- Table of Contents
-
- 04-IP Multicast Volume
- 00-IP Multicast Volume Organization
- 01-Mulitcast Overview
- 02-Multicast Routing and Forwarding Configuration
- 03-IGMP Configuration
- 04-PIM Configuration
- 05-MSDP Configuration
- 06-MBGP Configuration
- 07-Multicast VPN Configuration
- 08-IGMP Snooping Configuration
- 09-Multicast VLAN Configuration
- 10-IPv6 Multicast Routing and Forwarding Configuration
- 11-MLD Configuration
- 12-IPv6 PIM Configuration
- 13-IPv6 MBGP Configuration
- 14-MLD Snooping Configuration
- 15-IPv6 Multicast VLAN Configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
14-MLD Snooping Configuration | 319.99 KB |
Table of Contents
Basic Concepts in MLD Snooping
Processing of IPv6 Multicast Protocol Messages
MLD Snooping Configuration Task List
Configuring Basic Functions of MLD Snooping
Configuring the Version of MLD Snooping
Configuring MLD Snooping Port Functions
Configuring Aging Timers for Dynamic Ports
Configuring Fast Leave Processing
Configuring MLD Snooping Querier
Configuring MLD Queries and Responses
Configuring Source IPv6 Addresses of MLD Queries
Configuring an MLD Snooping Policy
Configuring an IPv6 Multicast Group Filter
Configuring IPv6 Multicast Source Port Filtering
Configuring Dropping Unknown IPv6 Multicast Data
Configuring MLD Report Suppression
Configuring Maximum Multicast Groups that Can Be Joined on a Port
Configuring IPv6 Multicast Group Replacement
Displaying and Maintaining MLD Snooping
MLD Snooping Configuration Examples
Configuring IPv6 Group Policy and Simulated Joining
MLD Snooping Querier Configuration
Switch Fails in Layer 2 Multicast Forwarding
Configured IPv6 Multicast Group Policy Fails to Take Effect
When configuring MLD Snooping, go to these sections for information you are interested in:
l MLD Snooping Configuration Task List
l Displaying and Maintaining MLD Snooping
l MLD Snooping Configuration Examples
l Troubleshooting MLD Snooping
MLD Snooping Overview
Introduction to MLD Snooping
By analyzing received MLD messages, a Layer 2 device running MLD Snooping establishes mappings between ports and multicast MAC addresses and forwards IPv6 multicast data based on these mappings.
As shown in Figure 1-1, when MLD Snooping is not running, IPv6 multicast packets are broadcast to all devices at Layer 2. When MLD Snooping runs, multicast packets for known IPv6 multicast groups are multicast to the receivers at Layer 2.
Figure 1-1 Before and after MLD Snooping is enabled on the Layer 2 device
MLD Snooping forwards multicast data to only the receivers requiring it at Layer 2. It brings the following advantages:
l Reducing Layer 2 broadcast packets, thus saving network bandwidth.
l Enhancing the security of multicast traffic.
l Facilitating the implementation of per-host accounting.
Basic Concepts in MLD Snooping
MLD Snooping related ports
As shown in Figure 1-2, Router A connects to the multicast source, MLD Snooping runs on Switch A and Switch B, Host A and Host C are receiver hosts (namely, IPv6 multicast group members).
Figure 1-2 MLD Snooping related ports
Ports involved in MLD Snooping, as shown in Figure 1-2, are described as follows:
l Router port: A router port is a port on the Ethernet switch that leads switch towards the Layer-3 multicast device (DR or MLD querier). In the figure, Ethernet 1/1 of Switch A and Ethernet 1/0/1 of Switch B are router ports. The switch registers all its local router ports in its router port list.
l Member port: A member port (also known as IPv6 multicast group member port) is a port on the Ethernet switch that leads towards multicast group members. In the figure, Ethernet 1/0/2 and Ethernet 1/0/3 of Switch A and Ethernet 1/0/2 of Switch B are member ports. The switch registers all the member ports on the local device in its MLD Snooping forwarding table.
l Whenever mentioned in this document, a router port is a router-connecting port on the switch, rather than a port on a router.
l Unless otherwise specified, router/member ports mentioned in this document include static and dynamic ports.
l On an MLD Snooping-enabled switch, the ports that received MLD general queries with the source address other than 0::0 or IPv6 PIM hello messages are dynamic router ports. For details about IPv6 PIM hello messages, see IPv6 PIM Configuration of the IP Multicast Volume.
Aging timers for dynamic ports in MLD Snooping
Table 1-1 Aging timers for dynamic ports in MLD Snooping and related messages and actions
Timer |
Description |
Message before expiry |
Action after expiry |
Dynamic router port aging timer |
For each dynamic router port, the switch sets a timer initialized to the dynamic router port aging time. |
MLD general query of which the source address is not 0::0 or IPv6 PIM hello. |
The switch removes this port from its router port list. |
Dynamic member port aging timer |
When a port dynamically joins an IPv6 multicast group, the switch sets a timer for the port, which is initialized to the dynamic member port aging time. |
MLD report message. |
The switch removes this port from the MLD Snooping forwarding table. |
The port aging mechanism of MLD Snooping works only for dynamic ports; a static port will never age out.
How MLD Snooping Works
A switch running MLD Snooping performs different actions when it receives different MLD messages, as follows:
The description about adding or deleting a port in this section is only for a dynamic port. Static ports can be added or deleted only through the corresponding configurations. For details, see Configuring Static Ports.
General queries
Upon receiving an MLD general query, the switch forwards it through all ports in the VLAN except the port on which it received the MLD query and performs the following:
l If the port on which it the switch received the MLD query is a dynamic router port in its router port list, the switch resets the aging timer for this dynamic router port.
l If the port is not included in its router port list, the switch adds it into its router port list as a dynamic router port and sets an aging timer for it.
