Configuring Multicast Services

Interactive applications such as video conferencing, delivery of live stock quotes, and shared whiteboard applications rely on multicast traffic, both within intranets and on the Internet. Multicasting saves bandwidth by forcing the network to replicate packets only when necessary. In addition, multicasting allows hosts to dynamically join and leave groups at any time, unrestricted by the number of members in the group or by the location of the group within the network.

Configuring CGMP

Cisco Group Management Protocol (CGMP) manages multicast traffic in Catalyst 5000 series switches by allowing directed switching of IP multicast traffic within a network at rates greater than one million packets per second.

CGMP requires only a software upgrade on the Catalyst 5000 series switch and at least one Cisco router running software release 11.1(3) or later.

Configuration Guidelines

The following guidelines apply when you configure CGMP:

CGMP filtering requires a network connection from the Catalyst 5000 series switch to a router running CGMP.
By default, CGMP is disabled, and no multicast routers are configured.
Before you enable CGMP on a Catalyst 5000 series switch, you must disable IGMP snooping if it is enabled, by entering the set igmp disable command. If you try to enable CGMP without first disabling IGMP snooping, an error message is generated. IGMP snooping is available in Catalyst 5000 series software release 4.1 and later with a Supervisor Engine III with the NetFlow Feature Card (NFFC).

Procedure

To configure CGMP, enter this command in privileged mode:

Task	Command
Enable CGMP on the switch.	set cgmp enable

When you enable CGMP, it automatically identifies the ports to which a CGMP-capable router is attached. Enter the set multicast router command to statically configure multicast router ports:

Task	Command
Configure multicast router ports.	set multicast router mod_num/port_num

In the set multicast router command, mod_num is the number of the module, and port_num is the number of the port on that module to which the CGMP-capable router is attached.

To enable CGMP leave processing, enter this command in privileged mode:

Task	Command
Enable CGMP leave processing on a device.	set cgmp leave enable

To disable CGMP leave processing, enter this command in privileged mode:

Task	Command
Disable CGMP leave processing on a device.	set cgmp leave disable

To disable manually configured multicast router ports, enter this command in privileged mode:

Task	Command
Disable specific, manually configured multicast router ports.	clear multicast router mod_num/port_num
Disable all manually configured multicast router ports.	clear multicast router all

Verification

To verify the CGMP configuration, enter these commands:

Task	Command
Show CGMP information.	show cgmp statistics
Show multicast router information.	show multicast router [mod_num/port_num] [vlan_id]
Show multicast router information that was learned dynamically using CGMP.	show multicast router cgmp [mod_num/port_num] [vlan_id]
Show multicast group information.	show multicast group [mac_addr] [vlan_id]
Show multicast group information that was learned dynamically using CGMP.	show multicast group cgmp [mac_addr] [vlan_id]
Show the total number of multicast addresses (groups) in a VLAN (optional).	show multicast group count [cgmp/igmp] [vlan_id]

Examples

This section contains examples of the commands used to configure and monitor CGMP.

To enable CGMP on the Catalyst 5000 series switch, enter this command:

Console> (enable) set cgmp enable
CGMP support for IP multicast enabled.
Console> (enable)

When you enable CGMP, ports with a CGMP-capable router attached are identified automatically. If you want to manually specify a port that has an CGMP-capable router attached to it, either directly or indirectly, enter the set multicast router command. This example associates a multicast router to module 3, port 1:

Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)

To display CGMP statistics for a VLAN, enter this command:

Console> (enable) show cgmp statistics 1
CGMP enabled
CGMP statistics for vlan 1:
valid rx pkts received           211915
invalid rx pkts received         0
valid cgmp joins received        211729
valid cgmp leaves received       186
valid igmp leaves received       0
valid igmp queries received      3122
igmp gs queries transmitted      0
igmp leaves transmitted          0
failures to add GDA to EARL      0
topology notifications received  80
number of CGMP packets dropped   2032227

To display multicast router information for the switch, enter the show multicast router command. In this example, the asterisk (*) next to the multicast router on port 3/1 indicates that the entry was configured manually.

