06-IP Multicast Configuration Guide

HomeSupportResource CenterConfigure & DeployConfiguration GuidesH3C S12500-X & S12500X-AF Switch Series Configuration Guides(R115x)-6W10206-IP Multicast Configuration Guide
07-MLD snooping configuration
Title Size Download
07-MLD snooping configuration 317.29 KB

Contents

Configuring MLD snooping· 1

Overview·· 1

Basic MLD snooping concepts· 1

How MLD snooping works· 3

MLD snooping version· 4

Protocols and standards· 4

MLD snooping configuration task list 4

Configuring basic MLD snooping features· 5

Enabling MLD snooping· 5

Setting the maximum number of MLD snooping forwarding entries· 6

Setting the MLD last listener query interval 6

Configuring MLD snooping port features· 7

Setting aging timers for dynamic ports· 7

Configuring static ports· 8

Configuring a port as a simulated member host 9

Enabling fast-leave processing· 9

Enabling inner VLAN ID-based forwarding· 10

Configuring the MLD snooping querier 10

Configuration prerequisites· 10

Enabling the MLD snooping querier 11

Configuring parameters for MLD general queries and responses· 11

Configuring source IPv6 addresses for MLD messages· 12

Configuring MLD snooping policies· 13

Configuring an IPv6 multicast group policy· 13

Enabling IPv6 multicast source port filtering· 14

Enabling dropping unknown IPv6 multicast data· 15

Enabling MLD report suppression· 15

Setting the maximum number of IPv6 multicast groups on a port 15

Enabling IPv6 multicast group replacement 16

Displaying and maintaining MLD snooping· 16

MLD snooping configuration examples· 18

IPv6 group policy configuration example· 18

Static port configuration example· 19

MLD snooping querier configuration example· 22

Troubleshooting MLD snooping· 25

Layer 2 multicast forwarding cannot function· 25

IPv6 multicast group policy does not work· 25

 


Configuring MLD snooping

Overview

MLD snooping runs on a Layer 2 switch as an IPv6 multicast constraining mechanism to improve multicast forwarding efficiency. It creates Layer 2 multicast forwarding entries from MLD messages that are exchanged between the hosts and the router.

As shown in Figure 1, when MLD snooping is not enabled, the Layer 2 switch floods IPv6 multicast packets to all hosts. When MLD snooping is enabled, the Layer 2 switch forwards multicast packets of known IPv6 multicast groups to only the receivers.

Figure 1 Multicast packet transmission processes without and with MLD snooping

 

Basic MLD snooping concepts

MLD snooping ports

As shown in Figure 2, MLD snooping runs on Switch A and Switch B, and Host A and Host C are receiver hosts in an IPv6 multicast group.

Figure 2 MLD snooping related ports

 

The following describes the ports involved in MLD snooping, as shown in Figure 2:

·          Router port—Layer 3 multicast device-side port. Layer 3 multicast devices include designated routers and MLD queriers. In Figure 2, FortyGigE 1/0/1 of Switch A and FortyGigE 1/0/1 of Switch B are the router ports. A switch records all its local router ports in a router port list.

Do not confuse the "router port" in MLD snooping with the "routed interface" commonly known as the "Layer 3 interface." The router port in MLD snooping is a Layer 2 interface.

·          Member port—Multicast receiver-side port. In Figure 2, FortyGigE 1/0/2 and FortyGigE 1/0/3 of Switch A and FortyGigE 1/0/2 of Switch B are member ports. A switch records all its local member ports in its MLD snooping forwarding table.

Unless otherwise specified, router ports and member ports in this document include both static and dynamic router ports and member ports.

 

 

NOTE:

When MLD snooping is enabled, all ports that receive IPv6 PIM hello messages or MLD general queries with a source IP address other than 0::0 are considered dynamic router ports.

 

Aging timers for dynamic ports in MLD snooping

The following are aging timers for dynamic ports in MLD snooping:

·          Dynamic router port aging timerThe switch starts this timer for a port that receives an MLD general query with the source address other than 0::0 or an IPv6 PIM hello message. If the port does not either of receive these messages before the timer expires, the switch removes the port from its router port list.

·          Dynamic member port aging timerThe switch starts this timer for a port that receives an MLD report. If the port does not receive a report before the timer expires, the switch removes the port from the MLD snooping forwarding entries.

 

 

NOTE:

In MLD snooping, only dynamic ports age out. Static ports never age out.

 

How MLD snooping works

The ports in this section are dynamic ports. For information about how to configure and remove static ports, see "Configuring static ports."

MLD messages include general query, MLD report, and done message. An MLD snooping-enabled switch performs differently depending on the MLD message.

General query

The MLD querier periodically sends MLD general queries to all hosts and routers on the local subnet to check for the existence of IPv6 multicast group members.

After receiving an MLD general query from the MLD querier, the switch forwards the query to all ports in the VLAN except the receiving port. The switch also performs one of the following operations:

·          If the receiving port is a dynamic router port in the router port list, the switch restarts the aging timer for the router port.

·          If the receiving port does not exist in the router port list, the switch adds the port to the router port list. It also starts an aging timer for the port.

MLD report

A host sends an MLD report to the MLD querier for the following purposes:

·          Responds to queries if the host is an IPv6 multicast group member.

·          Applies for an IPv6 multicast group membership.

After receiving an MLD report from a host, the switch forwards the report through all the router ports in the VLAN. It also resolves the IPv6 address of the reported IPv6 multicast group, and looks up the forwarding table for a matching entry:

·          If no match is found, the switch creates a forwarding entry for the group with the receiving port as an outgoing interface. It also marks the receiving port as a dynamic member port and starts an aging timer for the port.

