08-IP Multicast Configuration Guide

HomeSupportNFVH3C VSRConfigure & DeployConfiguration GuidesH3C VSR Series Virtual Services Routers Configuration Guides(V7)-R0621-6W30008-IP Multicast Configuration Guide
02-IGMP configuration
Title Size Download
02-IGMP configuration 425.24 KB

Contents

Configuring IGMP·· 1

About IGMP· 1

IGMP versions· 1

IGMPv1 overview· 1

IGMPv2 enhancements· 2

IGMPv3 enhancements· 3

IGMP SSM mapping· 4

IGMP proxying· 5

Multicast access control 6

IGMP support for VPNs· 6

Protocols and standards· 7

IGMP tasks at a glance· 7

Prerequisites for IGMP· 7

Enabling IGMP· 7

Configuring basic IGMP features· 8

Specifying an IGMP version· 8

Configuring a static group member 8

Configuring a multicast group policy· 9

Adjusting IGMP performance· 9

Configuring IGMP query and response parameters· 9

Enabling fast-leave processing· 12

Configuring IGMP SSM mappings· 12

Configuring IGMP proxying· 12

Prerequisites for configuring IGMP proxying· 12

Enabling IGMP proxying· 12

Enabling multicast forwarding on a non-querier interface· 13

Configuring multicast load splitting for IGMP proxy interfaces· 13

Configuring multicast access control 14

Restrictions and guidelines for multicast access control 14

Enabling multicast access control 14

Configuring an IGMP user access policy· 15

Enabling per-session multicast forwarding· 15

Configuring a VLAN-based static group member 16

Enabling IGMP NSR· 17

Display and maintenance commands for IGMP· 17

IGMP configuration examples· 18

Example: Configuring basic IGMP features· 18

Example: Configuring IGMP SSM mapping· 20

Example: Configuring IGMP proxying· 23

Example: Configuring PPPoE-based multicast access control 25

Example: Configuring IPoE-based multicast access control 29

Example: Configuring portal-based multicast access control 34

Troubleshooting IGMP· 39

No membership information on the receiver-side device· 39

Inconsistent membership information on the devices on the same subnet 39

 


Configuring IGMP

About IGMP

Internet Group Management Protocol (IGMP) establishes and maintains the multicast group memberships between a Layer 3 multicast device and the hosts on the directly connected subnet.

IGMP versions

IGMP has the following versions:

·     IGMPv1 (defined by RFC 1112).

·     IGMPv2 (defined by RFC 2236).

·     IGMPv3 (defined by RFC 3376).

All IGMP versions support the ASM model. IGMPv3 can directly implement the SSM model. IGMPv1 and IGMPv2 must work with the IGMP SSM mapping feature to implement the SSM model. For more information about the ASM and SSM models, see "Multicast overview."

IGMPv1 overview

IGMPv1 manages multicast group memberships based on the query and response mechanism.

All devices that run IGMP on the same subnet can get IGMP membership report messages (called reports) from hosts. However, only one device can act as the IGMP querier to send IGMP query messages (called queries). The querier election mechanism determines which device acts as the IGMP querier on the subnet.

In IGMPv1, the DR elected by the multicast routing protocol (such as PIM) acts as the IGMP querier. For more information about DR, see "Configuring PIM."

Figure 1 IGMP queries and reports

As shown in Figure 1, Host B and Host C are interested in the multicast data addressed to the multicast group G1. Host A is interested in the multicast data addressed to G2. The following process describes how the hosts join the multicast groups and how the IGMP querier (Device B in Figure 1) maintains the multicast group memberships:

1.     The hosts send unsolicited IGMP reports to the multicast groups they want to join without having to wait for the IGMP queries.

2.     The IGMP querier periodically multicasts IGMP queries (with the destination address of 224.0.0.1) to all hosts and devices on the local subnet.

3.     After receiving a query message, the host whose report delay timer expires first sends an IGMP report to multicast group G1 to announce its membership for G1. In this example, Host B sends the report message. After receiving the report from Host B, Host C suppresses its own report for G1.

Because IGMP devices already know that G1 has a minimum of one member, other members do not need to report their memberships. This mechanism, known as the host IGMP report suppression, helps reduce traffic on the local subnet.

4.     At the same time, Host A sends a report to the multicast group G2 after receiving a query.

5.     Through the query and response process, the IGMP devices (Device A and Device B) determine that the local subnet has members of G1 and G2. The multicast routing protocol (PIM, for example) on the devices generates (*, G1) and (*, G2) multicast forwarding entries, where asterisk (*) represents any multicast source. These entries are the basis for subsequent multicast forwarding.

6.     When the multicast data addressed to G1 or G2 reaches an IGMP device, the device looks up the multicast forwarding table. Based on the (*, G1) or (*, G2) entries, the device forwards the multicast data to the local subnet. Then, the receivers on the subnet can receive the data.

IGMPv1 does not define a leave group message (often called a leave message). When an IGMPv1 host is leaving a multicast group, it stops sending reports to that multicast group. If the subnet has no members for a multicast group, the IGMP devices will not receive any report addressed to that multicast group. In this case, the devices clear the information for that multicast group after a period of time.

IGMPv2 enhancements

Backwards-compatible with IGMPv1, IGMPv2 has introduced a querier election mechanism and a leave-group mechanism.

Querier election mechanism

In IGMPv1, the DR elected by the Layer 3 multicast routing protocol (such as PIM) acts as the querier.

IGMPv2 introduced an independent querier election mechanism. The querier election process is as follows:

1.     Initially, every IGMPv2 device assumes itself to be the querier. Each device sends IGMP general query messages (called general queries) to all hosts and devices on the local subnet. The destination address is 224.0.0.1.

2.     After receiving a general query, every IGMPv2 device compares the source IP address of the query with its own interface address. The device with the lowest IP address becomes the querier. All the other IGMPv2 devices become non-queriers.

3.     All the non-queriers start the other querier present timer. If a device receives an IGMP query from the querier before the timer expires, it resets this timer. Otherwise, the device considers that the querier has timed out. In this case, the device initiates a new querier election process.

"Leave group" mechanism

In IGMPv1, when a host leaves a multicast group, it does not send any notification to the multicast devices. The multicast devices determine whether a group has members by using the maximum response time. This adds to the leave latency.

In IGMPv2, when a host is leaving a multicast group, the following process occurs:

1.     The host sends a leave message to all devices on the local subnet. The destination address of leave messages is 224.0.0.2.

2.     After receiving the leave message, the querier sends a configurable number of IGMP group-specific queries to the group that the host is leaving. Both the destination address field and the group address field of the message are the address of the multicast group that is being queried.

3.     One of the remaining members (if any on the subnet) in the group should send a report within the maximum response time advertised in the group-specific queries.

4.     If the querier receives a report for the group before the maximum response timer expires, it maintains the memberships for the group. Otherwise, the querier assumes that the local subnet has no member hosts for the group and stops maintaining the memberships for the group.

IGMPv3 enhancements

IGMPv3 is based on and is compatible with IGMPv1 and IGMPv2. It enhances the control capabilities of hosts and the query and report capabilities of IGMP devices.

Enhancements in control capability of hosts

IGMPv3 introduced two source filtering modes (Include and Exclude). These modes allow a host to receive or reject multicast data from the specified multicast sources. When a host joins a multicast group, one of the following occurs:

·     If the host expects to receive multicast data from specific sources like S1, S2, …, it sends a report with the Filter-Mode denoted as "Include Sources (S1, S2, …)."

·     If the host expects to reject multicast data from specific sources like S1, S2, …, it sends a report with the Filter-Mode denoted as "Exclude Sources (S1, S2, …)."

As shown in Figure 2, the network has two multicast sources: Source 1 (S1) and Source 2 (S2). Both of these sources can send multicast data to the multicast group G. Host B wants to receive the multicast data addressed to G from Source 1 but not from Source 2.

Figure 2 Flow paths of source-and-group-specific multicast traffic

In IGMPv1 or IGMPv2, Host B cannot select multicast sources when it joins the multicast group G. The multicast streams from both Source 1 and Source 2 flow to Host B whether or not it needs them.

In IGMPv3, Host B can explicitly express that it needs to receive multicast data destined to the multicast group G from Source 1 but not from Source 2.

Enhancements in query and report capabilities

IGMPv3 introduces IGMP group-and-source queries and IGMP reports carrying group records.

·     Query message carrying the source addresses

IGMPv3 is compatible with IGMPv1 and IGMPv2 and supports IGMP general queries and IGMP group-specific queries. It also introduces IGMP group-and-source-specific queries.

¡     A general query does not carry a group address or a source address.

¡     A group-specific query carries a group address, but no source address.

¡     A group-and-source-specific query carries a group address and one or more source addresses.

