MLD Snooping
Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at Layer 2. By snooping the MLD membership reports sent by hosts in the bridge domain, the MLD snooping application can set up Layer 2 multicast forwarding tables to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast traffic.
MLD snooping uses the information in MLD membership report messages to build corresponding information in the forwarding tables to restrict IPv6 multicast traffic at Layer 2. The forwarding table entries are in the form <Route, OIF List>, where:
-
Route is a <*, G> route or <S, G> route.
-
OIF List comprises all bridge ports that have sent MLD membership reports for the specified route plus all multicast router (mrouter) ports in the bridge domain.
For more information regarding MLD snooping, refer the Multicast Configuration Guide for Cisco NCS 5500 Series Routers.
Prerequisites for MLD Snooping
-
The network must be configured with a layer2 VPN.
-
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Supported Features and Restrictions for MLD Snooping
-
BVI under bridge domain is supported.
-
Receiver behind L2 ACs in the same L2 bridge domain is supported.
-
Source behind L2 ACs in the same L2 bridge domain is only supported on NCS 5700 fixed port routers and NCS 5700 line cards [Mode: Compatibility; Native].
-
MLDv1 not supported over BVI.
-
EVPN MLD sync is not supported.
-
VPLS is not supported.
-
On the NCS 5700 line cards, MLD snooping can be enabled alongside IGMP snooping only.
-
The router-alert-check disable configuration command is not supported.
-
EVPN dual-home source AA is not supported on the NCS 5500 line cards line cards.
-
Both IGMP and MLD snooping configurations are necessary to enable MLD snooping on the NCS 5700 line cards.
-
EVPN configuration must have the control-word-disable configuration.
-
PIM control packets (join and hello) processing is not supported when snooping is enabled, so a multicast router selection based on PIM packets won't occur.
-
Explicit host tracking.
-
Multicast Admission Control.
-
Security filtering.
-
Report rate limiting.
-
Multicast router discovery.
-
IPv6 multicast is not supported for a multicast source that is behind the BVI interface. For example, the below configuration is not supported:
l2vpn bridge group 1 bridge-domain 1 multicast-source ipv6 mld snooping profile grp1
-
In an EVPN dual-home AA scenario:
-
If the multicast source and receiver are in the same bridge domain (BD), the receiver might receive permanent traffic duplication.
-
In an EVPN dual-home receiver AA scenario, transient traffic duplication is expected when the DH node role changes from DF to nDF and vice versa.
-
Source=ESI1=BE-X.A, Receiver=ESI1=BE-X.B under the same BD is not supported (where X.A and X.B represent two AC ports for the bundle interface BE).
-
Source=ESI1=BE-X.A (for NCS 5700 line cards), Receiver=ESI2=BE-Y.A (for NCS 5500 line cards) under the same BD is not supported (where X.A and Y.A represent two AC ports for the bundle interface BE).
-
Note |
MLD Snooping is not supported until Cisco IOS XR Release 6.5.3. |
Advantages of MLD Snooping
-
In its basic form, it reduces bandwidth consumption by reducing multicast traffic that would otherwise flood an entire VPLS bridge domain.
-
With the use of some optional configurations, it provides security between bridge domains by filtering the MLD reports received from hosts on one bridge port and preventing leakage towards the hosts on other bridge ports.
High Availability (HA) features for MLD
MLD supports the following HA features:
-
Process restarts
-
RP Failover
-
Stateful Switch-Over (SSO)
-
Non-Stop Forwarding (NSF)—Forwarding continues unaffected while the control plane is restored following a process restart or route processor (RP) failover.
-
Line card online insertion and removal (OIR)
Bridge Domain Support for MLD
MLD snooping operates at the bridge domain level. When MLD snooping is enabled on a bridge domain, the snooping functionality applies to all ports under the bridge domain, including:
-
Physical ports under the bridge domain.
-
Ethernet flow points (EFPs)—An EFP can be a VLAN, VLAN range, list of VLANs, or an entire interface port.
-
Ethernet bundles—Ethernet bundles include IEEE 802.3ad link bundles and Cisco EtherChannel bundles. From the perspective of the MLD snooping application, an Ethernet bundle is just another EFP. The forwarding application in the Cisco NCS 5500 Series Routers randomly nominates a single port from the bundle to carry the multicast traffic.
Note
The efp-visibility configuration is required when a bridge has attachment circuits as VLAN sub-interfaces from the same bundle-ether or physical interface.
Multicast Router and Host Ports
MLD snooping classifies each port as one of the following:
-
Multicast router ports (mrouter ports)—These are ports to which a multicast-enabled router is connected. Mrouter ports are usually dynamically discovered, but may also be statically configured. Multicast traffic is always forwarded to all mrouter ports, except when an mrouter port is the ingress port.