·          If a match is found but the receiving port is not in the forwarding entry, the switch adds the receiving port as an outgoing interface to the forwarding entry. It also marks the receiving port as a dynamic member port and starts an aging timer for the port.

·          If a match is found and the receiving port is in the forwarding entry, the switch restarts the aging timer for the port.

In an application with an IPv6 multicast group policy configured on an MLD snooping-enabled switch, when a user requests a multicast program, the user's host initiates an MLD report. After receiving this report message, the switch resolves the IPv6 multicast group address in the report and performs ACL filtering on the report. If the report passes ACL filtering, the switch creates an MLD snooping forwarding entry for the IPv6 multicast group with the receiving port as an outgoing interface. Otherwise, the switch drops this report message, which means the receiver does not successfully join the IPv6 multicast group and cannot retrieve the program.

A switch does not forward an MLD report through a non-router port because of the MLD report suppression mechanism.

Done message

When a host leaves an IPv6 multicast group, the host sends an MLD done message to the multicast routers. When the switch receives the MLD done message on a dynamic member port, the switch first examines whether a forwarding entry matches the IPv6 multicast group address in the message.

·          If no match is found, the switch discards the MLD done message.

·          If a match is found but the receiving port is not an outgoing interface in the forwarding entry, the switch discards the MLD done message.

·          If a match is found and the receiving port is not the only outgoing interface in the forwarding entry, the switch performs the following operations:

?  Discards the MLD done message.

?  Sends an MLD multicast-address-specific query to identify whether the group has active listeners attached to the receiving port.

?  Sets the aging timer for the receiving port to twice the MLD last listener query interval.

·          If a match is found and the receiving port is the only outgoing interface in the forwarding entry, the switch performs the following operations:

?  Forwards the MLD done message to all router ports in the VLAN.

?  Sends an MLD multicast-address-specific query to identify whether the group has active listeners attached to the receiving port.

?  Sets the aging timer for the receiving port to twice the MLD last listener query interval.

After receiving the MLD done message, the MLD querier resolves the IPv6 multicast group address in the message. Then, it sends an MLD multicast-address-specific query to the IPv6 multicast group through the port that received the done message.

After receiving the MLD multicast-address-specific query, the switch forwards the query through all its router ports in the VLAN and all member ports of the IPv6 multicast group. Then, it waits for the responding MLD reports from the directly connected hosts. For the member port that received the done message, the switch performs one of the following operations:

·          If the port receives an MLD report before the aging timer expires, the switch adjusts the aging timer for the port.

·          If the port does not receive an MLD report when the aging timer expires, the switch removes the port from the forwarding entry for the IPv6 multicast group.

MLD snooping version

Different MLD snooping versions can process different versions of MLD messages:

·          MLDv1 snooping can process MLDv1 messages, but it floods MLDv2 messages in the VLAN instead of processing them.

·          MLDv2 snooping can process MLDv1 and MLDv2 messages.

The switch supports only MLDv1 snooping.

Protocols and standards

RFC 4541, Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches

MLD snooping configuration task list

Tasks at a glance

Configuring basic MLD snooping features:

·         (Required.) Enabling MLD snooping

·         (Optional.) Setting the maximum number of MLD snooping forwarding entries

·         (Optional.) Setting the MLD last listener query interval

Configuring MLD snooping port features:

·         (Optional.) Setting aging timers for dynamic ports

·         (Optional.) Configuring static ports

·         (Optional.) Configuring a port as a simulated member host

·         (Optional.) Enabling fast-leave processing

·         (Optional.) Enabling inner VLAN ID-based forwarding

Configuring the MLD snooping querier:

·         (Optional.) Enabling the MLD snooping querier

·         (Optional.) Configuring parameters for MLD general queries and responses

(Optional.) Configuring source IPv6 addresses for MLD messages

Configuring MLD snooping policies:

·         (Optional.) Configuring an IPv6 multicast group policy

·         (Optional.) Enabling IPv6 multicast source port filtering

·         (Optional.) Enabling dropping unknown IPv6 multicast data

·         (Optional.) Enabling MLD report suppression

·         (Optional.) Setting the maximum number of IPv6 multicast groups on a port

·         (Optional.) Enabling IPv6 multicast group replacement

 

The MLD snooping configurations made on Layer 2 aggregate interfaces do not interfere with the configurations made on member ports. In addition, the configurations made on Layer 2 aggregate interfaces do not take part in aggregation calculations. The configuration made on a member port of the aggregate group takes effect after the port leaves the aggregate group.

Configuring basic MLD snooping features

Before you configure basic MLD snooping features, complete the following tasks:

·          Configure the associated VLANs.

·          Determine the maximum number of MLD snooping forwarding entries.

·          Determine the MLD last listener query interval.

Enabling MLD snooping

When you enable MLD snooping, follow these guidelines:

·          You must enable MLD snooping globally before you can enable it for a VLAN.

·          MLD snooping for a VLAN works only on the member ports in that VLAN.

·          You can enable MLD snooping for the specified VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the configuration in VLAN view has the same priority as the configuration in MLD-snooping view, and the most recent configuration takes effect.

Enabling MLD snooping in MLD-snooping view

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable MLD snooping globally and enter MLD-snooping view.

mld-snooping

By default, MLD snooping is globally disabled.

