Different IGMP-snooping behaviour Nexus5000 vs Catalyst Switches

HUBERT RESCH · ‎02-07-2011

Hi,

has somebody experience with IGMP-snooping behaviour of N5K, heard rumors that seems to be different to "legacy" Catalyst Switches.

Background:

We are running MS-NLB cluster in MC-IGMP-Mode now on L2-Catalyst-Switches (which are connected to C6K5 for inter-VLAN-routing)

So the NLB-cluster derives from its Unicast-VIP (virtual IP address) a MC-IPadress like following UC-VIP a.b.c.d , MC-VIP 239.255.c.d

Based on the MC-VIP there is a corresponding MC-MAC-Address used for the UC-VIP which is an IANA-reserve 0100.5Exx.xxxx.

With this MAC-Adress the cluster ist responing to ARP-requests for the UC-VIP. Because Catalyst does not allow a MC-MAC in the answer for an ARP-reply we have to configure it statically on the L3-Catalyst like following:

ip arp a.b.c.d 0100.5EFF.ccdd arpa

For flooding-prevention the Members of the NLB-Cluster are sending IGMP-Joins for the corresponding MC-group 239.255.c.d

Based on this IGMP-Join (Report) the L2-Catalyst is sending traffic to Dest-MAC 0100.5EFF.ccdd only to ports where he could see IGMP-reports

for 239.255.c.d.

Now I heard rumors that a Nexus5000 has another behaviour, for MC-forwarding N5K is not only looking to the MC-Dest-MAC-Address of a Packet, its also looking to the Destination IP-address. If this is the Case all traffic which is not to Destination MC-VIP 239.255.c.d will be flooded in the entire VLAN though Destination MAC is 0100.5EFF.ccdd .

So flooding-prevention with IGMP would not work for the NLB-Cluster connected to an N5K.

Has anybody experience with this or does exactly know the behaviour of N5K for IP-MC forwarding ?

Thx in Advance

Hubert

phiharri · ‎02-09-2011

Hey Hubert,

Nexus 5000 forwards multicast based only on destination MAC, programmed into CAM based on MAC from IGMP reports.

Nexus 7000 forwards multicast at L2 based on destination IP, although the hardware is capable of MAC-based forwarding aswell. In the future this will be configurable.

Hope this helps,

/Phil

HUBERT RESCH · ‎02-09-2011

Hi Phil, many thx for this information, is there a document on CCO where I can read that N7K is doing it based on Destination IP-address ?

Do you know for which version of NXOS the possibility to configure it is planned ?

Is there any disadvantage to forwarding it based on Destination MAC-Address in comparision to doing based on Destination IP-Address ?

I am asking for this because now we have some MS-NLB-Cluster in IGMP-MC-Mode connected on Legacy Catalyst Environment and we should move them to Nexus Environment.

Kind Regards

Hubert

phiharri · ‎02-09-2011

Hi Hubert,

Yes, the IGMP Snooping configuration guide mentions:

"The Cisco NX-OS IGMP snooping software has the following proprietary features:

•Multicast forwarding based on IP addresses rather than MAC address."

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/multicast/configuration/guide/igmp_snoop.html

The classical argument for IP-based forwarding is to avoid the 32:1 aliasing issue, eg. 234.1.1.1 and 234.129.1.1 can have a different set of member ports and correctly be constrained at L2 when forwarding IP-based. With MAC-based forwarding traffic would hit receivers for either group as the addresses both map to 0100.5e01.0101 at L2.

Either shouldn't make a difference for NLB - just be aware that at present static CAM entries for multicast aren't possible on N5k or N7k (enhancements CSCtd22110 for 5k, CSCsx47620 for 7k coming in 5.2).

Sorry, couldn't find when the behaviour will be configurable on N7k, possibly in line with future linecard releases which may only support MAC-based forwarding.

Hope this helps!,

/Phil