Console> (enable) show multicast router
CGMP enabled
IGMP disabled
 
Port       Vlan
---------  ----------------
 2/1       99
 2/2       255
 3/1    *  1
 7/9       2,99
Total Number of Entries = 4
'*' - Configured
Console> (enable)

To display only the multicast router information that has been learned automatically through CGMP, enter the show multicast router command with the cgmp keyword:

Console> (enable) show multicast router cgmp
CGMP enabled
IGMP disabled
 
Port       Vlan
---------  ----------------
 2/1       99
 2/2       255
 7/9       2,99
Total Number of Entries = 3
'*' - Configured
Console> (enable)

To display information about multicast groups that the switch has learned, enter the show multicast group command. In the following example, multicast group information for VLAN 2 is displayed:

Console> (enable) show multicast group 2
CGMP enabled
IGMP disabled

VLAN  Dest MAC/Route Des  Destination Ports or VCs / [Protocol Type]
----  ------------------  ----------------------------------------------------

2     01-00-5e-00-01-28*  7/9
2     01-00-5e-63-7f-6f*  7/9
2     01-00-5e-63-7f-70*  7/9
2     01-00-5e-63-7f-71*  7/9
2     01-00-5e-63-7f-72*  7/9
2     01-00-5e-63-7f-73*  7/9
2     01-00-5e-63-7f-74*  7/9
2     01-00-5e-63-7f-75*  7/9
2     01-00-5e-63-7f-76*  7/9
2     01-00-5e-63-7f-77*  7/9
2     01-00-5e-63-7f-e5*  7/9
2     01-00-5e-63-e3-dd*  7/9
2     01-00-5e-63-e3-de*  7/9
2     01-00-5e-63-e3-df*  7/9
2     01-00-5e-63-e3-e0*  7/9
2     01-00-5e-63-e3-e1*  7/9
2     01-00-5e-63-e3-e3*  7/9
2     01-00-5e-63-e3-e4*  7/9
2     01-00-5e-63-e3-e5*  7/9

Total Number of Entries = 19
Console> (enable)

To enable CGMP leave processing and verify its status, enter these commands:

Console> (enable) set cgmp leave enable
CGMP leave processing enabled.
Console> (enable)
Console> (enable) show cgmp leave
CGMP:       enabled
CGMP leave: enabled
Console> (enable)

Understanding CGMP

CGMP works with Internet Group Management Protocol (IGMP) messages to dynamically configure Catalyst 5000 series switch ports so that IP multicast traffic is forwarded only to those ports associated with IP multicast hosts.

Note For information on IP multicast, including IGMP, refer to RFC 1112.

CGMP software components run on both the router and the Catalyst 5000 series switch. A CGMP-capable IP multicast router sees all IGMP packets and can inform the Catalyst 5000 series switch when specific hosts join or leave IP multicast groups. When the CGMP-capable router receives an IGMP control packet, it creates a CGMP packet that contains the request type (either join or leave), the multicast group address, and the actual MAC address of the host. The router sends the CGMP packet to a well-known address to which all Catalyst 5000 series switches listen. When a switch receives the CGMP packet, the supervisor engine module interprets the packet and modifies the EARL forwarding table automatically, without user intervention.

You can set up multicast groups by entering the set cam static command. User-specified multicast group settings are static, whereas multicast groups learned through CGMP are dynamic. If you specify group membership for a multicast group address, your static setting supersedes any automatic manipulation by CGMP. Multicast group membership lists can consist of both user-defined and CGMP-learned settings.

Note If a spanning-tree VLAN topology changes, the CGMP-learned multicast groups on the VLAN are purged and the CGMP-capable router generates new multicast group information.

If a CGMP-learned port link is disabled for any reason, CGMP removes that port from any multicast group memberships.

