IGMP Querier and Snooping

This chapter contains the following sections:

Guidelines and Limitations for Configuring IGMP Snooping and Querier

Depending on your setup, you may need to configure IGMP on Layer 2 switches or on infra tenant or administrator-created tenant bridge domains. This section provides guidelines for two common scenarios when you must configure IGMP protocol snooping and querier.


Note
Cisco ACI Virtual Edge does not support IGMP snooping. The guidelines and limitations and configuration procedures for IGMP snooping in this section are for configuring IGMP snooping on the leaf switch.

Multi-destination Flood for VXLAN-Encapsulated Traffic

To receive multi-destination flood on Cisco ACI Virtual Edge for VXLAN-encapsulated traffic and minimize multicast flooding traffic originating from and terminating on the Cisco ACI Virtual Edge if there is a Layer 2 device between the leaf and the Cisco ACI Virtual Edge, do the following:

  • Apply IGMP snooping policy and enable IGMP querier on the infra tenant bridge domain subnet through the Cisco APIC. See the instructions in the section Configure IGMP Querier Using the GUI in this guide.

  • Enable IGMP snooping on each of any Layer 2 devices between the leaf and the Cisco ACI Virtual Edge. Follow the instructions that are specific to the device. For example, if the Layer 2 device is a Cisco Nexus 5000 Series switch, see the instructions in the configuration guide for that switch.

Sending or Receiving Multicast Streams with Virtual Machines

If you have virtual machines connected to the Cisco ACI Virtual Edge and want to send or receive multicast streams, do the following:

  • Apply IGMP snoop policy and enable IGMP querier for administrator-created tenant bridge domain. If you have multiple administrator-created tenant bridge domains, you must apply IGMP snoop policy and configure IGMP querier on each administrator-created tenant bridge domain through the Cisco APIC. See the instructions in the section Configure IGMP Querier Using the GUI in this guide.

  • Enable IGMP snooping on each Layer 2 device between the leaf and the Cisco ACI Virtual Edge. Follow the instructions that are specific to the device. For example, if the Layer 2 device is a Cisco Nexus 5000 Series switch, see the instructions in the configuration guide for that switch.

  • If the multicast traffic that originates from or terminates on the VMs is VXLAN-encapsulated, follow all the guidelines in the previous section as well as this one.

L3 Multicast

L3 Multicast is not supported on bridge domains with endpoints behind AVE. If L3 multicast is enabled, it alters the endpoint learning on the ACI physical leaf in such a way that it starts to learn endpoint IP addresses from IGMP reports coming from the endpoint. This limitation does not affect L2 multicast, as in the case of L2 multicast, the endpoint learning on the ACI physical leaf is not changed in such a way. In L2 multicast, the IGMP reports from the endpoints on the AVE will not impact the endpoint learning on the physical port.

Order of Configuration

Configure IGMP querier before you configure IGMP snooping.

Disabling IGMP Snoop

When Protocol Independent Multicast (PIM) is enabled on Cisco ACI, it is recommended to disable IGMP snoop on UCSM environment to avoid incorrect mac learn(s).

Configure IGMP Querier Using the GUI

Procedure

Step 1

Log in to the Cisco Application Policy Infrastructure Controller (APIC).

Step 2

Complete one of the following series of steps, depending on the type of tenant:

If you have ... Then...
An infra tenant

  1. Choose Tenants > infra.

  2. In the navigation pane, open the following folders: Networking > Bridge Domains > default > Subnets.

  3. Choose the subnet in the Subnets folder.

  4. In the Properties work pane, in the Subnet Control area, make sure that the Querier IP check box is checked.

  5. Click Submit.

An administrator-created tenant

  1. Choose Tenants and then choose the tenant on which you want to configure the IGMP querier.

  2. In the tenant navigation pane, open the Networking folder, the Bridge Domains folder, and then the folder for the bridge domain created earlier for the tenant.

    If the selected bridge domain already has a subnet with a gateway IP, you can use it to enable IGMP querier in the Subnet Control area. Or you can follow the remaining steps to create a new subnet to enable IGMP querier.

  3. Right-click the Subnets folder inside the bridge domain folder and choose Create Subnet.

  4. In the Create Subnet dialog box, complete the following steps:

    1. Specify a gateway IP address.

      Note

       
      You can configure any IP address except one from the 10.0.0.0/16 network because that network is reserved for Cisco APIC fabric devices.

    2. In the Subnet Control area, make sure that the Querier IP check box is checked.

    3. Click Submit.

Configure IGMP Snooping to Take Effect Immediately Using the GUI

Procedure

Step 1

Log in to the Cisco APIC.

Step 2

Take one of the following actions:

  • If you have an infra tenant, choose Tenants > infra.
  • If you have an administrator-created tenant, choose Tenants and then choose the tenant on which you want to configure the IGMP snooping.

Step 3

Take one of the following actions in the tenant navigation pane:

  • If you have an infra tenant, open the Networking folder, open the Bridge Domains folder, and then choose the default folder.
  • If you have an administrator-created tenant, open the Networking folder, open the Bridge Domains folder, and then choose the bridge domain created earlier for the tenant.

Step 4

In the Properties work pane, from the IGMP Snoop Policy drop-down list, choose Create IGMP Snoop Policy.

Step 5

In the Create IGMP Snoop Policy dialog box, complete the following steps:

  1. In the Name field, enter a name for the policy.

  2. In the Control area, check the Enable querier check box.

  3. (Optional) Configure any other relevant IGMP parameters.

  4. Click Submit.

Step 6

In the Properties pane, click Submit.

Configure IGMP Snooping to Take Effect Later Using the GUI

Procedure

Step 1

Log in to the Cisco APIC.

Step 2

Take one of the following actions:

  • If you have an infra tenant, choose Tenants > infra.
  • If you have an administrator-created tenant, choose Tenants and then choose the tenant on which you want to configure the IGMP snooping.

Step 3

In the tenant navigation pane, open the Policies and Protocol folders.

Step 4

Right-click the IGMP Snoop folder and then choose Create IGMP Snoop Policy.

Step 5

In the Create IGMP Snoop Policy dialog box, complete the following steps:

  1. In the Name field, enter a name for the policy.

  2. In the Control area, check the Enable querier check box.

  3. (Optional) Configure any other relevant IGMP parameters.

  4. Click Submit.

What to do next

Once you configure IGMP snooping, you can apply it at any time to a bridge domain by completing the following steps:

  1. Take one of the following actions:

    • If you have an infra tenant, choose Tenants > infra.

    • If you have an administrator-created tenant, choose Tenants and then choose the tenant on which you want to configure the IGMP snooping.

  2. Take one of the following actions in the Tenant navigation pane:

    • If you have an infra tenant, click the + icons to open the Networking and Bridge Domain folders, and then choose the default folder.

    • If you have an administrator-created tenant, open the Networking and Bridge Domain folders, and then choose the bridge domain created earlier for the tenant.

  3. In the Properties pane, in the IGMP Snoop Policy drop-down list, choose the IGMP snooping policy that you want to apply.

  4. Click Submit for the IGMP policy to go into effect for the bridge domain.