·     Reports containing multiple group records

Unlike an IGMPv1 or IGMPv2 report, an IGMPv3 report is destined to 224.0.0.22 and contains one or more group records. Each group record contains a multicast group address and a multicast source address list.

Group records include the following categories:

¡     IS_IN—The current filtering mode is Include. The report sender requests the multicast data only from the sources specified in the Source Address field.

¡     IS_EX—The current filtering mode is Exclude. The report sender requests the multicast data from any sources except those specified in the Source Address field.

¡     TO_IN—The filtering mode has changed from Exclude to Include.

¡     TO_EX—The filtering mode has changed from Include to Exclude.

¡     ALLOW—The Source Address field contains a list of additional sources from which the receiver wants to obtain data. If the current filtering mode is Include, these sources are added to the multicast source list. If the current filtering mode is Exclude, these sources are deleted from the multicast source list.

¡     BLOCK—The Source Address field contains a list of the sources from which the receiver no longer wants to obtain data. If the current filtering mode is Include, these sources are deleted from the multicast source list. If the current filtering mode is Exclude, these sources are added to the multicast source list.

IGMP SSM mapping

An IGMPv3 host can explicitly specify multicast sources in its IGMPv3 reports. From the reports, the IGMP device can obtain the multicast source addresses and directly provide the SSM service. However, an IGMPv1 or IGMPv2 host cannot specify multicast sources in its IGMPv1 or IGMPv2 reports.

The IGMP SSM mapping feature enables the IGMP device to provide SSM support for IGMPv1 or IGMPv2 hosts. The device translates (*, G) in IGMPv1 or IGMPv2 reports into (G, INCLUDE, (S1, S2...)) based on the configured IGMP SSM mappings.

Figure 3 IGMP SSM mapping

As shown in Figure 3, on an SSM network, Host A, Host B, and Host C run IGMPv1, IGMPv2, and IGMPv3, respectively. To provide the SSM service for Host A and Host B, you must configure the IGMP SSM mapping feature on Device A.

After IGMP SSM mappings are configured, Device A checks the multicast group address G in the received IGMPv1 or IGMPv2 report, and performs the following operations:

·     If G is not in the SSM group range, Device A provides the ASM service.

·     If G is in the SSM group range but does not match any IGMP SSM mapping, Device A drops the report.

·     If G is in the SSM group range and matches IGMP SSM mappings, Device A translates (*, G) in the report into (G, INCLUDE, (S1, S2...)) to provide SSM services.

 

NOTE:

The IGMP SSM mapping feature does not process IGMPv3 reports.

For more information about SSM group ranges, see "Configuring PIM."

IGMP proxying

As shown in Figure 4, in a simple tree-shaped topology, it is not necessary to run multicast routing protocols, such as PIM, on edge devices. Instead, you can configure IGMP proxying on these devices. With IGMP proxying configured, the edge device acts as an IGMP proxy:

·     For the upstream IGMP querier, the IGMP proxy device acts as a host.

·     For the downstream receiver hosts, the IGMP proxy device acts as an IGMP querier.

Figure 4 IGMP proxying

The following types of interfaces are defined in IGMP proxying:

·     Host interface—An interface that is in the direction toward the root of the multicast forwarding tree. A host interface acts as a receiver host that is running IGMP. IGMP proxying must be enabled on this interface. This interface is also called the "proxy interface."

·     Router interface—An interface that is in the direction toward the leaf of the multicast forwarding tree. A router interface acts as a router that is running IGMP. IGMP must be configured on this interface.

An IGMP proxy device maintains a group membership database, which stores the group memberships on all the router interfaces. The host interfaces and router interfaces perform actions based on this membership database.

·     The host interfaces respond to queries according to the membership database or send join/leave messages when the database changes.

·     The router interfaces participate in the querier election, send queries, and maintain memberships based on received IGMP reports.

Multicast access control

IP multicast allows users to join any multicast group in order to receive multicast data. In some carrier's services, such as IPTV, users are authenticated and authorized before accessing multicast data.

Multicast access control provides a mechanism to control a user's access to multicast data by limiting the multicast groups that the user can join. When a user logs in, the BRAS downloads the access authorization profile of the user. Based on the authorization profile, the BRAS accepts or denies the reports from the user to join multicast groups.

IGMP support for VPNs

IGMP maintains group memberships on a per-interface basis. After receiving an IGMP message on an interface, IGMP processes the packet within the VPN to which the interface belongs. IGMP only communicates with other multicast protocols within the same VPN instance.

Protocols and standards

·     RFC 1112, Host Extensions for IP Multicasting

·     RFC 2236, Internet Group Management Protocol, Version 2

·     RFC 3376, Internet Group Management Protocol, Version 3

IGMP tasks at a glance

To configure IGMP, perform the following tasks:

1.     Enabling IGMP

2.     (Optional.) Configuring basic IGMP features

¡     Specifying an IGMP version

¡     Configuring a static group member

¡     Configuring a multicast group policy

3.     (Optional.) Adjusting IGMP performance

¡     Configuring IGMP query and response parameters

¡     Enabling fast-leave processing

4.     (Optional.) Configuring IGMP SSM mappings

5.     (Optional.) Configuring IGMP proxying

¡     Enabling IGMP proxying

¡     Enabling multicast forwarding on a non-querier interface

¡     Configuring multicast load splitting for IGMP proxy interfaces

6.     (Optional.) Configuring multicast access control

¡     Enabling multicast access control

¡     Configuring an IGMP user access policy

¡     Enabling per-session multicast forwarding

¡     Configuring a VLAN-based static group member

Prerequisites for IGMP

Before you configure IGMP, you must configure any unicast routing protocol so that all devices can interoperate at the network layer.

Enabling IGMP

Restrictions and guidelines

Enable IGMP on interfaces where the multicast group memberships are established and maintained.

Procedure

1.     Enter system view.

system-view

2.     Enable IP multicast routing and enter MRIB view.

multicast routing [ vpn-instance vpn-instance-name ]

By default, IP multicast routing is disabled.

For more information about this command, see IP Multicast Command Reference.

3.     Return to system view.

quit

4.     Enter interface view.

interface interface-type interface-number

5.     Enable IGMP.

igmp enable

By default, IGMP is disabled.

Configuring basic IGMP features

Specifying an IGMP version

Restrictions and guidelines

For IGMP to operate correctly, specify the same IGMP version for all devices on the same subnet.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Specify an IGMP version on the interface.

igmp version version-number

By default, the IGMP version on an interface is IGMPv2.

Configuring a static group member

About this task

You can configure an interface as a static group member of a multicast group. Then, the interface can always receive multicast data addressed to the specified multicast group.

A static group member does not respond to IGMP queries. When you complete or cancel this configuration on an interface, the interface does not send an unsolicited IGMP report or leave message.

Restrictions and guidelines

The interface to be configured as a static group member has the following restrictions:

·     If the interface is IGMP and PIM-SM enabled, it must be a PIM-SM DR.

·     If the interface is IGMP enabled but not PIM-SM enabled, it must be an IGMP querier.

For more information about PIM-SM and DR, see "Configuring PIM."

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Configure the interface as a static group member.

igmp static-group group-address [ source source-address ]

Configuring a multicast group policy

About this task

This feature enables an interface to filter IGMP reports by using an ACL that specifies multicast groups and the optional sources. It is used to control the multicast groups that the hosts attached to an interface can join.

Restrictions and guidelines

This configuration does not take effect on static group members, because static group members do not send IGMP reports.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Configure a multicast group policy.

igmp group-policy ipv4-acl-number [ version-number ]

Adjusting IGMP performance

Configuring IGMP query and response parameters

About this task

The following are IGMP query and response parameters:

·     IGMP querier's robustness variable—Number of times for retransmitting IGMP queries in case of packet loss. A higher robustness variable makes the IGMP querier more robust, but increases the timeout time for multicast groups.

·     IGMP startup query interval—Interval at which an IGMP querier sends IGMP general queries at startup.

·     IGMP startup query count—Number of IGMP general queries that an IGMP querier sends at startup.

·     IGMP general query interval—Interval at which an IGMP querier sends IGMP general queries to check for multicast group members on the network.

·     IGMP last member query interval—In IGMPv2, it sets the interval at which a querier sends group-specific queries after receiving a leave message. In IGMPv3, it sets the interval at which a querier sends group-and-source-specific queries after receiving a report that changes multicast source and group mappings.

·     IGMP last member query count—In IGMPv2, it sets the number of group-specific queries that a querier sends after receiving a leave message. In IGMPv3, it sets the number of group-and-source-specific queries that a querier sends after receiving a report that changes multicast source and group mappings.