We recommend that you enable the Spanning-Tree Portfast feature on ports to which hosts are directly connected if you are using CGMP. For information on the Spanning-Tree Portfast feature, see the "Configuring Spanning Tree" chapter.

Joining a Multicast Group

When a host wants to join an IP multicast group, it sends an IGMP join message specifying its MAC address and which IP multicast group it wants to join. The CGMP-capable router then builds a CGMP join message and multicasts the join message to the well-known address to which the Catalyst 5000 series switches listen. Upon receipt of the join message, each Catalyst 5000 series switch searches its EARL table to determine if it contains the MAC address of the host asking to join the multicast group. If a switch finds the host's MAC address in its EARL table associating the MAC address with a nontrunking port, the switch creates a multicast forwarding entry in the EARL forwarding table. The host associated with that port receives multicast traffic for that multicast group. In this way, the EARL automatically learns the MAC addresses and port numbers of the IP multicast hosts.

Leaving a Multicast Group

The CGMP-capable router sends periodic multicast-group queries. If a host wants to remain in a multicast group, it responds to the query from the router. In this case, the router does nothing. If a host does not want to remain in the multicast group, it does not respond to the router query. If after a number of queries, the router receives no reports from any host in a multicast group, the router sends a CGMP command to the Catalyst 5000 series switch, telling it to remove the multicast group from its forwarding tables.

Note If there are other hosts in the same multicast group and they do respond to the multicast-group query, the router does not tell the switch to remove the group from its forwarding tables. The router does not remove a multicast group from the switch's forwarding tables until all the hosts in the group ask to leave the group.

The CGMP fast-leave-processing feature allows the Catalyst 5000 series supervisor engine module to detect IGMP V.2 leave messages sent on the all-routers multicast address by hosts on any of the supervisor engine module ports. When the supervisor engine module receives a leave message, it starts a query-response timer. If this timer expires before a CGMP join message is received, then the port is pruned from the multicast tree for the multicast group specified in the original leave message. Fast-leave processing ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are in use simultaneously.

Configuring IGMP Snooping

IGMP snooping allows Catalyst 5000 series switches to examine IGMP packets and make forwarding decisions based on their content.

Configuration Guidelines

The following guidelines apply when you are configuring IGMP snooping:

IGMP snooping requires Catalyst 5000 series software release 4.1 or later, a Supervisor Engine III with an NFFC, and a network connection from the Catalyst 5000 series switch to a router running IGMP.
By default, IGMP snooping is disabled, and no multicast routers are configured.
Before you enable IGMP snooping on a Catalyst 5000 series switch, you must disable CGMP if it is enabled by entering the set cgmp disable command. If you attempt to enable IGMP snooping without first disabling CGMP, an error message is generated.

Procedure

To enable IGMP snooping on the Catalyst 5000 series switch, enter this command in privileged mode:

Task	Command
Enable IGMP on the switch.	set igmp enable

When you enable IGMP snooping, it automatically identifies the ports to which an IGMP-capable router is attached. To statically configure multicast router ports, enter this command in privileged mode:

Task	Command
Statically configure multicast router ports (repeat for additional multicast routers).	set multicast router mod_num/port_num

In the set multicast router command, mod_num /port_num is the module number and port number to which the IGMP-capable router is attached.

To disable IGMP snooping on the Catalyst 5000 series switch, enter this command in privileged mode:

Task	Command
Disable IGMP on the switch.	set igmp disable

To disable manually configured multicast router ports, enter these commands in privileged mode:

Task	Command
Disable specific, manually configured multicast router ports.	clear multicast router mod_num/port_num
Disable all manually configured multicast router ports.	clear multicast router all

Verification

To verify the IGMP configuration, enter these commands:

Task	Command
Show IGMP snooping information.	show igmp statistics
Show multicast router information.	show multicast router [mod_num/port_num] [vlan_id]
Show multicast router information that was learned dynamically using IGMP.	show multicast router igmp [mod_num/port_num] [vlan_id]
Show multicast group information.	show multicast group [mac_addr] [vlan_id]
Show multicast group information that was learned dynamically using IGMP.	show multicast group igmp [mac_addr] [vlan_id]
Show the total number of multicast addresses (groups) in a VLAN.	show multicast group count [igmp] [vlan_id]
Show the current IGMP/CGMP mode.¹	show igmp mode

¹ The Catalyst 5000 series switch dynamically chooses either IGMP-only or IGMP/CGMP mode, depending on the traffic seen on the network. IGMP-only mode is used in networks with no CGMP devices. IGMP/CGMP mode is used in networks with both IGMP and CGMP devices.