Membership reports
A host sends an MLD report to the MLD querier in the following circumstances:
l Upon receiving an MLD query, an IPv6 multicast group member host responds with an MLD report.
l When intended to join an IPv6 multicast group, a host sends an MLD report to the MLD querier to announce that it is interested in the multicast information addressed to that IPv6 multicast group.
Upon receiving an MLD report, the switch forwards it through all the router ports in the VLAN, resolves the address of the reported IPv6 multicast group, and performs the following to the receiving port:
l If no forwarding table entry exists for the reported IPv6 multicast group, the switch creates an entry, adds the port as a dynamic member port to the outgoing port list, and starts a member port aging timer for that port.
l If a forwarding table entry exists for the reported IPv6 multicast group, but the port is not included in the outgoing port list for that group, the switch adds the port as a dynamic member port to the outgoing port list, and starts a member port aging timer for that port.
l If a forwarding table entry exists for the reported IPv6 multicast group and the port is included in the outgoing port list, which means that this port is already a dynamic member port, the switch resets the member port aging timer for that port.
A switch does not forward an MLD report through a non-router port. The reason is as follows: Due to the MLD report suppression mechanism applied on hosts, if the switch forwards a report message through a member port, all the attached hosts listening to the reported IPv6 multicast address will suppress their own reports upon receiving this report, and this will prevent the switch from knowing whether the reported multicast group still has active members attached to that port.
For the description of MLD report suppression mechanism applied on hosts, refer to MLD Configuration in the IP Multicast volume.
Done messages
When a host leaves an IPv6 multicast group, the host sends an MLD done message to the multicast router.
When the switch receives an MLD done message on a dynamic member port, the switch first checks whether a forwarding table entry for the IPv6 multicast group address in the message exists, and, if one exists, whether the outgoing port list contains the port.
l If the forwarding table entry does not exist or if the outgoing port list does not contain the port, the switch discards the MLD done message instead of forwarding it to any port.
l If the forwarding table entry exists and the outgoing port list contains the port, the switch forwards the MLD done message to all router ports in the native VLAN. Because the switch does not know whether any other hosts attached to the port are still listening to that IPv6 multicast group address, the switch does not immediately remove the port from the outgoing port list of the forwarding table entry for that group; instead, it resets the aging timer for the port.
Upon receiving an MLD done message from a host, the MLD querier resolves the IPv6 multicast group address in the message and sends an MLD multicast-address-specific query to that IPv6 multicast group address through the port that received the MLD done message. Upon receiving the MLD multicast-address-specific query, the switch forwards it through all the router ports in the VLAN and all member ports for that IPv6 multicast group, and performs the following to the receiving port:
l If no MLD report in response to the MLD multicast-address-specific query is received on the port before its aging timer expires, this means that no hosts attached to the port are still listening to that IPv6 multicast group address. The switch removes the port from the outgoing port list of the forwarding table entry for that IPv6 multicast group when the aging timer expires.
Processing of IPv6 Multicast Protocol Messages
With Layer 3 multicast routing enabled, an MLD Snooping switch processes IPv6 multicast protocol messages differently under different conditions, specifically as follows:
1) If only MLD is enabled, or both MLD and IPv6 PIM are enabled on the switch, the switch handles IPv6 multicast protocol messages in the normal way.
2) In only IPv6 PIM is enabled on the switch:
l The switch broadcasts MLD messages as unknown messages in the VLAN.
l Upon receiving an IPv6 PIM hello message, the switch will maintain the corresponding dynamic router port.
3) When MLD is disabled on the switch:
l If IPv6 PIM is disabled, the switch deletes all its dynamic member ports and dynamic router ports.
l If IPv6 PIM is enabled, the switch deletes only its dynamic member ports without deleting its dynamic router ports.
On a switch with Layer-3 IPv6 multicast routing enabled, use the display mld group port-info command to view Layer-2 port information.
For details about the display mld group port-info command, refer to MLD Commands in the IP Multicast Volume.
4) When IPv6 PIM is disabled on the switch:
l If MLD is disabled, the switch deletes all its dynamic router ports.
l If MLD is enabled, the switch maintains all its dynamic member ports and dynamic router ports.
Protocols and Standards
MLD Snooping is documented in:
l RFC 4541: Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches
MLD Snooping Configuration Task List
Complete these tasks to configure MLD Snooping:
Task |
Remarks |
|
Required |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Optional |
||
Configuring Maximum Multicast Groups that Can Be Joined on a Port |
Optional |
|
Optional |
l Configurations made in MLD Snooping view are effective for all VLANs, while configurations made in VLAN view are effective only for ports belonging to the current VLAN. For a given VLAN, a configuration made in MLD Snooping view is effective only if the same configuration is not made in VLAN view.
l Configurations made in MLD Snooping view are effective for all ports; configurations made in Ethernet interface view are effective only for the current port; configurations made in Layer 2 aggregate interface view are effect only for the current interface; configurations made in port group view are effective only for all the ports in the current port group. For a given port, a configuration made in MLD Snooping view is effective only if the same configuration is not made in Ethernet interface view, Layer 2 aggregate interface view or port group view.
l For MLD Snooping, configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports; nor do they take part in aggregation calculations.
Configuring Basic Functions of MLD Snooping
Configuration Prerequisites
Before configuring the basic functions of MLD Snooping, complete the following tasks:
l Configure the corresponding VLANs
Before configuring the basic functions of MLD Snooping, prepare the following data:
Enabling MLD Snooping
Follow these steps to enable MLD Snooping:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enable MLD Snooping globally and enter MLD Snooping view |
mld-snooping |
Required Disabled by default |
Return to system view |
quit |
— |
Enter VLAN view |
vlan vlan-id |
— |
Enable MLD Snooping in the VLAN |
mld-snooping enable |
Required Disabled by default |
l MLD Snooping must be enabled globally before it can be enabled in a VLAN.
l After enabling MLD Snooping in a VLAN, you cannot enable MLD and/or IPv6 PIM on the corresponding VLAN interface, and vice versa.
l When you enable MLD Snooping in a specified VLAN, this function takes effect for ports in this VLAN only.
