排除Cisco交换机上的IGMP监听故障
简介
本文档介绍Catalyst 9K系列交换机上的Internet组管理协议(IGMP)功能如何配合调试。
先决条件
Cisco 建议您了解以下主题:
- 基本了解L2协议和交换
- PIM和IGMP组播基础知识
使用的组件
本文档中的信息基于以下软件和硬件版本:
- Catalyst 9300版本17.9.4a
- Catalyst 9500x版本17.13.1
- 带VLC播放器的Windows 10 PC
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
背景信息
如果没有IGMP功能,第2层交换机将向所有端口(传入端口除外)转发组播帧,这将浪费交换机资源。
IGMP监听允许交换机通过侦听来自主机的报告/离开消息,仅向加入特定组的那些接收方发送组播数据帧。默认情况下,此功能在思科第2层交换机上启用。如果只想在特定VLAN上启用它,可以全局禁用它,并使用所需的VLAN-id配置ip igmp snooping vlan vlan-id。
当连接到L2交换机的客户端请求组播流量时,交换机会监听此信息并构建组播表,以便交换机能够将流量转发到预期的接收端口,而不是泛洪交换机的所有端口。
拓扑
组播拓扑
说明
为了全面了解组播通信中的IGMP信令和流量传输,从接收端和源端两个角度对其进行研究是至关重要的。
接收端转发
要了解IGMP流程,您需要了解mrouter端口和IGMP查询器的概念。
通常,当在路由器接口或交换机的SVI上启用PIM时,它会开始在各自的VLAN广播域中定期发送IGMP查询。发送查询的路由器接口只是IGMP查询器,接收查询的交换机接口是该VLAN的交换机的mrouter端口。
特定广播域中的任何设备都只有一个mrouter端口。交换机开始在各自的mrouter端口下构建IGMP监听组表。
注意:如果同一广播域中存在多个查询,则会进行选举过程。
SW1和SW2是纯第2层交换机,没有路由。
调试使我们能够了解IGMP监听的过程。
#debug ip igmp snooping
连接到SW2的Gi 1/0/17的PC21需要239.1.2.3组播流。因此,PC21向交换机发送了加入报告。
SW2于2017年1月0日收到关于Gi的联合报告。
*Apr 2 15:49:54.353: IGMPSN: Received IGMPv2 Report for group 239.1.2.3 received on Vlan 2717, port Gi1/0/17
*Apr 2 15:49:54.353: IGMPSN: NEW report: Call process_report port:Gi1/0/17 Querier is IGMPv1, Vlan 2717, quer_ver numeric 0.
*Apr 2 15:49:54.353: IGMPSN: Group: Received IGMPv2 report for mcast group 239.1.2.3 from Client 172.16.1.1. Received on Vlan 2717, port Gi1/0/17.
*Apr 2 15:49:54.353: IGMPSN: group: Adding client ip 172.16.1.1, port_id Gi1/0/17, on vlan 2717在这种情况下,由于广播域中没有查询器,因此交换机上没有用于VLAN的mrouter端口。
因此,交换机别无选择,只能丢弃来自Gi 1/0/17的IGMP报告。
*Apr 2 15:49:54.353: IGMPSN: No mroute detected: Drop IGMPv2 report for group 239.1.2.3 from client 172.16.1.1 received on Vlan 2717, port Gi1/0/17如果IGMP V2客户端希望取消订阅组播流,可以通过向交换机发送IGMP离开消息来取消订阅。
IGMP-Leave报告示例在此处提到。
一般来说,当交换机收到IGMP离开时,会从IGMP监听组表中删除该条目。
*Apr 2 15:52:11.237: IGMPSN: Received IGMP Leave for group 239.1.2.3 received on Vlan 2717, port Gi1/0/17
*Apr 2 15:52:11.238: IGMPSN: group: Leave for group 239.1.2.3 from Client 172.16.1.1 received on Vlan 2717, port Gi1/0/17, mvr group (No)
*Apr 2 15:52:11.238: IGMPSN: group: Skip client info adding - src_addr 172.16.1.1, client_addr 172.16.1.1, port_id Gi1/0/17, on vlan 2717
*Apr 2 15:52:11.238: IGMPSN: MCAST IP address 239.1.2.3, MAC address 0100.5e01.0203由于交换机没有mrouter端口,因此无法创建IGMP监听组表。因此,它没有端口Gi 1/0/17的IGMP条目。因此,它不能找到相同的位置。
*Apr 2 15:52:11.238: IGMPSN: Can not Locate gce 0100.5e01.0203, on Vlan 2717
*Apr 2 15:52:11.238: IGMPSN: group: Group does not exist - Leave for group 239.1.2.3 from Client 172.16.1.1 received on Vlan 2717, port Gi1/0/17 send to router port
*Apr 2 15:52:11.238: IGMPSN: Call platform_l2mc_snoop_send_mrouterMrouter端口创建是交换机成功启动IGMP监听的第一步,也是最重要的一步。
如前所述,IGMP常规查询依赖于PIM,因此,PIM密集模式已在R2 G1/0/45上启用。(接口配置模式命令ip pim dense-mode)。
*Apr 2 15:53:30.730: IGMPSN: router: Received non igmp pak on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: router: PIMV2 Hello packet received in 2717
*Apr 2 15:53:30.730: IGMPSN: l2mc_mrd_learn_router_port_internal Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.730: IGMPSN: router: Is not a router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: router: Is not a router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: router: Created router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: mgt: Reverting flood mode to only multicast router ports for Vlan 2717.