·     IGMP maximum response time—Maximum time before a receiver responds with a report to an IGMP general query. This per-group timer is initialized to a random value in the range of 0 to the maximum response time specified in the IGMP query. When the timer value for a group decreases to 0, the receiver sends an IGMP report to the group.

·     IGMP other querier present timer—Lifetime for an IGMP querier after a non-querier receives an IGMP general query. If the non-querier does not receive a new query when this timer expires, the non-querier considers that the querier has failed and starts a new querier election.

Restrictions and guidelines

To avoid frequent IGMP querier changes, set the IGMP other querier present timer greater than the IGMP general query interval. In addition, configure the same IGMP other querier present timer for all IGMP devices on the same subnet.

To avoid mistakenly deleting multicast receivers, set the IGMP general query interval greater than the maximum response time for IGMP general queries.

To speed up the response to IGMP queries and avoid simultaneous timer expirations that cause IGMP report traffic bursts, set an appropriate maximum response time.

·     For IGMP general queries, the maximum response time is set by the max-response-time command.

·     For IGMP group-specific queries and IGMP group-and-source-specific queries, the maximum response time equals the IGMP last member query interval.

The following configurations take effect only on the devices that run IGMPv2 and IGMPv3:

·     Maximum response time for IGMP general queries.

·     IGMP last member query interval.

·     IGMP last member query count.

·     IGMP other querier present interval.

You can configure the IGMP query and response parameters globally for all interfaces in IGMP view or for an interface in interface view. The interface-specific configuration takes priority over the global configuration.

Configuring the IGMP query and response parameters globally

1.     Enter system view.

system-view

2.     Enter IGMP view.

igmp [ vpn-instance vpn-instance-name ]

3.     Set the IGMP querier's robustness variable.

robust-count count

By default, the IGMP querier's robustness variable is 2.

4.     Set the IGMP startup query interval.

startup-query-interval interval

By default, the IGMP startup query interval is equal to one quarter of the IGMP general query interval.

5.     Set the IGMP startup query count.

startup-query-count count

By default, the IGMP startup query count is equal to the IGMP querier's robustness variable.

6.     Set the IGMP general query interval.

query-interval interval

By default, the IGMP general query interval is 125 seconds.

7.     Set the IGMP last member query interval.

last-member-query-interval interval

By default, the IGMP last member query interval is 1 second.

8.     Set the IGMP last member query count.

last-member-query-count count

By default, the IGMP last member query count is equal to the IGMP querier's robustness variable.

9.     Set the maximum response time for IGMP general queries.

max-response-time time

By default, the maximum response time for IGMP general queries is 10 seconds.

10.     Set the IGMP other querier present timer.

other-querier-present-interval interval

By default, the IGMP other querier present timer is calculated by using the following formula:
[ IGMP general query interval ] × [ IGMP robustness variable ] + [ maximum response time for IGMP general queries ] / 2.

Configuring the IGMP query and response parameters on an interface

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Set the IGMP querier's robustness variable.

igmp robust-count count

By default, the IGMP querier's robustness variable is 2.

4.     Set the IGMP startup query interval.

igmp startup-query-interval interval

By default, the IGMP startup query interval is equal to one quarter of the IGMP general query interval.

5.     Set the IGMP startup query count.

igmp startup-query-count count

By default, the IGMP startup query count is equal to the IGMP querier's robustness variable.

6.     Set the IGMP general query interval.

igmp query-interval interval

By default, the IGMP general query interval is 125 seconds.

7.     Set the IGMP last member query interval.

igmp last-member-query-interval interval

By default, the IGMP last member query interval is 1 second.

8.     Set the IGMP last member query count.

igmp last-member-query-count count

By default, the IGMP last member query count is equal to the IGMP querier's robustness variable.

9.     Set the maximum response time for IGMP general queries.

igmp max-response-time time

By default, the maximum response time for IGMP general queries is 10 seconds.

10.     Set the IGMP other querier present timer.

igmp other-querier-present-interval interval

By default, the IGMP other querier present timer is calculated by using the following formula:
[ IGMP general query interval ] × [ IGMP robustness variable ] + [ maximum response time for IGMP general queries ] / 2.

Enabling fast-leave processing

About this task

This feature enables an IGMP querier to send leave notifications to the upstream without sending group-specific or group-and-source-specific queries after receiving a leave message. Use this feature to reduce leave latency and to preserve the network bandwidth.

Restrictions and guidelines

The fast-leave processing configuration takes effect only when the device runs IGMPv2 or IGMPv3.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Enable fast-leave processing.

igmp fast-leave [ group-policy ipv4-acl-number ]

By default, fast-leave processing is disabled.

Configuring IGMP SSM mappings

About this task

This feature enables the device to provide SSM services for IGMPv1 or IGMPv2 hosts.

Restrictions and guidelines

This feature does not process IGMPv3 messages. Enable IGMPv3 on the receiver-side interface to ensure that IGMPv3 reports can be processed..

Procedure

1.     Enter system view.

system-view

2.     Enter IGMP view.

igmp [ vpn-instance vpn-instance-name ]

3.     Configure an IGMP SSM mapping.

ssm-mapping source-address ipv4-acl-number

Configuring IGMP proxying

Prerequisites for configuring IGMP proxying

Before you configure IGMP proxying, determine the router interfaces and host interfaces based on the network topology, and enable IGMP on the router interfaces.

Enabling IGMP proxying

Restrictions and guidelines

Enable IGMP proxying on the receiver-side interfaces.

On an interface enabled with IGMP proxying, only the igmp version command takes effect and other IGMP commands do not take effect.

If you enable both IGMP proxying and a multicast routing protocol (such as PIM or MSDP) on the same device, the multicast routing protocol does not take effect.

In IGMPv1, the DR is elected by PIM and acts as the IGMP querier. Because PIM does not take effect on a proxy device, a router interface running IGMPv1 cannot be elected as the DR. To ensure that the downstream receiver hosts on the router interface can receive multicast data, you must enable multicast forwarding on the interface. For more information, see "Enabling multicast forwarding on a non-querier interface."

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Enable IGMP proxying.

igmp proxying enable

By default, IGMP proxying is disabled.

Enabling multicast forwarding on a non-querier interface

About this task

Typically, only IGMP queriers can forward multicast traffic and non-queriers cannot. This prevents multicast data from being repeatedly forwarded. If a router interface on an IGMP proxy device failed in the querier election, enable multicast forwarding on the interface to forward multicast data to attached receiver hosts.

Restrictions and guidelines

A shared-media network might have multiple IGMP proxies, including one proxy acting as a querier. To avoid duplicate multicast traffic, do not enable multicast forwarding on any of the non-querier IGMP proxies for the network.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Enable multicast forwarding on the interface.

igmp proxy forwarding

By default, multicast forwarding is disabled on a non-querier interface.

Configuring multicast load splitting for IGMP proxy interfaces

About this task

If multiple IGMP proxy interfaces exist on the device, only the proxy interface with the highest IP address forwards multicast traffic. You can enable multicast load splitting for IGMP proxy interfaces so that all the proxy interfaces can share multicast traffic.

Procedure

1.     Enter system view.

system-view

2.     Enter IGMP view.

igmp [ vpn-instance vpn-instance-name ]

3.     Enable multicast load splitting for IGMP proxy interfaces.

proxy multipath

By default, multicast load splitting is disabled for IGMP proxy interfaces.

Configuring multicast access control

Restrictions and guidelines for multicast access control

Configure multicast access control only on the BRAS.

Enabling multicast access control

Restrictions and guidelines

Enable multicast access control on interfaces of the BRAS where you want to control the downstream users' access to multicast traffic.

This feature takes effect only on local online users. Non-local users and offline users are not affected.

Make sure the device does not run IGMPv1. If the device runs IGMPv1, no IGMP querier will be elected.

Procedure

1.     Enter system view.

system-view

2.     Enter Layer 3 interface view.

¡     Enter Layer 3 Ethernet interface view.

interface interface-type interface-number

¡     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

¡     Enter Layer 3 aggregate interface view.

interface route-aggregation interface-number

¡     Enter Layer 3 aggregate subinterface view.

interface route-aggregation interface-number.subnumber

¡     Enter VT interface view.

interface virtual-template number

3.     Enable multicast access control.

igmp authorization-enable

By default, multicast access control is disabled.

Configuring an IGMP user access policy

About this task

This feature enables the BRAS to filter IGMP reports by using an ACL that specifies the multicast groups in a user profile. Use this feature to control the multicast groups that an IGMP user can join.

You can also configure a multicast group list on the RADIUS server to achieve the same purpose. A user can join a multicast group if the group is in the group list.

If you specify both a multicast group list and a user access policy, a user can join a multicast group that matches either of them.

Procedure

1.     Enter system view.

system-view

2.     Enter ISP domain view.

domain isp-name

For more information about this command, see Security Command Reference.