Configuring the Version of MLD Snooping
By configuring the MLD Snooping version, you actually configure the version of MLD messages that MLD Snooping can process.
l MLD Snooping version 1 can process MLDv1 messages, but cannot analyze and process MLDv2 messages, which will be flooded in the VLAN.
l MLD Snooping version 2 can process MLDv1 and MLDv2 messages.
Follow these steps to configure the version of MLD Snooping:
To do… |
Use the command… |
Remarks |
Enter system view |
system-view |
— |
Enter VLAN view |
vlan vlan-id |
— |
Configure the version of MLD Snooping |
mld-snooping version version-number |
Optional Version 1 by default |
If you switch MLD Snooping from version 2 to version 1, the system will clear all MLD Snooping forwarding entries from dynamic joining, and will:
l Keep forwarding entries from version 2 static (*, G) joining;
l Clear forwarding entries from version 2 static (S, G) joining, which will be restored when MLD Snooping is switched back to version 2.
For details about static joining, refer to Configuring Static Ports.
Configuring MLD Snooping Port Functions
Configuration Prerequisites
Before configuring MLD Snooping port functions, complete the following tasks:
l Enable MLD Snooping in the VLAN or enable MLD on the desired VLAN interface
l Configure the corresponding port groups
Before configuring MLD Snooping port functions, prepare the following data:
l Aging time of dynamic router ports,
l Aging timer of dynamic member ports, and
l IPv6 multicast group and IPv6 multicast source addresses
Configuring Aging Timers for Dynamic Ports
If the switch receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port, the switch removes the port from the router port list when the aging timer of the port expires.
If the switch receives no MLD reports for an IPv6 multicast group on a dynamic member port, the switch removes the port from the outgoing port list of the forwarding table entry for that IPv6 multicast group when the port aging timer expires.
If IPv6 multicast group memberships change frequently, you can set a relatively small value for the dynamic member port aging timer.
Configuring aging timers for dynamic ports globally
Follow these steps to configure aging timers for dynamic ports globally:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Configure dynamic router port aging time |
router-aging-time interval |
Optional 260 seconds by default |
Configure dynamic member port aging time |
host-aging-time interval |
Optional 260 seconds by default |
Configuring aging timers for dynamic ports in a VLAN
Follow these steps to configure aging timers for dynamic ports in a VLAN:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter VLAN view |
vlan vlan-id |
— |
Configure dynamic router port aging time |
mld-snooping router-aging-time interval |
Optional 260 seconds by default |
Configure dynamic member port aging time |
mld-snooping host-aging-time interval |
Optional 260 seconds by default |
Configuring Static Ports
You can configure a port of a switch to be a static router port, through which the switch can forward all IPv6 multicast data it received.
Follow these steps to configure static ports:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet interface/Layer 2 aggregate interface view or port group view |
interface interface-type interface-number |
Required Use either approach |
port-group manual port-group-name |
||
Configure the port(s) as static member port(s) |
mld-snooping static-group ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
Required No static member ports by default |
Configure the port(s) as static router port(s) |
mld-snooping static-router-port vlan vlan-id |
Required No static router ports by default |
l An IPv6 static (S, G) join takes effect only if a valid IPv6 multicast source address is specified and MLD Snooping version 2 is currently running.
l A static member port does not respond to queries from the MLD querier; when static (*, G) or (S, G) joining is enabled or disabled on a port, the port does not send an unsolicited MLD report or an MLD done message.
l If MLD is enabled on the virtual interface of a VLAN on a switch that supports both MLD Snooping and MLD and you want a port in that VLAN to be a static member port for an IPv6 multicast group or an IPv6 multicast source and group, in addition to configuring the port as a static member port, you need to use the mld static-group command to configure the VLAN interface to be a static member of the IPv6 multicast group or source and group. For details of the mld static-group command, refer to MLD Commands in the IP Multicast Volume.
l Static member ports and static router ports never age out. To remove such a port, you need to use the corresponding undo command.
Configuring Simulated Joining
Generally, a host running MLD responds to MLD queries from the MLD querier. If a host fails to respond due to some reasons, the multicast router will deem that no member of this IPv6 multicast group exists on the network segment, and therefore will remove the corresponding forwarding path.
To avoid this situation from happening, you can enable simulated joining on a port of the switch, namely configure the port as a simulated member host for an IPv6 multicast group. When an MLD query is received, simulated host gives a response. Thus, the switch can continue receiving IPv6 multicast data.
A simulated host acts like a real host, as follows:
l When a port is configured as a simulated member host, the switch sends an unsolicited MLD report through that port.
l After a port is configured as a simulated member host, the switch responds to MLD general queries by sending MLD reports through that port.
Follow these steps to configure simulated joining:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet interface/Layer 2 aggregate interface view or port group view |
interface interface-type interface-number |
Required Use either approach |
port-group manual port-group-name |
||
Configure simulated joining |
mld-snooping host-join ipv6-group-address [ source-ip ipv6-source-address ] vlan vlan-id |
Required Disabled by default |
l Each simulated host is equivalent to an independent host. For example, when receiving an MLD query, the simulated host corresponding to each configuration responds respectively.
l Unlike a static member port, a port configured as a simulated member host will age out like a dynamic member port.
Configuring Fast Leave Processing
The fast leave processing feature allows the switch to process MLD done messages in a fast way. With the fast leave processing feature enabled, when receiving an MLD done message on a port, the switch immediately removes that port from the outgoing port list of the forwarding table entry for the indicated IPv6 multicast group. Then, when receiving MLD done multicast-address-specific queries for that IPv6 multicast group, the switch will not forward them to that port.
