Login
- Table of Contents
-
- 07-IP Multicast Configuration Guide
- 00-Preface
- 01-Multicast Overview
- 02-IGMP Snooping Configuration
- 03-PIM Snooping Configuration
- 04-Multicast VLAN Configuration
- 05-Multicast Routing and Forwarding Configuration
- 06-IGMP Configuration
- 07-PIM Configuration
- 08-MSDP Configuration
- 09-MBGP Configuration
- 10-Multicast VPN Configuration
- 11-MLD Snooping Configuration
- 12-IPv6 PIM Snooping Configuration
- 13-IPv6 Multicast VLAN Configuration
- 14-IPv6 Multicast Routing and Forwarding Configuration
- 15-MLD Configuration
- 16-IPv6 PIM Configuration
- 17-IPv6 MBGP Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 11-MLD Snooping Configuration | 392.79 KB |
Contents
Basic concepts in MLD snooping
MLD snooping configuration task list
Configuring basic functions of MLD snooping
Configuring the version of MLD snooping
Configuring the maximum number of forwarding entries globally
Configuring MLD snooping port functions
Configuring aging timers for dynamic ports
Configuring a port as a simulated member host
Configuring fast-leave processing
Disabling a port from becoming a dynamic router port
Configuring MLD snooping querier
Configuring MLD queries and responses
Configuring source IPv6 addresses of MLD queries
Configuring MLD snooping proxying
Enabling MLD snooping proxying
Configuring a source IPv6 address for the MLD messages sent by the proxy
Configuring an MLD snooping policy
Configuring an IPv6 multicast group filter
Configuring dropping unknown IPv6 multicast data
Configuring MLD report suppression
Setting the maximum number of multicast groups that a port can join
Configuring IPv6 multicast group replacement
Enabling the MLD snooping host tracking function
Displaying and maintaining MLD snooping
MLD snooping configuration examples
Configuring IPv6 group filtering and simulated joining
MLD snooping querier configuration
MLD snooping proxying configuration example
Layer 2 multicast forwarding cannot function
Configured IPv6 multicast group policy fails to take effect
Processing of IPv6 multicast protocol messages
MLD snooping overview
By analyzing received MLD messages, a Layer 2 device running MLD snooping establishes mappings between ports and multicast MAC addresses and forwards IPv6 multicast data based on these mappings.
As shown in Figure 1, when MLD snooping is not running, IPv6 multicast packets are broadcast to all devices at Layer 2. When MLD snooping runs, multicast packets for known IPv6 multicast groups are multicast to the receivers at Layer 2.
Figure 1 Before and after MLD snooping is enabled on the Layer 2 device
MLD snooping forwards multicast data to only the receivers requiring it at Layer 2. It brings the following advantages:
· Reducing Layer 2 broadcast packets, thus saving network bandwidth.
· Enhancing the security of multicast traffic.
· Facilitating the implementation of per-host accounting.
Basic concepts in MLD snooping
MLD snooping related ports
As shown in Figure 2, Router A connects to the multicast source, MLD snooping runs on Router B and Router C, and Host A and Host C are receiver hosts (namely, IPv6 multicast group members).
Figure 2 MLD snooping related ports
Ports involved in MLD snooping, as shown in Figure 2, are described as follows:
· Router port—A router port is a port on the router that leads toward the Layer-3 multicast device (DR or MLD querier). In the figure, GigabitEthernet 3/1/1 of Router B and Router C are router ports. The router registers all its local router ports in its router port list.
· Member port—A member port (also known as IPv6 multicast group member port) is a port on the router that leads to multicast group members. In the figure, GigabitEthernet 3/1/2 and GigabitEthernet 3/1/3 of Router B and GigabitEthernet 3/1/2 of Router C are member ports. The router registers all the member ports on the local device in its MLD snooping forwarding table.
|
|
NOTE: · Unless otherwise specified, router ports or member ports in this document include static and dynamic ports. · On an MLD-snooping-enabled router, the ports that received MLD general queries with the source address other than 0::0 or IPv6 PIM hello messages are dynamic router ports. For more information about IPv6 PIM hello messages, see the chapter “Configuring IPv6 PIM.” |
Aging timers for dynamic ports in MLD snooping
Table 1 Aging timers for dynamic ports in MLD snooping and related messages and actions
|
Timer |
Description |
Message before expiry |
Action after expiry |
|
Dynamic router port aging timer |
For each dynamic router port, the router sets a timer initialized to the dynamic router port aging time. |
MLD general query of which the source address is not 0::0 or IPv6 PIM hello. |
The router removes this port from its router port list. |
|
Dynamic member port aging timer |
When a port dynamically joins an IPv6 multicast group, the router sets a timer for the port, which is initialized to the dynamic member port aging time. |
MLD report message. |
The router removes this port from the MLD snooping forwarding table. |
|
|
NOTE: The port aging mechanism of MLD snooping works only for dynamic ports; a static port will never age out. |
How MLD snooping works
A router that is running MLD snooping performs different actions when it receives different MLD messages, as follows:
|
|
CAUTION: The description about adding or deleting a port in this section is only for a dynamic port. Static ports can be added or deleted only through the corresponding configurations. For details, see “Configuring static ports.” |
General queries
Upon hearing an MLD general query, the router forwards it through all ports in the VLAN except the port on which it heard the MLD query and performs the following:
· If the port that received the MLD query is a dynamic router port in its router port list, the router resets the aging timer for this dynamic router port.
· If the port is not included in its router port list, the router adds it into its router port list as a dynamic router port and sets an aging timer for it.
Membership reports
A host sends an MLD report to the MLD querier in the following circumstances:
· Upon receiving an MLD query, an IPv6 multicast group member host responds with an MLD report.
· When intended to join an IPv6 multicast group, a host sends an MLD report to the MLD querier to announce that it is interested in the multicast information addressed to that IPv6 multicast group.
Upon receiving an MLD report, the router forwards it through all the router ports in the VLAN, resolves the address of the reported IPv6 multicast group, and performs the following to the receiving port:
· If no forwarding table entry exists for the reported IPv6 multicast group, the router creates an entry, adds the port as a dynamic member port to the outgoing port list, and starts a member port aging timer for that port.
· If a forwarding table entry exists for the reported IPv6 multicast group, but the port is not included in the outgoing port list for that group, the router adds the port as a dynamic member port to the outgoing port list, and starts a member port aging timer for that port.
