MLD Snooping
Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at Layer 2. By snooping the MLD membership reports sent by hosts in the bridge domain, the MLD snooping application can set up Layer 2 multicast forwarding tables to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast traffic.
MLD snooping uses the information in MLD membership report messages to build corresponding information in the forwarding tables to restrict IPv6 multicast traffic at Layer 2. The forwarding table entries are in the form <Route, OIF List>, where:
-
Route is a <*, G> route or <S, G> route.
-
OIF List comprises all bridge ports that have sent MLD membership reports for the specified route plus all multicast router (mrouter) ports in the bridge domain.
For more information regarding MLD snooping, refer the Multicast Configuration Guide for Cisco NCS 5500 Series Routers.
Prerequisites for MLD Snooping
-
The network must be configured with a layer2 VPN.
-
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Supported Features and Restrictions for MLD Snooping
-
BVI under bridge domain is supported.
-
Source and receiver behind L2 ACs in the same L2 bridge domain is not supported for J platforms. Supported only for J2 platforms.
-
MLDv1 not supported over BVI.
-
EVPN MLD sync is not supported.
-
VPLS is not supported.
-
On J2 cards, MLD snooping can be enabled alongside IGMP snooping only.
-
The router-alert-check disable configuration command is not supported.
-
EVPN dual-home source AA is not supported on J and J++ line-cards.
-
Both IGMP and MLD snooping configurations are necessary to enable MLD snooping on the J2 line-cards.
-
EVPN configuration must have the control-word-disable configuration.
-
PIM control packets (join and hello) processing is not supported when snooping is enabled, so a multicast router selection based on PIM packets won't occur.
-
MLD Snooping is supported only on L2VPN bridge domains.
-
Explicit host tracking.
-
Multicast Admission Control.
-
Security filtering.
-
Report rate limiting.
-
Multicast router discovery.
Advantages of MLD Snooping
-
In its basic form, it reduces bandwidth consumption by reducing multicast traffic that would otherwise flood an entire VPLS bridge domain.
-
With the use of some optional configurations, it provides security between bridge domains by filtering the MLD reports received from hosts on one bridge port and preventing leakage towards the hosts on other bridge ports.
High Availability (HA) features for MLD
MLD supports the following HA features:
-
Process restarts
-
RP Failover
-
Stateful Switch-Over (SSO)
-
Non-Stop Forwarding (NSF)—Forwarding continues unaffected while the control plane is restored following a process restart or route processor (RP) failover.
-
Line card online insertion and removal (OIR)
Bridge Domain Support for MLD
MLD snooping operates at the bridge domain level. When MLD snooping is enabled on a bridge domain, the snooping functionality applies to all ports under the bridge domain, including:
-
Physical ports under the bridge domain.
-
Ethernet flow points (EFPs)—An EFP can be a VLAN, VLAN range, list of VLANs, or an entire interface port.
-
Ethernet bundles—Ethernet bundles include IEEE 802.3ad link bundles and Cisco EtherChannel bundles. From the perspective of the MLD snooping application, an Ethernet bundle is just another EFP. The forwarding application in the Cisco NCS 5500 Series Routers randomly nominates a single port from the bundle to carry the multicast traffic.
Multicast Router and Host Ports
MLD snooping classifies each port as one of the following:
-
Multicast router ports (mrouter ports)—These are ports to which a multicast-enabled router is connected. Mrouter ports are usually dynamically discovered, but may also be statically configured. Multicast traffic is always forwarded to all mrouter ports, except when an mrouter port is the ingress port.
-
Host ports—Any port that is not an mrouter port is a host port.
Multicast Router Discovery for MLD
MLD snooping discovers mrouter ports dynamically. You can also explicitly configure a port as an emrouter port.
-
Discovery- MLD snooping identifies upstream mrouter ports in the bridge domain by snooping mld query messages and Protocol Independent Multicast Version 2 (PIMv2) hello messages. Snooping PIMv2 hello messages identifies mld nonqueriers in the bridge domain.
-
Static configuration—You can statically configure a port as an mrouter port with the mrouter command in a profile attached to the port. Static configuration can help in situations when incompatibilities with non-Cisco equipment prevent dynamic discovery.
Multicast Traffic Handling for MLD
The following tables describe the traffic handling behavior by MLD mrouters and host ports.
