排除Cisco交換機上的IGMP偵聽故障
簡介
本檔案將說明Catalyst 9K系列交換器上的網際網路群組管理通訊協定(IGMP)功能如何使用偵錯。
必要條件
思科建議您瞭解以下主題:
- 基本瞭解L2協定和交換
- 瞭解PIM和IGMP組播的基礎知識
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- Catalyst 9300版本17.9.4a
- Catalyst 9500x版本17.13.1
- 使用VLC播放程式的Windows 10 PC
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊
如果沒有IGMP功能,第2層交換機會將組播幀轉發到所有埠(傳入埠除外),這會浪費交換機資源。
IGMP監聽允許交換機透過偵聽來自主機的報告/離開消息,將組播資料幀只傳送給加入特定組的接收方。預設情況下,此功能在思科第2層交換機上啟用。如果只想在特定VLAN上啟用,可以全局停用它,並使用所需的VLAN-id配置ip igmp snooping vlan vlan-id。
當連線到L2交換機的客戶端請求組播流量時,交換機會監聽此資訊並建立組播表,以便交換機能夠將流量轉發到預期的接收埠,而不是泛洪交換機的所有埠。
拓撲
組播拓撲
說明
為了全面瞭解多播通訊中的IGMP信令和流量,必須從接收方和源方角度對其進行檢查。
接收端轉送
要瞭解IGMP過程,您需要瞭解mrouter埠和IGMP查詢器的概念。
通常,當在路由器介面或交換機的SVI上啟用PIM時,它會開始在相應的VLAN廣播域中定期傳送IGMP查詢。傳送查詢的路由器介面僅是IGMP查詢器,接收查詢的交換機介面是該VLAN的交換機的mrouter埠。
特定廣播域中的任何裝置都只有一個路由器埠。交換機在各自的路由器埠下開始構建IGMP監聽組表。
注意:如果同一廣播域中存在多個查詢,則會進行選舉過程。
SW1和SW2是純第2層交換機,無路由。
調試使我們能夠瞭解IGMP監聽的過程。
#debug ip igmp snooping
連線到SW2的Gi 1/0/17的PC21需要239.1.2.3組播流。因此,PC21向交換機傳送了加入報告。
SW2於2017年1月0日收到關於Gi的聯合報告。
*Apr 2 15:49:54.353: IGMPSN: Received IGMPv2 Report for group 239.1.2.3 received on Vlan 2717, port Gi1/0/17
*Apr 2 15:49:54.353: IGMPSN: NEW report: Call process_report port:Gi1/0/17 Querier is IGMPv1, Vlan 2717, quer_ver numeric 0.
*Apr 2 15:49:54.353: IGMPSN: Group: Received IGMPv2 report for mcast group 239.1.2.3 from Client 172.16.1.1. Received on Vlan 2717, port Gi1/0/17.
*Apr 2 15:49:54.353: IGMPSN: group: Adding client ip 172.16.1.1, port_id Gi1/0/17, on vlan 2717在這種情況下,由於廣播網域中沒有查詢器,因此交換器上沒有VLAN的mrouter連線埠。
因此,交換機別無選擇,只能丟棄來自Gi 1/0/17的IGMP報告。
*Apr 2 15:49:54.353: IGMPSN: No mroute detected: Drop IGMPv2 report for group 239.1.2.3 from client 172.16.1.1 received on Vlan 2717, port Gi1/0/17如果IGMP V2客戶端希望取消訂閱組播流,則可以透過向交換機傳送IGMP離開消息來取消訂閱。
這裡提到IGMP離開報告示例。
通常,當交換機收到IGMP離開時,會從IGMP監聽組表中刪除該條目。
*Apr 2 15:52:11.237: IGMPSN: Received IGMP Leave for group 239.1.2.3 received on Vlan 2717, port Gi1/0/17
*Apr 2 15:52:11.238: IGMPSN: group: Leave for group 239.1.2.3 from Client 172.16.1.1 received on Vlan 2717, port Gi1/0/17, mvr group (No)
*Apr 2 15:52:11.238: IGMPSN: group: Skip client info adding - src_addr 172.16.1.1, client_addr 172.16.1.1, port_id Gi1/0/17, on vlan 2717
*Apr 2 15:52:11.238: IGMPSN: MCAST IP address 239.1.2.3, MAC address 0100.5e01.0203由於交換機沒有mrouter埠,因此無法建立IGMP監聽組表。因此,它沒有埠Gi 1/0/17的IGMP條目。因此,它找不到相同的位置。
*Apr 2 15:52:11.238: IGMPSN: Can not Locate gce 0100.5e01.0203, on Vlan 2717
*Apr 2 15:52:11.238: IGMPSN: group: Group does not exist - Leave for group 239.1.2.3 from Client 172.16.1.1 received on Vlan 2717, port Gi1/0/17 send to router port
*Apr 2 15:52:11.238: IGMPSN: Call platform_l2mc_snoop_send_mrouter建立路由器埠是交換機成功啟動IGMP監聽的第一步,也是非常重要的一步。
如前所述,IGMP常規查詢依賴於PIM,因此,已在R2 G1/0/45上啟用PIM密集模式。(介面配置模式命令ip pim dense-mode)。
*Apr 2 15:53:30.730: IGMPSN: router: Received non igmp pak on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: router: PIMV2 Hello packet received in 2717
*Apr 2 15:53:30.730: IGMPSN: l2mc_mrd_learn_router_port_internal Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.730: IGMPSN: router: Is not a router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: router: Is not a router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: router: Created router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.730: IGMPSN: mgt: Reverting flood mode to only multicast router ports for Vlan 2717.