Examples

This section contains examples of the commands used to configure IGMP snooping:

To enable IGMP on the Catalyst 5000 series switch, enter the set igmp enable command:

Console> (enable) set igmp enable
IGMP Snooping is enabled.
CGMP is disabled.
Console> (enable)

When IGMP snooping is enabled, ports with an IGMP-capable router attached are identified automatically. If you want to manually specify a port that has an IGMP-capable router attached to it, either directly or indirectly, enter the set multicast router command. This example associates a multicast router to module 3, port 1:

Console> (enable) set multicast router 3/1
Port 3/1 added to multicast router port list.
Console> (enable)

To display IGMP statistics for a VLAN, enter this command:

Console> (enable) show igmp statistics 1
IGMP enabled
 
IGMP statistics for vlan 1:
Total valid pkts rcvd:           18951
Total invalid pkts recvd         0
General Queries recvd            377
Group Specific Queries recvd     0
MAC-Based General Queries recvd  0
Leaves recvd                     14
Reports recvd                    16741
Queries  Xmitted                 0
GS Queries Xmitted               16
Reports Xmitted                  0
Leaves Xmitted                   0
Failures to add GDA to EARL      0
Topology Notifications rcvd      10
IGMP packets dropped             0
Console> (enable)

To display multicast router information for the switch, enter the show multicast router command. In the following example, the asterisk (*) next to the multicast router on port 5/7 indicates that the entry was configured manually.

Console> (enable) show multicast router
CGMP disabled
IGMP enabled
Port       Vlan
---------  ----------------
 1/1       1
 2/1       2,99,255
 5/7    *  99
Total Number of Entries = 3
'*' - Configured
Console> (enable)

To display only the multicast router information that has been learned automatically through IGMP, enter the show multicast router command with the igmp keyword:

Console> (enable) show multicast router igmp
CGMP disabled
IGMP enabled
Port       Vlan
---------  ----------------
 1/1       1
 2/1       2,99,255
Total Number of Entries = 2
'*' - Configured
Console> (enable)

To display information about multicast groups that the switch has learned, enter the show multicast group command. In the following example, multicast group information for VLAN 99 is displayed:

Console> (enable) show multicast group 99
CGMP disabled
IGMP enabled

VLAN  Dest MAC/Route Des  Destination Ports or VCs / [Protocol Type]
----  ------------------  ----------------------------------------------------
99    01-00-5e-7f-b8-b3*  2/1,5/2,5/7
99    01-00-5e-7f-e2-77*  2/1,5/2,5/7

Total Number of Entries = 2
Console> (enable)

To show the total number of multicast addresses (groups) in a VLAN, enter the show multicast group count command:

Console> (enable) show multicast group count
CGMP disabled
IGMP enabled
Total Number of Entries = 23
Console> (enable)

Configuring Broadcast/Multicast Suppression

Broadcast/multicast suppression prevents switched ports on a LAN from being disrupted by a broadcast storm on one of the ports. A LAN broadcast storm occurs when broadcast or multicast packets flood the LAN, creating excessive traffic and degrading network performance. Since switched LANs act as a single LAN, a broadcast storm on one port can adversely affect the entire LAN. Errors in the protocol-stack implementation or in the network configuration cause a broadcast storm.

Configuration Guidelines

Because Catalyst 5000 series LAN switches operate at Layer 2, broadcast/multicast suppression is a critical element to prevent network performance degradation.