Traffic Type |
Received on MRouter Ports |
Received on Host Ports |
---|---|---|
IP multicast source traffic |
Forwards to all mrouter ports and to host ports that indicate interest. |
Forwards to all mrouter ports and to host ports that indicate interest. |
MLD general queries |
Forwards to all ports. |
— |
MLD group-specific queries |
Forwards to all other mrouter ports. |
Dropped |
MLDv1 joins |
Examines (snoops) the reports.
|
Examines (snoops) the reports.
|
MLDv2 reports |
Ignores |
Ignores |
MLDv1 leaves |
Invokes last member query processing. |
Invokes last member query processing. |
Traffic Type |
Received on MRouter Ports |
Received on Host Ports |
---|---|---|
IP multicast source traffic |
Forwards to all mrouter ports and to host ports that indicate interest. |
Forwards to all mrouter ports and to host ports that indicate interest. |
MLD general queries |
Forwards to all ports. |
— |
MLD group-specific queries |
If received on the querier port floods on all ports. |
— |
MLDv1 joins |
Handles as MLDv2 IS_EX{} reports. |
Handles as MLDv2 IS_EX{} reports. |
MLDv2 reports |
|
|
MLDv1 leaves |
Handles as MLDv2 IS_IN{} reports. |
Handles as MLDv2 IS_IN{} reports. |
Multicast Listener Discovery over BVI
Multicast IPv6 packets received from core, which has BVI as forwarding interface, is forwarded to access over snooped L2 AC or interface.
Note |
|
MLD and BVI Overview
Routers use the Internet Group Management Protocol (IGMP) (IPv4) and Multicast Listener Discovery (MLD) (IPv6) to learn whether members of a group are present on their directly attached subnets. Hosts join multicast groups by sending IGMP or MLD report messages.
MLDv1 and MLDv2 are supported on NCS 5500. However, MLDv2 is enabled when you configure MLD by default.
MLDv2 shares feature parity with IGMPv3 with respect to all supported interface types with the exception of PPoE and subinterfaces. MLDv2 enables a node to report interest in listening to packets only from specific multicast source addresses.
A BVI interface is a routed interface representing a set of interfaces (bridged) in the same L2 broadcast domain. MLD join messages coming in or out of this broadcast domain passes through the BVI interface.
Configuration for Routers with Cisco NC57 Line Cards
Feature Name |
Release Information |
Feature Description |
---|---|---|
Multicast Listener Discovery over BVI |
Release 7.5.1 |
This feature is now supported on routers that have the Cisco NC57 line cards installed and operate in native and compatible modes. Routers use MLD to learn whether members of a group are present on their directly attached subnets over BVI interface. |
For routers with Cisco NC57 line cards, before configuring MLD over BVI, enable IGMP profile under bridge domain similar to MLD profile configuration.
router# configure
router(config)# interface BVI100
router(config-bvi)# igmp snooping profile profile-name
Multicast Traffic Over Layer 2 IPv6 Network
Feature Name |
Release Information |
Feature Description |
---|---|---|
Multicast Traffic Over Layer 2 IPv6 Network |
Release 7.9.1 |
This feature is supported on routers that have the Cisco NC57 line cards installed and operate in native and compatible modes. Routers use Multicast Listener Discovery (MLD) protocol to discover the devices in a network and create route entries or update the route status in an IPv6 multicast network. This feature allows you to forward the multicast IPv6 packets on layer 2 bridge domain interfaces to the interested MLD snooped Access Controllers (AC). Use the multicast-source ipv6 command to configure the bridge to enable this feature. |
On routers that have the Cisco NC57 line cards installed and which operate in native and compatible modes, Layer 2 IPv6 multicast traffic is supported. The MLD control packets received over Layer 2 (L2) Access Controllers (AC) are snooped and punted to create and update the route entries and statuses of the routes. These route entries and statuses of routes is required to avail the following support:
-
When BVI is the forwarding interface, the snooped ACs become part of the outgoing interface list (Olist) and packets are forwarded toward access.
-
Layer 2 multicast (L2 MC) support: When IPv6 packets are received over Layer 2 ACs and interfaces, the lookup is done for Virtual Switch Interfaces (VSI), Groups (G), and Services (S) or for VSI and G. The VSI details show the VLAN or VXLAN segment to which the packet belongs, while the G and S identifies the multicast groups and services to which the packet should be forwarded. Based on this lookup, the traffic is forwarded to the interested receivers connected to the L2 ACs.
-
EVPN sync: Supported only for IPv4 routes. It is not supported on IPv6 routes.
When IPv6 multicast packets are received over L2 interfaces which are part of a bridge domain, the packets are forwarded to the interested receivers (MLD snooped ACs).
Limitations and Restrictions
-
This feature is not supported for MLD sync.
-
With L2MC IPv6 support, the existing L2MC IPv4 scale is reduced proportionally.
Configuration
router(config)# l2vpn
router(config-l2vpn)# bridge group 1
router(config-l2vpn-bg)#bridge-domain 1
router(config-l2vpn-bg-bd)#multicast-source ipv6 ============
router(config-l2vpn-bg-bd)#efp-visibility
router(config-l2vpn-bg-bd)#mld snooping profile prof1 ======
router(config-l2vpn-bg-bd)#igmp snooping profile prof1 ========
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/0
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/4.1
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/4.2
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#routed interface BVI1
router(config-l2vpn-bg-bd-bvi)#exit
!
