IGMP Snooping in Cisco ACI [Explained and configuration]

What is IGMP Snooping

Internet Group Management Protocol (IGMP) is a feature allows a network switch to listen in on the IGMP conversation between hosts and routers and filter multicasts links that do not need them, thus controlling which ports receive specific multicast traffic.


The IGMP snooping feature snoops the IGMP membership reports and Leave messages and forwards them only when necessary to the IGMP router function.

IGMP snooping operates upon IGMPv1, IGMPv2, and IGMPv3 control plane packets where Layer 3 control plane packets are intercepted and influence the Layer 2 forwarding behavior.


I- Create IGMP Snoop Policy

Navigate to Tenant > Policies > Protocol > IGMP Snoop and create a new Policy:

Fast leave: You can enable or disable “Fast leave” Option

  • When the fast leave processing feature enabled, Upon receiving an IGMP leave message on a port, the switch immediately removes that port from the outgoing port list of the entry in the forwarding table for the indicated group.
  • In VLANs where only one host is attached to each port, fast leave processing helps improve bandwidth and resource usage. However, if fast leave processing is enabled on a port to which more than one host is attached, when one host leaves a multicast group, the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data for that group.


Enable Querier:

When you enable IGMP Querier, you need to also enable it under the BD subnet where this IGMP snooping policy will be applied: Tenants > tenant_name > Networking > Bridge Domains > bridge_domain_name > Subnets


Last Member Query Interval:

IGMP uses this value when it receives an IGMPv2 Leave report. This means that at least one host wants to leave the group. After it receives the Leave report, it checks that the interface is not configured for IGMP Fast Leave and if not, it sends out an out-of-sequence query.


Query Interval:

This value is used to define the amount of time the IGMP function will store a particular IGMP state if it does not hear any reports on the group.


Query Response Interval:

When a host receives the query packet, it starts counting to a random value, less that the maximum response time. When this timer expires, host replies with a report.


Start query Count

Number of queries sent at startup that are separated by the startup query interval. Values range from 1 to 10. The default is 2.


II- Apply IGMP Snooping Policy under the BD

1- Under the Bridge domain select the IGMP Snooping Policy:


2- At subnet level, enable Querier IP:


III- IGMP Snooping Verification and Troubleshooting

We have a receiver 172.16.31.2 in the configured BD with interest to join group 239.251.1.1:

  • Verify the Receiver:
leaf1# show system internal epm endpoint ip 172.16.31.2 

MAC : 0050.56a0.**ab ::: Num IPs : 1
IP# 0 : 172.16.31.2 ::: IP# 0 flags :  ::: l3-sw-hit: No
Vlan id : 160 ::: Vlan vnid : 8400 ::: VRF name : MC:VRF-MC3
BD vnid : 15335397 ::: VRF vnid : 2359298
Phy If : 0x16000001 ::: Tunnel If : 0
Interface : port-channel2
Flags : 0x80004c05 ::: sclass : 49161 ::: Ref count : 5
EP Flags : local|vPC|IP|MAC|sclass|timer|


  • Check the BD PIVLAN:

From EPG PIVLAN (160), we see BD PIVLAN is 159

leaf1# show system internal epm vlan 160
+----------+---------+-----------------+----------+------+----------+-----------
   VLAN ID    Type      Access Encap     Fabric    H/W id  BD VLAN    Endpoint  
                        (Type Value)     Encap                          Count   
+----------+---------+-----------------+----------+------+----------+-----------
 160          FD vlan 802.1Q       2008 8400       182    159        1    Code language: PHP (php)


  • Check IGMP Snooping information for BD:
leaf1# show ip igmp snooping vlan 159
IGMP Snooping information for vlan 159
  IGMP snooping enabled
  Lookup mode: IP
  Optimised Multicast Flood (OMF) enabled
  IGMP querier present, address: 172.16.31.254, version: 2, i/f Vlan159
  Switch-querier disabled
  IGMPv3 Explicit tracking enabled
  IGMPv2 Fast leave disabled
  IGMPv1/v2 Report suppression enabled
  IGMPv3 Report suppression enabled
  Link Local Groups suppression enabled
  Router port detection using PIM Hellos, IGMP Queries
  Number of router-ports: 1
  Number of groups: 1
  VLAN vPC function enabled
  Multicast Routing enabled on VLAN
  Active ports:
    Eth1/6      Po2Code language: PHP (php)


  • Check IGMP Querier details:
leaf1# show ip igmp snooping querier vlan 159 detail   
Vlan  IP Address       Version   Expires     Port
159   172.16.31.254    v2        00:03:28    Vlan159 

IGMP snooping querier configuration for VLAN 159
IGMP snooping last member query count: 0, configured value: 0
IGMP snooping version: 2, configured value: 3
IGMP snooping robustness variable: 2, configured value: 2
IGMP snooping startup query count: 2, configured value: 2
IGMP snooping startup query interval: 31 secs, configured value: 31 secs
IGMP snooping last member query interval: 1 secs, configured value: 1 secs
IGMP snooping query interval: 125 secs, configured value: 125 secs
IGMP snooping query max response time: 10 secs, configured value: 10 secs
IGMP snooping configured querier timeout: 255 secs, defaultCode language: CSS (css)


  • Verify IGMP snooping group membership table:
leaf1# show ip igmp snooping groups vlan 159  
Type: S - Static, D - Dynamic, R - Router port, F - Fabricpath core port

Vlan  Group Address      Ver  Type  Port list
159   */*                -    R     Vlan159
 159   239.251.1.1        v2   D     Po2Code language: PHP (php)
leaf1# show ip igmp snooping groups vlan 159 detail  
IGMP Snooping group membership for vlan 159
  Group addr: 239.251.1.1
    Group ver: v2 [old-host-timer: not running]
    Last reporter: 172.16.31.2
    Group Report Timer: 00:00:00
    Group v3 Expiry Report Timer: 00:00:00
      IGMPv1/v2 memb ports:
        Po2 [0 GQ missed]
     vPC grp peer-link flag: exclude
    M2RIB vPC grp peer-link flag: includeCode language: PHP (php)


  • Verify IGMP Snooping statistics for the BD:
leaf1# show ip igmp snooping statistics vlan 159
Global IGMP snooping statistics: (only non-zero values displayed)
  Packets flooded: 19067
  vPC ZMQ message response sent: 24
  vPC ZMQ message response rcvd: 24
VLAN 159 IGMP snooping statistics, last reset:  (only non-zero values displayed)
  Packets received: 18681
  IGMPv2 reports received: 12326
  IGMPv2 queries received: 6355
  Invalid reports received: 12315
  IGMPv2 reports suppressed: 2
  vPC Peer Link ZMQ packet statistics:
      IGMP packets (sent/recv/fail): 0/12306/0Code language: PHP (php)


Thanks for reading.

Bilel Ameur

Enthusiastic Network Engineer specializing in Cisco ACI, passionate about solving challenges. A lifelong learner who loves gaining and sharing knowledge. Profile: https://www.linkedin.com/in/bilel-ameur-71116b2b5
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x