In VLANs where only one host is attached to each port, fast leave processing helps improve bandwidth and resource usage.
Configuring fast leave processing globally
Follow these steps to configure fast leave processing globally:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Enable fast leave processing |
fast-leave [ vlan vlan-list ] |
Required Disabled by default |
Configuring fast leave processing on a port or a group of ports
Follow these steps to configure fast leave processing on a port or a group of ports:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet interface/Layer 2 aggregate interface view or port group view |
interface interface-type interface-number |
Required Use either approach |
port-group manual port-group-name |
||
Enable fast leave processing |
mld-snooping fast-leave [ vlan vlan-list ] |
Required Disabled by default |
If fast leave processing is enabled on a port to which more than one host is connected, when one host leaves an IPv6 multicast group, the other hosts connected to port and interested in the same IPv6 multicast group will fail to receive IPv6 multicast data addressed to that group.
Configuring MLD Snooping Querier
Configuration Prerequisites
Before configuring MLD Snooping querier, complete the following task:
l Enable MLD Snooping in the VLAN.
Before configuring MLD Snooping querier, prepare the following data:
l MLD general query interval,
l MLD last-member query interval,
l Maximum response time for MLD general queries,
l Source IPv6 address of MLD general queries, and
l Source IPv6 address of MLD multicast-address-specific queries.
Enabling MLD Snooping Querier
In an IPv6 multicast network running MLD, a multicast router or Layer 3 multicast switch is responsible for sending periodic MLD general queries, so that all Layer 3 multicast devices can establish and maintain multicast forwarding entries, thus to forward multicast traffic correctly at the network layer. This router or Layer 3 switch is called MLD querier.
However, a Layer 2 multicast switch does not support MLD, and therefore cannot send MLD general queries by default. By enabling MLD Snooping querier on a Layer 2 switch in a VLAN where multicast traffic needs to be Layer-2 switched only and no Layer 3 multicast devices are present, the Layer 2 switch will act as the MLD querier to send periodic MLD queries, thus allowing multicast forwarding entries to be established and maintained at the data link layer.
Follow these steps to enable the MLD Snooping querier:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter VLAN view |
vlan vlan-id |
— |
Enable the MLD Snooping querier |
mld-snooping querier |
Required Disabled by default |
It is meaningless to configure an MLD Snooping querier in an IPv6 multicast network running MLD. Although an MLD Snooping querier does not take part in MLD querier elections, it may affect MLD querier elections because it sends MLD general queries with a low source IPv6 address.
For details about MLD querier, see MLD Configuration of the IP Multicast Volume.
Configuring MLD Queries and Responses
You can tune the MLD general query interval based on actual condition of the network.
Upon receiving an MLD query (general query or multicast-address-specific query), a host starts a timer for each IPv6 multicast group it has joined. This timer is initialized to a random value in the range of 0 to the maximum response time (the host obtains the value of the maximum response time from the Max Response Time field in the MLD query it received). When the timer value comes down to 0, the host sends an MLD report to the corresponding IPv6 multicast group.
An appropriate setting of the maximum response time for MLD queries allows hosts to respond to queries quickly and avoids bursts of MLD traffic on the network caused by reports simultaneously sent by a large number of hosts when the corresponding timers expire simultaneously.
l For MLD general queries, you can configure the maximum response time to fill their Max Response time field.
l For MLD multicast-address-specific queries, you can configure the MLD last-member query interval to fill their Max Response time field. Namely, for MLD multicast-address-specific queries, the maximum response time equals to the MLD last-member query interval.
Configuring MLD queries and responses globally
Follow these steps to configure MLD queries and responses globally:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Configure the maximum response time for MLD general queries |
max-response-time interval |
Optional 10 seconds by default |
Configure the MLD last-member query interval |
last-listener-query-interval interval |
Optional 1 second by default |
Configuring MLD queries and responses in a VLAN
Follow these steps to configure MLD queries and responses in a VLAN
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter VLAN view |
vlan vlan-id |
— |
Configure MLD query interval |
mld-snooping query-interval interval |
Optional 125 seconds by default |
Configure the maximum response time for MLD general queries |
mld-snooping max-response-time interval |
Optional 10 seconds by default |
Configure the MLD last-member query interval |
mld-snooping last-listener-query-interval interval |
Optional 1 second by default |
Make sure that the MLD query interval is greater than the maximum response time for MLD general queries; otherwise undesired deletion of IPv6 multicast members may occur.
Configuring Source IPv6 Addresses of MLD Queries
This configuration allows you to change the source IPv6 address of MLD queries.
Follow these steps to configure source IPv6 addresses of MLD queries:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter VLAN view |
vlan vlan-id |
— |
Configure the source IPv6 address of MLD general queries |
mld-snooping general-query source-ip { current-interface | ipv6-address } |
Optional FE80::02FF:FFFF:FE00:0001 by default |
Configure the source IPv6 address of MLD multicast-address-specific queries |
mld-snooping special-query source-ip { current-interface | ipv6-address } |
Optional FE80::02FF:FFFF:FE00:0001 by default |
The source IPv6 address of MLD query messages may affect MLD querier election within the segment.
Configuring an MLD Snooping Policy
Configuration Prerequisites
Before configuring an MLD Snooping policy, complete the following tasks:
l Enable MLD Snooping in the VLAN or enable MLD on the desired VLAN interface
Before configuring an MLD Snooping policy, prepare the following data:
l IPv6 ACL rule for IPv6 multicast group filtering
l The maximum number of IPv6 multicast groups that can pass the ports
Configuring an IPv6 Multicast Group Filter
On a MLD Snooping–enabled switch, the configuration of an IPv6 multicast group filter allows the service provider to define limits of multicast programs available to different users.