3.       Enable MLD snooping for the specified VLANs.

enable vlan vlan-list

By default, MLD snooping is disabled for a VLAN.

 

Enabling MLD snooping in VLAN view

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable MLD snooping globally and enter MLD-snooping view.

mld-snooping

By default, MLD snooping is globally disabled.

3.       Return to system view.

quit

N/A

4.       Enter VLAN view.

vlan vlan-id

N/A

5.       Enable MLD snooping for the VLAN.

mld-snooping enable

By default, MLD snooping is disabled in a VLAN.

 

Setting the maximum number of MLD snooping forwarding entries

You can modify the maximum number of MLD snooping forwarding entries, including dynamic entries and static entries. When the number of forwarding entries on the device reaches the upper limit, the device does not automatically remove any existing entries. As a best practice, manually remove some entries to allow new entries to be created.

To set the maximum number of MLD snooping forwarding entries:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Set the maximum number of MLD snooping forwarding entries.

entry-limit limit

The default setting is 4294967295.

 

Setting the MLD last listener query interval

A receiver host starts a report delay timer for an IPv6 multicast group when it receives an MLD multicast-address-specific query for the group. This timer is set to a random value in the range of 0 to the maximum response time advertised in the query. When the timer value decreases to 0, the host sends an MLD report to the group.

The MLD last listener query interval defines the maximum response time advertised in MLD multicast-address-specific queries. Set an appropriate value for the MLD last listener query interval to speed up hosts' responses to MLD multicast-address-specific queries and avoid MLD report traffic bursts.

Configuration restrictions and guidelines

When you set the MLD last listener query interval, follow these restrictions and guidelines:

·          If the Layer 2 device receives a done message from a port enabled with fast-leave processing, the device does not send an MLD multicast-address-specific query to the port.

·          You can set the MLD last listener query interval globally for all VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the VLAN-specific configuration takes priority over the global configuration.

Setting the MLD last listener query interval globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Set the MLD last listener query interval globally.

last-listener-query-interval interval

The default setting is 1 second.

 

Setting the MLD last listener query interval in a VLAN

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter VLAN view.

vlan vlan-id

N/A

3.       Set the MLD last listener query interval in the VLAN.

mld-snooping last-listener-query-interval interval

The default setting is 1 second.

 

Configuring MLD snooping port features

Before you configure MLD snooping port features, complete the following tasks:

·          Enable MLD snooping for the VLAN.

·          Determine the aging timer for dynamic router ports.

·          Determine the aging timer for dynamic member ports.

·          Determine the addresses of the IPv6 multicast group and IPv6 multicast source.

Setting aging timers for dynamic ports

When you set aging timers for dynamic ports, follow these guidelines:

·          If the memberships of IPv6 multicast groups frequently change, set a relatively small value for the aging timer of the dynamic member ports. If the memberships of IPv6 multicast groups rarely change, you can set a relatively large value.

·          If a dynamic router port receives an IPv6 PIMv2 hello message, the aging timer value for the port is specified by the hello message. In this case, the mld-snooping router-aging-time command does not take effect on the port.

·          MLD multicast-address-specific queries originated by the Layer 2 device trigger the aging timer adjustment of dynamic member ports. If a dynamic member port receives such a query, its aging timer is set to twice the MLD last listener query interval. For more information about setting the MLD last listener query interval on the Layer 2 device, see "Setting the MLD last listener query interval."

·          You can set the timers globally for all VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the VLAN-specific configuration takes priority over the global configuration.

Setting the aging timers for dynamic ports globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Set the aging timer for dynamic router ports globally.

router-aging-time interval

The default setting is 260 seconds.

4.       Set the aging timer for dynamic member ports globally.

host-aging-time interval

The default setting is 260 seconds.

 

Setting the aging timers for dynamic ports in a VLAN

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter VLAN view.

vlan vlan-id

N/A

3.       Set the aging timer for dynamic router ports in the VLAN.

mld-snooping router-aging-time interval

The default setting is 260 seconds.

4.       Set the aging timer for dynamic member ports in the VLAN.

mld-snooping host-aging-time interval

The default setting is 260 seconds.

 

Configuring static ports

You can configure the following types of static ports:

·          Static member portWhen you configure a port as a static member port for an IPv6 multicast group, all hosts attached to the port will receive IPv6 multicast data for the group.

The static member port does not respond to MLD queries. When you configure or cancel this configuration, the port does not send an unsolicited report or done message.

·          Static router port—When you configure a port as a static router port for an IPv6 multicast group, all IPv6 multicast data for the group received on the port will be forwarded.

Static member ports and static router ports never age out. To remove such a port, use the undo mld-snooping static-group or undo mld-snooping static-router-port command.

To configure static ports:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.       Configure the port as a static port.

·         Configure the port as a static member port:
mld-snooping static-group ipv6-group-address vlan vlan-id

·         Configure the port as a static router port:
mld-snooping static-router-port vlan vlan-id

By default, a port is not a static member port or a static router port.

 

Configuring a port as a simulated member host

When a port is configured as a simulated member host, it is equivalent to an independent host in the following ways:

·          It sends an unsolicited MLD report when you complete the configuration.

·          It responds to MLD general queries with MLD reports.

·          It sends an MLD done message when you remove the configuration.

The version of MLD running on the simulated member host is the same as the version of MLD snooping running on the port. The port ages out in the same ways as a dynamic member port.

To configure a port as a simulated member host:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.       Configure the port as a simulated member host.

mld-snooping host-join ipv6-group-address vlan vlan-id

By default, the port is not a simulated member host.