· If a forwarding table entry exists for the reported IPv6 multicast group and the port is included in the outgoing port list, which means that this port is already a dynamic member port, the router resets the member port aging timer for that port.
|
|
NOTE: A router does not forward an MLD report through a non-router port. This is because if the switch forwards a report message through a member port, all the attached hosts listening to the reported IPv6 multicast address will suppress their own reports upon receiving this report according to the MLD report suppression mechanism for hosts, and this will prevent the switch from knowing whether the reported multicast group still has active members attached to that port. For more information about the MLD report suppression mechanism of hosts, see the chapter “Configuring MLD.” |
Done messages
When a host leaves an IPv6 multicast group, the host sends an MLD done message to the multicast router.
When the router receives a group-specific MLD done message on a dynamic member port, it first checks whether a forwarding table entry for that IPv6 multicast group exists, and, if one exists, whether its outgoing port list contains that port.
· If the forwarding table entry does not exist or if its outgoing port list does not contain the port, the router discards the MLD done message instead of forwarding it to any port.
· If the forwarding table entry exists and its outgoing port list contains the port, the router forwards the done message to all router ports in the VLAN. Because the router does not know whether any other hosts attached to the port are still listening to that IPv6 multicast group address, the router does not immediately remove the port from the outgoing port list of the forwarding table entry for that group; instead, it resets the aging timer for the port.
Upon receiving an MLD done message from a host, the MLD querier resolves from the message the address of the IPv6 multicast group that the host just left and sends an MLD multicast-address-specific query to that IPv6 multicast group through the port that received the done message. Upon hearing the MLD multicast-address-specific query, the router forwards it through all its router ports in the VLAN and all member ports for that IPv6 multicast group, and performs the following to the receiving port:
· If any MLD report in response to the MLD multicast-address-specific query is heard on the port (suppose it is a dynamic member port) before its aging timer expires, this means that some host attached to the port is receiving or expecting to receive IPv6 multicast data for that IPv6 multicast group. The router resets the aging timer for the port.
· If no MLD report in response to the MLD multicast-address-specific query is heard on the port before its aging timer expires, this means that no hosts attached to the port are still listening to that IPv6 multicast group address. The router removes the port from the outgoing port list of the forwarding table entry for that IPv6 multicast group when the aging timer expires.
MLD snooping proxying
You can configure the MLD snooping proxying function on an edge device to reduce the number of MLD reports and done messages sent to its upstream device. The device configured with MLD snooping proxying is called an MLD snooping proxy. It is a host from the perspective of its upstream device.
|
|
NOTE: Even though an MLD snooping proxy is a host from the perspective of its upstream device, the MLD membership report suppression mechanism for hosts does not take effect on it. For more information about the MLD report suppression mechanism for hosts, see the chapter “Configuring MLD.” |
As shown in Figure 3, Router B works as an MLD snooping proxy. As a host from the perspective of the querier Router A, router B represents its attached hosts to send their membership reports and done messages to Router A.
Table 2 describes how an MLD snooping proxy processes MLD messages.
Table 2 MLD message processing on an MLD snooping proxy
|
MLD message |
Actions |
|
General query |
When receiving an MLD general query, the proxy forwards it to all ports but the receiving port. In addition, the proxy generates a report according to the group memberships it maintains and sends the report out all router ports. |
|
Multicast-address-specific query |
In response to the MLD group-specific query for a certain IPv6 multicast group, the proxy sends the report to the group out all router ports if the forwarding entry for the group still contains a member port. |
|
Report |
When receiving a report for an IPv6 multicast group, the proxy looks up the multicast forwarding table for the entry for the multicast group. If the forwarding entry is found with the receiving port contained as a dynamic port in the outgoing port list, the proxy resets the aging timer for the entry. If the forwarding entry is found but the outgoing port list does not include the receiving port, the proxy adds the port to the outgoing port list as a dynamic member port and starts an aging timer for it. If no forwarding entry is found, the proxy creates the entry, adds the receiving port to the outgoing port list as a dynamic member port and starts an aging timer for the port, and then, sends a report to the group out all router ports. |
|
Done |
In response to a done message for an IPv6 multicast group, the proxy sends a multicast-address-specific query for the group out the receiving port. After making sure that no member port is contained in the forwarding entry for the IPv6 multicast group, the proxy sends a done message for the group out all router ports. |
Protocols and standards
RFC 4541: Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches
MLD snooping configuration task list
Complete these tasks to configure MLD snooping:
|
Task |
Remarks |
|
|
Required |
||
|
Optional |
||
|
Configuring the maximum number of forwarding entries globally |
Optional |
|
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Configuring a source IPv6 address for the MLD messages sent by the proxy |
Optional |
|
|
Optional |
||
|
Optional |
||
|
Optional |
||
|
Setting the maximum number of multicast groups that a port can join |
Optional |
|
|
Optional |
||
|
Optional |
||
|
|
NOTE: · Configurations made in MLD snooping view are effective for all VLANs. Configurations made in VLAN view are effective only for ports belonging to the current VLAN. For a given VLAN, a configuration made in MLD snooping view is effective only if the same configuration is not made in VLAN view. · Configurations made in MLD snooping view are effective for all ports. Configurations made in Layer 2 Ethernet interface view are effective only for the current port. Configurations made in Layer 2 aggregate interface view are effect only for the current interface. Configurations made in port group view are effective only for all the ports in the current port group. For a given port, a configuration made in MLD snooping view is effective only if you do not configure the same configuration in Layer 2 Ethernet interface view, Layer 2 aggregate interface view, or port group view. · Configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports; nor do they take part in aggregation calculations; configurations made on a member port of the aggregate group will not take effect until it leaves the aggregate group. |
Configuring basic functions of MLD snooping
Configuration prerequisites
Before configuring the basic functions of MLD snooping, complete the following tasks:
· Configure the corresponding VLANs.
· Determine the version of MLD snooping.