In an actual application, when a user requests a multicast program, the user’s host initiates an MLD report. Upon receiving this report message, the switch checks the report against the configured ACL rule. If the port on which the report was received can join this IPv6 multicast group, the switch adds an entry for this port in the MLD Snooping forwarding table; otherwise the switch drops this report message. Any IPv6 multicast data that fails the ACL check will not be sent to this port. In this way, the service provider can control the VOD programs provided for multicast users.
Configuring an IPv6 multicast group filter globally
Follow these steps to configure an IPv6 multicast group globally:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Configure an IPv6 multicast group filter |
group-policy acl6-number [ vlan vlan-list ] |
Required No IPv6 filter configured by default. |
Configuring an IPv6 multicast group filter on a port or a group of ports
Follow these steps to configure an IPv6 multicast group filer on a port or a group of ports:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet interface/Layer 2 aggregate interface view or port group view |
interface interface-type interface-number |
Required Use either approach |
port-group manual port-group-name |
||
Configure an IPv6 multicast group filter |
mld-snooping group-policy acl6-number [ vlan vlan-list ] |
Required No IPv6 filter configured by default. |
Configuring IPv6 Multicast Source Port Filtering
With the IPv6 multicast source port filtering feature enabled on a port, the port can be connected with IPv6 multicast receivers only rather than with multicast sources, because the port will block all IPv6 multicast data packets while it permits multicast protocol packets to pass.
If this feature is disabled on a port, the port can be connected with both multicast sources and IPv6 multicast receivers.
Configuring IPv6 multicast source port filtering globally
Follow these steps to configure IPv6 multicast source port filtering:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Enable IPv6 multicast source port filtering |
source-deny port interface-list |
Required Disabled by default |
Configuring IPv6 multicast source port filtering on a port or a group of ports
Follow these steps to configure IPv6 multicast source port filtering on a port or a group of ports:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet interface view or port group view |
interface interface-type interface-number |
Required Use either approach |
port-group manual port-group-name |
||
Enable IPv6 multicast source port filtering |
mld-snooping source-deny |
Required Disabled by default |
When you enable the switch to filter IPv6 multicast data based on the source ports, the switch is automatically enabled to filter IPv4 multicast data based on the source ports.
Configuring Dropping Unknown IPv6 Multicast Data
Unknown IPv6 multicast data refers to IPv6 multicast data for which no forwarding entries exist in the MLD Snooping forwarding table: When the switch receives such IPv6 multicast traffic:
With the function of dropping unknown IPv6 multicast data enabled, the switch drops all unknown IPv6 multicast data received.
With the function of dropping unknown IPv6 multicast data disabled, the switch floods unknown IPv6 multicast data in the VLAN to which the unknown IPv6 multicast data belongs.
Enabling dropping unknown IPv6 multicast data globally
Follow these steps to enable dropping unknown IPv6 multicast data globally:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Enable dropping unknown IPv6 multicast data |
drop-unknown |
Required Disabled by default |
Enabling dropping unknown IPv6 multicast data in a VLAN
Follow these steps to enable dropping unknown IPv6 multicast data in a VLAN:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter VLAN view |
vlan vlan-id |
— |
Enable dropping unknown IPv6 multicast data |
mld-snooping drop-unknown |
Required Disabled by default |
l The configuration made in MLD Snooping view and the configuration made in VLAN view are mutually exclusive. Namely, after this function is enabled in MLD Snooping view, it cannot be enabled or disabled in VLAN view, and vice versa.
l Some models of devices, when enabled to drop unknown IPv6 multicast data, are automatically enabled to drop unknown IPv4 multicast data.
Configuring MLD Report Suppression
When a Layer 2 device receives an MLD report from an IPv6 multicast group member, the Layer 2 device forwards the message to the Layer 3 device directly connected with it. Thus, when multiple members belonging to an IPv6 multicast group exist on the Layer 2 device, the Layer 3 device directly connected with it will receive duplicate MLD reports from these members.
With the MLD report suppression function enabled, within a query interval, the Layer 2 device forwards only the first MLD report of an IPv6 group to the Layer 3 device and will not forward the subsequent MLD reports from the same multicast group to the Layer 3 device. This helps reduce the number of packets being transmitted over the network.
Follow these steps to configure MLD report suppression:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Enable MLD report suppression |
report-aggregation |
Optional Enabled by default |
Configuring Maximum Multicast Groups that Can Be Joined on a Port
By configuring the maximum number of IPv6 multicast groups that can be joined on a port or a group of ports, you can limit the number of multicast programs available to VOD users, thus to control the traffic on the port.
Follow these steps configure the maximum number of IPv6 multicast groups that can be joined on a port or a group of ports:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet interface/Layer 2 aggregate interface view or port group view |
interface interface-type interface-number |
Required Use either approach |
port-group manual port-group-name |
||
Configure the maximum number of IPv6 multicast groups that can be joined on a port |
mld-snooping group-limit limit [ vlan vlan-list ] |
Optional 512 by defaul. |
l When the number of IPv6 multicast groups that can be joined on a port reaches the maximum number configured, the system deletes all the forwarding entries persistent to that port from the MLD Snooping forwarding table, and the hosts on this port need to join IPv6 multicast groups again.
l If you have configured static or simulated joining on a port, however, when the number of IPv6 multicast groups on the port exceeds the configured threshold, the system deletes all the forwarding entries persistent to that port from the MLD Snooping forwarding table and applies the static or simulated joining again, until the number of IPv6 multicast groups joined by the port comes back within the configured threshold.
Configuring IPv6 Multicast Group Replacement
For some special reasons, the number of IPv6 multicast groups passing through a switch or port may exceed the number configured for the switch or the port. In addition, in some specific applications, an IPv6 multicast group newly joined on the switch needs to replace an existing IPv6 multicast group automatically. A typical example is “channel switching”, namely, by joining the new multicast group, a user automatically switches from the current IPv6 multicast group to the new one.
