Configuring IPv6 Multicast Listener Discovery Snooping

Use Multicast Listener Discovery (MLD) snooping to enable efficient distribution of IP version 6 (IPv6) multicast data to clients and routers in a switched network on the Catalyst 4500 series switch.

This chapter includes these sections:

note.gif

Noteblank.gif For complete syntax and usage information for the switch commands used in this chapter, see the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html

If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html


About MLD Snooping

In IP version 4 (IPv4), Layer 2 switches can use Internet Group Management Protocol (IGMP) snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. In IPv6, MLD snooping performs a similar function. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.

MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners (nodes that want to receive IPv6 multicast packets) on its directly attached links and to discover which multicast packets are of interest to neighboring nodes. MLD is derived from IGMP; MLD version 1 (MLDv1) is equivalent to IGMPv2 and MLD version 2 (MLDv2) is equivalent to IGMPv3. MLD is a subprotocol of Internet Control Message Protocol version 6 (ICMPv6), and MLD messages are a subset of ICMPv6 messages, identified in IPv6 packets by a preceding Next Header value of 58.

The switch supports two versions of MLD snooping:

  • MLDv1 snooping detects MLDv1 control packets and sets up traffic bridging based on IPv6 destination multicast addresses.
  • MLDv2 basic snooping (MBSS) uses MLDv2 control packets to set up traffic forwarding based on IPv6 destination multicast addresses.

The switch can snoop on both MLDv1 and MLDv2 protocol packets and bridge IPv6 multicast data based on destination IPv6 multicast addresses.

note.gif

Noteblank.gif The switch does not support MLDv2 enhanced snooping (MESS), which sets up IPv6 source and destination multicast address-based forwarding.


MLD snooping can be enabled or disabled globally or per-VLAN. When MLD snooping is enabled, a per-VLAN IPv6 multicast MAC address table is constructed in software and a per-VLAN IPv6 multicast address table is constructed in software and hardware. The switch then performs IPv6 multicast-address based bridging in hardware.

These sections describe some parameters of IPv6 MLD snooping:

MLD Messages

MLDv1 supports three types of messages:

  • Listener Queries are the equivalent of IGMPv2 queries and are either General Queries or Multicast-Address-Specific Queries (MASQs).
  • Multicast Listener Reports are the equivalent of IGMPv2 reports.
  • Multicast Listener Done messages are the equivalent of IGMPv2 leave messages.

MLDv2 supports MLDv2 queries and reports, as well as MLDv1 Report and Done messages.

Message timers and state transitions resulting from messages being sent or received are the same as those of IGMPv2 messages. MLD messages that do not have valid link-local IPv6 source addresses are ignored by MLD routers and switches.

MLD Queries

The switch sends out MLD queries, constructs an IPv6 multicast address database, and generates MLD group-specific and MLD group-and-source-specific queries in response to MLD Done messages. The switch also supports report suppression, report proxying, Immediate-Leave functionality, and static IPv6 multicast MAC-address configuration.

When MLD snooping is disabled, all MLD queries are flooded in the ingress VLAN.

When MLD snooping is enabled, received MLD queries are flooded in the ingress VLAN, and a copy of the query is sent to the CPU for processing. From the received query, MLD snooping builds the IPv6 multicast address database. It detects multicast router ports, maintains timers, sets report response time, learns the querier IP source address for the VLAN, learns the querier port in the VLAN, and maintains multicast-address aging.

When a group exists in the MLD snooping database, the switch responds to a group-specific query by sending an MLDv1 report. When the group is unknown, the group-specific query is flooded to the ingress VLAN.

When a host wants to leave a multicast group, it can send out an MLD Done message (equivalent to IGMP Leave message). When the switch receives an MLDv1 Done message, if Immediate- Leave is not enabled, the switch sends an MASQ to the port from which the message was received to determine if other devices connected to the port should remain in the multicast group.

Multicast Client Aging

You can configure port membership removal from addresses based on the number of queries. A port is removed from membership to an address only when there are no reports to the address on the port for the configured number of queries. The default number is 2.