Enabling MLD snooping
To enable MLD snooping:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable MLD snooping globally and enter MLD-snooping view. |
mld-snooping |
Disabled by default |
|
3. Return to system view. |
quit |
N/A |
|
4. Enter VLAN view. |
vlan vlan-id |
N/A |
|
5. Enable MLD snooping in the VLAN. |
mld-snooping enable |
Disabled by default |
|
|
NOTE: · MLD snooping must be enabled globally before it can be enabled in a VLAN. · After enabling MLD snooping in a VLAN, you cannot enable MLD and/or IPv6 PIM on the corresponding VLAN interface, and vice versa. · When you enable MLD snooping in a specified VLAN, this function takes effect for ports in this VLAN only. |
Configuring the version of MLD snooping
By configuring the MLD snooping version, you actually configure the version of MLD messages that MLD snooping can process.
· MLDv1 snooping can process MLDv1 messages, but cannot process MLDv2 messages. MLDv2 messages are flooded in the VLAN.
· MLDv2 snooping can process MLDv1 and MLDv2 messages.
To configure the version of MLD snooping:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure the MLD snooping version. |
mld-snooping version version-number |
MLDv1 snooping by default |
|
|
CAUTION: If you change MLDv2 snooping to MLDv1 snooping, the system clears all dynamically added MLD snooping forwarding entries, and also does the following: · Keeps static MLDv2 snooping forwarding entries (*, G). · Clears static MLDv2 snooping forwarding entries (S, G), which will be restored when MLDv1 snooping is switched back to MLDv2 snooping. For more information about static joins, see “Configuring static ports.” |
Configuring the maximum number of forwarding entries globally
You can configure the maximum number of entries in the MLD snooping forwarding table. When the number of forwarding entries maintained by the router reaches the threshold, the router creates no more forwarding entries until the some entries time out or are manually removed.
To configure the maximum number of entries in the forwarding table:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Configure the maximum number of MLD snooping entries. |
entry-limit limit |
1024 by default |
|
|
NOTE: If the number of existing entries is larger than the limit when you configure it, the router informs you to remove excessive entries. In this case, the router does not automatically remove any existing entries or create new entries. |
Configuring MLD snooping port functions
Configuration prerequisites
Before configuring MLD snooping port functions, complete the following tasks:
· Enable MLD snooping in the VLAN.
· Configure the corresponding port groups.
· Determine the aging time of dynamic router ports.
· Determine the aging timer of dynamic member ports.
· Determine the IPv6 multicast group and IPv6 multicast source addresses.
Configuring aging timers for dynamic ports
If the router receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port, the router removes the port from the router port list when the aging timer of the port expires.
If the router receives no MLD reports for an IPv6 multicast group on a dynamic member port, the router removes the port from the outgoing port list of the forwarding table entry for that IPv6 multicast group when the port aging timer expires.
If IPv6 multicast group memberships change frequently, you can set a relatively small value for the dynamic member port aging timer.
Configuring aging timers for dynamic ports globally
To configure aging timers for dynamic ports globally:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Configure dynamic router port aging time. |
router-aging-time interval |
260 seconds by default |
|
4. Configure dynamic member port aging time. |
host-aging-time interval |
260 seconds by default |
Configuring aging timers for dynamic ports in a VLAN
To configure aging timers for dynamic ports in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure dynamic router port aging time. |
mld-snooping router-aging-time interval |
260 seconds by default |
|
4. Configure dynamic member port aging time. |
mld-snooping host-aging-time interval |
260 seconds by default |
Configuring static ports
You can configure a port of a router to be static router port, through which the router can forward all IPv6 multicast data it received.
To configure static ports:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Configure the port as a static member port. |
mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
No static member ports by default. |
|
4. Configure the port as a static router port. |
mld-snooping static-router-port vlan vlan-id |
No static router ports by default. |
|
|
NOTE: · A static member port does not respond to queries from the MLD querier. When static (*, G) or (S, G) joining is enabled or disabled on a port, the port does not send an unsolicited MLD report or an MLD done message. · Static member ports and static router ports never age out. To remove such a port, you need to use the corresponding undo command. |
Configuring a port as a simulated member host
Generally, a host running MLD responds to MLD queries from the MLD querier. If a host fails to respond due to some reasons, the multicast router will deem that no member of this IPv6 multicast group exists on the network segment, and therefore will remove the corresponding forwarding path.
To avoid this situation from happening, you can enable simulated joining on a port of the router, namely configure the port as a simulated member host for an IPv6 multicast group. When an MLD query is heard, simulated host gives a response. Thus, the router can continue receiving IPv6 multicast data.
A simulated host acts like a real host, as follows:
· When a port is configured as a simulated member host, the router sends an unsolicited MLD report through that port.
· After a port is configured as a simulated member host, the router responds to MLD general queries by sending MLD reports through that port.
· When the simulated joining function is disabled on a port, the router sends an MLD done message through that port.
To configure a port as a simulated member host:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Configure the port as a simulated member host. |
mld-snooping host-join ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
No simulated joining by default. |
|
|
NOTE: · Each simulated host is equivalent to an independent host. For example, when receiving an MLD query, the simulated host corresponding to each configuration responds respectively. · Unlike a static member port, a port configured as a simulated member host will age out like a dynamic member port. |
Configuring fast-leave processing
The fast-leave processing feature allows the router to process MLD done messages in a fast way. With the fast-leave processing feature enabled, when receiving an MLD done message on a port, the router immediately removes that port from the outgoing port list of the forwarding table entry for the indicated IPv6 multicast group. Then, when receiving MLD done multicast-address-specific queries for that IPv6 multicast group, the router will not forward them to that port.
In VLANs where only one host is attached to each port, fast-leave processing helps improve bandwidth and resource usage. However, if fast-leave processing is enabled on a port to which more than one host is attached, when one host leaves a multicast group, the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data for that group. Therefore, if the function of dropping unknown IPv6 multicast traffic is already enabled on the switch or in the VLANs, the fast-leave processing function should not be enabled.
Configuring fast-leave processing globally
To configure fast-leave processing globally:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Enable fast-leave processing. |
fast-leave [ vlan vlan-list ] |
Disabled by default |
Configuring fast-leave processing on a port
To configure fast-leave processing on a port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either command. |
|
3. Enable fast-leave processing. |
mld-snooping fast-leave [ vlan vlan-list ] |
Disabled by default. |
Disabling a port from becoming a dynamic router port
The following problems exist in a multicast access network:
· Upon receiving an MLD general query or IPv6 PIM hello message from a connected host, a router port becomes a dynamic router port. Before its timer expires, this dynamic router port will receive all multicast packets within the VLAN it belongs to and forward then to the host, thus affecting normal multicast reception of the host.