-
Host ports—Any port that is not an mrouter port is a host port.
Multicast Router Discovery for MLD
MLD snooping discovers mrouter ports dynamically. You can also explicitly configure a port as an emrouter port.
-
Discovery- MLD snooping identifies upstream mrouter ports in the bridge domain by snooping mld query messages and Protocol Independent Multicast Version 2 (PIMv2) hello messages. Snooping PIMv2 hello messages identifies mld nonqueriers in the bridge domain.
-
Static configuration—You can statically configure a port as an mrouter port with the mrouter command in a profile attached to the port. Static configuration can help in situations when incompatibilities with non-Cisco equipment prevent dynamic discovery.
Multicast Traffic Handling for MLD
The following tables describe the traffic handling behavior by MLD mrouters and host ports.
Traffic Type |
Received on MRouter Ports |
Received on Host Ports |
---|---|---|
IP multicast source traffic |
Forwards to all mrouter ports and to host ports that indicate interest. |
Forwards to all mrouter ports and to host ports that indicate interest. |
MLD general queries |
Forwards to all ports. |
— |
MLD group-specific queries |
Forwards to all other mrouter ports. |
Dropped |
MLDv1 joins |
Examines (snoops) the reports.
|
Examines (snoops) the reports.
|
MLDv2 reports |
Ignores |
Ignores |
MLDv1 leaves |
Invokes last member query processing. |
Invokes last member query processing. |
Traffic Type |
Received on MRouter Ports |
Received on Host Ports |
---|---|---|
IP multicast source traffic |
Forwards to all mrouter ports and to host ports that indicate interest. |
Forwards to all mrouter ports and to host ports that indicate interest. |
MLD general queries |
Forwards to all ports. |
— |
MLD group-specific queries |
If received on the querier port floods on all ports. |
— |
MLDv1 joins |
Handles as MLDv2 IS_EX{} reports. |
Handles as MLDv2 IS_EX{} reports. |
MLDv2 reports |
|
|
MLDv1 leaves |
Handles as MLDv2 IS_IN{} reports. |
Handles as MLDv2 IS_IN{} reports. |
Multicast Listener Discovery over BVI
Multicast IPv6 packets received from core, which has BVI as forwarding interface, is forwarded to access over snooped L2 AC or interface.
Note |
|
MLD and BVI Overview
Routers use the Internet Group Management Protocol (IGMP) (IPv4) and Multicast Listener Discovery (MLD) (IPv6) to learn whether members of a group are present on their directly attached subnets. Hosts join multicast groups by sending IGMP or MLD report messages.
MLDv1 and MLDv2 are supported on NCS 5500. However, MLDv2 is enabled when you configure MLD by default.
MLDv2 shares feature parity with IGMPv3 with respect to all supported interface types with the exception of PPoE and subinterfaces. MLDv2 enables a node to report interest in listening to packets only from specific multicast source addresses.
A BVI interface is a routed interface representing a set of interfaces (bridged) in the same L2 broadcast domain. MLD join messages coming in or out of this broadcast domain passes through the BVI interface.
Multicast Traffic Over Layer 2 IPv6 Network
Feature Name |
Release Information |
Feature Description |
---|---|---|
Multicast Traffic over Layer 2 IPv6 Network |
Release 7.9.1 |
This feature allows you to forward the IPv6 multicast packets only to the interested MLD-snooped Access Controllers (AC), whereas in the default case, the bridge floods the IPv6 multicast packets to all AC. Routers use Multicast Listener Discovery (MLD) protocol to discover the devices in a network and create route entries in an IPv6 multicast network. This feature introduces following CLI:
|
The Multicast Traffic over Layer 2 IPv6 Network (L2MC IPv6) is an optimized forwarding technique, and it helps in saving the bandwidth. By default, the bridge floods IPv6 multicast packets to all AC, whereas the L2MC IPv6 feature allows you to forward the IPv6 multicast packets only to the interested MLD-snooped AC.
When IPv6 multicast packets are received over Layer 2 AC and interfaces, the lookup gets done for Virtual Switch Interfaces (VSI), Groups (G), and Services (S) or for VSI and G. The VSI details show the VLAN or VXLAN segment to which the packet belongs, while the G and S identify the multicast groups and services to which the packet should be forwarded. Based on this lookup, the traffic is forwarded to the interested receivers connected to the Layer 2 AC.
The MLD control packets received over Layer 2 AC are snooped and punted to create the route entries. This route entries are needed to avail the following supports:
-
Layer 2 Multicast IPv6 support.
-
EVPN sync support for IPv4 routes.
Hardware Supported
This feature is supported on routers that have the Cisco NC57 line cards installed and operate in native and compatible modes.
Limitations and Restrictions
-
This feature doesn’t support MLD sync.
