In this lesson, we discuss one of the fundamental multicast features that help switches effectively forward multicast frames only to interested receivers.
What does "Snooping" mean?
The verb snooping may be a mystery for a non-native English speaker like me. According to Google, "snooping" refers to the act of secretly observing someone else's private affairs, often without their knowledge or consent. It involves discovering confidential information by prying or spying. In various contexts, snooping can be considered intrusive. For example, someone might snoop through another person's emails, messages, or personal belongings to gather information.
However, in the context of networking, snooping refers to the process of monitoring the messages that devices exchange in the network to gather information, often for security or troubleshooting purposes.
What is IGMP Snooping?
In the "snooping" context, IGMP snooping is a feature that allows a switch to monitor the exchange of IGMP messages between hosts and routers within a VLAN. This allows a switch to learn the ports where interested receivers are connected and the ports where multicast-enabled routers are connected.
Why do we need IGMP Snooping?
Without IGMP snooping, switches don't know which ports have hosts interested in specific multicast groups. Therefore, they cannot prune unnecessary multicast traffic from ports that do not have interested receivers, which results in handling multicast traffic like broadcast traffic, as shown in the diagram below.
Flooding multicast frames throughout a VLAN leads to unnecessary bandwidth consumption and potential performance issues, especially in larger networks with prevalent multicast traffic. This method lacks the efficiency and optimization provided by IGMP snooping, which selectively forwards multicast traffic only to those ports that have explicitly requested it.
How IGMP Snooping Works?
The IGMP Snooping process is enabled on a switch per VLAN. When the feature is on, the switch listens for the following messages within that VLAN:
- IGMP Membership Queries
- IGMP Membership Responses
- PIM Hello messages
By monitoring the IGMP message exchange between hosts and multicast routers, the switch builds an "IGMP snooping table" that classifies switchports into one of the following types:
- multicast-router interface — a switchport that leads toward a multicast router or an IGMP querier.
- group-member interface — a switchport that leads toward an interested receiver.
The process works in two steps. However, there is one prerequisite - an IGMP querier must be present on the VLAN. This is typically the multicast router on the segment.
Let's see each step in the context of our example topology shown in the diagrams below.
Step 1. The IGMP querier R1 sends periodic IGMP Membership Queries destined to the all-hosts link-local address 224.0.0.1.
- When SW1 receives the query, it adds port 0/1 to the IGMP snooping table as a mrouter port. Then, it floods the IGMP query to all ports so hosts can receive it.
- Subsequently, SW2 receives the IGMP query on port 0/2 and adds it to the IGMP snooping table as a router port. Then, it floods the query message to all ports so hosts can receive it.
- In the end, all end hosts receive the IGMP Membership query.
Step 2. PC1 and PC4 respond to the IGMP Membership Query with Membership Report for group 239.1.1.1. The report is destined to the group IPv4 address 239.1.1.1.
- SW1 receives PC1's report on port 0/3. It adds the port to the IGMP routing table as a member of group 239.1.1.1 and sends the report only to the router ports that lead to the multicast router on the segment.
- SW2 receives PC2's report on port 0/4. It adds the port to the IGMP routing table as a member of group 239.1.1.1 and sends the IMGP report only to the router ports that lead to the multicast router on the segment.
Notice that PC2 and PC3 do not receive the IGMP membership reports of PC1 and PC4. This is the first efficiency optimization of IGMP Snooping. Without the feature enabled, PC2 and PC3 would have received the reports and would have wasted CPU cycles processing and discarding them.
The result of the two steps is that both switches (SW1 and SW2) now have full visibility of the VLAN's interested receivers and multicast routers. When R1 sends the multicast stream onto the LAN, SW1 and SW2 only replicate the multicast frames to mrouter and member ports according to the IGMP snooping table, as shown in the diagram below.
Entries in the IGMP Snooping table have a timeout period. If no IGMP messages are received for a specific multicast group within a certain time frame (aging time), the switch removes the corresponding entry from its table.
Configuring IGMP Snooping
Now, let's focus on the configuration part of the IGMP snooping feature. Keep in mind that IGMP snooping is enabled on all VLANs by default on all modern Cisco switches. However, let's show how we configure and troubleshoot the feature and the most common scenarios.
Prerequisites
There is one very important prerequisite for the capability to work:
- There must be an IGMP Querier in the VLAN.
This is typically the multicast router on the segment. When PIM is configured on an interface, IGMP is automatically enabled, and the interface acts as IGMP Querier, as shown in the diagram below. R1's e0/1 is configured as PIM Dense-mode, so the interface automatically becomes the IGMP Querier on the segment sending periodic Membership Queries.
However, there might be scenarios where there is no multicast router. For example, a local non-routable VLAN that has some local multicast flows. In that case, there may be no multicast router on the VLAN. Therefore, there will be no IGMP Membership Queries and, subsequently, no Membership Reports. (hence, IMGP Snooping won't work). In such scenarios, a switch can be configured to play the role of IGMP Querier, as we will see later.