To address this situation, you can enable the IPv6 multicast group replacement function on the switch or certain ports. When the number of IPv6 multicast groups a switch or a port has joined exceeds the limit.
l If the IPv6 multicast group replacement is enabled, the newly joined IPv6 multicast group automatically replaces an existing IPv6 multicast group with the lowest IPv6 address.
l If the IPv6 multicast group replacement is not enabled, new MLD reports will be automatically discarded.
Configuring IPv6 multicast group replacement globally
Follow these steps to configure IPv6 multicast group replacement globally:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter MLD Snooping view |
mld-snooping |
— |
Enable IPv6 multicast group replacement |
overflow-replace [ vlan vlan-list ] |
Required Disabled by default |
Configuring IPv6 multicast group replacement on a port or a group of ports
Follow these steps to configure IPv6 multicast group replacement on a port or a group of ports:
To do... |
Use the command... |
Remarks |
Enter system view |
system-view |
— |
Enter Ethernet interface/Layer 2 aggregate interface view or port group view |
interface interface-type interface-number |
Required Use either approach |
port-group manual port-group-name |
||
Enable IPv6 multicast group replacement |
mld-snooping overflow-replace [ vlan vlan-list ] |
Required Disabled by default |
Be sure to configure the maximum number of IPv6 multicast groups allowed on a port which cannot be the default value 512 (refer to Configuring Maximum Multicast Groups that Can Be Joined on a Port) before enabling IPv6 multicast group replacement. Otherwise, the IPv6 multicast group replacement functionality will not take effect.
Displaying and Maintaining MLD Snooping
To do… |
Use the command... |
Remarks |
View MLD Snooping multicast group information |
display mld-snooping group [ vlan vlan-id ] [ slot slot-number ] [ verbose ] |
Available in any view |
View the statistics information of MLD messages learned by MLD Snooping |
display mld-snooping statistics |
Available in any view |
Clear MLD Snooping multicast group information |
reset mld-snooping group { ipv6-group-address | all } [ vlan vlan-id ] |
Available in user view |
Clear the statistics information of all kinds of MLD messages learned by MLD Snooping |
reset mld-snooping statistics |
Available in user view |
l The reset mld-snooping group command works only on an MLD Snooping–enabled VLAN, but not on a VLAN with MLD enabled on its VLAN interface.
l The reset mld-snooping group command cannot clear the MLD Snooping multicast group information for static joining.
MLD Snooping Configuration Examples
Configuring IPv6 Group Policy and Simulated Joining
Network requirements
l As shown in Figure 1-3, Router A connects to the IPv6 multicast source through Ethernet 1/0/2 and to Switch A through Ethernet 1/0/1. Router A is the MLD querier on the subnet.
l MLDv1 is required on Router A, MLD Snooping version 1 is required on Switch A, and Router A will act as the MLD querier on the subnet.
l It is required that the receivers, Host A and Host B, attached to Switch A can receive IPv6 multicast traffic addressed to IPv6 multicast group FF1E::101 only.
l It is required that IPv6 multicast data for group FF1E::101 can be forwarded through Ethernet 2/0/3 and Ethernet 2/0/4 of Switch A even if Host A and Host B accidentally, temporarily stop receiving IPv6 multicast data.
Network diagram
Figure 1-3 Network diagram for IPv6 group policy simulated joining configuration
Configuration procedure
1) Enable IPv6 forwarding and configure IPv6 addresses
Enable IPv6 forwarding and configure an IPv6 address and prefix length for each interface as per Figure 1-3. The detailed configuration steps are omitted.
2) Configure Router A
# Enable IPv6 multicast routing, enable IPv6 PIM-DM on each interface, and enable MLDv1 on Ethernet 1/0/1.
<RouterA> system-view
[RouterA] multicast ipv6 routing-enable
[RouterA] interface ethernet 1/0/1
[RouterA-Ethernet1/0/1] mld enable
[RouterA-Ethernet1/0/1] pim ipv6 dm
[RouterA-Ethernet1/0/1] quit
[RouterA] interface ethernet 1/0/2
[RouterA-Ethernet1/0/2] pim ipv6 dm
[RouterA-Ethernet1/0/2] quit
3) Configure Switch A
# Enable MLD Snooping globally.
<SwitchA> system-view
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# Create VLAN 100, assign Ethernet 2/0/1 through Ethernet 2/0/4 to this VLAN, and enable MLD Snooping and the function of dropping IPv6 unknown multicast traffic in the VLAN.
[SwitchA] vlan 100
[SwitchA-vlan100] port ethernet 2/0/1 to ethernet 2/0/4
[SwitchA-vlan100] mld-snooping enable
[SwitchA-vlan100] mld-snooping drop-unknown
[SwitchA-vlan100] quit
# Configure an IPv6 multicast group filter so that the hosts in VLAN 100 can join only the IPv6 multicast group FF1E::101.
[SwitchA] acl ipv6 number 2001
[SwitchA-acl6-basic-2001] rule permit source ff1e::101 128
[SwitchA-acl6-basic-2001] quit
[SwitchA] mld-snooping
[SwitchA–mld-snooping] group-policy 2001 vlan 100
[SwitchA–mld-snooping] quit
# Configure Ethernet 2/0/3 and Ethernet 2/0/4 as simulated hosts for IPv6 multicast group FF1E::101.
[SwitchA] interface ethernet 2/0/3
[SwitchA-Ethernet2/0/3] mld-snooping host-join ff1e::101 vlan 100
[SwitchA-Ethernet2/0/3] quit
[SwitchA] interface ethernet 2/0/4
[SwitchA-Ethernet2/0/4] mld-snooping host-join ff1e::101 vlan 100
[SwitchA-Ethernet2/0/4] quit
4) Verify the configuration
# View the detailed MLD Snooping multicast group information in VLAN 100 on Switch A.
[SwitchA] display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port.