-
With L2MC IPv6 support, the existing L2MC IPv4 scale reduces proportionally.
Configuration Example
router(config)# l2vpn
router(config-l2vpn)# bridge group 1
router(config-l2vpn-bg)#bridge-domain 1
router(config-l2vpn-bg-bd)#multicast-source ipv6
router(config-l2vpn-bg-bd)#efp-visibility
router(config-l2vpn-bg-bd)#mld snooping profile prof1
router(config-l2vpn-bg-bd)#igmp snooping profile prof1
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/0
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/4.1
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/4.2
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#routed interface BVI1
router(config-l2vpn-bg-bd-bvi)#exit
!
!
router(config-l2vpn-bg-bd)#mld snooping profile prof1
router(config-l2vpn-bg-bd)#internal-querier
!
router(config-l2vpn-bg-bd)#igmp snooping profile prof1
router(config-l2vpn-bg-bd)#system-ip-address 1.2.3.4
router(config-l2vpn-bg-bd)#internal-querier
Note |
With BVI configurations, there is no need to have internal queries address configured MLD snooping profile. It implies that you can make BVI as querier under BVI configuration. |
Verification
The following command shows the information about group membership in the Layer 2 Forwarding tables.
router# show mld snooping group
Flags Key: S=Static, D=Dynamic, E=Explicit Tracking
Bridge Domain bg1:bd1
Group Ver GM Source PM Port Exp Flg
Ff12:1:1::1 V2 Exc - - GigabitEthernet0/1/1/0 122 DE
Ff12:1:1::1 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/1 5 DE
Ff12:1:1::1 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/2 never S
Ff12:1:1::1 V2 Exc 2002:1::1 Exc GigabitEthernet0/1/1/3 - DE
Ff12:1:1::1 V2 Exc 2002:1::2 Inc GigabitEthernet0/1/1/0 202 DE
Ff12:1:1::1 V2 Exc 2002:1::2 Exc GigabitEthernet0/1/1/1 - DE
Ff12:1:1::2 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/0 145 DE
Ff12:1:1::2 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/1 0 DE
Ff12:1:1::2 V2 Exc 2002:1::1 Exc GigabitEthernet0/1/1/2 11 DE
Bridge Domain bg1:bd4
Group Ver GM Source PM Port Exp Flg
Ff24:1:1::2 V1 Exc - - GigabitEthernet0/1/1/0 122 DE
Ff28:1:1::1 V1 - - - GigabitEthernet0/1/1/1 33 DE
Ff29:1:2::3 V1 Exc - - GigabitEthernet0/1/2/0 122 DE
Ff22:1:2::3 V2 Exc 2000:1:1::2 Exc GigabitEthernet0/1/2/1 5 DE
The following command summarizes the number of bridge domains, mrouter ports, host ports, groups, and sources configured on the router.
router#show mld snooping summary
Bridge Domains: 1
MLD Snooping Bridge Domains: 1
Ports: 3
MLD Snooping Ports: 3
Mrouters: 0
STP Forwarding Ports: 0
ICCP Group Ports: 0
MLD Groups: 0
Member Ports: 0
MLD Source Groups: 0
Static/Include/Exclude: 0/0/0
Member Ports (Include/Exclude): 0/0
IPv6 Multicast Listener Discovery Snooping over BVI
Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at L2. By snooping the MLD membership reports sent by hosts in the bridge domain, the MLD snooping application can set up L2 multicast forwarding tables. This table is later used to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast traffic.
MLDv2 support over BVI enables implementing IPv6 multicast routing over a L2 segment of the network that is using an IPv6 VLAN. The multicast routes are bridged via BVI interface from L3 segment to L2 segment of the network.
MLDv2 snooping over BVI enables forwarding MLDv2 membership reports received over the L2 domain to MLD snooping instead of MLD.
Restrictions
-
You cannot configure
ttl-check
and disablerouter-alert-check
on the router for mld messages. -
Static mrouters are not supported for MLD snooping.
-
Querier is supported for MLDV2, but it is not supported on MLDV1.
Configuring Internal Querier for MLD Snooping
This configuration enables a multicast router acting as a MLD querier to send out group-and-source-specific query:
router# config
RP0/0/RP0/CPU0:router(config)# mld snooping profile grp1
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# system-ip-address fe80::1 link-local
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# internal-querier
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# commit
Verification
Use the show mld snooping profile detail command to verify the MLD snooping configuration:
router# show mld snooping profile detail
Thu Nov 22 13:58:18.844 UTC
MLD Snoop Profile grp1:
System IP Address: fe80::1
Bridge Domain References: 2
Port References: 12
MLD Snoop Profile grp10:
System IP Address: fe80::5610
Bridge Domain References: 0
Port References: 0