3.     Configure the default authorization user profile for the ISP domain.

authorization-attribute user-profile profile-name

By default, the default authorization user profile is not configured for an ISP domain.

The authorization user profile configuration on the RADIUS server takes priority over the configuration made in an ISP domain.

For more information about this command, see Security Command Reference.

4.     Return to system view.

quit

5.     Enter user profile view.

user-profile profile-name

For more information about this command, see Security Command Reference.

6.     Configure an IGMP user access policy.

igmp access-policy ipv4-acl-number

You can repeat this command to configure multiple IGMP user access policies. An IGMP report is permitted if it matches one of the access policies.

Enabling per-session multicast forwarding

About this task

By default, the BRAS forwards multicast traffic on a per-interface basis. It sends only one copy of multicast traffic to a downstream interface, and the downstream IGMP snooping device replicates the multicast traffic to each receiver.

If the downstream device does not support IGMP snooping, you can configure the downstream interface on the BRAS to forward multicast traffic on a per-session basis. This allows the BRAS to send a separate copy of the multicast data to each receiver.

Restrictions and guidelines

This configuration automatically deletes the static multicast forwarding entries created by the non-VLAN-based static member group configurations.

Procedure

1.     Enter system view.

system-view

2.     Enter Layer 3 interface view.

¡     Enter Layer 3 Ethernet interface view.

interface interface-type interface-number

¡     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

¡     Enter Layer 3 aggregate interface view.

interface route-aggregation interface-number

¡     Enter Layer 3 aggregate subinterface view.

interface route-aggregation interface-number.subnumber

3.     Enable per-session multicast forwarding.

igmp join-by-session

By default, per-interface multicast forwarding is enabled.

Configuring a VLAN-based static group member

About this task

In access-controlled multicast, multicast packets are VLAN-tagged. When you configure a subinterface on the BRAS as a static group member, you must specify the VLANs to which the subinterface belongs. Otherwise, the subinterface cannot join the multicast group, and the static multicast forwarding entry cannot be created.

Restrictions and guidelines

For the same multicast group, the non-VLAN-based, single-VLAN-based, or double-VLAN-based static member interface configurations are mutually exclusive.

For a successful, static multicast forwarding entry creation, do not configure the igmp join-by-session or igmp user-vlan-aggregation dot1q command on a subinterface when you configure it as a non-VLAN-based static member interface.

When you configure a subinterface as a VLAN-based static member interface, you must also configure the igmp join-by-session or igmp user-vlan-aggregation dot1q command on this subinterface. A static multicast forwarding entry can be created under either of the following conditions:

·     When the igmp join-by-session command is configured, users that belong to the specified VLANs log in.

·     When the user-vlan-aggregation dot1q command is configured, the specified VLAN IDs are the same as or are included in the VLAN IDs specified in the igmp static-group command.

Procedure

1.     Enter system view.

system-view

2.     Enter Layer 3 subinterface view.

¡     Enter Layer 3 Ethernet subinterface view.

interface interface-type interface-number.subnumber

¡     Enter Layer 3 aggregate subinterface view.

interface route-aggregation interface-number.subnumber

3.     Configure the subinterface as a VLAN-based static group member.

igmp static-group group-address [ source source-address ] { dot1q vid vlan-list | dot1q vid vlan-id second-dot1q vlan-list }

Enabling IGMP NSR

About this task

This feature backs up information about IGMP interfaces and IGMP multicast groups to the standby process. The device recovers the information without cooperation of other devices when an active/standby switchover occurs. Use this feature to prevent an active/standby switchover from affecting the multicast service.

Procedure

1.     Enter system view.

system-view

2.     Enable IGMP NSR.

igmp non-stop-routing

By default, IGMP NSR is disabled.

Display and maintenance commands for IGMP

CAUTION

CAUTION:

The reset igmp group command might cause multicast data transmission failures.

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display information about IGMP multicast groups.

display igmp [ vpn-instance vpn-instance-name ] group [ group-address | interface interface-type interface-number ] [ static | verbose ]

Display IGMP information for interfaces.

display igmp [ vpn-instance vpn-instance-name ] interface [ interface-type interface-number ] [ host | proxy ] [ verbose ]

Display multicast group membership information maintained by the IGMP proxy.

display igmp [ vpn-instance vpn-instance-name ] proxy group [ group-address | interface interface-type interface-number ] [ verbose ]

Display multicast routing entries maintained by the IGMP proxy.

display igmp [ vpn-instance vpn-instance-name ] proxy routing-table [ source-address [ mask { mask-length | mask } ] | group-address [ mask { mask-length | mask } ] ] * [ verbose ]

Display IGMP SSM mappings.

display igmp [ vpn-instance vpn-instance-name ] ssm-mapping group-address

Display authorization information for IGMP users.

display igmp user-authorization [ interface interface-type interface-number ]

Clear dynamic IGMP multicast group entries.

reset igmp [ vpn-instance vpn-instance-name ] group { all | interface interface-type interface-number { all | group-address [ mask { mask | mask-length } ] [ source-address [ mask { mask | mask-length } ] ] } }

IGMP configuration examples

Example: Configuring basic IGMP features

Network configuration

As shown in Figure 5:

·     OSPF and PIM-DM run on the network.

·     VOD streams are sent to receiver hosts in multicast. Receiver hosts of different organizations form stub networks N1 and N2. Host A and Host C are receiver hosts in N1 and N2, respectively.

·     IGMPv2 runs between Router A and N1, and between the other two routers and N2. Router A acts as the IGMP querier in N1. Router B acts as the IGMP querier in N2 because it has a lower IP address.

Configure the routers to meet the following requirements:

·     The hosts in N1 can join only multicast group 224.1.1.1.

·     The hosts in N2 can join any multicast groups.

Figure 5 Network diagram

 

Procedure

1.     Assign an IP address and subnet mask to each interface, as shown in Figure 5. (Details not shown.)

2.     Configure OSPF on the routers in the PIM-DM domain. (Details not shown.)

3.     Enable IP multicast routing, and enable IGMP and PIM-DM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable IGMP on GigabitEthernet 1/0.

[RouterA] interface gigabitethernet 1/0

[RouterA-GigabitEthernet1/0] igmp enable

[RouterA-GigabitEthernet1/0] quit

# Enable PIM-DM on GigabitEthernet 2/0.

[RouterA] interface gigabitethernet 2/0

[RouterA-GigabitEthernet2/0] pim dm

[RouterA-GigabitEthernet2/0] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable IGMP on GigabitEthernet 1/0.

[RouterB] interface gigabitethernet 1/0

[RouterB-GigabitEthernet1/0] igmp enable

[RouterB-GigabitEthernet1/0] quit

# Enable PIM-DM on GigabitEthernet 2/0.

[RouterB] interface gigabitethernet 2/0

[RouterB-GigabitEthernet2/0] pim dm

[RouterB-GigabitEthernet2/0] quit

# On Router C, enable IP multicast routing.

<RouterC> system-view

[RouterC] multicast routing

[RouterC-mrib] quit

# Enable IGMP on GigabitEthernet 1/0.

[RouterC] interface gigabitethernet 1/0

[RouterC-GigabitEthernet1/0] igmp enable

[RouterC-GigabitEthernet1/0] quit

# Enable PIM-DM on GigabitEthernet 2/0.

[RouterC] interface gigabitethernet 2/0

[RouterC-GigabitEthernet2/0] pim dm

[RouterC-GigabitEthernet2/0] quit

4.     Configure a multicast group policy on Router A so that the hosts connected to GigabitEthernet 1/0 can join only multicast group 224.1.1.1.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 224.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] interface gigabitethernet 1/0

[RouterA-GigabitEthernet1/0] igmp group-policy 2001

[RouterA-GigabitEthernet1/0] quit

Verifying the configuration

# Display IGMP information for GigabitEthernet 1/0 on Router B.

[RouterB] display igmp interface gigabitethernet 1/0

 GigabitEthernet1/0(10.110.2.1):

   IGMP is enabled.

   IGMP version: 2

   Query interval for IGMP: 125s

   Other querier present time for IGMP: 255s

   Maximum query response time for IGMP: 10s

   Querier for IGMP: 10.110.2.1 (This router)

  IGMP groups reported in total: 1

Example: Configuring IGMP SSM mapping

Network configuration

As shown in Figure 6:

·     OSPF runs on the network.

·     The PIM-SM domain uses the SSM model for multicast delivery. The SSM group range is 232.1.1.0/24.

·     IGMPv3 runs on GigabitEthernet 1/0 on Router D. The receiver host runs IGMPv2, and does not support IGMPv3. The receiver host cannot specify multicast sources in its membership reports.

