port receiving the messages in a VLAN. The Layer 2 multicast device processes the receiving port as follows:
|
Membership report
Membership Report messages are used in two scenarios:
|
IGMP Report message |
A Layer 2 multicast device forwards an IGMP Report message to all router ports in a VLAN. The device obtains the multicast group address from the Report message and performs the following operations on the port receiving the message:
|
Leave of multicast members
There are two phases:
|
IGMP Leave message |
The Layer 2 multicast device determines whether the multicast group matches a forwarding entry and whether the port that receives the message is in the outbound interface list.
The following assumes that the port receiving an IGMP Leave message is a dynamic member port. Before the aging time of the member port expires:
|
IGMP Group-Specific/Group-Source-Specific Query message |
An IGMP Group-Specific/Group-Source-Specific Query message is forwarded to the ports connected to members of specific groups. |
- If the port is included in the router port list, the Layer 2 multicast device resets the aging timer of the router port.
- If the port is not in the router port list, the Layer 2 multicast device adds it to the list and starts the aging timer.
If a static router port is configured, the Layer 2 multicast device forwards received IGMP Report and Leave messages to the static router port. If a static member port is configured for a multicast group, the Layer 2 multicast device adds the port to the outbound interface list for the multicast group.
After a Layer 2 multicast forwarding table is set up, the Layer 2 multicast device searches the multicast forwarding table for outbound interfaces of multicast data packets according to the VLAN IDs and destination addresses (group addresses) of the packets. If outbound interfaces are found for a packet, the Layer 2 multicast device forwards the packet to the matching member ports and router ports. If no outbound interface is found, the Layer 2 multicast device drops the packet or broadcasts the packet in the VLAN.