By default, broadcast/multicast suppression is disabled.

Procedure

To configure broadcast/multicast suppression, enter this command:

Task	Command
Set the broadcast/multicast suppression threshold for one or more ports.	set port broadcast mod_num/port_num threshold [%]

In the set port broadcast command, mod_num is the module number, and port_num is the number of the port on the module.

The threshold setting in the set port broadcast command can be defined in two ways:

As a percentage of total bandwidth that can be used by broadcast/multicast traffic. Bandwidth-based broadcast/multicast suppression affects all ports on a device.
As the number of broadcast/multicast packets that can be sent during a specified time period. You can target packet-based broadcast/multicast suppression to specific ports on a device.

When specifying a bandwidth-based threshold, you must include the percent (%) sign. When specifying a packets-per-second-based threshold, do not include the percent sign. For more information, see the "Examples" section.

To disable broadcast/multicast suppression for one or more ports, enter this command:

Task	Command
Disable broadcast/multicast suppression.	`clear port broadcast` `mod_num/port_`num

Verification

To verify the broadcast/multicast suppression configuration for all ports on module 3, enter the show port broadcast 3 command. After entering the show port broadcast 3 command, you see this display:

Console> (enable) show port broadcast 3
Port     Broadcast-Limit  Broadcast-Drop
------   ---------------  --------------
3/1                  30 %              0
3/2                  30 %              0
3/3                  30 %              0
3/4                  30 %              0
3/5                  30 %              0
3/6                  30 %              0
3/7                  30 %              0
3/8                  30 %              0
3/9                  30 %              0
3/10                 30 %              0
3/11                  0 %              0
3/12                 30 %              0

This display shows that all ports on module 3 are configured for bandwidth-based broadcast/multicast suppression, that broadcast limit is set to 30 percent, and that 0 packets dropped due to broadcast/multicast suppression.

To verify the broadcast/multicast suppression configuration for port 1 on module 2, enter the show port broadcast 2/1 command. After entering the show port broadcast 2/1 command, you see this display:

Console> (enable) show port broadcast 2/1
Port     Broadcast-Limit  Broadcast-Drop 
------   ---------------  --------------
2/1              100 p/s  259

This display shows that port 1 on module 2 is configured for packet-based broadcast/multicast suppression, that the broadcast limit is set to 100 packets-per-second, and that 259 packets dropped due to broadcast/multicast suppression.

Examples

This section provides examples for setting the broadcast/multicast suppression threshold for one or more ports.

To display the syntax for the set port broadcast command, enter the command with no arguments. You see this display:

Console> (enable) set port broadcast 
Usage: set port broadcast <mod_num/port_num> <threshold>[%]
       (threshold = 0..150000 packets/second or 0-100 percent
        0 pps or 100% unlimits broadcast traffic)

To limit broadcast/multicast traffic on ports 2/1 through 3/24 to 500 packets per second, enter this command:

Console> (enable) set port broadcast 2/1-3/24 500
Ports 2/1-3/24 broadcast traffic limited to 500 packets.

To limit broadcast/multicast traffic to all the ports on module 4 to 20 percent, enter this command:

Note Although bandwidth-based broadcast/multicast suppression applies to all ports on a module, you must specify a port number according to the syntax rules of the set port broadcast mod_num/port_num threshold [%] command. This example specifies port 3 on module 4 (4/3). You can specify any port number between 1 and 24.

Console> (enable) set port broadcast 4/3 20%
Ports 4/1-24 broadcast traffic limited to 20%.

To allow unlimited broadcast/multicast traffic to all ports on module 4 using bandwidth-based broadcast/multicast suppression, enter this command:

Console> (enable) set port broadcast 4/3 100%
Ports 4/1-24 broadcast traffic unlimited.

To allow unlimited broadcast/multicast traffic to ports 10 through 12 on module 3 using packet-based broadcast/multicast suppression, enter this command:

Console> (enable) set port broadcast 3/10-12 0
Ports 3/10-12 broadcast traffic unlimited.

