IGMP Snooping without Router

Hi NL Team,

Does the attached look like a “healthy” debug from an IGMP debug. This was taken from the “querier”. It is a multicast environment with no Layer 3 router as such. I see there seems to be V2 and V3 messages also. Is there anything there that looks of immediate concern?

Output.txt (7.9 KB)

Hi Robert,

Looks OK to me. The “Report has illegal group address 224.0.0.113” messages that you see are normal. The 224.x.x.x range is link-local multicast so these are ignored.

Rene

Hi

I have a problem in real life with igmp. I have two host that send imgp version 3 between two diferent interfaces VLAN (SVI) they need to see igmp version 3 each other. With the command ip igmp snooping querier will hosts see the igmp version 3 eventhough they are in separate VLANs and broadcast domain?

Thank you!!

Hello Carlo

If you have a setup where you have two VLANs and you require routing between them, then IGMP Snooping without a Router is not a solution for this. These solutions are only for scenarios with a single VLAN.

The ip igmp snooping querier command will make the SVI port of a switch a querier, but it will not be able to route IGMP messages to other VLANs, but the will remain only within the specific broadcast domain. If you have such a scenario, it is better to go for using a multicast router since you need the routing functionality.

I hope this has been helpful!

Laz

Thank you !
This works

Hello,

I don’t entirely understand yet the behavior of a multicast stream in a network with VLANs, without router.

As an example, let’s take the following topology:

multicastl2 (1)815×596 15.1 KB

IGMP Snooping is enabled on all switches with the Core switch being the Querier.

With a video encoder on the left and in the middle streaming a multicast stream of 1Gbit/s into the network, I wonder where this stream will go to without the video decoder on the left being subscribed to the multicast stream.

1. Will the multicast stream stay at the respective edge switch until the video decoder subscribes to the stream.
2. Or, will the multicast stream go up till the Core switch (because it’s the Querier) and wait there till the video decoder subscribes to the multicast stream.

Can you please shed some light on this?

Thank you.

Regards,
Kevin

Hello Kevin

When you enable IGMP snooping on all switches, they will all function in such a way so that they won’t forward traffic through ports from which IGMP has not requested a stream. So in the scenario that you describe, SW1 would be informed that there is no requester of traffic so, the multicast stream will stop at SW1. Notice in the lesson that SW1 was made the querier, and the debug of SW2 shows the following output:

!<-- output omitted -->

L2MM: Add member: gda:0100.5e01.0101, adding Fa0/24
IGMPSN: mgt: added port Fa0/24 on gce 0100.5e01.0101, Vlan 1

!<-- output omitted -->

So port Fa0/24 (the port that connects to SW1, the querier) was added to the group, so multicast traffic will be sent from that port. If no mroute is detected (that is, there is no host actually requesting the stream), the traffic will not exit any of the ports on SW1.

I hope this has been helpful!

Laz

Hello Laz,

Thank you for your reply.

I’m confused by the following text from the particular approved response on this forum:

This also means that to have a best optimized network, it is a good practice to place your querier as close to the source of your multicast traffic as possible. Since multicast traffic always flows to the querier, if the source of the traffic and the querier are at opposite ends of the network, all the multicast traffic will traverse the whole network 100% of the time, irrespective of whether receives exist.

It seems that this response is different than what I understand from this explanation, right?

Thank you.

Regards,
Kevin

Hello Kevin

After doing a little more digging, I have found that for IGMP snooping using a querier, it is not the multicast membership requests that enable multicast traffic to be sent via switch ports, but it is the periodic general queries that the quierer sends. In the lesson, the membership requests were already being sent when the querier was enabled, so port Fa0/24 was added immediately.

So yes, I stand corrected, the querier is the location to which all multicast traffic is flooded within an L2 network where IGMP snooping and a querier are enabled.

I hope this has been helpful!

Laz

Hello Laz,

Ok, thank you for your help.

Regards,
Kevin

Hello Rene/Lagapides,

we can assume without a querier all Cisco IOS flood the multicast traffic?
Is there any command to check this without doing an embedded packet capture?

Thanks in advance
Regards

Hello Ignacio

Yes that assumption would be correct. You can confirm this by looking at the MAC address table. If you find the MAC address to which your multicast address is being mapped, you can then see with which interfaces that address is associated in the MAC address table. To determine which MAC address corresponds to your particular multicast address, take a look at this lesson:

I hope this has been helpful!

Laz

Hi everyone,
I have a Cisco 4010, with some ESXI servers connected to it. I also have some Virtual Machines on each of the ESXi servers.
I configured IGMP on the Cisco with the following command:
IP igmp snooping queried
and made sure that igmp is enabled on the vlan that needs it.
However when this is set up I noticed one virtual machine on a Esxi server can get multicast traffic from Cisco, but another one cannot. Both virtual machines are Windows (one Windows 10 and one Winders server 2019). Removing the snooping setting on Cisco, both virtual machines will get multicast traffic.
By running Netsh interface ip show joins command on the virtual machines I noticed the virtual machine that can receive the multicast traffic with IGMP setting can see the multicast addresses, which means it has joined the multicast group. The other virtual machine that cannot get multicast traffic cannot see the multicast addresses, which means it didn’t manage to join the multicast group, and therefore Cisco didn’t forward the multicast traffic to it.