Eth2/0/1 (D) ( 00:01:30 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Attribute: Host Port
Host port(s):total 2 port.
Eth2/0/3 (D) ( 00:03:23 )
Eth2/0/4 (D) ( 00:04:10 )
MAC group(s):
MAC group address:3333-0000-1001
Host port(s):total 2 port.
Eth2/0/3
Eth2/0/4
As shown above, Ethernet 2/0/3 and Ethernet 2/0/4 of Switch A have joined IPv6 multicast group FF1E::101.
Static Port Configuration
Network requirements
l As shown in Figure 1-4, Router A connects to an IPv6 multicast source (Source) through Ethernet 1/0/2, and to Switch A through Ethernet 1/0/1.
l MLDv1 is to run on Router A, and MLDv1 Snooping is to run on Switch A, Switch B and Switch C, with Router A acting as the MLD querier.
l Host A and host C are permanent receivers of IPv6 multicast group FF1E::101. Ethernet 2/0/3 and Ethernet 2/0/5 on Switch C are required to be configured as static member ports for multicast group 224.1.1.1 to enhance the reliability of multicast traffic transmission.
l Suppose STP runs on the network. To avoid data loops, the forwarding path from Switch A to Switch C is blocked under normal conditions, and IPv6 multicast traffic flows to the receivers attached to Switch C only along the path of Switch A—Switch B—Switch C.
l It is required to configure Ethernet 2/0/3 that connects Switch A to Switch C as a static router port, so that IPv6 multicast traffic can flow to the receivers nearly uninterruptedly along the path of Switch A—Switch C in the case that the path of Switch A—Switch B—Switch C gets blocked.
If no static router port is configured, when the path of Switch A—Switch B—Switch C gets blocked, at least one MLD query-response cycle must be completed before the IPv6 multicast data can flow to the receivers along the new path of Switch A—Switch C, namely IPv6 multicast delivery will be interrupted during this process.
For details about the Spanning Tree Protocol (STP), refer to MSTP Configuration in the Access Volume.
Network diagram
Figure 1-4 Network diagram for static port configuration
Configuration procedure
1) Enable IPv6 forwarding and configure IPv6 addresses
Enable IPv6 forwarding and configure an IPv6 address and prefix length for each interface as per Figure 1-4.
2) Configure Router A
# Enable IPv6 multicast routing, enable IPv6 PIM-DM on each interface, and enable MLD on Ethernet 1/0/1.
<RouterA> system-view
[RouterA] multicast ipv6 routing-enable
[RouterA] interface ethernet 1/0/1
[RouterA-Ethernet1/0/1] mld enable
[RouterA-Ethernet1/0/1] pim ipv6 dm
[RouterA-Ethernet1/0/1] quit
[RouterA] interface ethernet 1/0/2
[RouterA-Ethernet1/0/2] pim ipv6 dm
[RouterA-Ethernet1/0/2] quit
3) Configure Switch A
# Enable MLD Snooping globally.
<SwitchA> system-view
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# Create VLAN 100, assign Ethernet 2/0/1 through Ethernet 2/0/3 to this VLAN, and enable MLD Snooping in the VLAN.
[SwitchA] vlan 100
[SwitchA-vlan100] port ethernet 2/0/1 to ethernet 2/0/3
[SwitchA-vlan100] mld-snooping enable
[SwitchA-vlan100] quit
# Configure Ethernet 2/0/3 to be a static router port.
[SwitchA] interface ethernet 2/0/3
[SwitchA-Ethernet2/0/3] mld-snooping static-router-port vlan 100
[SwitchA-Ethernet2/0/3] quit
4) Configure Switch B
# Enable MLD Snooping globally.
<SwitchB> system-view
[SwitchB] mld-snooping
[SwitchB-mld-snooping] quit
# Create VLAN 100, assign Ethernet 2/0/1 and Ethernet 2/0/2 to this VLAN, and enable MLD Snooping in the VLAN.
[SwitchB] vlan 100
[SwitchB-vlan100] port ethernet 2/0/1 ethernet 2/0/2
[SwitchB-vlan100] mld-snooping enable
[SwitchB-vlan100] quit
5) Configure Switch C
# Enable MLD Snooping globally.
<SwitchC> system-view
[SwitchC] mld-snooping
[SwitchC-mld-snooping] quit
# Create VLAN 100, assign Ethernet 2/0/1 through Ethernet 2/0/5 to this VLAN, and enable MLD Snooping in the VLAN.
[SwitchC] vlan 100
[SwitchC-vlan100] port ethernet 2/0/1 to ethernet 2/0/5
[SwitchC-vlan100] mld-snooping enable
[SwitchC-vlan100] quit
# Configure Ethernet 2/0/3 and Ethernet 2/0/5 as static member ports for IPv6 multicast group FF1E::101.
[SwitchC] interface Ethernet 2/0/3
[SwitchC-Ethernet2/0/3] mld-snooping static-group ff1e::101 vlan 100
[SwitchC-Ethernet2/0/3] quit
[SwitchC] interface Ethernet 2/0/5
[SwitchC-Ethernet2/0/5] mld-snooping static-group ff1e::101 vlan 100
[SwitchC-Ethernet2/0/5] quit
6) Verify the configuration
# View the detailed MLD Snooping multicast group information in VLAN 100 on Switch A.
[SwitchA] display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 2 port.
Eth2/0/1 (D) ( 00:01:30 )
Eth2/0/3 (S)
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Attribute: Host Port
Host port(s):total 1 port.
Eth2/0/2 (D) ( 00:03:23 )
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 1 port.