· In addition, the MLD general query and IPv6 PIM hello message sent from the host affects the multicast routing protocol state on Layer 3 devices, such as the MLD querier or DR election, and may further cause network interruption.
To solve these problems, you can disable the router port from becoming a dynamic router port upon receiving an MLD general query or IPv6 PIM hello message; thus, network security and control over multicast users are enhanced.
To disable a port from becoming a dynamic router port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Disable the port from becoming a dynamic router port. |
mld-snooping router-port-deny [ vlan vlan-list ] |
By default, a port can become a dynamic router port. |
|
|
NOTE: This configuration does not affect the static router port configuration. |
Configuring MLD snooping querier
Configuration prerequisites
Before configuring MLD snooping querier, complete the following task:
· Enable MLD snooping in the VLAN.
· Determine the interval for sending MLD general queries.
· Determine the interval for sending MLD last-listener queries
· Determine the maximum time for responding to MLD general queries.
· Determine the source IPv6 address of MLD general queries.
· Determine the source IPv6 address of MLD multicast-address-specific queries.
Enabling MLD snooping querier
By enabling MLD snooping querier on a Layer 2 device, the Layer 2 device will act as the MLD querier to send periodic MLD queries, thus allowing multicast forwarding entries to be established and maintained at Layer 2.
To enable the MLD snooping querier:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable the MLD snooping querier. |
mld-snooping querier |
Disabled by default |
|
|
CAUTION: It is meaningless to configure an MLD snooping querier in an IPv6 multicast network running MLD. Although an MLD snooping querier does not take part in MLD querier elections, it may affect MLD querier elections because it sends MLD general queries with a low source IPv6 address. For more information about MLD querier, see the chapter “Configuring MLD.” |
Configuring MLD queries and responses
You can modify the MLD general query interval based on the actual condition of the network.
A multicast listening host starts a timer for each IPv6 multicast group that it has joined when it receives an MLD query (general query or multicast-address-specific query). This timer is initialized to a random value in the range of 0 to the maximum response time advertised in the MLD query message. When the timer value decreases to 0, the host sends an MLD report to the IPv6 multicast group.
To speed up the response of hosts to MLD queries and avoid simultaneous timer expirations causing MLD report traffic bursts, you must properly set the maximum time for responding to MLD queries.
· For MLD general queries, the maximum response time is set by the max-response-time command.
· For MLD multicast-address-specific queries, the maximum response time equals the interval for sending MLD last-listener queries.
Configuring MLD queries and responses globally
To configure MLD queries and responses globally:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Set the maximum time for responding to MLD general queries. |
max-response-time interval |
10 seconds by default |
|
4. Set the interval for sending MLD last-listener queries. |
last-listener-query-interval interval |
1 second by default |
Configuring MLD queries and responses in a VLAN
To configure MLD queries and responses in a VLAN
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Set the interval for sending MLD general queries. |
mld-snooping query-interval interval |
125 seconds by default |
|
4. Set the maximum time for responding to MLD general queries. |
mld-snooping max-response-time interval |
10 seconds by default |
|
5. Set the interval for sending MLD last-listener queries. |
mld-snooping last-listener-query-interval interval |
1 second by default |
|
|
CAUTION: Make sure that the MLD query interval is greater than the maximum response time for MLD general queries. Otherwise, undesired deletion of IPv6 multicast members may occur. |
Configuring source IPv6 addresses of MLD queries
This configuration allows you to change the source IPv6 address of MLD queries.
To configure source IPv6 addresses of MLD queries:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure the source IPv6 address of MLD general queries. |
mld-snooping general-query source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default |
|
4. Configure the source IPv6 address of MLD multicast-address-specific queries. |
mld-snooping special-query source-ip { ipv6-address | current-interface } |
FE80::02FF:FFFF:FE00:0001 by default |
|
|
CAUTION: The source IPv6 address of MLD query messages may affect MLD querier election within the segment. |
Configuring MLD snooping proxying
Configuration prerequisites
Before configuring MLD snooping proxying in a VLAN, complete the following tasks:
· Enable MLD snooping in the VLAN.
· Determine the source IPv6 address for the MLD reports sent by the proxy.
· Determine the source IPv6 address for the MLD done messages sent by the proxy.
Enabling MLD snooping proxying
The MLD snooping proxying function works on a per-VLAN basis. After you enable the function in a VLAN, the router works as the MLD snooping proxy for the downstream hosts and upstream router in the VLAN.
To enable MLD snooping proxying in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable MLD snooping proxying in the VLAN. |
mld-snooping proxying enable |
Disabled by default |
Configuring a source IPv6 address for the MLD messages sent by the proxy
You can set the source IPv6 addresses in the MLD reports and done messages sent by the MLD snooping proxy on behalf of its attached hosts.
To configure the source IPv6 addresses for the MLD messages sent by the MLD snooping proxy on behalf of its attached hosts in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Configure a source IPv6 address for the MLD reports sent by the proxy. |
mld-snooping report source-ip { ipv6-address | current-interface } |
The default is FE80::02FF:FFFF:FE00:0001. |
|
4. Configure a source IPv6 address for the MLD done messages sent by the proxy. |
mld-snooping done source-ip { ipv6-address | current-interface } |
The default is FE80::02FF:FFFF:FE00:0001. |
Configuring an MLD snooping policy
Configuration prerequisites
Before configuring an MLD snooping policy, complete the following tasks:
· Enable MLD snooping in the VLAN.
· Determine the IPv6 ACL rule for IPv6 multicast group filtering.
· Determine the maximum number of IPv6 multicast groups that a port can join.
Configuring an IPv6 multicast group filter
On an MLD snooping–enabled router, the configuration of an IPv6 multicast group filter allows the service provider to define limits of multicast programs available to different users.
In an actual application, when a user requests a multicast program, the user’s host initiates an MLD report. Upon receiving this report message, the router checks the report against the configured ACL rule. If the port on which the report was heard can join this IPv6 multicast group, the router adds an entry for this port in the MLD snooping forwarding table; otherwise the router drops this report message. Any IPv6 multicast data that fails the ACL check will not be sent to this port. In this way, the service provider can control the VOD programs provided for multicast users.