Configuring IGMP snooping on a Cisco switch
We enable or disable the feature on a switch using the following global command per VLAN, as shown in Figure 5 above.
SW1(config)# ip igmp snooping vlan 10
SW1(config)# no ip igmp snooping vlan 10
Configuring static mrouter and member ports
We configure a static mrouter port using the following command. Keep in mind that the interface must be in the specified VLAN - in our example, vlan 10.
SW1(config)# ip igmp snooping vlan 10 mrouter interface Ethernet 1/0
SW1(config)#SW1# sh ip igmp snooping mrouter vlan 10
Vlan ports
---- -----
10 Et0/0(dynamic), Et1/0(static)Now, let's see how we configure static member interfaces. For example, let's configure port e1/1 as a member of group 239.2.2.2.
SW1(config)# ip igmp snooping vlan 10 static 239.2.2.2 interface Et1/1
SW1(config)#SW1# sh ip igmp snooping groups vlan 10
Flags: I -- IGMP snooping, S -- Static, P -- PIM snooping, A -- ASM mode
Vlan Group/source Type Version Port List
-----------------------------------------------------------------------
10 224.0.1.40 I v2 Et0/0
10 239.1.1.1 I v2 Et0/2
10 239.2.2.2 S v2 Et1/1Notice the flag S, which means Static. Static member ports can be useful when an end host does not support IGMP but still wants to receive the multicast stream. Or when you want to replicate the multicast stream out of an interface to make traffic capture or stream recording.
Verifications
We check whether the feature is enabled using the following command per VLAN.
SW1# sh ip igmp snooping vlan 10
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping Oper State : Enabled
IGMPv3 snooping : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000
Check TTL=1 : No
Check Router-Alert-Option : No
Vlan 10:
--------
IGMP snooping Admin State : Enabled
IGMP snooping Oper State : Enabled
IGMPv2 immediate leave : Disabled
Explicit host tracking : Enabled
Report suppression : Enabled
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000
Check TTL=1 : Yes
Check Router-Alert-Option : Yes
Query Interval : 0
Max Response Time : 10000Checking the multicast-router interfaces
Let's check the mrouter interfaces on both LAN switches, SW1 and SW2. We use the following commands:
SW1# sh ip igmp snooping mrouter
Vlan ports
---- -----
10 Et0/0(dynamic)SW1# show ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
10 172.16.1.2 v2 Et0/0On SW1, port e0/0 is classified as a mrouter port because the switch receives R1's periodic IGMP Membership queries on it, as shown in Figure 2 above.
SW2# sh ip igmp snooping mrouter
Vlan ports
---- -----
1 Et0/1(dynamic)SW2# show ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
1 172.16.1.2 v2 Et0/1On the other hand, SW2 has classified port e0/1 as a mrouter port because it receives R1's periodic IGMP Membership queries on that interface.
Checking member ports and groups
To check the member ports and what groups are joined, we use the following command.
SW1# sh ip igmp snooping groups
Flags: I -- IGMP snooping, S -- Static, P -- PIM snooping, A -- ASM mode
Vlan Group/source Type Version Port List
-----------------------------------------------------------------------
10 224.0.1.40 I v2 Et0/0
10 239.1.1.1 I v2 Et0/2 Et0/3You can see that SW1 inserted ports 0/2 and 0/3 as member ports because there are interested receivers for group 239.1.1.1.
IGMP Snooping Additional Parameters
Now, let's quickly walk through some of the additional feature enchantments and parameters.
Report Suppression
When multiple hosts on the same VLAN want to join the same multicast group, IGMP Snooping Report Suppression ensures that only the first report is forwarded to the multicast router. Subsequent reports from other hosts are suppressed (not forwarded) by the switch's IGMP Snooping process.
For example, suppose a VLAN with 100+ hosts interested in group 239.1.1.1. It does not make sense to send 100+ IGMP Membership Reports for the same group to the multicast router on the VLAN because only one report is enough to ensure the router sends a copy of the multicast stream on the LAN.
Report Suppression can be disabled using the following command.
SW1(config)# no ip igmp snooping report-suppressionIGMP Snooping Querier
On VLANs where a multicast router is present, it acts as the IGMP querier. However, if the multicast traffic in the VLAN only needs to be layer 2 switches, there may be no multicast router (hence no IGMP Querier). In such scenarios, we can configure a LAN switch to act as the IGMP querier for the segment, as shown in the diagram below. Notice that there is no router. The source is directly connected to the LAN.
When the IGMP snooping querier functionality is enabled on a switch, it sends periodic IGMP Membership Queries. This triggers hosts to respond with Membership Reports for the specific IP multicast group they want to receive, allowing IGMP snooping on the VLAN to work properly. Notice that the switch must have layer 3 interface in that VLAN.
Key Takeaways
In essence, IGMP snooping enables switches to intelligently manage multicast traffic in the LAN by dynamically learning the multicast group memberships of hosts within each VLAN and selectively forwarding multicast packets only to the ports with interested receivers. This improves network efficiency in the LAN, reduces unnecessary traffic, and enhances overall performance in multicast traffic environments.