 

Enabling fast-leave processing

This feature enables the switch to immediately remove a port from the forwarding entry for an IPv6 multicast group when the port receives a done message.

Configuration guidelines

When you enable fast-leave processing feature, follow these guidelines:

·          Do not enable fast-leave processing on a port that has multiple receiver hosts in a VLAN. If fast-leave processing is enabled, the remaining receivers cannot receive IPv6 multicast data for a group after a receiver leaves that group.

·          You can enable fast-leave processing globally for all ports in MLD-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.

Enabling fast-leave processing globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Enable fast-leave processing globally.

fast-leave [ vlan vlan-list ]

By default, fast-leave processing is disabled globally.

 

Enabling fast-leave processing on a port

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.       Enable fast-leave processing on the port.

mld-snooping fast-leave [ vlan vlan-list ]

By default, fast-leave processing is disabled on a port.

 

Enabling inner VLAN ID-based forwarding

Use this feature to enable a port to create and maintain MLD snooping forwarding entries based on the inner VLAN IDs of the received double-tagged MLD packets.

To enable inner VLAN ID-based forwarding:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.       Enable inner VLAN ID-based forwarding.

mld-snooping cvid-forward

By default, inner VLAN ID-based forwarding is disabled on a port. The port performs outer VLAN ID-based forwarding.

 

Configuring the MLD snooping querier

This section describes how to configure an MLD snooping querier.

Configuration prerequisites

Before you configure the MLD snooping querier for a VLAN, complete the following tasks:

·          Enable MLD snooping for the VLAN.

·          Determine the MLD general query interval.

·          Determine the maximum response time for MLD general queries.

Enabling the MLD snooping querier

This feature enables the switch to periodically send MLD general queries to establish and maintain multicast forwarding entries at the data link Layer. You can configure an MLD snooping querier on a network without Layer 3 multicast devices.

When you enable the MLD snooping querier, Do not enable the MLD snooping querier on an IPv6 multicast network that runs MLD. An MLD snooping querier does not participate in MLD querier elections. However, it might affect MLD querier elections if it sends MLD general queries with a low source IPv6 address.

To enable the MLD snooping querier for a VLAN:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter VLAN view.

vlan vlan-id

N/A

3.       Enable the MLD snooping querier for the VLAN.

mld-snooping querier

By default, MLD snooping querier is disabled for a VLAN.

 

Configuring parameters for MLD general queries and responses

CAUTION

CAUTION:

To avoid mistakenly deleting multicast group members, make sure the MLD general query interval is greater than the maximum response time for MLD general queries.

 

you can modify the MLD general query interval based on the actual network conditions.

A receiver host starts a report delay timer for each IPv6 multicast group that it has joined when it receives an MLD general query. This timer is set to a random value in the range of 0 to the maximum response time advertised in the query. When the timer value decreases to 0, the host sends an MLD report to the corresponding IPv6 multicast group.

Set an appropriate value for the maximum response time for MLD general queries to speed up hosts' responses to MLD general queries and avoid MLD report traffic bursts.

You can set the maximum response time for MLD general queries globally for all VLANs in MLD-snooping view or for a VLAN in VLAN view. For a VLAN, the VLAN-specific configuration takes priority over the global configuration.

Setting the maximum response time for MLD general queries globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Set the maximum response time for MLD general queries.

max-response-time interval

The default setting is 10 seconds.

 

Configuring parameters for MLD general queries and responses in a VLAN

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter VLAN view.

vlan vlan-id

N/A

3.       Set the MLD general query interval for the VLAN.

mld-snooping query-interval interval

The default setting is 125 seconds.

4.       Set the maximum response time for MLD general queries in the VLAN.

mld-snooping max-response-time interval

The default setting is 10 seconds.

 

Configuring source IPv6 addresses for MLD messages

You can change the source IPv6 address of MLD queries sent by an MLD snooping querier. This configuration might affect MLD querier election within the subnet.

You can also change the source IPv6 address of MLD reports or leave messages sent by a simulated member host.

To configure the source IP addresses for MLD messages in a VLAN:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter VLAN view.

vlan vlan-id

N/A

3.       Configure the source IPv6 address for MLD general queries.

mld-snooping general-query source-ip ipv6-address

By default, the source IPv6 address of MLD general queries is the IPv6 link-local address of the current VLAN interface. If the current VLAN interface does not have an IPv6 link-local address, the source IPv6 address is FE80::02FF:FFFF:FE00:0001.

4.       Configure the source IPv6 address for MLD multicast-address-specific queries.

mld-snooping special-query source-ip ipv6-address

By default, the source IPv6 address of MLD multicast-address-specific queries is one of the following:

·         The source address of MLD general queries if the MLD snooping querier has received MLD general queries.

·         The IPv6 link-local address of the current VLAN interface if the MLD snooping querier does not receive an MLD general query.

·         FE80::02FF:FFFF:FE00:0001 if the MLD snooping querier does not receive an MLD general query and the current VLAN interface does not have an IPv6 link-local address.

5.       Configure the source IPv6 address for MLD reports.

mld-snooping report source-ip ipv6-address

By default, the source IPv6 address of MLD reports is the IPv6 link-local address of the current VLAN interface. If the current VLAN interface does not have an IPv6 link-local address, the source IPv6 address is FE80::02FF:FFFF:FE00:0001.