Understanding Broadcast/Multicast Suppression

Broadcast/multicast suppression works by measuring broadcast/multicast activity on a LAN. Broadcast/multicast activity can be measured in two ways:

By the amount of network bandwidth used over a one-second time period, called bandwidth-based broadcast/multicast suppression
By the number of broadcast/multicast packets detected over a one-second time period, called packet-based broadcast/multicast suppression

Since the packet size varies, bandwidth-based measurement is more accurate and effective than packet-based measurement.

Broadcast/multicast suppression uses filtering that measures broadcast/multicast activity on a LAN over a one-second time period and compares the measurement with a predefined threshold. If the threshold is reached, further broadcast activity is suppressed for the duration of the time period.

Figure 12-1 provides an example in which broadcast/multicast suppression occurred between time intervals T1 and T2 and between T4 and T5.

Figure 12-1: Broadcast/Multicast Suppression

The broadcast suppression threshold numbers and the time interval combination make the broadcast/multicast suppression algorithm work with different levels of granularity. A higher threshold allows more broadcast/multicast packets to pass through.

Broadcast/multicast suppression is implemented in either hardware or software. Hardware broadcast/multicast suppression uses the bandwidth-based method. Software broadcast/multicast suppression uses the packet-based method.

Hardware Broadcast/Multicast Suppression

Hardware broadcast/multicast suppression circuitry in Catalyst 5000 series switches monitors packets passing from a port to the Catalyst 5000 switching bus. Using the Individual/Group bit in the packet destination address, the broadcast/multicast suppression circuitry determines if the packet is unicast or broadcast/multicast. It keeps track of the current count of broadcast/multicast words within the one-second time interval, and when a threshold is reached, filters out subsequent broadcast/multicast packets.

Since hardware broadcast/multicast suppression uses a bandwidth-based method to measure broadcast/multicast activity, the most significant implementation factor is setting the percentage of total available bandwidth that can be used by broadcast/multicast traffic. A threshold value of 100 percent means that no limit is placed on broadcast traffic. A threshold value of 0 percent means that broadcast/multicast suppression is disabled. (By default, broadcast/multicast suppression is disabled.) The set port broadcast command allows you to set up the broadcast suppression threshold value. You enable broadcast/multicast suppression by setting the threshold to a value greater than 0 percent.

Since packets do not arrive at uniform intervals, the one-second time interval during which broadcast/multicast activity is measured can affect the behavior of broadcast/multicast suppression.

The following Catalyst 5000 series switching modules support hardware broadcast/multicast suppression:

Ethernet switching module (10BaseT 48 port) --WS-X5012
Ethernet switching module (10BaseT 24 port, RJ-45)--WS-X5013
Fast EtherChannel switching module (100BaseFX 12 port)--WS-X5201
10/100-Mbps Fast EtherChannel switching module (10/100BaseTX 12 port)--WS-X5203
Group switching Fast Ethernet module (100BaseTX 24 port)--WS-X5223
10/100-Mbps Workgroup Fast Ethernet switching module (10/100BaseTX 24 port)--WS-X5224

Software Broadcast/Multicast Suppression

Software broadcast/multicast suppression is supported in all Ethernet modules that support hardware broadcast/multicast suppression (see the section "Hardware Broadcast/Multicast Suppression"); it is not available for use with ATM or FDDI cards.

Since software broadcast/multicast suppression uses a packet-based method to measure broadcast/multicast activity, the most significant implementation factor is setting a threshold value for the number of broadcast packets-per-second allowed. If you set the threshold number to 0 packets per second, no broadcast/multicast packets are suppressed.

Note Validation of CLI and SNMP commands by the supervisor engine module only occurs if a module has the broadcast/multicast suppression feature. Hardware broadcast/multicast suppression takes precedence over software broadcast/multicast suppression unless you disable the hardware broadcast/multicast suppression feature (that is, when the threshold value is set to 100 percent).

Table of Contents

Configuring Multicast Services