I’m wondering what I should do on Cisco or on the virtual machine to make it also get multicast traffic? Really appreciate if you could help. Thanks.
Regards,
Bo

Hello Bo

In order to understand why one server is participating in multicast while the other is not, we must first understand your topology. The ip igmp snooping querier command will enable an L2 switch to function as a querier in the absence of a multicast router. In addition, an IGMP querier on a switch will disable itself if it detects IGMP traffic from a multicast router. Because the Cisco 4010 is also a Layer 3 device, and supports L3 multicast, could there be another configuration on the device that is cancelling out your configuration? Or another router on the network that is doing so? Also, what is the topology of your VMs? Are the VMs on the same subnet? What multicast parameters have you configured on the VLANs in the vSwitch? These are all questions that you must look at in order to continue your troubleshooting.

I hope this gives you some insight for the next steps of your troubleshooting procedure.

I hope this has been helpful!

Laz

Hi Laz,
Yes, we have two Cisco 4010 that are redundant to each other. I have the same IGMP settings on both of them - just have the ‘ip igmp snooping querier’ command.
The hosts for the VMs are connected to both Cisco 4010 (with two uplinks), and all the VMs that require the multicast traffic are on the same subnet, so they are on the same vlan on the same vswitch.
Should two Cisco 4010 have different configurations in this case, and how should what should be different between them?
Really appreciate your help.
Regards,
Bo

Hello Bo

This is strange behaviour indeed. There shouldn’t be any other configuration you need. I believe you should focus your troubleshooting efforts on the differences in network and multicast configuration of the two servers. I suggest the following:

1. Verify that the network configuration of both servers is the same. Ensure that the multicast configuration of the servers themselves is also correct. If one is working and the other is not, you must find the difference between the configs.
2. If you remove all IGMP snooping configuration on the 4010 switches, the behaviour should be (within each VLAN) that the multicast traffic will be sent out of all ports. I suggest you attempt this and see if the second server does receive multicast traffic. If it doesn’t then it is a problem on the server itself. If it does, then you can go on to the next step of troubleshooting the network configuration.
3. Verify that your vSwitch is configured correctly for multicast so that both servers will be treated the same in offering multicast traffic. Take a look at this link for more information on how vSwitch behaves with multicast.
4. Since you’re using 4010 switches, which are L3 switches, you should be able to enable IGMP snooping without having the switch function as an L2 querier. In other words, don’t configure “IGMP snooping without a multicast router” but simply IGMP snooping, and the switch itself plays the role of the multicast router. You can find out more about this configuration at this lesson.

Hopefully this will point you in the right direction for your next troubleshooting steps.

I hope this has been helpful!

Laz

Hi,
If I am using a switch as a Querier in place of a router do I need to enable multicast routing globally on the switch ? ie. Do I need “ip multicast-routing” command on the switch ?
Also do I need to have a separate querier for each vlan ? ie. If I have Vlan 10, 20, 30,40 Do I need to set a separate SVI as querier for each of these Vlans if I want to send multicast on each of them ?

Thanks.

Hello Sean

Taking a look at the following lesson which describes the use of a switch as a querier, there is no need to implement multicast routing. This is because in such a topology, no actual multicast routing takes place.

Yes, for each VLAN in which you will have multicast receivers, you must enable the querier.

I hope this has been helpful!

Laz

Many thanks Lazaros.

I just have a strange situation on a production network which has many switches and I currently don’t have access to all.

The issue is when I check “show ip igmp snooping querier vlan 333” on any of the switches the querier for that vlan shows as an ip address on a different subnet.

I would have thought the querier would have to be an ip address in the same vlan ?
ie. an ip address of an svi in that vlan ?

For example vlan 333 = 30.30.30.x /24
When I look for its querier it will show 10.10.10.4

I can only assume this is maybe because ip igmp snooping querier is enabled globally on that switch and no specific vlan is specified ? and this ip address must be lowest address or something on that switch ?
ie. querier is enabled globally rather then going under the svi and enabling it on the specific vlan.

Could this be possible ?
Thanks.

Hello Sean

That’s interesting. Whether you enable snooping globally or on a particular VLAN, it is always the case that the querier is within the subnet of that particular VLAN. And if there is more than one querier, the lowest IP address within the subnet becomes the querier… These restrictions can be found at this Cisco documentation:

In addition, RFC 2236 says that there is one querier per Layer 2 network…

Is it possible that there is an SVI on VLAN333 on one of the many switches in your network (i.e. an error in IP addressing) and since that SVI has an IP address of 10.10.10.4, it is the lowest IP address on the subnet, and it has chosen that one? Try to find out where that address is assigned on your network, and that might give you the clue that you need to continue troubleshooting. Can you investigate further and let us know?

I hope this has been helpful!

Laz