6.       Configure the source IPv6 address for MLD done messages.

mld-snooping done source-ip ipv6-address

By default, the source IPv6 address of MLD done messages is the IPv6 link-local address of the current VLAN interface. If the current VLAN interface does not have an IPv6 link-local address, the source IPv6 address is FE80::02FF:FFFF:FE00:0001.

 

Configuring MLD snooping policies

Before you configure MLD snooping policies, complete the following tasks:

·          Enable MLD snooping for the VLAN.

·          Determine the ACL used as the IPv6 multicast group policy.

·          Determine the maximum number of IPv6 multicast groups that a port can join.

Configuring an IPv6 multicast group policy

This feature enables the switch to filter MLD reports based on the used ACL that specifies IPv6 multicast groups and the optional sources. It is used to control the IPv6 multicast groups that receiver hosts can join.

Configuration restrictions and guidelines

When you configure an IPv6 multicast group policy, follow these restrictions and guidelines:

·          This configuration takes effect only on the IPv6 multicast groups that the port joins dynamically.

·          You can configure an IPv6 multicast group policy globally for all ports in MLD-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.

Configuring an IPv6 multicast group policy globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Configure an IPv6 multicast group policy globally.

group-policy acl6-number [ vlan vlan-list ]

By default, IPv6 multicast group policies are not globally configured.

 

Configuring an IPv6 multicast group policy on a port

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.       Configure an IPv6 multicast group policy on the port.

mld-snooping group-policy acl6-number [ vlan vlan-list ]

By default, IPv6 multicast group policies are not configured on the port.

 

Enabling IPv6 multicast source port filtering

This feature enables the switch to discard all IPv6 multicast data packets and to accept IPv6 multicast protocol packets. You can enable this feature on ports that connect only to IPv6 multicast receivers.

You can enable multicast source port filtering for the specified ports in MLD-snooping view or for a port in interface view. For a port, the configuration in interface view has the same priority as the configuration in MLD-snooping view, and the most recent configuration takes effect.

Enabling IPv6 multicast source port filtering globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Enable IPv6 multicast source port filtering.

source-deny port interface-list

By default, IPv6 multicast source port filtering is disabled.

 

Enabling IPv6 multicast source port filtering on a port

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

N/A

3.       Enable IPv6 multicast source port filtering.

mld-snooping source-deny

By default, IPv6 multicast source port filtering is disabled.

 

Enabling dropping unknown IPv6 multicast data

This feature enables the switch to drop all unknown IPv6 multicast data. Unknown IPv6 multicast data refers to IPv6 multicast data for which no forwarding entries exist in the MLD snooping forwarding table.

If you do not enable this feature, the unknown IPv6 multicast data is flooded in the VLAN to which the data belongs.

To enable dropping unknown IPv6 multicast data for a VLAN:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter VLAN view.

vlan vlan-id

N/A

3.       Enable dropping unknown IPv6 multicast data for the VLAN

mld-snooping drop-unknown

By default, this feature is disabled. Unknown IPv6 multicast data is flooded.

 

Enabling MLD report suppression

This feature enables the switch to forward only the first MLD report for an IPv6 multicast group to its directly connected Layer 3 device. Other reports for the same group within the same query interval are discarded.

To enable MLD report suppression:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Enable MLD report suppression.

report-aggregation

By default, MLD report suppression is enabled.

 

Setting the maximum number of IPv6 multicast groups on a port

You can set the maximum number of IPv6 multicast groups on a port to regulate the port traffic.

Configuration restrictions and guidelines

When you set the maximum number of IPv6 multicast groups on a port, follow these restrictions and guidelines:

·          This configuration takes effect only on the IPv6 multicast groups that the port joins dynamically.

·          If the number of IPv6 multicast groups on a port exceeds the limit, the system removes all the forwarding entries related to that port. In this case, the receiver hosts attached to that port can join IPv6 multicast groups again before the number of IPv6 multicast groups on the port reaches the limit.

Configuration procedure

To set the maximum number of IPv6 multicast groups on a port:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.       Set the maximum number of IPv6 multicast groups on a port.

mld-snooping group-limit limit [ vlan vlan-list ]

By default, no limit is placed on the number of IPv6 multicast groups on a port.

 

Enabling IPv6 multicast group replacement

This feature enables the switch to replace an existing IPv6 multicast group with a newly joined group when the number of groups exceeds the upper limit. This feature is typically used in the channel switching application. Without this feature, the switch discards MLD reports for new groups, and the user cannot change to the new channel.

Configuration restrictions and guidelines

When you enable IPv6 multicast group replacement, follow these restrictions and guidelines:

·          This configuration takes effect only on the multicast groups that the port joins dynamically.

·          You can enable this feature globally for all ports in MLD-snooping view or for a port in interface view. For a port, the port-specific configuration takes priority over the global configuration.

Enabling IPv6 multicast group replacement globally

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter MLD-snooping view.

mld-snooping

N/A

3.       Enable IPv6 multicast group replacement globally.

overflow-replace [ vlan vlan-list ]

By default, IPv6 multicast group replacement is disabled globally.

 

Enabling IPv6 multicast group replacement on a port

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view.

interface interface-type interface-number

N/A

3.       Enable IPv6 multicast group replacement on the port.

mld-snooping overflow-replace [ vlan vlan-list ]

By default, IPv6 multicast group replacement is disabled on a port.