*Apr 2 15:53:30.730: IGMPSN: Adding router port Gi1/0/1 to all GCEs in Vlan 2717
*Apr 2 15:53:30.730: IGMPSN: added rport Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: Notify others Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: After l2mcm_rport_add-1 Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Calling HA mrouter sync Iport:Gi1/0/1 p_type:1 mrt_enable:0
*Apr 2 15:53:30.734: IGMPSN: igmpsn_ha_sync_mrouter_port_info enter Port Gi1/0/1 in vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Learning port: Gi1/0/1 as rport on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Received IGMP pak on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.734: IGMPSN: l2mc_mrd_learn_router_port_internal Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Is a router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.734: IGMPSN: router: Learning port: Gi1/0/1 as rport on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: Received IGMP Query for group 0.0.0.0 received on Vlan 2717, port Gi1/0/1 *****
*Apr 2 15:53:30.734: IGMPSN: IGMPv2 General Query received on Vlan 2717, port Gi1/0/1 Resp time 2500 (25 100) msecs, LLQ interval 2000 (2, 1000)
*Apr 2 15:53:30.734: IGMPSN: IGMP general queries received on Vlan 2717 updates all groups
*Apr 2 15:53:30.734: IGMPSN: timer: start report_timer 2500 msecs of vlan 2717交换机为相应的VLAN创建mrouter端口,并在该VLAN中接收来自被查询方的常规查询。
SW2#show ip igmp snooping vlan 2717
Vlan 2717:
--------
IGMP snooping : Enabled
Pim Snooping : Disabled
IGMPv2 immediate leave : Enabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000
SW2#show ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
2717 172.17.1.254 v2 Gi1/0/1
SW2#show ip igmp snooping mrouter
Vlan ports
---- -----
2717 Gi1/0/1(dynamic)
查询器每60秒发送一次IGMP常规查询。
~
*Apr 6 10:37:02.793: IGMPSN: Received IGMP Query for group 0.0.0.0 received on Vlan 2717, port Gi1/0/1
*Apr 6 10:37:02.793: IGMPSN: IGMPv2 General Query received on Vlan 2717, port Gi1/0/1 Resp time 10000 (100 100) msecs, LLQ interval 2000 (2, 1000)
*Apr 6 10:37:02.793: IGMPSN: IGMP general queries received on Vlan 2717 updates all groups
~
~
*Apr 6 10:38:02.793: IGMPSN: Received IGMP Query for group 0.0.0.0 received on Vlan 2717, port Gi1/0/1
*Apr 6 10:38:02.793: IGMPSN: IGMPv2 General Query received on Vlan 2717, port Gi1/0/1 Resp time 10000 (100 100) msecs, LLQ interval 2000 (2, 1000)
*Apr 6 10:38:02.793: IGMPSN: IGMP general queries received on Vlan 2717 updates all groups
~连接到端口Gi 1/0/17 (PC21)的主机需要指向239.1.2.3的组播流,因此PC21会将目标地址为239.1.2.3的报告发送到查询器172.17.1.254。
交换机会监听相同的数据包,并在IGMP监听表中创建一个条目。
*Apr 6 10:38:03.714: IGMPSN: Received IGMPv2 Report for group 239.1.2.3 received on Vlan 2717, port Gi1/0/17
*Apr 6 10:38:03.714: IGMPSN: NEW report: Call process_report port:Gi1/0/17 Querier is IGMPv1, Vlan 2717, quer_ver numeric 2.