*Apr 2 15:53:30.730: IGMPSN: Adding router port Gi1/0/1 to all GCEs in Vlan 2717
*Apr 2 15:53:30.730: IGMPSN: added rport Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: Notify others Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: After l2mcm_rport_add-1 Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Calling HA mrouter sync Iport:Gi1/0/1 p_type:1 mrt_enable:0
*Apr 2 15:53:30.734: IGMPSN: igmpsn_ha_sync_mrouter_port_info enter Port Gi1/0/1 in vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Learning port: Gi1/0/1 as rport on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Received IGMP pak on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.734: IGMPSN: l2mc_mrd_learn_router_port_internal Gi1/0/1 on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: router: Is a router port on Vlan 2717, port Gi1/0/1
*Apr 2 15:53:30.734: IGMPSN: router: Learning port: Gi1/0/1 as rport on Vlan 2717
*Apr 2 15:53:30.734: IGMPSN: Received IGMP Query for group 0.0.0.0 received on Vlan 2717, port Gi1/0/1 *****
*Apr 2 15:53:30.734: IGMPSN: IGMPv2 General Query received on Vlan 2717, port Gi1/0/1 Resp time 2500 (25 100) msecs, LLQ interval 2000 (2, 1000)
*Apr 2 15:53:30.734: IGMPSN: IGMP general queries received on Vlan 2717 updates all groups
*Apr 2 15:53:30.734: IGMPSN: timer: start report_timer 2500 msecs of vlan 2717交換機為接收來自被查詢方的一般查詢的各個VLAN建立路由器埠。
SW2#show ip igmp snooping vlan 2717
Vlan 2717:
--------
IGMP snooping : Enabled
Pim Snooping : Disabled
IGMPv2 immediate leave : Enabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000
SW2#show ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
2717 172.17.1.254 v2 Gi1/0/1
SW2#show ip igmp snooping mrouter
Vlan ports
---- -----
2717 Gi1/0/1(dynamic)
查詢器每60秒傳送一次IGMP常規查詢。
~
*Apr 6 10:37:02.793: IGMPSN: Received IGMP Query for group 0.0.0.0 received on Vlan 2717, port Gi1/0/1
*Apr 6 10:37:02.793: IGMPSN: IGMPv2 General Query received on Vlan 2717, port Gi1/0/1 Resp time 10000 (100 100) msecs, LLQ interval 2000 (2, 1000)
*Apr 6 10:37:02.793: IGMPSN: IGMP general queries received on Vlan 2717 updates all groups
~
~
*Apr 6 10:38:02.793: IGMPSN: Received IGMP Query for group 0.0.0.0 received on Vlan 2717, port Gi1/0/1
*Apr 6 10:38:02.793: IGMPSN: IGMPv2 General Query received on Vlan 2717, port Gi1/0/1 Resp time 10000 (100 100) msecs, LLQ interval 2000 (2, 1000)
*Apr 6 10:38:02.793: IGMPSN: IGMP general queries received on Vlan 2717 updates all groups
~連線到埠Gi 1/0/17 (PC21)的主機需要組播流指向239.1.2.3,因此PC21將報告傳送到239.1.2.3,用於查詢器172.17.1.254。
交換機監聽相同的資料包,並在IGMP監聽表中建立一個條目。
*Apr 6 10:38:03.714: IGMPSN: Received IGMPv2 Report for group 239.1.2.3 received on Vlan 2717, port Gi1/0/17
*Apr 6 10:38:03.714: IGMPSN: NEW report: Call process_report port:Gi1/0/17 Querier is IGMPv1, Vlan 2717, quer_ver numeric 2.
*Apr 6 10:38:03.714: IGMPSN: Group: Received IGMPv2 report for mcast group 239.1.2.3 from Client 172.17.1.1. Received on Vlan 2717, port Gi1/0/17.