Multicast Router Discovery

MLD snooping performs multicast router discovery with these characteristics:

  • Ports configured by a user never age out.
  • Dynamic port learning results from MLDv1 snooping queries and IPv6 PIMv2 packets.
  • If multiple routers exist on the same Layer 2 interface, MLD snooping tracks a single multicast router on the port (the router that most recently sent a router control packet).
  • Dynamic multicast router port aging is based on a default timer of 5 minutes; the multicast router is deleted from the router port list if no control packet is received on the port for 5 minutes.
  • IPv6 multicast router discovery only takes place when MLD snooping is enabled on the switch.
  • Received IPv6 multicast router control packets are always flooded to the ingress VLAN, whether MLD snooping is enabled on the switch.
  • After the discovery of the first IPv6 multicast router port, unknown IPv6 multicast data is forwarded only to the discovered router ports (before that time, all IPv6 multicast data is flooded to the ingress VLAN).

MLD Reports

The processing of MLDv1 join messages is essentially the same as with IGMPv2. When no IPv6 multicast routers are detected in a VLAN, reports are not processed or forwarded from the switch. When IPv6 multicast routers are detected and an MLDv1 report is received, an IPv6 multicast group address and an IPv6 multicast MAC address are entered in the VLAN MLD database. All IPv6 multicast traffic to the group within the VLAN is then forwarded using this address. When MLD snooping is disabled, reports are flooded in the ingress VLAN.

When MLD snooping is enabled, MLD report suppression, called listener message suppression, is automatically enabled. With report suppression, the switch forwards the first MLDv1 report received by a group to IPv6 multicast routers; subsequent reports for the group are not sent to the routers. When MLD snooping is disabled, report suppression is disabled, and all MLDv1 reports are flooded to the ingress VLAN.

The switch also supports MLDv1 proxy reporting. When an MLDv1 MASQ is received, the switch responds with MLDv1 reports for the address on which the query arrived if the group exists in the switch on another port and if the port on which the query arrived is not the last member port for the address.

MLD Done Messages and Immediate-Leave

When the Immediate-Leave feature is enabled and a host sends an MLDv1 Done message (equivalent to an IGMP leave message), the port on which the Done message was received is immediately deleted from the group.You enable Immediate-Leave on VLANs and (as with IGMP snooping), you should only use the feature on VLANs where a single host is connected to the port. If the port was the last member of a group, the group is also deleted, and the leave information is forwarded to the detected IPv6 multicast routers.

When Immediate Leave is not enabled in a VLAN (the case when multiple clients for a group exist on the same port) and a Done message is received on a port, an MASQ is generated on that port. The user can control when a port membership is removed for an existing address in terms of the number of MASQs. A port is removed from membership to an address when there are no MLDv1 reports to the address on the port for the configured number of queries.

The number of MASQs generated is configured by using the ipv6 mld snooping last-listener-query count global configuration command. The default number is 2.

The MASQ is sent to the IPv6 multicast address for which the Done message was sent. If no reports are sent to the IPv6 multicast address specified in the MASQ during the switch maximum response time, the port on which the MASQ was sent is deleted from the IPv6 multicast address database. The maximum response time is the time configured by using the ipv6 mld snooping last-listener-query-interval global configuration command. If the deleted port is the last member of the multicast address, the multicast address is also deleted, and the switch sends the address leave information to all detected multicast routers.

Topology Change Notification Processing

When topology change notification (TCN) solicitation is enabled by using the ipv6 mld snooping tcn query solicit global configuration command, MLDv1 snooping sets the VLAN to flood all IPv6 multicast traffic with a configured number of MLDv1 queries before it begins sending multicast data only to selected ports. You set this value by using the ipv6 mld snooping tcn flood query count global configuration command. The default is to send two queries. The switch also generates MLDv1 global Done messages with valid link-local IPv6 source addresses when the switch becomes the STP root in the VLAN or when it is configured by the user. This process is similar to that in IGMP snooping.