Configuring an IPv6 multicast group filter globally
To configure an IPv6 multicast group globally:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Configure an IPv6 multicast group filter. |
group-policy acl6-number [ vlan vlan-list ] |
By default, no IPv6 group filter is globally configured, that is, the hosts in a VLAN can join any valid multicast group. |
Configuring an IPv6 multicast group filter on a port
To configure an IPv6 multicast group filer on a port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either command. |
|
3. Configure an IPv6 multicast group filter. |
mld-snooping group-policy acl6-number [ vlan vlan-list ] |
By default, no IPv6 group filter is configured on an interface, that is, the hosts on the interface can join any valid multicast group. |
Configuring dropping unknown IPv6 multicast data
Unknown IPv6 multicast data refers to IPv6 multicast data for which no forwarding entries exist in the MLD snooping forwarding table: When the router receives such IPv6 multicast traffic:
· With the function of dropping unknown IPv6 multicast data enabled, the router drops all unknown IPv6 multicast data received.
· With the function of dropping unknown IPv6 multicast data disabled, the router floods unknown IPv6 multicast data in the VLAN to which the unknown IPv6 multicast data belongs.
To enable dropping unknown IPv6 multicast data in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable dropping unknown IPv6 multicast data. |
mld-snooping drop-unknown |
Disabled by default |
|
|
NOTE: When enabled to drop unknown IPv6 multicast data, the router still forwards unknown IPv6 multicast data to other router ports in the VLAN. |
Configuring MLD report suppression
When a Layer 2 device receives an MLD report from an IPv6 multicast group member, the Layer 2 device forwards the message to the Layer 3 device directly connected with it. Thus, when multiple members belonging to an IPv6 multicast group exist on the Layer 2 device, the Layer 3 device directly connected with it will receive duplicate MLD reports from these members.
With the MLD report suppression function enabled, within a query interval, the Layer 2 device forwards only the first MLD report of an IPv6 group to the Layer 3 device and will not forward the subsequent MLD reports from the same multicast group to the Layer 3 device. This helps reduce the number of packets being transmitted over the network.
To configure MLD report suppression:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Enable MLD report suppression. |
report-aggregation |
Enabled by default |
|
|
CAUTION: On an MLD snooping proxy, MLD membership reports are suppressed if the entries for the corresponding groups exist in the forwarding table, whether the suppression function is enabled or not. |
Setting the maximum number of multicast groups that a port can join
By setting the maximum number of IPv6 multicast groups that a port can join, you can limit the number of multicast programs available to VoD users, thus to control the traffic on the port.
Follow these steps set the maximum number of IPv6 multicast groups that a port can join:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Set the maximum number of IPv6 multicast groups that a port can join. |
mld-snooping group-limit limit [ vlan vlan-list ] |
1024 by default. |
|
|
NOTE: When you configured the maximum number of IPv6 multicast groups that a port can join, if the current number of IPv6 multicast groups the port has joined reaches the configured maximum value, the system deletes all the forwarding entries persistent to that port from from the MLD snooping forwarding table, and the hosts on this port need to join IPv6 multicast groups again until the number of IPv6 multicast groups that the port join reaches the maximum value. When the port joins IPv6 multicast groups, if the port has been configured as a static member port, the system applies the configurations to the port again. If the port has been configured as a simulated member host, the system establishes corresponding forwarding entry for the host after receiving a report from the host. |
Configuring IPv6 multicast group replacement
For some special reasons, the number of IPv6 multicast groups passing through a router or port may exceed the number configured for the router or the port. In addition, in some specific applications, an IPv6 multicast group newly joined on the router needs to replace an existing IPv6 multicast group automatically. A typical example is “channel switching”, namely, by joining the new multicast group, a user automatically switches from the current IPv6 multicast group to the one.
To address this situation, you can enable the IPv6 multicast group replacement function on the router or certain ports. When the number of IPv6 multicast groups a router or a port has joined exceeds the limit.
· If the IPv6 multicast group replacement is enabled, the newly joined IPv6 multicast group automatically replaces an existing IPv6 multicast group with the lowest IPv6 address.
· If the IPv6 multicast group replacement is not enabled, new MLD reports will be automatically discarded.
Configuring IPv6 multicast group replacement globally
To configure IPv6 multicast group replacement globally:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Enable IPv6 multicast group replacement. |
overflow-replace [ vlan vlan-list ] |
Disabled by default |
Configuring IPv6 multicast group replacement on a port
To configure IPv6 multicast group replacement on a port:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view or enter port group view. |
·
Enter Layer 2 Ethernet interface view or Layer
2 aggregate interface view: · Enter port group view: |
Use either command. |
|
3. Enable IPv6 multicast group replacement. |
mld-snooping overflow-replace [ vlan vlan-list ] |
Disabled by default. |
|
|
CAUTION: Be sure to configure the maximum number of IPv6 multicast groups allowed on a port (see “Setting the maximum number of multicast groups that a port can join”) before enabling IPv6 multicast group replacement. Otherwise, the IPv6 multicast group replacement functionality will not take effect. |
Enabling the MLD snooping host tracking function
With the MLD snooping host tracking function, the switch can record the information of the member hosts that are receiving IPv6 multicast traffic, including the host IPv6 address, running duration, and timeout time. You can monitor and manage the member hosts according to the recorded information.
Enabling the MLD snooping host tracking function globally
To enable the MLD snooping host tracking function globally:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter MLD snooping view. |
mld-snooping |
N/A |
|
3. Enable the MLD snooping host tracking function globally. |
host-tracking |
Disabled by default |
Enabling the MLD snooping host tracking function in a VLAN
To enable the MLD snooping host tracking function in a VLAN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VLAN view. |
vlan vlan-id |
N/A |
|
3. Enable the MLD snooping host tracking function in the VLAN. |
mld-snooping host-tracking |
Disabled by default |
Displaying and maintaining MLD snooping
|
Task |
Command |
Remarks |
|
Display MLD snooping multicast group information. |
display mld-snooping group [ vlan vlan-id ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display information about the hosts tracked by MLD snooping. |
display mld-snooping host vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display statistics for MLD messages learned by MLD snooping. |
display mld-snooping statistics [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Remove dynamic group entries for a specified MLD snooping group. |
reset mld-snooping group { ipv6-group-address | all } [ vlan vlan-id ] |
Available in user view |
|
Clear statistics for all MLD messages learned by MLD snooping. |
reset mld-snooping statistics |
Available in user view |
|
|
NOTE: · The reset mld-snooping group command works only on an MLD snooping–enabled VLAN, but not on a VLAN with MLD enabled on its VLAN interface. · The reset mld-snooping group command cannot remove the static group entries of MLD snooping groups. |
MLD snooping configuration examples
Configuring IPv6 group filtering and simulated joining
Network requirements
As shown in Figure 4, MLDv1 runs on Router A and MLDv1 snooping runs on Router B, with Router A acting as the MLD querier.