 

Displaying and maintaining MLD snooping

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display information about Layer 2 IPv6 multicast groups (in standalone mode).

display ipv6 l2-multicast ip [ group ipv6-group-address ] [ vlan vlan-id ] [ slot slot-number ]

Display information about Layer 2 IPv6 multicast groups (in IRF mode).

display ipv6 l2-multicast ip [ group ipv6-group-address ] [ vlan vlan-id ] [ chassis chassis-number slot slot-number ]

Display information about Layer 2 IPv6 multicast group entries (in standalone mode).

display ipv6 l2-multicast ip forwarding [ group ipv6-group-address ] [ vlan vlan-id ] [ slot slot-number ]

Display information about Layer 2 IPv6 multicast group entries (in IRF mode).

display ipv6 l2-multicast ip forwarding [ group ipv6-group-address ] [ vlan vlan-id ] [ chassis chassis-number slot slot-number ]

Display information about Layer 2 IPv6 MAC multicast groups (in standalone mode).

display ipv6 l2-multicast mac [ mac-address ] [ vlan vlan-id ] [ slot slot-number ]

Display information about Layer 2 IPv6 MAC multicast groups (in IRF mode).

display ipv6 l2-multicast mac [ mac-address ] [ vlan vlan-id ] [ chassis chassis-number slot slot-number ]

Display information about Layer 2 IPv6 MAC multicast group entries (in standalone mode).

display ipv6 l2-multicast mac forwarding [ mac-address ] [ vlan vlan-id ] [ slot slot-number ]

Display information about Layer 2 IPv6 MAC multicast group entries (in IRF mode).

display ipv6 l2-multicast mac forwarding [ mac-address ] [ vlan vlan-id ] [ chassis chassis-number slot slot-number ]

Display MLD snooping status.

display mld-snooping [ global | vlan vlan-id ]

Display dynamic MLD snooping forwarding entries (in standalone mode).

display mld-snooping group [ ipv6-group-address ] [ vlan vlan-id ] [ verbose ] [ slot slot-number ]

Display dynamic MLD snooping forwarding entries (in IRF mode).

display mld-snooping group [ ipv6-group-address ] [ vlan vlan-id ] [ verbose ] [ chassis chassis-number slot slot-number ]

Display information about static MLD snooping forwarding entries (in standalone mode).

display mld-snooping static-group [ ipv6-group-address ] [ vlan vlan-id ] [ verbose ] [ slot slot-number ]

Display information about static MLD snooping forwarding entries (in IRF mode).

display mld-snooping static-group [ ipv6-group-address ] [ vlan vlan-id ] [ verbose ] [ chassis chassis-number slot slot-number ]

Display dynamic router port information (in standalone mode).

display mld-snooping router-port [ vlan vlan-id ] [ slot slot-number ]

Display dynamic router port information (in IRF mode).

display mld-snooping router-port [ verbose | vlan vlan-id [ verbose ] ] [ chassis chassis-number slot slot-number ]

Display static router port information.

display mld-snooping static-router-port [ vlan vlan-id ] [ slot slot-number ]

Display statistics for the MLD messages learned through MLD snooping.

display mld-snooping statistics

Clear dynamic MLD snooping forwarding entries.

reset mld-snooping group { ipv6-group-address | all } [ vlan vlan-id ]

Clear dynamic router port information.

reset mld-snooping router-port { all | vlan vlan-id }

Clear statistics for the MLD messages learned through MLD snooping.

reset mld-snooping statistics

 

MLD snooping configuration examples

IPv6 group policy configuration example

Network requirements

As shown in Figure 3, Router A runs MLDv1 and acts as the MLD querier. Switch A runs MLDv1 snooping.

Configure an IPv6 multicast group policy on Switch A so that Host A and Host B receive IPv6 multicast data for only IPv6 multicast group FF1E::101.

Figure 3 Network diagram

 

Configuration procedure

1.        Assign an IPv6 address and prefix length to each interface according to Figure 3. (Details not shown.)

2.        Configure Router A:

# Enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on FortyGigE 1/0/1.

[RouterA] interface fortygige 1/0/1

[RouterA-FortyGigE1/0/1] mld enable

[RouterA-FortyGigE1/0/1] quit

# Enable IPv6 PIM-DM on FortyGigE 1/0/2.

[RouterA] interface fortygige 1/0/2

[RouterA-FortyGigE1/0/2] ipv6 pim dm

[RouterA-FortyGigE1/0/2] quit

3.        Configure Switch A:

# Enable MLD snooping globally.

<SwitchA> system-view

[SwitchA] mld-snooping

[SwitchA-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 through FortyGigE 1/0/4 to the VLAN.

[SwitchA] vlan 100

[SwitchA-vlan100] port fortygige 1/0/1 to fortygige 1/0/4

# Enable MLD snooping, and enable dropping IPv6 unknown multicast data packets for VLAN 100.

[SwitchA-vlan100] mld-snooping enable

[SwitchA-vlan100] mld-snooping drop-unknown

[SwitchA-vlan100] quit

# Configure an IPv6 multicast group policy so that hosts in VLAN 100 can join only IPv6 multicast group FF1E::101.

[SwitchA] acl ipv6 number 2001

[SwitchA-acl6-basic-2001] rule permit source ff1e::101 128

[SwitchA-acl6-basic-2001] quit

[SwitchA] mld-snooping

[SwitchA–mld-snooping] group-policy 2001 vlan 100

[SwitchA–mld-snooping] quit

Verifying the configuration

# Send MLD reports from Host A and Host B to join IPv6 multicast groups FF1E::101 and FF1E::202. (Details not shown.)

# Display dynamic MLD snooping forwarding entries in VLAN 100 on Switch A.

[SwitchA] display mld-snooping group vlan 100

Total 1 entries.