Configuring IPv6 MLD Snooping

These sections describe how to configure IPv6 MLD snooping:

Default MLD Snooping Configuration

Table 28-1 shows the default MLD snooping configuration.

 

Table 28-1 Default MLD Snooping Configuration

Feature
Default Setting

MLD snooping (Global)

Disabled.

MLD snooping (per VLAN)

Enabled. MLD snooping must be globally enabled for VLAN MLD snooping to take place.

IPv6 Multicast addresses

None configured.

IPv6 Multicast router ports

None configured.

MLD snooping Immediate Leave

Disabled.

MLD snooping robustness variable

Global: 2; per-VLAN: 0.

Note The VLAN value overrides the global setting. When the VLAN value is 0, the VLAN uses the global count.

Last listener query count

Global: 2; per-VLAN: 0.

Note The VLAN value overrides the global setting. When the VLAN value is 0, the VLAN uses the global count.

Last listener query interval

Global: 1000 (1 second); VLAN: 0.

Note The VLAN value overrides the global setting. When the VLAN value is 0, the VLAN uses the global interval.

TCN query solicit

Disabled.

TCN query count

2.

MLD listener suppression

Disabled.

MLD Snooping Configuration Guidelines

When configuring MLD snooping, consider these guidelines:

  • You can configure MLD snooping characteristics at any time, but you must globally enable MLD snooping by using the ipv6 mld snooping global configuration command for the configuration to take effect.
  • MLD snooping and IGMP snooping act independently of each other. You can enable both features at the same time on the switch. The total number of IPv4 and IPv6 multicast groups entries that can coexist on the Catalyst 4500 series switch is limited to 16384.
  • The supervisor engine with 512 MB of memory supports about 11000 MLD Snooping multicast groups. A supervisor engine with 1 GB memory supports 16384 MLD Snooping multicast groups.

Enabling or Disabling MLD Snooping

By default, IPv6 MLD snooping is globally disabled on the switch and enabled on all VLANs. When MLD snooping is globally disabled, it is also disabled on all VLANs. When you globally enable MLD snooping, the VLAN configuration overrides the global configuration. MLD snooping is enabled only on VLAN interfaces in the default state (enabled).

You can enable and disable MLD snooping on a per-VLAN basis, but if you globally disable MLD snooping, it is disabled in all VLANs. If global snooping is enabled, you can enable or disable VLAN snooping.

To globally enable MLD snooping on the switch, perform this task:

 

Command
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# ipv6 mld snooping

Globally enables MLD snooping on the switch.

Step 3

Switch(config)# end

Returns to privileged EXEC mode.

Step 4

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

To globally disable MLD snooping on the switch, use the no ipv6 mld snooping global configuration command.

To enable MLD snooping on a VLAN, perform this task:

 

Command
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# ipv6 mld snooping

Globally enables MLD snooping on the switch.

Step 3

Switch(config)# ipv6 mld snooping vlan vlan-id

Enables MLD snooping on the VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094.

Note MLD snooping must be globally enabled for VLAN snooping to be enabled.

Step 4

Switch(config)# end

Returns to privileged EXEC mode.

Step 5

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number.

Configuring a Static Multicast Group

Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure an IPv6 multicast address and member ports for a VLAN.

To add a Layer 2 port as a member of a multicast group, perform this task:

 

Command
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode

Step 2

Switch(config)# ipv6 mld snooping vlan vlan-id static ipv6_multicast_address interface interface-id

Statically configures a multicast group with a Layer 2 port as a member of a multicast group:

  • vlan-id is the multicast group VLAN ID. The VLAN ID range is 1 to 1001 and 1006 to 4094.
  • ipv6_multicast_address is the 128-bit group IPv6 address. The address must be in the form specified in RFC 2373.
  • interface-id is the member port. It can be a physical interface or a port channel (1 to 64).

Step 3

Switch(config)# end

Returns to privileged EXEC mode.

Step 4

Switch# show mac-address-table multicast mld-snooping

Verifies the static member port and the IPv6 address.