Host A and Host B can receive only IPv6 multicast data destined for IPv6 multicast group FF1E::101.
IPv6 multicast data for FF1E::101 can be forwarded through GigabitEthernet 3/1/3 and GigabitEthernet 3/1/4 of Router B even if Host A and Host B temporarily stop receiving IPv6 multicast data for some unexpected reasons. Router B drops unknown IPv6 multicast data and does not broadcast the data to the VLAN where Router B resides.
Configuration procedure
1. Enable IPv6 forwarding and assign IPv6 addresses:
Enable IPv6 forwarding and assign an IPv6 address and prefix length for each interface as per Figure 4. (Details not shown)
2. Configure Router A:
# Enable IPv6 multicast routing, enable IPv6 PIM-DM on each interface, and enable MLDv1 on GigabitEthernet 3/1/1.
<RouterA> system-view
[RouterA] multicast ipv6 routing-enable
[RouterA] interface GigabitEthernet 3/1/1
[RouterA-GigabitEthernet3/1/1] mld enable
[RouterA-GigabitEthernet3/1/1] pim ipv6 dm
[RouterA-GigabitEthernet3/1/1] quit
[RouterA] interface GigabitEthernet 3/1/2
[RouterA-GigabitEthernet3/1/2] pim ipv6 dm
[RouterA-GigabitEthernet3/1/2] quit
3. Configure Router B:
# Enable MLD snooping globally.
<RouterB> system-view
[RouterB] mld-snooping
[RouterB-mld-snooping] quit
# Create VLAN 100, assign GigabitEthernet 3/1/1 through GigabitEthernet 3/1/4 to this VLAN, and enable MLD snooping and the function of dropping unknown IPv6 multicast packets in the VLAN.
[RouterB] vlan 100
[RouterB-vlan100] port GigabitEthernet 3/1/1 to GigabitEthernet 3/1/4
[RouterB-vlan100] mld-snooping enable
[RouterB-vlan100] mld-snooping drop-unknown
# Configure an IPv6 multicast group filter so that the receiver hosts in the VLAN can receive IPv6 multicast data for group FF1E::101 only.
[RouterB] acl ipv6 number 2001
[RouterB-acl6-basic-2001] rule permit source ff1e::101 128
[RouterB-acl6-basic-2001] quit
[RouterB] mld-snooping
[RouterB–mld-snooping] group-policy 2001 vlan 100
[RouterB–mld-snooping] quit
[RouterB-vlan100] quit
# Configure GigabitEthernet 3/1/3 and GigabitEthernet 3/1/4 to join multicast group FF1E::101 as simulated member hosts.
[RouterB] interface GigabitEthernet 3/1/3
[RouterB-GigabitEthernet3/1/3] mld-snooping host-join ff1e::101 vlan 100
[RouterB-GigabitEthernet3/1/3] quit
[RouterB] interface GigabitEthernet 3/1/4
[RouterB-GigabitEthernet3/1/4] mld-snooping host-join ff1e::101 vlan 100
[RouterB-GigabitEthernet3/1/4] quit
4. Verify the configuration:
# Display detailed MLD snooping multicast group information in VLAN 100 on Router B.
[RouterB] display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
GE3/1/1 (D)
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Attribute: Host Port
Host port(s):total 2 port(s).
GE3/1/3 (D)
GE3/1/4 (D)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 2 port(s).
GE3/1/3
GE3/1/4
The output shows that GigabitEthernet 3/1/3 and GigabitEthernet 3/1/4 of Router B have joined IPv6 multicast group FF1E::101.
Static port configuration
Network requirements
As shown in Figure 5, MLDv1 runs on Router A, and MLDv1 snooping runs on Router B, Router C and Router D, with Router A acting as the MLD querier.
Host A and host C are permanent receivers of IPv6 multicast group FF1E::101. GigabitEthernet 3/1/3 and GigabitEthernet 3/1/5 on Switch C are required to be configured as static member ports for multicast group 224.1.1.1 to enhance the reliability of multicast traffic transmission.
Suppose STP runs on the network. To avoid data loops, the forwarding path from Router B to Router D is blocked under normal conditions, and IPv6 multicast traffic flows to the receivers attached to Router D only along the path of Router B—Router C—Router D. Configure GigabitEthernet 3/1/3 that connects Router B to Router D as a static router port, so that IPv6 multicast traffic can flow to the receivers nearly uninterruptedly along the path of Router B—Router D in the case that the path of Router B—Router C—Router D gets blocked.
|
|
NOTE: If no static router port is configured, when the path of Router B—Router C—Router D gets blocked, at least one MLD query-response cycle must be completed before the IPv6 multicast data can flow to the receivers along the new path of Router B—Router D, namely IPv6 multicast delivery will be interrupted during this process. For more information about the Spanning Tree Protocol (STP), see Layer 2—LAN Switching Configuration Guide. |
Configuration procedure
1. Enable IPv6 forwarding and assign IPv6 addresses:
Enable IPv6 forwarding and assign an IP address and prefix length for each interface as per Figure 5.
2. Configure Router A:
# Enable IPv6 multicast routing, enable IPv6 PIM-DM on each interface, and enable MLD on GigabitEthernet 3/1/1.
<RouterA> system-view
[RouterA] multicast ipv6 routing-enable
[RouterA] interface GigabitEthernet 3/1/1
[RouterA-GigabitEthernet3/1/1] mld enable
[RouterA-GigabitEthernet3/1/1] pim ipv6 dm
[RouterA-GigabitEthernet3/1/1] quit
[RouterA] interface GigabitEthernet 3/1/2
[RouterA-GigabitEthernet3/1/2] pim ipv6 dm
[RouterA-GigabitEthernet3/1/2] quit
3. Configure Router B:
# Enable MLD snooping globally.
<RouterB> system-view
[RouterB] mld-snooping
[RouterB-mld-snooping] quit
# Create VLAN 100, assign GigabitEthernet 3/1/1 through GigabitEthernet 3/1/3 to this VLAN, and enable MLD snooping in the VLAN.