*Apr 6 10:38:03.714: IGMPSN: Group: Received IGMPv2 report for mcast group 239.1.2.3 from Client 172.17.1.1. Received on Vlan 2717, port Gi1/0/17.
*Apr 6 10:38:03.714: IGMPSN: group: Adding client ip 172.17.1.1, port_id Gi1/0/17, on vlan 2717
*Apr 6 10:38:03.714: IGMPSN: MCAST IP address 239.1.2.3, MAC address 0100.5e01.0203
*Apr 6 10:38:03.714: IGMPSN: Locate gce 0100.5e01.0203, on Vlan 2717
*Apr 6 10:38:03.714: IGMPSN: locate group 239.1.2.3, on Vlan 2717
*Apr 6 10:38:03.714: IGMPSN: Add v2 group 239.1.2.3 member port Gi1/0/17, on Vlan 2717
*Apr 6 10:38:03.714: IGMPSN: group: Added port Gi1/0/17 to group 239.1.2.3
*Apr 6 10:38:03.714: TIMER_START for group239.1.2.3 for time 10000 * 100
*Apr 6 10:38:03.714: IGMPSN: group: Forwarding 239.1.2.3 report to router ports
*Apr 6 10:38:03.714: IGMPSN: Call platform_l2mc_snoop_send_mrouterSW2#show ip igmp snooping group
Vlan Group Type Version Port List
-----------------------------------------------------------------------
2717 239.1.2.3 igmp v2 Gi1/0/17如果交换机从上行链路Gi1/0/1或VLAN 2717中的任何其他端口收到发往组播组239.1.2.3的数据流量,则交换机仅将其转发到接口Gi 1/0/17,而不转发到VLAN 2717中的任何其他端口。
此外,IGMP报告从SW2的mrouter端口到达查询器(R2),查询器会为相同端口创建相应的IGMP组条目。如果R2收到发往239.1.2.3的组播数据流量,则会将其转发到SW2。
发送方/源端转发
发送方/源端转发PC11、172.16.1.1连接到SW1 Gi 1/0/3,将组播流量发送到239.1.2.3 UDP端口1234。
SW1#show int gigabitEthernet 1/0/3
GigabitEthernet1/0/3 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 2416.9d7a.1083 (bia 2416.9d7a.1083)
~
~
5 minute input rate 1857000 bits/sec, 170 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
9410 packets input, 12890025 bytes, 0 no buffer
Received 9394 broadcasts (9394 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 9394 multicast, 0 pause input
0 input packets with dribble condition detected
~
~SW1#show int gigabitEthernet 1/0/3 counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Gi1/0/3 12890593 17 9396 0
!
SW1#show int te 1/1/1 counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Te1/1/1 1166336 3940 1251 14
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Te1/1/1 3229106605 2731 2358824 6
!
SW1#show ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
2716 172.16.1.254 v2 Te1/1/1
!
SW1#show ip igmp snooping mrouter
Vlan ports
---- -----
2716 Te1/1/1(dynamic)在SW1上,IGMP监听已启用,并且交换机已具有mrouter端口,默认情况下,交换机将mrouter端口上收到的组播数据流量转发到查询器。
源接口Gi 1/0/3上的EPC。
SW1#show monitor capture file flash:mycap1.pcap
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 172.16.1.1 -> 239.1.2.3 RTCP 102 Sender Report Source description
2 0.000100 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
3 0.000140 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
4 0.000178 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
5 0.000234 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328组播数据流进入交换机SW1并从Te 1/1/1流向PIM路由器或查询器172.16.1.254。
在核心、R1和R2上为10.0.10.0/24、10.0.20.0/24,172.16.1.0/24和172.17.1.0/24启用了组播路由和PIM。组播路由保证在L3网络中转发组播流,最后,该流到达R2。由于R2具有之前通过IGMP报告过程获知的IGMP组表条目,因此R2将该流转发到SW2。
SW2#show int gigabitEthernet 1/0/17 counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Gi1/0/17 200 1709 103 0
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Gi1/0/17 3661503 3 2667 0最后,PC21接收组播流。Gi 1/0/17上的OutMcastPkts递增。
SW2的接口Gi 1/0/17上的EPC。
SW2#show monitor capture file flash:mycap1.pcap
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
~
~
14 18.002140 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
15 18.002178 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
16 18.002234 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
~
~组播数据流从Gi 1/0/1进入交换机SW2,从Gi 1/0/17流出到请求组播数据流的主机。
修订历史记录
| 版本 | 发布日期 | 备注 |
|---|---|---|
1.0 |
30-Jul-2024 |
初始版本 |
反馈