·     Source 1, Source 2, and Source 3 send multicast packets to multicast groups in the SSM group range 232.1.1.0/24.

Configure the IGMP SSM mapping feature on Router D so that the receiver host can receive multicast data only from Source 1 and Source 3.

Figure 6 Network diagram

Table 1 Interface and IP address assignment

Device

Interface

IP address

Device

Interface

IP address

Source 1

133.133.1.1/24

Source 3

133.133.3.1/24

Source 2

133.133.2.1/24

Receiver

133.133.4.1/24

Router A

GE1/0

133.133.1.2/24

Router C

GE1/0

133.133.3.2/24

Router A

GE2/0

192.168.1.1/24

Router C

GE2/0

192.168.3.1/24

Router A

GE3/0

192.168.4.2/24

Router C

GE3/0

192.168.2.2/24

Router B

GE1/0

133.133.2.2/24

Router D

GE1/0

133.133.4.2/24

Router B

GE2/0

192.168.1.2/24

Router D

GE2/0

192.168.3.2/24

Router B

GE3/0

192.168.2.1/24

Router D

GE3/0

192.168.4.1/24

 

Procedure

1.     Assign an IP address and subnet mask to each interface, as shown in Figure 6. (Details not shown.)

2.     Configure OSPF on the routers in the PIM-SM domain. (Details not shown.)

3.     Enable IP multicast routing, PIM-SM, and IGMP:

# On Router D, enable IP multicast routing.

<RouterD> system-view

[RouterD] multicast routing

[RouterD-mrib] quit

# Enable IGMPv3 on the receiver-side interface (GigabitEthernet 1/0).

[RouterD] interface gigabitethernet 1/0

[RouterD-GigabitEthernet1/0] igmp enable

[RouterD-GigabitEthernet1/0] igmp version 3

[RouterD-GigabitEthernet1/0] quit

# Enable PIM-SM on the other interfaces.

[RouterD] interface gigabitethernet 2/0

[RouterD-GigabitEthernet2/0] pim sm

[RouterD-GigabitEthernet2/0] quit

[RouterD] interface gigabitethernet 3/0

[RouterD-GigabitEthernet3/0] pim sm

[RouterD-GigabitEthernet3/0] quit

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on each interface.

[RouterA] interface gigabitethernet 1/0

[RouterA-GigabitEthernet1/0] pim sm

[RouterA-GigabitEthernet1/0] quit

[RouterA] interface gigabitethernet 2/0

[RouterA-GigabitEthernet2/0] pim sm

[RouterA-GigabitEthernet2/0] quit

[RouterA] interface gigabitethernet 3/0

[RouterA-GigabitEthernet3/0] pim sm

[RouterA-GigabitEthernet3/0] quit

# Configure Router B and Router C in the same way Router A is configured. (Details not shown.)

4.     Configure the SSM group range:

# On Router D, specify 232.1.1.0/24 as the SSM group range.

[RouterD] acl basic 2000

[RouterD-acl-ipv4-basic-2000] rule permit source 232.1.1.0 0.0.0.255

[RouterD-acl-ipv4-basic-2000] quit

[RouterD] pim

[RouterD-pim] ssm-policy 2000

[RouterD-pim] quit

# Configure the SSM group range on Router A, Router B, and Router C in the same way Router D is configured. (Details not shown.)

5.     Configure IGMP SSM mappings on Router D.

[RouterD] igmp

[RouterD-igmp] ssm-mapping 133.133.1.1 2000

[RouterD-igmp] ssm-mapping 133.133.3.1 2000

[RouterD-igmp] quit

Verifying the configuration

# Display IGMP SSM mappings for multicast group 232.1.1.1 on Router D.

[RouterD] display igmp ssm-mapping 232.1.1.1

 Group: 232.1.1.1

 Source list:

        133.133.1.1

        133.133.3.1

# On Router D, display information about IGMP multicast groups that hosts have dynamically joined.

[RouterD] display igmp group

IGMP groups in total: 1

 GigabitEthernet1/0(133.133.4.2):

  IGMP groups reported in total: 1

   Group address   Last reporter   Uptime      Expires

   232.1.1.1       133.133.4.1     00:02:04    off

# Display PIM routing entries on Router D.

[RouterD] display pim routing-table

 Total 0 (*, G) entry; 2 (S, G) entry

 

 (133.133.1.1, 232.1.1.1)

     Protocol: pim-ssm, Flag:

     UpTime: 00:13:25

     Upstream interface: GigabitEthernet3/0

         Upstream neighbor: 192.168.4.2

         RPF prime neighbor: 192.168.4.2

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: GigabitEthernet1/0

             Protocol: igmp, UpTime: 00:13:25, Expires: -

 

 (133.133.3.1, 232.1.1.1)

     Protocol: pim-ssm, Flag:

     UpTime: 00:13:25

     Upstream interface: GigabitEthernet2/0

         Upstream neighbor: 192.168.3.1

         RPF prime neighbor: 192.168.3.1

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: GigabitEthernet1/0

             Protocol: igmp, UpTime: 00:13:25, Expires: -

Example: Configuring IGMP proxying

Network configuration

As shown in Figure 7:

·     PIM-DM runs on the core network.

·     Host A and Host C on the stub network receive VOD information sent to multicast group 224.1.1.1.

Configure the IGMP proxying feature on Router B so that Router B can maintain group memberships and forward multicast traffic without running PIM-DM.

Figure 7 Network diagram

Procedure

1.     Assign an IP address and subnet mask to each interface, as shown in Figure 7. (Details not shown.)

2.     Enable IP multicast routing, PIM-DM, IGMP, and IGMP proxying:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-DM on GigabitEthernet 2/0.

[RouterA] interface gigabitethernet 2/0

[RouterA-GigabitEthernet2/0] pim dm

[RouterA-GigabitEthernet2/0] quit

# Enable IGMP on GigabitEthernet 1/0.

[RouterA] interface gigabitethernet 1/0

[RouterA-GigabitEthernet1/0] igmp enable

[RouterA-GigabitEthernet1/0] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable IGMP proxying on GigabitEthernet 1/0.

[RouterB] interface gigabitethernet 1/0

[RouterB-GigabitEthernet1/0] igmp proxy enable

[RouterB-GigabitEthernet1/0] quit

# Enable IGMP on GigabitEthernet 2/0.

[RouterB] interface gigabitethernet 2/0

[RouterB-GigabitEthernet2/0] igmp enable

[RouterB-GigabitEthernet2/0] quit

Verifying the configuration

# Display multicast group membership information maintained by the IGMP proxy on Router B.

[RouterB] display igmp proxy group

IGMP proxy group records in total: 1

 GigabitEthernet1/0(192.168.1.2):

  IGMP proxy group records in total: 1

   Group address      Member state      Expires

   224.1.1.1          Delay             00:00:02

Example: Configuring PPPoE-based multicast access control

Network configuration

As shown in Figure 8:

·     OSPF runs in the PIM-SM domain.

·     Source 1, Source 2, and Source 3 send multicast data to multicast groups 224.1.1.1, 225.1.1.1, and 226.1.1.1, respectively.

·     GigabitEthernet 2/0 on Router A acts as a C-BSR and a C-RP, and it is designated to all multicast groups.

·     Router A acts as the BRAS, and it connects the users in ISP 1 and ISP 2 to the PIM-SM network.

Configure the multicast access control feature on Router A to meet the following requirements:

·     Host A and Host B in ISP 1 can join only multicast groups 224.1.1.1 and 225.1.1.1.

·     Host C and Host D in ISP 2 can join only multicast groups 225.1.1.1 and 226.1.1.1.

Figure 8 Network diagram

Table 2 Interface and IP address assignment

Device

Interface

IP address

Device

Interface

IP address

Source 1

10.100.1.1/24

Host A

192.168.1.2/24

Source 2

10.100.2.1/24

Host B

192.168.1.3/24

Source 3

10.100.3.1/24

Host C

192.168.2.2/24

RADIUS server

11.110.4.2/24

Host D

192.168.2.3/24

Router B

GE1/0

11.110.1.2/24

Router A

GE1/0

11.110.1.1/24

Router B

GE2/0

10.100.1.2/24

Router A

GE2/0

11.110.2.1/24

Router C

GE1/0

11.110.2.2/24

Router A

GE3/0

11.110.3.1/24

Router C

GE2/0

10.100.2.2/24

Router A

GE4/0

11.110.4.1/24

Router D

GE1/0

11.110.3.2/24

Router A

GE5/0.1

192.168.1.1/24

Router D

GE2/0

10.100.3.2/24

Router A

GE5/0.2

192.168.2.1/24

Procedure

1.     Assign an IP address and subnet mask to each interface, as shown in Table 2. (Details not shown.)

2.     Configure OSPF in the PIM-SM domain. (Details not shown.)

3.     Enable IP multicast routing, and configure PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on GigabitEthernet 1/0 through GigabitEthernet 3/0.