[RouterB] vlan 100
[RouterB-vlan100] port GigabitEthernet 3/1/1 to GigabitEthernet 3/1/3
[RouterB-vlan100] mld-snooping enable
[RouterB-vlan100] quit
# Configure GigabitEthernet 3/1/3 to be a static router port.
[RouterB] interface GigabitEthernet 3/1/3
[RouterB-GigabitEthernet3/1/3] mld-snooping static-router-port vlan 100
[RouterB-GigabitEthernet3/1/3] quit
4. Configure Router C:
# Enable MLD snooping globally.
<RouterC> system-view
[RouterC] mld-snooping
[RouterC-mld-snooping] quit
# Create VLAN 100, assign GigabitEthernet 3/1/1 and GigabitEthernet 3/1/2 to this VLAN, and enable MLD snooping in the VLAN.
[RouterC] vlan 100
[RouterC-vlan100] port GigabitEthernet 3/1/1 GigabitEthernet 3/1/2
[RouterC-vlan100] mld-snooping enable
[RouterC-vlan100] quit
5. Configure Router D:
# Enable MLD snooping globally.
<RouterD> system-view
[RouterD] mld-snooping
[RouterD-mld-snooping] quit
# Create VLAN 100, assign GigabitEthernet 3/1/1 through GigabitEthernet 3/1/5 to this VLAN, and enable MLD snooping in the VLAN.
[RouterD] vlan 100
[RouterD-vlan100] port GigabitEthernet 3/1/1 to GigabitEthernet 3/1/5
[RouterD-vlan100] mld-snooping enable
[RouterD-vlan100] quit
# Configure GigabitEthernet 3/1/3 and GigabitEthernet 3/1/5 as static member ports for IPv6 multicast group FF1E::101.
[RouterD] interface GigabitEthernet 2/1/3
[RouterD-GigabitEthernet 3/1/3] mld-snooping static-group ff1e::101 vlan 100
[RouterD- GigabitEthernet 3/1/3] quit
[RouterD] interface GigabitEthernet 3/1/5
[RouterD-GigabitEthernet3/1/5] mld-snooping static-group ff1e::101 vlan 100
[RouterD-GigabitEthernet 3/1/5] quit
6. Verify the configuration:
# Display detailed MLD snooping multicast group information in VLAN 100 on Router B.
[RouterB] display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 2 port(s).
GE3/1/1 (D)
GE3/1/3 (S)
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Attribute: Host Port
Host port(s):total 1 port(s).
GE3/1/2 (D)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
GE3/1/2
The output shows that GigabitEthernet 3/1/3 of Router B has become a static port.
# Display detailed MLD snooping multicast group information in VLAN 100 on Router D.
[Router D] display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
GE3/1/2 (D) ( 00:01:23 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Attribute: Host Port
Host port(s):total 2 port(s).
GE3/1/3 (S)
GE3/1/5 (S)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 2 port(s).
GE3/1/3
GE3/1/5
The output shows that GigabitEthernet 3/1/3 and GigabitEthernet 3/1/5 on Router D have become static member ports for IPv6 multicast group FF1E::101.
MLD snooping querier configuration
Network requirements
As shown in Figure 6, in a Layer-2-only network environment, two IPv6 multicast sources Source 1 and Source 2 send IPv6 multicast data to IPv6 multicast groups FF1E::101 and FF1E::102 respectively, Host A and Host C are receivers of multicast group FF1E::101, while Host B and Host D are receivers of multicast group FF1E::102.
MLDv1 runs on all the receiver hosts and MLDv1 snooping runs on all routers. Router A, which is most close to the multicast sources, is chosen as the MLD snooping querier.
To prevent flooding of unknown IPv6 multicast traffic within the VLAN, configure all the routers to drop unknown IPv6 multicast data packets.
Configuration procedure
1. Configure Router A:
# Enable IPv6 forwarding and MLD snooping globally.
<RouterA> system-view
[RouterA] ipv6
[RouterA] mld-snooping
[RouterA-mld-snooping] quit
# Create VLAN 100 and add GigabitEthernet 3/1/1 through GigabitEthernet 3/1/3 to VLAN 100.
[RouterA] vlan 100
[RouterA-vlan100] port Gigabitethernet 3/1/1 to Gigabitethernet 3/1/3
# Enable MLD snooping and the function of dropping unknown IPv6 multicast packets in VLAN 100.
[RouterA-vlan100] mld-snooping enable
[RouterA-vlan100] mld-snooping drop-unknown
# Configure the MLD-snooping querier feature in the VLAN.
[RouterA-vlan100] mld-snooping querier
[RouterA-vlan100] quit
2. Configure Router B:
# Enable IPv6 forwarding and MLD snooping globally.
<RouterB> system-view
[RouterB] ipv6
[RouterB] mld-snooping
[RouterB-mld-snooping] quit
# Create VLAN 100 and add GigabitEthernet 3/1/1 through GigabitEthernet 3/1/4 into VLAN 100. and enable MLD snooping in this VLAN.
[RouterB] vlan 100
[RouterB-vlan100] port Gigabitethernet 3/1/1 to Gigabitethernet 3/1/4
# Enable MLD snooping and the function of dropping unknown IPv6 multicast packets in VLAN 100.
[RouterB-vlan100] mld-snooping enable
[RouterB-vlan100] mld-snooping drop-unknown
[RouterB-vlan100] quit
The configuration on Router C and Router D is similar. (Details not shown)
3. Verify the configuration:
When the MLD snooping querier starts to work, all the routers but the querier can receive MLD general queries. You can use the display mld-snooping statistics command to display statistics for these received MLD messages.
# Display statistics for MLD messages on Router B.
[RouterB-vlan100] display mld-snooping statistics
Received MLD general queries:3.
Received MLDv1 specific queries:0.
Received MLDv1 reports:12.
Received MLD dones:0.
Sent MLDv1 specific queries:0.
Received MLDv2 reports:0.
Received MLDv2 reports with right and wrong records:0.
Received MLDv2 specific queries:0.
Received MLDv2 specific sg queries:0.
Sent MLDv2 specific queries:0.
Sent MLDv2 specific sg queries:0.
Received error MLD messages:0.
MLD snooping proxying configuration example
Network requirements
As shown in Figure 7, Router A runs MLDv1 and Router B runs MLDv1 snooping. Router A acts as an MLD querier.