 

VLAN 100: Total 1 entries.

  (::, FF1E::101)

    Host slots (0 in total):

    Host ports (2 in total):

      FGE1/0/3         (00:03:23)

      FGE1/0/4         (00:04:10)

The output shows the following information:

·          Host A and Host B have joined IPv6 multicast group FF1E::101 through FortyGigE 1/0/4 and FortyGigE 1/0/3 on Switch A, respectively.

·          Host A and Host B have not joined IPv6 multicast group FF1E::202.

Static port configuration example

Network requirements

As shown in Figure 4:

·          Router A runs MLDv1 and acts as the MLD querier. Switch A, Switch B, and Switch C run MLDv1 snooping.

·          Host A and Host C are permanent receivers of IPv6 multicast group FF1E::101.

Configure static ports to meet the following requirements:

·          To enhance the reliability of IPv6 multicast traffic transmission, configure FortyGigE 1/0/3 and FortyGigE 1/0/5 on Switch C as static member ports for IPv6 multicast group FF1E::101.

·          Suppose the STP runs on the network. To avoid data loops, the forwarding path from Switch A to Switch C is blocked under normal conditions. IPv6 multicast data flows to the receivers attached to Switch C only along the path of Switch A—Switch B—Switch C. Configure FortyGigE 1/0/3 on Switch A as a static router port, so that IPv6 multicast data can flow to the receivers nearly uninterrupted along the path of Switch A—Switch C when the path of Switch A—Switch B—Switch C is blocked.

 

 

NOTE:

If no static router port is configured, IPv6 multicast transmission is interrupted for a while after the path of Switch A—Switch B—Switch C is blocked. The reason is that at least one MLD query/response exchange is required before the new path can forward IPv6 multicast packets.

 

For more information about the STP, see Layer 2—LAN Switching Configuration Guide.

Figure 4 Network diagram

 

Configuration procedure

1.        Assign an IPv6 address and prefix length to each interface according to Figure 4. (Details not shown.)

2.        Configure Router A:

# Enable IPv6 multicast routing.

<RouterA> system-view

[RouterA] ipv6 multicast routing

[RouterA-mrib6] quit

# Enable MLD on FortyGigE 1/0/1.

[RouterA] interface fortygige 1/0/1

[RouterA-FortyGigE1/0/1] mld enable

[RouterA-FortyGigE1/0/1] quit

# Enable IPv6 PIM-DM on FortyGigE 1/0/2.

[RouterA] interface fortygige 1/0/2

[RouterA-FortyGigE1/0/2] ipv6 pim dm

[RouterA-FortyGigE1/0/2] quit

3.        Configure Switch A:

# Enable MLD snooping globally.

<SwitchA> system-view

[SwitchA] mld-snooping

[SwitchA-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 through FortyGigE 1/0/3 to the VLAN.

[SwitchA] vlan 100

[SwitchA-vlan100] port fortygige 1/0/1 to fortygige 1/0/3

# Enable MLD snooping for VLAN 100.

[SwitchA-vlan100] mld-snooping enable

[SwitchA-vlan100] quit

# Configure FortyGigE 1/0/3 as a static router port.

[SwitchA] interface fortygige 1/0/3

[SwitchA-FortyGigE1/0/3] mld-snooping static-router-port vlan 100

[SwitchA-FortyGigE1/0/3] quit

4.        Configure Switch B:

# Enable MLD snooping globally.

<SwitchB> system-view

[SwitchB] mld-snooping

[SwitchB-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 and FortyGigE 1/0/2 to the VLAN.

[SwitchB] vlan 100

[SwitchB-vlan100] port fortygige 1/0/1 fortygige 1/0/2

# Enable MLD snooping for VLAN 100.

[SwitchB-vlan100] mld-snooping enable

[SwitchB-vlan100] quit

5.        Configure Switch C:

# Enable MLD snooping globally.

<SwitchC> system-view

[SwitchC] mld-snooping

[SwitchC-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 through FortyGigE 1/0/5 to the VLAN.

[SwitchC] vlan 100

[SwitchC-vlan100] port fortygige 1/0/1 to fortygige 1/0/5

# Enable MLD snooping for VLAN 100.

[SwitchC-vlan100] mld-snooping enable

[SwitchC-vlan100] quit

# Configure FortyGigE 1/0/3 and FortyGigE 1/0/5 as static member ports for IPv6 multicast group FF1E::101.

[SwitchC] interface fortygige 1/0/3

[SwitchC-FortyGigE1/0/3] mld-snooping static-group ff1e::101 vlan 100

[SwitchC-FortyGigE1/0/3] quit

[SwitchC] interface fortygige 1/0/5

[SwitchC-FortyGigE1/0/5] mld-snooping static-group ff1e::101 vlan 100

[SwitchC-FortyGigE1/0/5] quit

Verifying the configuration

# Display information about the static router ports in VLAN 100 on Switch A.

[SwitchA] display mld-snooping static-router-port vlan 100

VLAN 100:

  Router slots (1 in total):

    1

  Router ports (1 in total):

    FGE1/0/3

The output shows that FortyGigE 1/0/3 on Switch A has become a static router port.

# Display static MLD snooping forwarding entries in VLAN 100 on Switch C.

[SwitchC] display mld-snooping static-group vlan 100

Total 1 entries).

 

VLAN 100: Total 1 entries).