[RouterA] interface gigabitethernet 1/0

[RouterA-GigabitEthernet1/0] pim sm

[RouterA-GigabitEthernet1/0] quit

[RouterA] interface gigabitethernet 2/0

[RouterA-GigabitEthernet2/0] pim sm

[RouterA-GigabitEthernet2/0] quit

[RouterA] interface gigabitethernet 3/0

[RouterA-GigabitEthernet3/0] pim sm

[RouterA-GigabitEthernet3/0] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable PIM-SM on each interface.

[RouterB] interface gigabitethernet 1/0

[RouterB-GigabitEthernet1/0] pim sm

[RouterB-GigabitEthernet1/0] quit

[RouterB] interface gigabitethernet 2/0

[RouterB-GigabitEthernet2/0] pim sm

[RouterB-GigabitEthernet2/0] quit

# Configure Router C and Router D in the same way Router B is configured. (Details not shown.)

# On Router A, configure GigabitEthernet 2/0 as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 11.110.2.1

[RouterA-pim] c-rp 11.110.2.1

[RouterA-pim] quit

4.     Configure the access service on the BRAS:

# Configure a RADIUS scheme.

[RouterA] radius scheme spec

[RouterA-radius-spec] primary authentication 11.110.4.2 key simple 123456

[RouterA-radius-spec] primary accounting 11.110.4.2 key simple 123456

[RouterA-radius-spec] user-name-format without-domain

[RouterA-radius-spec] nas-ip 11.110.4.1

[RouterA-radius-spec] quit

# Create an ISP domain named isp1 and specify the STB service for users in the ISP domain.

[RouterA] domain isp1

[RouterA-isp-isp1] service-type stb

# Configure AAA methods for ISP domain isp1.

[RouterA-isp-isp1] authentication ppp radius-scheme spec

[RouterA-isp-isp1] authorization ppp radius-scheme spec

[RouterA-isp-isp1] accounting ppp radius-scheme spec

[RouterA-isp-isp1] quit

# Create an ISP domain named isp2, and specify the STB service for users in the ISP domain.

[RouterA] domain isp2

[RouterA-isp-isp2] service-type stb

# Configure AAA methods for ISP domain isp2.

[RouterA-isp-isp2] authentication ppp radius-scheme spec

[RouterA-isp-isp2] authorization ppp radius-scheme spec

[RouterA-isp-isp2] accounting ppp radius-scheme spec

[RouterA-isp-isp2] quit

# Create interface Virtual-Template 1, and assign an IP address and subnet mask to the interface.

[RouterA] interface virtual-template 1

[RouterA-Virtual-Template1] ip address 2.1.1.1 255.255.255.0

# Configure interface Virtual-Template 1 to authenticate users in ISP domain isp1 by using PAP.

[RouterA-Virtual-Template1] ppp authentication-mode pap domain isp1

[RouterA-Virtual-Template1] quit

# Create interface Virtual-Template 2, and assign an IP address and subnet mask to the interface.

[RouterA] interface virtual-template 2

[RouterA-Virtual-Template2] ip address 2.1.2.1 255.255.255.0

# Configure interface Virtual-Template 2 to authenticate users in ISP domain isp2 by using PAP.

[RouterA-Virtual-Template2] ppp authentication-mode pap domain isp2

[RouterA-Virtual-Template2] quit

# Configure GigabitEthernet 5/0.1 to terminate VLAN-tagged packets whose outer VLAN ID is 1 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface gigabitethernet 5/0.1

[RouterA-GigabitEthernet5/0.1] vlan-type dot1q vid 1 second-dot1q 1 to 100

# Bind GigabitEthernet 5/0.1 to interface Virtual-Template 1.

[RouterA-GigabitEthernet5/0.1] pppoe-server bind virtual-template 1

[RouterA-GigabitEthernet5/0.1] quit

# Configure GigabitEthernet 5/0.2 to terminate VLAN-tagged packets whose outer VLAN ID is 2 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface gigabitethernet 5/0.2

[RouterA-GigabitEthernet5/0.2] vlan-type dot1q vid 2 second-dot1q 1 to 100

# Bind subinterface GigabitEthernet 5/0.2 to interface Virtual-Template 2.

[RouterA-GigabitEthernet5/0.2] pppoe-server bind virtual-template 2

[RouterA-GigabitEthernet5/0.2] quit

5.     Configure multicast access control on the BRAS:

# Enable IGMP and multicast access control on interface Virtual-Template 1.

[RouterA] interface virtual-template 1

[RouterA-Virtual-Template1] igmp enable

[RouterA-Virtual-Template1] igmp authorization-enable

[RouterA-Virtual-Template1] quit

# Configure interface Virtual-Template 2 in the same way interface Virtual-Template 1 is configured. (Details not shown.)

# Configure an access policy in user profile profile1 to authorize IGMP users to join multicast groups 224.1.1.1 and 225.1.1.1.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule permit source 224.1.1.1 0

[RouterA-acl-ipv4-basic-2000] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2000] quit

[RouterA] user-profile profile1

[RouterA-user-profile-profile1] igmp access-policy 2000

[RouterA-user-profile-profile1] quit

# Specify user profile profile1 for users in ISP domain isp1.

[RouterA] domain isp1

[RouterA-isp-isp1] authorization-attribute user-profile profile1

[RouterA-isp-isp1] quit

# Configure an access policy in user profile profile2 to authorize IGMP users to join multicast groups 225.1.1.1 and 226.1.1.1.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2001] rule permit source 226.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] user-profile profile2

[RouterA-user-profile-profile2] igmp access-policy 2001

[RouterA-user-profile-profile2] quit

# Specify user profile profile2 for users in ISP domain isp2.

[RouterA] domain isp2

[RouterA-isp-isp2] authorization-attribute user-profile profile2

[RouterA-isp-isp2] quit

Verifying the configuration

# Display authorized IGMP user information on Router A after Host A and Host C log in.

[RouterA] display igmp user-authorization

 Authorized users in total: 2

 

   User name: user1@isp1

   Access type: PPP

   Interface: Virtual-Access0

   Access interface: Virtual-Access0

   Maximum programs for order: 4

   User profile: profile1

   Authorized programs list:

 

   User name: user1@isp2

   Access type: PPP

   Interface: Virtual-Access1

   Access interface: Virtual-Access1

   Maximum programs for order: 4

   User profile: profile2

   Authorized programs list:

Example: Configuring IPoE-based multicast access control

Network configuration

As shown in Figure 9:

·     OSPF runs in the PIM-SM domain.

·     Source 1, Source 2, and Source 3 send multicast data to multicast groups 224.1.1.1, 225.1.1.1, and 226.1.1.1, respectively.

·     GigabitEthernet 2/0 on Router A acts as a C-BSR and a C-RP, and it is designated to all multicast groups.

·     Router A acts as the BRAS, and connects the users in ISP 1 and ISP 2 to the PIM-SM network.

Configure the multicast access control feature on Router A to meet the following requirements:

·     Host A and Host B in ISP 1 can join only multicast groups 224.1.1.1 and 225.1.1.1.

·     Host C and Host D in ISP 2 can join only multicast groups 225.1.1.1 and 226.1.1.1.

Figure 9 Network diagram

Table 3 Interface and IP address assignment

Device

Interface

IP address

Device

Interface

IP address

Source 1

10.100.1.1/24

Host A

192.168.1.2/24

Source 2

10.100.2.1/24

Host B

192.168.1.3/24

Source 3

10.100.3.1/24

Host C

192.168.2.2/24

RADIUS server

11.110.4.2/24

Host D

192.168.2.3/24

Router B

GE1/0

11.110.1.2/24

Router A

GE1/0

11.110.1.1/24

Router B

GE2/0

10.100.1.2/24

Router A

GE2/0

11.110.2.1/24

Router C

GE1/0

11.110.2.2/24

Router A

GE3/0

11.110.3.1/24

Router C

GE2/0

10.100.2.2/24

Router A

GE4/0

11.110.4.1/24

Router D

GE1/0

11.110.3.2/24

Router A

GE5/0.1

192.168.1.1/24

Router D

GE2/0

10.100.3.2/24

Router A

GE5/0.2

192.168.2.1/24

Procedure

1.     Assign an IP address and subnet mask to each interface, as shown in Table 3. (Details not shown.)

2.     Configure OSPF in the PIM-SM domain. (Details not shown.)

3.     Enable IP multicast routing, and configure PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on GigabitEthernet 1/0 through GigabitEthernet 3/0.