Configure MLD snooping proxying on Router B, enabling the switch to forward MLD reports and done messages on behalf of attached hosts and to respond to MLD queries from Router A and forward the queries to the hosts on behalf of Router A.
Configuration procedure
1. Assign IPv6 addresses for interfaces:
Assign an IP address and prefix length for each interface as per Figure 7. The configuration steps are out the scope of this document.
2. Configure Router A:
# Enable IPv6 multicast routing, enable IPv6 PIM-DM on each interface, and enable MLD on port GigabitEthernet 3/1/1.
<RouterA> system-view
[RouterA] multicast ipv6 routing-enable
[RouterA] interface GigabitEthernet 3/1/1
[RouterA-GigabitEthernet3/1/1] mld enable
[RouterA-GigabitEthernet3/1/1] pim ipv6 dm
[RouterA-GigabitEthernet3/1/1] quit
[RouterA] interface GigabitEthernet 3/1/2
[RouterA-GigabitEthernet3/1/2] pim ipv6 dm
[RouterA-GigabitEthernet3/1/2] quit
3. Configure Router B:
# Enable MLD snooping globally.
<RouterB> system-view
[RouterB] mld-snooping
[RouterB-mld-snooping] quit
# Create VLAN 100, assign ports GigabitEthernet 3/1/1 through GigabitEthernet 3/1/4 to this VLAN, and enable MLD snooping and MLD snooping proxying in the VLAN.
[RouterB] vlan 100
[RouterB-vlan100] port GigabitEthernet 3/1/1 to GigabitEthernet 3/1/4
[RouterB-vlan100] mld-snooping enable
[RouterB-vlan100] mld-snooping proxying enable
[RouterB-vlan100] quit
4. Verify the configuration
After the configuration is completed, Host A and Host B send MLD join messages addressed to group FF1E::101. When receiving the messages, Router B sends a join message for the group out port GigabitEthernet 3/1/1 (a router port) to Router A. Use the display mld-snooping group command and the display mld group command to display information about MLD snooping multicast groups and MLD multicast groups. For example:
# Display information about MLD snooping multicast groups on Router B.
[RouterB] display mld-snooping group
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
GE3/1/1 (D) ( 00:01:23 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Host port(s):total 2 port(s).
GE3/1/3 (D)
GE3/1/4 (D)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 2 port(s).
GE3/1/3
GE3/1/4
# Display information about MLD multicast groups on Router A.
[RouterA] display mld group
Total 1 MLD Group(s).
Interface group report information
GigabitEthernet3/1/1(2001::1):
Total 1 MLD Group reported
Group Address: FF1E::1
Last Reporter: FE80::2FF:FFFF:FE00:1
Uptime: 00:00:03
Expires: 00:04:17
When Host A leaves the IPv6 multicast group, it sends an MLD done message to Router B. Receiving the message, Router B removes port GigabitEthernet 3/1/4 from the member port list of the forwarding entry for the group; however, it does not remove the group or forward the done message to Router A because Host B is still in the group. Use the display mld-snooping group command to display information about MLD snooping multicast groups. For example:
# Display information about MLD snooping multicast groups on Router B.
[RouterB] display mld-snooping group
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port, P-PIM port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port(s).
GE3/1/1 (D) ( 00:01:23 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Host port(s):total 1 port(s).
GE3/1/3 (D)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port(s).
GE3/1/3
Troubleshooting MLD snooping
Layer 2 multicast forwarding cannot function
Symptom
Layer 2 multicast forwarding cannot function.
Analysis
MLD snooping is not enabled.
Solution
1. Use the display current-configuration command to view the running status of MLD snooping.
2. If MLD snooping is not enabled, use the mld-snooping command to enable MLD snooping globally, and then use the mld-snooping enable command to enable MLD snooping in VLAN view.
3. If MLD snooping is disabled only for the corresponding VLAN, use the mld-snooping enable command in VLAN view to enable MLD snooping in the corresponding VLAN.
Configured IPv6 multicast group policy fails to take effect
Symptom
Although an IPv6 multicast group policy has been configured to allow hosts to join specific IPv6 multicast groups, the hosts can still receive IPv6 multicast data addressed to other groups.
Analysis
· The IPv6 ACL rule is incorrectly configured.
· The IPv6 multicast group policy is not correctly applied.
· The function of dropping unknown IPv6 multicast data is not enabled, so unknown IPv6 multicast data is flooded.
Solution
1. Use the display acl ipv6 command to check the configured IPv6 ACL rule. Make sure that the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented.
2. Use the display this command in MLD-snooping view or the corresponding interface view to verify that the correct IPv6 multicast group policy has been applied. If not, use the group-policy or mld-snooping group-policy command to apply the correct IPv6 multicast group policy.
3. Use the display current-configuration command to verify that the function of dropping unknown IPv6 multicast data is enabled. If not, use the drop-unknown or mld-snooping drop-unknown command to enable dropping unknown IPv6 multicast data.
Appendix
Processing of IPv6 multicast protocol messages
With Layer 3 multicast routing enabled, an MLD snooping–enabled switch processes IPv6 multicast protocol messages differently under different conditions, as follows:
· If only MLD is enabled on the switch, or if both MLD and IPv6 PIM are enabled on the switch, the switch does the following:
¡ Maintains dynamic member ports or dynamic router ports according to MLD packets
¡ Maintains dynamic router ports according to IPv6 PIM hello packets
· If only IPv6 PIM is enabled on the switch, the following occurs:
¡ The switch broadcasts MLD messages as unknown messages in the VLAN.
¡ After receiving an IPv6 PIM hello message, the switch maintains the corresponding dynamic router port.
· If MLD is disabled on the switch, one of the following occurs:
¡ If IPv6 PIM is disabled, the switch deletes all its dynamic member ports and dynamic router ports.
¡ If IPv6 PIM is enabled, the switch deletes only its dynamic member ports but not its dynamic router ports.
|
|
NOTE: On a switch with Layer 3 IPv6 multicast routing enabled, use the display mld group port-info command to display Layer 2 port information. For more information about this command, see IP Multicast Command Reference. |
· If IPv6 PIM is disabled on the switch, one of the following occurs:
¡ If MLD is disabled, the switch deletes all its dynamic router ports.
¡ If MLD is enabled, the switch maintains all its dynamic member ports and dynamic router ports.