Step 5

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

To remove a Layer 2 port from the multicast group, use the no ipv6 mld snooping vlan vlan-id static mac-address interface interface-id global configuration command. If all member ports are removed from a group, the group is deleted.

This example shows how to statically configure an IPv6 MAC address:

Switch# configure terminal
Switch(config)# ipv6 mld snooping vlan 2 static 3333.0000.0003 interface gigabitethernet1/1
Switch(config)# end

Configuring a Multicast Router Port

Although MLD snooping learns about router ports through MLD queries and PIMv6 queries, you can also use the command-line interface (CLI) to add a multicast router port to a VLAN. To add a multicast router port (add a static connection to a multicast router), use the ipv6 mld snooping vlan mrouter global configuration command on the switch.

note.gif

Noteblank.gif Static connections to multicast routers are supported only on switch ports.


To add a multicast router port to a VLAN, follow these steps:

 

Command
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# ipv6 mld snooping vlan vlan-id mrouter interface interface-id

Specifies the multicast router VLAN ID, and specify the interface to the multicast router.

  • The VLAN ID range is 1 to 1001 and 1006 to 4094.
  • The interface can be a physical interface or a port channel. The port-channel range is 1 to 64.

Step 3

Switch(config)# end

Returns to privileged EXEC mode.

Step 4

Switch# show ipv6 mld snooping mrouter [ vlan vlan-id ]

Verifies that IPv6 MLD snooping is enabled on the VLAN interface.

Step 5

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

To remove a multicast router port from the VLAN, use the no ipv6 mld snooping vlan vlan-id mrouter interface interface-id global configuration command.

This example shows how to add a multicast router port to VLAN 200:

Switch# configure terminal
Switch(config)# ipv6 mld snooping vlan 200 mrouter interface gigabitethernet1/0/2
Switch(config)# exit

Enabling MLD Immediate Leave

When you enable MLDv1 Immediate Leave, the switch immediately removes a port from a multicast group when it detects an MLD Done message on that port. You should only use the Immediate Leave feature when there is a single receiver present on every port in the VLAN. When multiple clients exist for a multicast group on the same port, do not enable Immediate-Leave in a VLAN.

To enable MLDv1 Immediate Leave, perform this task:

 

Command
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# ipv6 mld snooping vlan vlan-id immediate-leave

Enables MLD Immediate Leave on the VLAN interface.

Step 3

Switch(config)# end

Returns to privileged EXEC mode.

Step 4

Switch# show ipv6 mld snooping vlan vlan-id

Verifies that Immediate Leave is enabled on the VLAN interface.

Step 5

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

To disable MLD Immediate Leave on a VLAN, use the no ipv6 mld snooping vlan vlan-id immediate-leave global configuration command.

This example shows how to enable MLD Immediate Leave on VLAN 130:

Switch# configure terminal
Switch(config)# ipv6 mld snooping vlan 130 immediate-leave
Switch(config)# exit

Configuring MLD Snooping Queries

When Immediate Leave is not enabled and a port receives an MLD Done message, the switch generates MASQs on the port and sends them to the IPv6 multicast address for which the Done message was sent. You can optionally configure the number of MASQs that are sent and the length of time the switch waits for a response before deleting the port from the multicast group.

To configure MLD snooping query characteristics for the switch or for a VLAN, perform this task:

 

Command
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# ipv6 mld snooping robustness-variable value

(Optional) Sets the number of queries that are sent before the switch deletes a listener (port) that does not respond to a general query. The range is 1 to 3; the default is 2.

Step 3

Switch(config)# ipv6 mld snooping vlan vlan-id robustness-variable value

(Optional) Sets the robustness variable on a VLAN basis, which determines the number of general queries that MLD snooping sends before aging out a multicast address when there is no MLD report response. The range is 1 to 3; the default is 0. When set to 0, the number used is the global robustness variable value.

Step 4

Switch(config)# ipv6 mld snooping last-listener-query-count count

(Optional) Sets the number of MASQs that the switch sends before aging out an MLD client. The range is 1 to 7; the default is 2. The queries are sent 1 second apart.