[RouterA] interface gigabitethernet 1/0

[RouterA-GigabitEthernet1/0] pim sm

[RouterA-GigabitEthernet1/0] quit

[RouterA] interface gigabitethernet 2/0

[RouterA-GigabitEthernet2/0] pim sm

[RouterA-GigabitEthernet2/0] quit

[RouterA] interface gigabitethernet 3/0

[RouterA-GigabitEthernet3/0] pim sm

[RouterA-GigabitEthernet3/0] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable PIM-SM on each interface.

[RouterB] interface gigabitethernet 1/0

[RouterB-GigabitEthernet1/0] pim sm

[RouterB-GigabitEthernet1/0] quit

[RouterB] interface gigabitethernet 2/0

[RouterB-GigabitEthernet2/0] pim sm

[RouterB-GigabitEthernet2/0] quit

# Configure Router C and Router D in the same way Router B is configured. (Details not shown.)

# On Router A, configure GigabitEthernet 2/0 as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 11.110.2.1

[RouterA-pim] c-rp 11.110.2.1

[RouterA-pim] quit

4.     Configure the access service on the BRAS:

# Configure a RADIUS scheme.

[RouterA] radius scheme spec

[RouterA-radius-spec] primary authentication 11.110.4.2 key simple 123456

[RouterA-radius-spec] primary accounting 11.110.4.2 key simple 123456

[RouterA-radius-spec] user-name-format without-domain

[RouterA-radius-spec] nas-ip 11.110.4.1

[RouterA-radius-spec] quit

# Create an ISP domain named isp1, and specify the STB service for users in the ISP domain.

[RouterA] domain isp1

[RouterA-isp-isp1] service-type stb

# Configure AAA methods for ISP domain isp1.

[RouterA-isp-isp1] authentication ipoe radius-scheme spec

[RouterA-isp-isp1] authorization ipoe radius-scheme spec

[RouterA-isp-isp1] accounting ipoe radius-scheme spec

[RouterA-isp-isp1] quit

# Create an ISP domain named isp2, and specify the STB service for users in the ISP domain.

[RouterA] domain isp2

[RouterA-isp-isp2] service-type stb

# Configure AAA methods for ISP domain isp2.

[RouterA-isp-isp2] authentication ipoe radius-scheme spec

[RouterA-isp-isp2] authorization ipoe radius-scheme spec

[RouterA-isp-isp2] accounting ipoe radius-scheme spec

[RouterA-isp-isp2] quit

# Enable DHCP on Router A.

[RouterA] dhcp enable

# Create a DHCP address pool named 1.

[RouterA] dhcp server ip-pool 1

# Specify the subnet 192.168.2.1/24 in DHCP address pool 1.

[RouterA-dhcp-pool-1] network 192.168.2.1 mask 255.255.255.0

# Specify the domain name isp1 in DHCP address pool 1.

[RouterA-dhcp-pool-1] domain-name isp1

[RouterA-dhcp-pool-1] quit

# Create a DHCP address pool named 2.

[RouterA] dhcp server ip-pool 2

# Specify the subnet 192.168.3.1/24 in DHCP address pool 2.

[RouterA-dhcp-pool-2] network 192.168.3.1 mask 255.255.255.0

# Specify the domain name isp2 in DHCP address pool 2.

[RouterA-dhcp-pool-2] domain-name isp2

[RouterA-dhcp-pool-2] quit

# Configure GigabitEthernet 5/0.1 to terminate VLAN-tagged packets whose outer VLAN ID is 1 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface gigabitethernet 5/0.1

[RouterA-GigabitEthernet5/0.1] vlan-type dot1q vid 1 second-dot1q 1 to 100

# Configure the DHCP service on GigabitEthernet 5/0.1.

[RouterA-GigabitEthernet5/0.1] dhcp server apply ip-pool 1

[RouterA-GigabitEthernet5/0.1] ip subscriber routed enable

[RouterA-GigabitEthernet5/0.1] ip subscriber initiator dhcp enable

[RouterA-GigabitEthernet5/0.1] ip subscriber dhcp domain isp1

[RouterA-GigabitEthernet5/0.1] quit

# Configure GigabitEthernet 5/0.2 to terminate VLAN-tagged packets whose outer VLAN ID is 2 and inner VLAN ID is in the range of 1 to 100.

[RouterA] interface gigabitethernet 5/0.2

[RouterA-GigabitEthernet5/0.2] vlan-type dot1q vid 2 second-dot1q 1 to 100

# Configure the DHCP service on GigabitEthernet 5/0.2.

[RouterA-GigabitEthernet5/0.2] dhcp server apply ip-pool 2

[RouterA-GigabitEthernet5/0.2] ip subscriber routed enable

[RouterA-GigabitEthernet5/0.2] ip subscriber initiator dhcp enable

[RouterA-GigabitEthernet5/0.2] ip subscriber dhcp domain isp2

[RouterA-GigabitEthernet5/0.2] quit

5.     Configure multicast access control on the BRAS:

# Enable IGMP and multicast access control, and enable per-session multicast forwarding on GigabitEthernet 5/0.1.

[RouterA] interface gigabitethernet 5/0.1

[RouterA-GigabitEthernet5/0.1] igmp enable

[RouterA-GigabitEthernet5/0.1] igmp authorization-enable

[RouterA-GigabitEthernet5/0.1] igmp join-by-session

[RouterA-GigabitEthernet5/0.1] quit

# Configure GigabitEthernet 5/0.2 in the same way GigabitEthernet 5/0.1 is configured. (Details not shown.)

# Configure an access policy in user profile profile1 to authorize IGMP users to join multicast groups 224.1.1.1 and 225.1.1.1.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule permit source 224.1.1.1 0

[RouterA-acl-ipv4-basic-2000] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2000] quit

[RouterA] user-profile profile1

[RouterA-user-profile-profile1] igmp access-policy 2000

[RouterA-user-profile-profile1] quit

# Specify user profile profile1 for users in ISP domain isp1.

[RouterA] domain isp1

[RouterA-isp-isp1] authorization-attribute user-profile profile1

[RouterA-isp-isp1] quit

# Configure an access policy in user profile profile2 to authorize IGMP users to join multicast groups 225.1.1.1 and 226.1.1.1.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2001] rule permit source 226.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] user-profile profile2

[RouterA-user-profile-profile2] igmp access-policy 2001

[RouterA-user-profile-profile2] quit

# Specify user profile profile2 for users in ISP domain isp2.

[RouterA] domain isp2

[RouterA-isp-isp2] authorization-attribute user-profile profile2

[RouterA-isp-isp2] quit

Verifying the configuration

# Display authorized IGMP user information on Router A after Host A and Host C log in.

[RouterA] display igmp user-authorization

 Authorized users in total: 2

 

   User name: user1@isp1

   Access type: IPoE

   Interface: Multicast-UA1

   Access interface: GigabitEthernet5/0.1

   VLAN ID: 1

   Second VLAN ID: 2

   Maximum programs for order: 4

   User profile: profile1

   Authorized programs list:

 

   User name: user1@isp2

   Access type: IPoE

   Interface: Multicast-UA2

   Access interface: GigabitEthernet5/0.2

   VLAN ID: 2 

   Second VLAN ID: 2

   Maximum programs for order: 4

   User profile: profile2

   Authorized programs list:

Example: Configuring portal-based multicast access control

Network configuration

As shown in Figure 10:

·     OSPF runs in the PIM-SM domain.

·     Source 1, Source 2, and Source 3 send multicast data to multicast groups 224.1.1.1, 225.1.1.1, and 226.1.1.1, respectively.

·     GigabitEthernet 2/0 on Router A acts as a C-BSR and a C-RP, and it is designated to all multicast groups.

·     Router A acts as the BRAS, and connects the users in ISP 1 and ISP 2 to the PIM-SM network.

Configure the multicast access control feature on Router A to meet the following requirements:

·     Host A and Host B in ISP 1 can join only multicast groups 224.1.1.1 and 225.1.1.1.

·     Host C and Host D in ISP 2 can join only multicast groups 225.1.1.1 and 226.1.1.1.