  (::, FF1E::101)

    Host slots (0 in total):

    Host ports (2 in total):

      FGE1/0/3

      FGE1/0/5

The output shows that FortyGigE 1/0/3 and FortyGigE 1/0/5 on Switch C have become static member ports of IPv6 multicast group FF1E::101.

MLD snooping querier configuration example

Network requirements

As shown in Figure 5:

·          The network is a Layer 2-only network.

·          Source 1 and Source 2 send IPv6 multicast data to IPv6 multicast groups FF1E::101 and FF1E::102, respectively.

·          Host A and Host C are receivers of IPv6 multicast group FF1E::101, and Host B and Host D are receivers of IPv6 multicast group FF1E::102.

·          All receiver hosts run MLDv1 and all switches run MLDv1 snooping. Switch A (which is close to the multicast sources) acts as the MLD snooping querier.

To prevent the switches from flooding unknown IPv6 packets in the VLAN, enable all switches to drop unknown IPv6 multicast data packets.

Figure 5 Network diagram

 

Configuration procedure

1.        Configure Switch A:

# Enable MLD snooping globally.

<SwitchA> system-view

[SwitchA] mld-snooping

[SwitchA-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 through FortyGigE 1/0/3 to the VLAN.

[SwitchA] vlan 100

[SwitchA-vlan100] port fortygige 1/0/1 to fortygige 1/0/3

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data packets for VLAN 100.

[SwitchA-vlan100] mld-snooping enable

[SwitchA-vlan100] mld-snooping drop-unknown

# Enable the MLD snooping querier in VLAN 100.

[SwitchA-vlan100] mld-snooping querier

[SwitchA-vlan100] quit

2.        Configure Switch B:

# Enable MLD snooping globally.

<SwitchB> system-view

[SwitchB] mld-snooping

[SwitchB-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 through FortyGigE 1/0/4 to the VLAN.

[SwitchB] vlan 100

[SwitchB-vlan100] port fortygige 1/0/1 to fortygige 1/0/4

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data packets for VLAN 100.

[SwitchB-vlan100] mld-snooping enable

[SwitchB-vlan100] mld-snooping drop-unknown

[SwitchB-vlan100] quit

3.        Configure Switch C:

# Enable MLD snooping globally.

<SwitchC> system-view

[SwitchC] mld-snooping

[SwitchC-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 through FortyGigE 1/0/3 to the VLAN.

[SwitchC] vlan 100

[SwitchC-vlan100] port fortygige 1/0/1 to fortygige 1/0/3

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data packets for VLAN 100.

[SwitchC-vlan100] mld-snooping enable

[SwitchC-vlan100] mld-snooping drop-unknown

[SwitchC-vlan100] quit

4.        Configure Switch D:

# Enable MLD snooping globally.

<SwitchD> system-view

[SwitchD] mld-snooping

[SwitchD-mld-snooping] quit

# Create VLAN 100, and assign FortyGigE 1/0/1 and FortyGigE 1/0/2 to the VLAN.

[SwitchD] vlan 100

[SwitchD-vlan100] port fortygige 1/0/1 to fortygige 1/0/2

# Enable MLD snooping, and enable dropping unknown IPv6 multicast data packets for VLAN 100.

[SwitchD-vlan100] mld-snooping enable

[SwitchD-vlan100] mld-snooping drop-unknown

[SwitchD-vlan100] quit

Verifying the configuration

# Display statistics for MLD messages learned through MLD snooping on Switch B.

[SwitchB] display mld-snooping statistics

Received MLD general queries:  3

Received MLDv1 specific queries:  0

Received MLDv1 reports:  12

Received MLD dones:  0

Sent     MLDv1 specific queries:  0

Received MLDv2 reports:  0

Received MLDv2 reports with right and wrong records:  0

Received MLDv2 specific queries:  0

Received MLDv2 specific sg queries:  0

Sent     MLDv2 specific queries:  0

Sent     MLDv2 specific sg queries:  0

Received IPv6 PIM hello:  0

Received error MLD messages:  0

The output shows that all switches except Switch A can receive the MLD general queries after Switch A acts as the MLD snooping querier.

Troubleshooting MLD snooping

Layer 2 multicast forwarding cannot function

Symptom

Layer 2 multicast forwarding cannot function through MLD snooping.

Solution

To resolve the problem:

1.        Use the display mld-snooping command to display MLD snooping status.

2.        If MLD snooping is not enabled, use the mld-snooping command in system view to enable MLD snooping globally. Then, use the mld-snooping enable command in VLAN view to enable MLD snooping for the VLAN.

3.        If MLD snooping is enabled globally but not enabled for the VLAN, use the mld-snooping enable command in VLAN view to enable MLD snooping for the VLAN.

4.        If the problem persists, contact H3C Support.

IPv6 multicast group policy does not work

Symptom

Hosts can receive multicast data from IPv6 multicast groups that are not permitted by the IPv6 multicast group policy.

Solution

To resolve the problem:

1.        Use the display acl ipv6 command to verify that the configured IPv6 ACL meets the IPv6 multicast group policy requirements.

2.        Use the display this command in MLD-snooping view or in interface view to verify that the correct IPv6 multicast group policy has been applied. If it is not correctly applied, use the group-policy or mld-snooping group-policy command to apply the correct IPv6 multicast group policy.

3.        Use the display mld-snooping command to verify that dropping unknown IPv6 multicast data is enabled. If it is not enabled, use the mld-snooping drop-unknown command to enable dropping unknown IPv6 multicast data.

4.        If the problem persists, contact H3C Support.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网