Hello everybody. Here is a question for the experienced multicast experts.
I have a couple of problems that make me think that IGMP snooping is not doing what I thought it should be doing.
First, just to summarize what I think I know about IGMP snooping .... Without IGMP snooping, multicast frames would be flooded to all switch ports. When IGMP snopping is enabled this should not happen. The switch observes the IGMP traffic between the hosts and the multicast router, and sends a multicast stream only to those ports that have expressed an interest in it. The exception is the mrouter port, which gets a copy of everything multicast, and which is detected because he switch sees PIM etc on it. So, as I understand it, if a host is not generating IGMP reports, it should not see any multicast, not even the IGMP queries from the router. (Except for the low 224. addresses, of course, which are flooded anyway.)
So, problem 1, is that I have a server that is seeing a multicast stream that it is not supposed to be seeing. If I look at show ip igmp snooping groups on the switch, in fact there is nothing on that particular switch that has any entries in the igmp snooping table. If I look at show ip igmp snooping mrouter, the mrouter port is exactly where I expect it to be .. on the uplink. No other host on this switch is receiving the multicast stream. The only difference between this host and the others is that this host is connected via an LACP-controlled EtherChannel bundle. BTW, the switch uplink is also an EtherChannel. Could there be an issue with IGMP snooping on an EtherChannel port? The switch is a 2960G and the upstream is a 4500.
Problem 2 is similar - multicasts going where they are not expected to go. In this case, there is no EtherChannel involved. It is a switchport connected to a sniffer that I use to benchmark the background traffic (i.e. floods and broadcasts) on a VLAN. The sniffer is not generating any IGMP reports. Yet the sniffer sees IGMP queries for one particular group (22.214.171.124) from the mcast router on the switchport. There are many multicast streams on that VLAN on this particular switch, which is a 4500. It is strange that my sniffer sees the IGMP queries for the 126.96.36.199 group, but not for any other group. Why should that be? I know my sniffer is not generating any IGMP reports. BTW, once again, the show ip igmp snooping groups does not show the sniffer port in the list for the 188.8.131.52 group, and the mrouter port is exactly where I expect it to be - on the link to the mrouter.
Has anyone else seen similar behaviors?
Sorry I have "out of office" recently - I have been a bit busy studying to renew my cert. At least I am safe now for the next couple of years.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...