Figure 10 Network diagram

Table 4 Interface and IP address assignment

Device

Interface

IP address

Device

Interface

IP address

Source 1

10.100.1.1/24

Host A

192.168.1.2/24

Source 2

10.100.2.1/24

Host B

192.168.1.3/24

Source 3

10.100.3.1/24

Host C

192.168.2.2/24

RADIUS server

11.110.4.2/24

Host D

192.168.2.3/24

IMC server

11.110.5.2/24

Router A

GE1/0

11.110.1.1/24

Router B

GE1/0

11.110.1.2/24

Router A

GE2/0

11.110.2.1/24

Router B

GE2/0

10.100.1.2/24

Router A

GE3/0

11.110.3.1/24

Router C

GE1/0

11.110.2.2/24

Router A

GE4/0

11.110.4.1/24

Router C

GE2/0

10.100.2.2/24

Router A

GE5/0

192.168.2.1/24

Router D

GE1/0

11.110.3.2/24

Router A

GE6/0

192.168.1.1/24

Router D

GE2/0

10.100.3.2/24

 

 

 

Procedure

1.     Assign an IP address and subnet mask to each interface, as shown in Table 4. (Details not shown.)

2.     Configure OSPF in the PIM-SM domain. (Details not shown.)

3.     Enable IP multicast routing, and configure PIM-SM:

# On Router A, enable IP multicast routing.

<RouterA> system-view

[RouterA] multicast routing

[RouterA-mrib] quit

# Enable PIM-SM on GigabitEthernet 1/0 through GigabitEthernet 3/0.

[RouterA] interface gigabitethernet 1/0

[RouterA-GigabitEthernet1/0] pim sm

[RouterA-GigabitEthernet1/0] quit

[RouterA] interface gigabitethernet 2/0

[RouterA-GigabitEthernet2/0] pim sm

[RouterA-GigabitEthernet2/0] quit

[RouterA] interface gigabitethernet 3/0

[RouterA-GigabitEthernet3/0] pim sm

[RouterA-GigabitEthernet3/0] quit

# On Router B, enable IP multicast routing.

<RouterB> system-view

[RouterB] multicast routing

[RouterB-mrib] quit

# Enable PIM-SM on each interface.

[RouterB] interface gigabitethernet 1/0

[RouterB-GigabitEthernet1/0] pim sm

[RouterB-GigabitEthernet1/0] quit

[RouterB] interface gigabitethernet 2/0

[RouterB-GigabitEthernet2/0] pim sm

[RouterB-GigabitEthernet2/0] quit

# Configure Router C and Router D in the same way Router B is configured. (Details not shown.)

# Configure GigabitEthernet 2/0 on Router A as a C-BSR and a C-RP.

[RouterA] pim

[RouterA-pim] c-bsr 11.110.2.1

[RouterA-pim] c-rp 11.110.2.1

[RouterA-pim] quit

4.     Configure the access service on the BRAS:

# Configure a RADIUS scheme.

[RouterA] radius scheme spec

[RouterA-radius-spec] primary authentication 11.110.4.2 key simple 123456

[RouterA-radius-spec] primary accounting 11.110.4.2 key simple 123456

[RouterA-radius-spec] user-name-format without-domain

[RouterA-radius-spec] nas-ip 11.110.4.1

[RouterA-radius-spec] quit

# Configure a portal Web server.

[RouterA] portal web-server spec

[RouterA-portal-websvr-spec] url http://10.110.5.2:8080/portal

[RouterA-portal-websvr-spec] url-parameter user-ip source-address

[RouterA-portal-websvr-spec] quit

[RouterA] portal server spec

[RouterA-portal-server-spec] ip 10.110.5.2 key simple 123456

[RouterA-portal-websvr-spec] quit

# Create an ISP domain named isp1, and specify the STB service for users in the ISP domain.

[RouterA] domain isp1

[RouterA-isp-isp1] service-type stb

# Configure AAA methods for ISP domain isp1.

[RouterA-isp-isp1] authentication portal radius-scheme spec

[RouterA-isp-isp1] authorization portal radius-scheme spec

[RouterA-isp-isp1] accounting portal radius-scheme spec

[RouterA-isp-isp1] quit

# Create an ISP domain named isp2, and specify the STB service for users in the ISP domain.

[RouterA] domain isp2

[RouterA-isp-isp2] service-type stb

# Configure AAA methods for ISP domain isp2.

[RouterA-isp-isp2] authentication portal radius-scheme spec

[RouterA-isp-isp2] authorization portal radius-scheme spec

[RouterA-isp-isp2] accounting portal radius-scheme spec

[RouterA-isp-isp2] quit

# Configure the portal service on GigabitEthernet 5/0.

[RouterA] interface gigabitethernet 5/0

[RouterA-GigabitEthernet5/0] portal enable method direct

[RouterA-GigabitEthernet5/0] portal domain isp2

[RouterA-GigabitEthernet5/0] portal apply web-server spec

[RouterA-GigabitEthernet5/0] quit

# Configure the portal service on GigabitEthernet 6/0.

[RouterA] interface gigabitethernet 6/0

[RouterA-GigabitEthernet6/0] portal enable method direct

[RouterA-GigabitEthernet6/0] portal domain isp1

[RouterA-GigabitEthernet6/0] portal apply web-server spec

[RouterA-GigabitEthernet6/0] quit

5.     Configure multicast access control on the BRAS:

# Enable IGMP, multicast access control, and per-session multicast forwarding on GigabitEthernet 5/0.

[RouterA] interface gigabitethernet 5/0

[RouterA-GigabitEthernet5/0] igmp enable

[RouterA-GigabitEthernet5/0] igmp authorization-enable

[RouterA-GigabitEthernet5/0] igmp join-by-session

[RouterA-GigabitEthernet5/0] quit

# Enable IGMP, multicast access control, and per-session multicast forwarding on GigabitEthernet 6/0.

[RouterA] interface gigabitethernet 6/0

[RouterA-GigabitEthernet6/0] igmp enable

[RouterA-GigabitEthernet6/0] igmp authorization-enable

[RouterA-GigabitEthernet6/0] igmp join-by-session

[RouterA-GigabitEthernet6/0] quit

# Configure an access policy in user profile profile1 to authorize IGMP users to join multicast groups 224.1.1.1 and 225.1.1.1.

[RouterA] acl basic 2000

[RouterA-acl-ipv4-basic-2000] rule permit source 224.1.1.1 0

[RouterA-acl-ipv4-basic-2000] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2000] quit

[RouterA] user-profile profile1

[RouterA-user-profile-profile1] igmp access-policy 2000

[RouterA-user-profile-profile1] quit

# Specify user profile profile1 for users in ISP domain isp1.

[RouterA] domain isp1

[RouterA-isp-isp1] authorization-attribute user-profile profile1

[RouterA-isp-isp1] quit

# Configure an access policy in user profile profile2 to authorize IGMP users to join multicast groups 225.1.1.1 and 226.1.1.1.

[RouterA] acl basic 2001

[RouterA-acl-ipv4-basic-2001] rule permit source 225.1.1.1 0

[RouterA-acl-ipv4-basic-2001] rule permit source 226.1.1.1 0

[RouterA-acl-ipv4-basic-2001] quit

[RouterA] user-profile profile2

[RouterA-user-profile-profile2] igmp access-policy 2001

[RouterA-user-profile-profile2] quit

# Specify user profile profile2 for users in ISP domain isp2.

[RouterA] domain isp2

[RouterA-isp-isp2] authorization-attribute user-profile profile2

[RouterA-isp-isp2] quit

Verifying the configuration

# Display authorized IGMP user information on Router A after Host A and Host C log in.

[RouterA] display igmp user-authorization

 Authorized users in total: 2

 

   User name: user1@isp1

   Access type: Portal

   Interface: Multicast-UA1

   Access interface: GigabitEthernet6/0

   Maximum programs for order: 4

   User profile: profile1

   Authorized programs list:

 

   User name: user1@isp2

   Access type: Portal

   Interface: Multicast-UA2

   Access interface: GigabitEthernet5/0

   Maximum programs for order: 4

   User profile: profile2

   Authorized programs list:

Troubleshooting IGMP

No membership information on the receiver-side device

Symptom

When a host sends a report for joining multicast group G, no membership information of multicast group G exists on the device closest to that host.

Solution

To resolve the problem:

1.     Use the display igmp interface command to verify that the networking, interface connection, and IP address configuration are correct.

2.     Use the display current-configuration command to verify that multicast routing is enabled. If it is not enabled, use the multicast routing command in system view to enable IP multicast routing. In addition, verify that IGMP is enabled on the associated interfaces.

3.     Use the display igmp interface command to verify that the IGMP version on the interface is lower than that on the host.

4.     Use the display current-configuration interface command to verify that no multicast group policies have been configured to filter IGMP reports for multicast group G.

5.     If the problem persists, contact H3C Support.

Inconsistent membership information on the devices on the same subnet

Symptom

Different memberships are maintained on different IGMP devices on the same subnet.

Solution

To resolve the problem:

1.     Use the display current-configuration command to verify the IGMP information on the interfaces. Make sure the devices on the subnet have the same IGMP settings on their interfaces.

2.     Use the display igmp interface command on all devices on the same subnet to verify the IGMP-related timer settings. Make sure the settings are consistent on all the devices.

3.     Use the display igmp interface command to verify that all devices on the same subnet are running the same IGMP version.

4.     If the problem persists, contact H3C Support.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网