*Apr 6 10:38:03.714: IGMPSN: group: Adding client ip 172.17.1.1, port_id Gi1/0/17, on vlan 2717
*Apr 6 10:38:03.714: IGMPSN: MCAST IP address 239.1.2.3, MAC address 0100.5e01.0203
*Apr 6 10:38:03.714: IGMPSN: Locate gce 0100.5e01.0203, on Vlan 2717
*Apr 6 10:38:03.714: IGMPSN: locate group 239.1.2.3, on Vlan 2717
*Apr 6 10:38:03.714: IGMPSN: Add v2 group 239.1.2.3 member port Gi1/0/17, on Vlan 2717
*Apr 6 10:38:03.714: IGMPSN: group: Added port Gi1/0/17 to group 239.1.2.3
*Apr 6 10:38:03.714: TIMER_START for group239.1.2.3 for time 10000 * 100
*Apr 6 10:38:03.714: IGMPSN: group: Forwarding 239.1.2.3 report to router ports
*Apr 6 10:38:03.714: IGMPSN: Call platform_l2mc_snoop_send_mrouterSW2#show ip igmp snooping group
Vlan Group Type Version Port List
-----------------------------------------------------------------------
2717 239.1.2.3 igmp v2 Gi1/0/17如果交換機從上行鏈路Gi1/0/1或VLAN 2717中的任何其他埠接收到發往組播組239.1.2.3的資料流量,則交換機僅將其轉發到介面Gi 1/0/17,而不轉發到VLAN 2717中的任何其他埠。
此外,IGMP報告從SW2的mrouter埠到達Querier (R2),Querier會為其建立相應的IGMP組條目。如果R2收到發往239.1.2.3的組播資料流量,則會將其轉發到SW2。
傳送者/來源端轉送
傳送者/來源端轉送PC11、172.16.1.1連線到SW1 Gi 1/0/3,將組播流量傳送到239.1.2.3 UDP埠1234。
SW1#show int gigabitEthernet 1/0/3
GigabitEthernet1/0/3 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 2416.9d7a.1083 (bia 2416.9d7a.1083)
~
~
5 minute input rate 1857000 bits/sec, 170 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
9410 packets input, 12890025 bytes, 0 no buffer
Received 9394 broadcasts (9394 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 9394 multicast, 0 pause input
0 input packets with dribble condition detected
~
~SW1#show int gigabitEthernet 1/0/3 counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Gi1/0/3 12890593 17 9396 0
!
SW1#show int te 1/1/1 counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Te1/1/1 1166336 3940 1251 14
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Te1/1/1 3229106605 2731 2358824 6
!
SW1#show ip igmp snooping querier
Vlan IP Address IGMP Version Port
-------------------------------------------------------------
2716 172.16.1.254 v2 Te1/1/1
!
SW1#show ip igmp snooping mrouter
Vlan ports
---- -----
2716 Te1/1/1(dynamic)在SW1上,IGMP監聽已啟用,並且交換機已具有mrouter埠,預設情況下,交換機將路由器埠上接收到的組播資料流量轉發到查詢器。
源介面Gi 1/0/3上的EPC。
SW1#show monitor capture file flash:mycap1.pcap
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
1 0.000000 172.16.1.1 -> 239.1.2.3 RTCP 102 Sender Report Source description
2 0.000100 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
3 0.000140 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
4 0.000178 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
5 0.000234 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328組播資料流在交換機SW1中進入,從Te 1/1/1流向PIM路由器或查詢器172.16.1.254。
Core、R1和R2上的10.0.10.0/24、10.0.20.0/24,172.16.1.0/24和172.17.1.0/24啟用了組播路由和PIM。組播路由保證在L3網路中轉發組播流,最後到達R2。由於R2具有之前透過IGMP報告過程獲知的IGMP組表條目,因此R2將該資料流轉發到SW2。
SW2#show int gigabitEthernet 1/0/17 counters
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Gi1/0/17 200 1709 103 0
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Gi1/0/17 3661503 3 2667 0最後,PC21接收該組播流。Gi 1/0/17上的OutMcastPkts遞增。
SW2的Gi 1/0/17介面上的EPC。
SW2#show monitor capture file flash:mycap1.pcap
Starting the packet display ........ Press Ctrl + Shift + 6 to exit
~
~
14 18.002140 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
15 18.002178 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
16 18.002234 172.16.1.1 -> 239.1.2.3 UDP 1370 59218 -> 1234 Len=1328
~
~組播資料流從Gi 1/0/1進入交換機SW2,從Gi 1/0/17流向請求組播資料流的主機。
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
30-Jul-2024 |
初始版本 |
意見