How do Cisco switches handle multicast traffic?

Sam Brynes · ‎11-26-2019

CDP and STP - these frames are sent to well-known MAC addresses 01:00:0c:cc:cc:cc and 01:80:C2:00:00:00, respectively.

How do Cisco switches handle multicast traffic? Is layer 2 multicast traffic sent to devices that do an IGMP join to the CDP / STP multicast group? Or is IGMP only used to join a layer 3 multicast group (IP address)?

If IGMP snooping is disabled on the Cisco switch, does it change the switch's behavior of which ports the multicast layer 2 traffic is sent to?

andrewswanson · ‎11-27-2019

Hi

See the answer to this thread:

https://community.cisco.com/t5/switching/multicast-layer-2-flooding-and-cdp-vtp/td-p/2758332

CDP (01:00:0c:cc:cc:cc) and LLDP (01:80:C2:00:00:0E) are link layer discovery protocols. This traffic is sent/received only between directly connected devices.

Only multicast macs with the oui 01:00:5E map to a multicast group 224.0.0.0 - 239.255.255.255 so igmp is not required for cdp/lldp etc.

hth
Andy

Sam Brynes · ‎11-27-2019

Thanks Andy.

That link helped. Can you please explain how the switch decides which ports to send CDP, VTP, DTP, or PVST+ frames out to?

CDP floods its advertisement frames out, but how does it know on which port(s) Cisco equipment lives? Also, I am testing out a MikroTik device, so it looks like CDP is not only used on Cisco equipment - you'd have to keep around a MAC OUI database.

If you tell me that CDP floods its advertisements out of ports that have Cisco MAC addresses, we run into the issue of "nobody's talking to each other because they are not aware of each other's presence".

Also, on your point:

"Only multicast macs with the oui 01:00:5E map to a multicast group 224.0.0.0 - 239.255.255.255 so igmp is not required for cdp/lldp etc."

The "all hosts" multicast group 224.0.0.1 - are you saying that devices need to IGMP join this group? If it's "all hosts" on the subnet, it doesn't make much sense to me that hosts would need to explicitly join it.

vb10 · ‎11-27-2019

Hello Sam,

Range 224.0.0.1-255 is specially allocated for local network control. Multicast traffic to this addresses should be flooded by default within local network (VLAN), but not outside, it's not routable. IGMP snooping does not affect this range.

CDP, STP, DTP frames also by default are flooded via all the ports, where these protocols are enabled/VLANs allowed. Switch is not aware, what is connected on other side.

andrewswanson · ‎11-27-2019

Hi Sam

CDP is enabled globally by default (enabled on all interfaces) - it can be disabled globally with "no cdp run". It can also be disabled on a per interface basis with "no cdp enable".

CDP is a Cisco protocol but they can licence it out to other vendors.

A device being a member of the "all hosts" group indicates that it is multicast capable (has already joined a group).

hth
Andy

Sam Brynes · ‎11-27-2019

Thanks Andy.

It looks like hosts do not explicitly join the "all hosts" multicast group, 224.0.0.1.

I did a local SPAN across all VLANs and saw membership queries sent out to 224.0.0.1 (which itself is a multicast address), but I didn't see any membership reports for 224.0.0.1 sent back to 224.0.0.1.

I have IGMP snooping enabled on my switch:

sh ip igmp snooping ?
detail Show opertational state info
groups Show group information
mrouter Show routers on Catalyst Vlans
querier Show IGMP querier information
vlan Snooping info in a Catalyst Vlan
| Output modifiers
<cr>

SARCOMERE#sh ip igmp snooping
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan X:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan X:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan X:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Here's the out output of "show ip igmp membership all". I don't see 224.0.0.1 as one of the groups.

sh ip igmp membership all
Flags: A - aggregate, T - tracked
L - Local, S - static, V - virtual, R - Reported through v3
I - v3lite, U - Urd, M - SSM (S,G) channel
1,2,3 - The version of IGMP, the group is in
Channel/Group-Flags:
/ - Filtering entry (Exclude mode (S,G), Include mode (G))
Reporter:
<mac-or-ip-address> - last reporter if group is not explicitly tracked
<n>/<m> - <n> reporter in include mode, <m> reporter in exclude

Channel/Group Reporter Uptime Exp. Flags Interface
*,239.2.0.252 <REDACTED> 00:02:43 02:16 2A VlX
*,239.255.255.250 <REDACTED> 1w0d 02:13 2A VlX
*,239.255.255.250 <REDACTED> 3w0d 02:29 2A VlX
*,239.255.3.22 <REDACTED> 13:24:02 02:25 2A VlX
*,239.255.3.22 <REDACTED> 1w0d 02:14 2A VlX
*,239.228.228.228 <REDACTED> 1w0d 02:27 2A VlX
*,239.228.228.229 <REDACTED> 1w0d 02:32 2A VlX
*,224.0.1.40 <REDACTED> 3w0d 02:31 2LA VlX
#

andrewswanson · ‎11-27-2019

Hi Sam

Have a look through the ietf standard for igmp v2:

https://tools.ietf.org/html/rfc2236

For 224.0.0.1:

"The all-systems group (address 224.0.0.1) is handled as a special case. The host starts in Idle Member state for that group on every interface, never transitions to another state, and never sends a report for that group."

hth
Andy

Georg Pauwen · ‎11-27-2019

Hello,

in addition to the other post, when you disable IGMP snooping (which is enabled by default, on most switches), multicast traffic is indeed flooded to all ports on the switch.

Joseph W. Doherty · ‎11-28-2019

"How do Cisco switches handle multicast traffic?"

Depends on the switch features and how it's configured. As its most basic, IP multicast received as ingress on one port is replicated to all other ports. If it's a VLAN capable switch, egress replication is restricted to the ingress's VLAN. (This is basically the same as how a switch handles broadcast.) If the switch also supports IGMP snooping, and it's enabled, multicast is only replicated to egress ports where a host has indicated it wants the multicast stream. (This last feature now more closely acts like unicast switching.) IGMP snooping requires a IGMP querier. BTW, Cisco also has "IGMP" for routers on a shared L2 domain, i.e. PIM snooping.

"Is layer 2 multicast traffic sent to devices that do an IGMP join to the CDP / STP multicast group?"

No.

Or is IGMP only used to join a layer 3 multicast group (IP address)?

Yes, as IGMP is IP.

"If IGMP snooping is disabled on the Cisco switch, does it change the switch's behavior of which ports the multicast layer 2 traffic is sent to?"

Yes, as noted above, multicast replication is then not limited to ports that "want" that multicast stream.

BTW, when looking at unicast, multicast and broadcast, keep in mind how it works on shared media Ethernet, i.e. all hosts on the same LAN "wire" saw all traffic. The host's NIC will efficiently "ignore" unicast and multicast that it doesn't want. However, a switch avoids sending unicast on a port that's not a transit to the receiving host, and ditto for multicast. Both suppressing unicast and multicast is to "free" bandwidth that serves no purpose.