Step 5

Switch(config)# ipv6 mld snooping vlan vlan-id last-listener-query-count count

(Optional) Sets the last-listener query count on a VLAN basis. This value overrides the value configured globally. The range is 1 to 7; the default is 0. When set to 0, the global count value is used. Queries are sent 1 second apart.

Step 6

Switch(config)# ipv6 mld snooping last-listener-query-interval interval

(Optional) Sets the maximum response time that the switch waits after sending out a MASQ before deleting a port from the multicast group. The range is 100 to 32,768 thousands of a second. The default is 1000 (1 second).

Step 7

Switch(config)# ipv6 mld snooping vlan vlan-id last-listener-query-interval interval

(Optional) Sets the last-listener query interval on a VLAN basis. This value overrides the value configured globally. The range is 0 to 32,768 thousands of a second. The default is 0. When set to 0, the global last-listener query interval is used.

Step 8

Switch(config)# ipv6 mld snooping tcn query solicit

(Optional) Enables topology change notification (TCN) solicitation, which means that VLANs flood all IPv6 multicast traffic for the configured number of queries before sending multicast data to only those ports requesting to receive it. The default is for TCN to be disabled.

Step 9

Switch(config)# ipv6 mld snooping tcn flood query count count

(Optional) When TCN is enabled, specifies the number of TCN queries to be sent. The range is from 1 to 10; the default is 2.

Step 10

Switch(config)# end

Returns to privileged EXEC mode.

Step 11

Switch# show ipv6 mld snooping querier [ vlan vlan-id ]

(Optional) Verifies that the MLD snooping querier information for the switch or for the VLAN.

Step 12

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

This example shows how to set the MLD snooping global robustness variable to 3:

Switch# configure terminal
Switch(config)# ipv6 mld snooping robustness-variable 3
Switch(config)# exit
 

This example shows how to set the MLD snooping last-listener query count for a VLAN to 3:

Switch# configure terminal
Switch(config)# ipv6 mld snooping vlan 200 last-listener-query-count 3
Switch(config)# exit
 

This example shows how to set the MLD snooping last-listener query interval (maximum response time) to 2000 (2 seconds):

Switch# configure terminal
Switch(config)# ipv6 mld snooping last-listener-query-interval 2000
Switch(config)# exit

Disabling MLD Listener Message Suppression

MLD snooping listener message suppression is enabled by default. When it is enabled, the switch forwards only one MLD report per multicast router query. When message suppression is disabled, multiple MLD reports could be forwarded to the multicast routers.

To disable MLD listener message suppression, perform this task:

 

Command
Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# no ipv6 mld snooping listener-message-suppression

Disables MLD message suppression.

Step 3

Switch(config)# end

Returns to privileged EXEC mode.

Step 4

Switch# show ipv6 mld snooping

Verifies that IPv6 MLD snooping report suppression is disabled.

Step 5

Switch# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

To reenable MLD message suppression, use the ipv6 mld snooping listener-message-suppression global configuration command.

Displaying MLD Snooping Information

You can display MLD snooping information for dynamically learned and statically configured router ports and VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping.

To display MLD snooping information, use one or more of the privileged EXEC commands in Table 28-2 .

 

Table 28-2 Commands for Displaying MLD Snooping Information

Command
Purpose
show ipv6 mld snooping [ vlan vlan-id ]

Displays the MLD snooping configuration information for all VLANs on the switch or for a specified VLAN.

(Optional) Enter vlan vlan-id to display information for a single VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094.

show ipv6 mld snooping mrouter [ vlan vlan-id ]

Displays information on dynamically learned and manually configured multicast router interfaces. When you enable MLD snooping, the switch automatically learns the interface to which a multicast router is connected. These are dynamically learned interfaces.

(Optional) Enter vlan vlan-id to display information for a single VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094.

show ipv6 mld snooping querier [ vlan vlan-id ]

Displays information about the IPv6 address and incoming port for the most-recently received MLD query messages in the VLAN.

(Optional) Enter vlan vlan-id to display information for a single VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094.