Eth2/0/2
As shown above, Ethernet 2/0/3 of Switch A has become a static router port.
# View the detailed MLD Snooping multicast group information in VLAN 100 on Switch C.
[SwitchC] display mld-snooping group vlan 100 verbose
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Port flags: D-Dynamic port, S-Static port, C-Copy port
Subvlan flags: R-Real VLAN, C-Copy VLAN
Vlan(id):100.
Total 1 IP Group(s).
Total 1 IP Source(s).
Total 1 MAC Group(s).
Router port(s):total 1 port.
Eth2/0/2 (D) ( 00:01:23 )
IP group(s):the following ip group(s) match to one mac group.
IP group address:FF1E::101
(::, FF1E::101):
Attribute: Host Port
Host port(s):total 2 port.
Eth2/0/3 (S)
Eth2/0/5 (S)
MAC group(s):
MAC group address:3333-0000-0101
Host port(s):total 2 port.
Eth2/0/3
Eth2/0/5
As shown above, Ethernet 2/0/3 and Ethernet 2/0/5 on Switch C have become static member ports for IPv6 multicast group FF1E::101.
MLD Snooping Querier Configuration
Network requirements
l As shown in Figure 1-5, in a Layer-2-only network environment, two multicast sources Source 1 and Source 2 send IPv6 multicast data to multicast groups FF1E::101 and FF1E::102 respectively, Host A and Host C are receivers of multicast group FF1E::101, while Host B and Host D are receivers of multicast group FF1E::102.
l MLDv1 is enabled on all the receivers and MLDv1 Snooping is enabled on all the switches. Switch A, which is close to the multicast sources, is chosen as the MLD Snooping querier.
l To prevent flooding of unknown multicast traffic within the VLAN, it is required to configure all the switches to drop unknown multicast data packets.
Network diagram
Figure 1-5 Network diagram for MLD Snooping querier configuration
Configuration procedure
1) Configure Switch A
# Enable IPv6 forwarding and enable MLD Snooping globally.
<SwitchA> system-view
[SwitchA] ipv6
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# Create VLAN 100 and assign Ethernet 2/0/1 through Ethernet 2/0/3 to VLAN 100.
[SwitchA] vlan 100
[SwitchA-vlan100] port ethernet 2/0/1 to ethernet 2/0/3
# Enable MLD Snooping and the function of dropping unknown IPv6 multicast data packets in VLAN 100.
[SwitchA-vlan100] mld-snooping enable
[SwitchA-vlan100] mld-snooping drop-unknown
# Configure MLD Snooping querier feature in VLAN 100.
[SwitchA-vlan100] mld-snooping querier
[SwitchA-vlan100] quit
2) Configure Switch B
# Enable IPv6 forwarding and enable MLD Snooping globally.
<SwitchB> system-view
[SwitchB] ipv6
[SwitchB] mld-snooping
[SwitchB-mld-snooping] quit
# Create VLAN 100, add Ethernet 2/0/1 through Ethernet 2/0/4 into VLAN 100.
[SwitchB] vlan 100
[SwitchB-vlan100] port ethernet 2/0/1 to ethernet 2/0/4
# Enable the MLD Snooping feature and the function of dropping unknown IPv6 multicast data packets in VLAN 100.
[SwitchB-vlan100] mld-snooping enable
[SwitchB-vlan100] mld-snooping drop-unknown
[SwitchB-vlan100] quit
Configurations of Switch C and Switch D are similar to the configuration of Switch B.
3) Verify the configuration
When the MLD Snooping querier starts to work, all the switches but the querier receive MLD general queries. Use the display mld-snooping statistics command to view the statistics information of these MLD messages received.
# View the MLD message statistics on Switch B.
[SwitchB-vlan100] display mld-snooping statistics
Received MLD general queries:3.
Received MLDv1 specific queries:0.
Received MLDv1 reports:12.
Received MLD dones:0.
Sent MLDv1 specific queries:0.
Received MLDv2 reports:0.
Received MLDv2 reports with right and wrong records:0.
Received MLDv2 specific queries:0.
Received MLDv2 specific sg queries:0.
Sent MLDv2 specific queries:0.
Sent MLDv2 specific sg queries:0.
Received error MLD messages:0.
Troubleshooting MLD Snooping
Switch Fails in Layer 2 Multicast Forwarding
Symptom
A switch fails to implement Layer 2 multicast forwarding.
Analysis
MLD Snooping is not enabled.
Solution
1) Enter the display current-configuration command to view the running status of MLD Snooping.
2) If MLD Snooping is not enabled, use the mld-snooping command to enable MLD Snooping globally, and then use mld-snooping enable command to enable MLD Snooping in VLAN view.
3) If MLD Snooping is disabled only for the corresponding VLAN, just use the mld-snooping enable command in VLAN view to enable MLD Snooping in the corresponding VLAN.
Configured IPv6 Multicast Group Policy Fails to Take Effect
Symptom
Although an IPv6 multicast group policy has been configured to allow hosts to join specific IPv6 multicast groups, the hosts can still receive IPv6 multicast data addressed to other groups.
Analysis
l The IPv6 ACL rule is incorrectly configured.
l The IPv6 multicast group policy is not correctly applied.
l The function of dropping unknown IPv6 multicast data is not enabled, so unknown IPv6 multicast data is flooded.
Solution
1) Use the display acl ipv6 command to check the configured IPv6 ACL rule. Make sure that the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented.
2) Use the display this command in MLD Snooping view or the corresponding interface view to check whether the correct IPv6 multicast group policy has been applied. If not, use the group-policy or mld-snooping group-policy command to apply the correct IPv6 multicast group policy.
3) Use the display current-configuration command to check whether the function of dropping unknown IPv6 multicast data is enabled. If not, use the drop-unknown or mld-snooping drop-unknown command to enable the function of dropping unknown IPv6 multicast data.