!
router(config-l2vpn-bg-bd)#mld snooping profile prof1
router(config-l2vpn-bg-bd)#internal-querier
!
router(config-l2vpn-bg-bd)#igmp snooping profile prof1
router(config-l2vpn-bg-bd)#system-ip-address 1.2.3.4
router(config-l2vpn-bg-bd)#internal-querier
With BVI configurations, MLD snoop profiles with internal queries address configured is not required. Hence, in BVI configurations,
BVI can be the internal-querier
.
Verifying
The following command shows the information about group membership in the Layer 2 Forwarding tables.
router# show mld snooping group
Flags Key: S=Static, D=Dynamic, E=Explicit Tracking
Bridge Domain bg1:bd1
Group Ver GM Source PM Port Exp Flg
Ff12:1:1::1 V2 Exc - - GigabitEthernet0/1/1/0 122 DE
Ff12:1:1::1 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/1 5 DE
Ff12:1:1::1 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/2 never S
Ff12:1:1::1 V2 Exc 2002:1::1 Exc GigabitEthernet0/1/1/3 - DE
Ff12:1:1::1 V2 Exc 2002:1::2 Inc GigabitEthernet0/1/1/0 202 DE
Ff12:1:1::1 V2 Exc 2002:1::2 Exc GigabitEthernet0/1/1/1 - DE
Ff12:1:1::2 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/0 145 DE
Ff12:1:1::2 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/1 0 DE
Ff12:1:1::2 V2 Exc 2002:1::1 Exc GigabitEthernet0/1/1/2 11 DE
Bridge Domain bg1:bd4
Group Ver GM Source PM Port Exp Flg
Ff24:1:1::2 V1 Exc - - GigabitEthernet0/1/1/0 122 DE
Ff28:1:1::1 V1 - - - GigabitEthernet0/1/1/1 33 DE
Ff29:1:2::3 V1 Exc - - GigabitEthernet0/1/2/0 122 DE
Ff22:1:2::3 V2 Exc 2000:1:1::2 Exc GigabitEthernet0/1/2/1 5 DE
The following command summarizes the number of bridge domains, mrouter ports, host ports, groups, and sources configured on the router.
router#show mld snooping summary
Bridge Domains: 1
MLD Snooping Bridge Domains: 1
Ports: 3
MLD Snooping Ports: 3
Mrouters: 0
STP Forwarding Ports: 0
ICCP Group Ports: 0
MLD Groups: 0
Member Ports: 0
MLD Source Groups: 0
Static/Include/Exclude: 0/0/0
Member Ports (Include/Exclude): 0/0
Multicast Traffic Over Layer 2 IPv6 Network
Feature Name |
Release Information |
Feature Description |
---|---|---|
Multicast Traffic over Layer 2 IPv6 Network |
Release 7.9.1 |
This feature allows you to forward the IPv6 multicast packets only to the interested MLD-snooped Access Controllers (AC), whereas in the default case, the bridge floods the IPv6 multicast packets to all AC. Routers use Multicast Listener Discovery (MLD) protocol to discover the devices in a network and create route entries in an IPv6 multicast network.
|
The Multicast Traffic over Layer 2 IPv6 Network (L2MC IPv6) is an optimized forwarding technique, and it helps in saving the bandwidth. By default, the bridge floods IPv6 multicast packets to all AC, whereas the L2MC IPv6 feature allows you to forward the IPv6 multicast packets only to the interested MLD-snooped AC.
When IPv6 multicast packets are received over Layer 2 AC and interfaces, the lookup gets done for Virtual Switch Interfaces (VSI), Groups (G), and Services (S) or for VSI and G. The VSI details show the VLAN or VXLAN segment to which the packet belongs, while the G and S identify the multicast groups and services to which the packet should be forwarded. Based on this lookup, the traffic is forwarded to the interested receivers connected to the Layer 2 AC.
The MLD control packets received over Layer 2 AC are snooped and punted to create the route entries. This route entries are needed to avail the following supports:
-
Layer 2 Multicast IPv6 support.
-
EVPN sync support for IPv4 routes.
Hardware Supported
This feature is supported on routers that have the Cisco NC57 line cards installed and operate in native and compatible modes.
Limitations and Restrictions
-
This feature doesn’t support MLD sync.
-
With L2MC IPv6 support, the existing L2MC IPv4 scale reduces proportionally.
Configuration Example
router(config)# l2vpn
router(config-l2vpn)# bridge group 1
router(config-l2vpn-bg)#bridge-domain 1
router(config-l2vpn-bg-bd)#multicast-source ipv6
router(config-l2vpn-bg-bd)#efp-visibility
router(config-l2vpn-bg-bd)#mld snooping profile prof1
router(config-l2vpn-bg-bd)#igmp snooping profile prof1
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/0
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/4.1
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#interface TenGigE0/0/0/4.2
router(config-l2vpn-bg-bd-ac)#exit
router(config-l2vpn-bg-bd)#routed interface BVI1
router(config-l2vpn-bg-bd-bvi)#exit
!
!
router(config-l2vpn-bg-bd)#mld snooping profile prof1
router(config-l2vpn-bg-bd)#internal-querier
!
router(config-l2vpn-bg-bd)#igmp snooping profile prof1
router(config-l2vpn-bg-bd)#system-ip-address 1.2.3.4
router(config-l2vpn-bg-bd)#internal-querier
Note |
With BVI configurations, there is no need to have internal queries address configured MLD snooping profile. It implies that you can make BVI as querier under BVI configuration. |
Verification
The following command shows the information about group membership in the Layer 2 Forwarding tables.
router# show mld snooping group
Flags Key: S=Static, D=Dynamic, E=Explicit Tracking
Bridge Domain bg1:bd1
Group Ver GM Source PM Port Exp Flg
Ff12:1:1::1 V2 Exc - - GigabitEthernet0/1/1/0 122 DE
Ff12:1:1::1 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/1 5 DE
Ff12:1:1::1 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/2 never S
Ff12:1:1::1 V2 Exc 2002:1::1 Exc GigabitEthernet0/1/1/3 - DE
Ff12:1:1::1 V2 Exc 2002:1::2 Inc GigabitEthernet0/1/1/0 202 DE
Ff12:1:1::1 V2 Exc 2002:1::2 Exc GigabitEthernet0/1/1/1 - DE
Ff12:1:1::2 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/0 145 DE
Ff12:1:1::2 V2 Exc 2002:1::1 Inc GigabitEthernet0/1/1/1 0 DE
Ff12:1:1::2 V2 Exc 2002:1::1 Exc GigabitEthernet0/1/1/2 11 DE
Bridge Domain bg1:bd4
Group Ver GM Source PM Port Exp Flg
Ff24:1:1::2 V1 Exc - - GigabitEthernet0/1/1/0 122 DE
Ff28:1:1::1 V1 - - - GigabitEthernet0/1/1/1 33 DE
Ff29:1:2::3 V1 Exc - - GigabitEthernet0/1/2/0 122 DE
Ff22:1:2::3 V2 Exc 2000:1:1::2 Exc GigabitEthernet0/1/2/1 5 DE
The following command summarizes the number of bridge domains, mrouter ports, host ports, groups, and sources configured on the router.
router#show mld snooping summary
Bridge Domains: 1
MLD Snooping Bridge Domains: 1
Ports: 3
MLD Snooping Ports: 3
Mrouters: 0
STP Forwarding Ports: 0
ICCP Group Ports: 0
MLD Groups: 0
Member Ports: 0
MLD Source Groups: 0
Static/Include/Exclude: 0/0/0
Member Ports (Include/Exclude): 0/0
IPv6 Multicast Listener Discovery Snooping over BVI
Multicast Listener Discovery (MLD) snooping provides a way to constrain multicast traffic at L2. By snooping the MLD membership reports sent by hosts in the bridge domain, the MLD snooping application can set up L2 multicast forwarding tables. This table is later used to deliver traffic only to ports with at least one interested member, significantly reducing the volume of multicast traffic.
MLDv2 support over BVI enables implementing IPv6 multicast routing over a L2 segment of the network that is using an IPv6 VLAN. The multicast routes are bridged via BVI interface from L3 segment to L2 segment of the network.
MLDv2 snooping over BVI enables forwarding MLDv2 membership reports received over the L2 domain to MLD snooping instead of MLD.
Restrictions
-
You cannot configure
ttl-check
and disablerouter-alert-check
on the router for mld messages. -
Static mrouters are not supported for MLD snooping.
-
Querier is supported for MLDV2, but it is not supported on MLDV1.
Configuring Internal Querier for MLD Snooping
This configuration enables a multicast router acting as a MLD querier to send out group-and-source-specific query:
router# config
RP0/0/RP0/CPU0:router(config)# mld snooping profile grp1
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# system-ip-address fe80::1 link-local
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# internal-querier
RP0/0/RP0/CPU0:router(config-mld-snooping-profile)# commit
Verification
Use the show mld snooping profile detail command to verify the MLD snooping configuration:
router# show mld snooping profile detail
Thu Nov 22 13:58:18.844 UTC
MLD Snoop Profile grp1:
System IP Address: fe80::1
Bridge Domain References: 2
Port References: 12
MLD Snoop Profile grp10:
System IP Address: fe80::5610
Bridge Domain References: 0
Port References: 0