Chapter 14
| Multicast Filtering
Layer 2 IGMP (Snooping and Query for IPv4)
– 544 –
If a topology change notification (TCN) is received, and all the uplink ports are
subsequently deleted, a time out mechanism is used to delete all of the
currently learned multicast channels.
When a new uplink port starts up, the switch sends unsolicited reports for all
currently learned channels out the new uplink port.
By default, the switch immediately enters into “multicast flooding mode” when
a spanning tree topology change occurs. In this mode, multicast traffic will be
flooded to all VLAN ports. If many ports have subscribed to different multicast
groups, flooding may cause excessive packet loss on the link between the
switch and the end host. Flooding may be disabled to avoid this, causing
multicast traffic to be delivered only to those ports on which multicast group
members have been learned. Otherwise, the time spent in flooding mode can
be manually configured to reduce excessive loading.
When the spanning tree topology changes, the root bridge sends a proxy
query to quickly re-learn the host membership/port relations for multicast
channels. The root bridge also sends an unsolicited Multicast Router Discover
(MRD) request to quickly locate the multicast routers in this VLAN.
The proxy query and unsolicited MRD request are flooded to all VLAN ports
except for the receiving port when the switch receives such packets.
◆ TCN Query Solicit – Sends out an IGMP general query solicitation when a
spanning tree topology change notification (TCN) occurs. (Default: Disabled)
When the root bridge in a spanning tree receives a TCN for a VLAN where IGMP
snooping is enabled, it issues a global IGMP leave message (or query
solicitation). When a switch receives this solicitation, it floods it to all ports in
the VLAN where the spanning tree change occurred. When an upstream
multicast router receives this solicitation, it immediately issues an IGMP general
query.
A query solicitation can be sent whenever the switch notices a topology
change, even if it is not the root bridge in spanning tree.
◆ Router Alert Option – Discards any IGMPv2/v3 packets that do not include the
Router Alert option. (Default: Disabled)
As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router Alert
Option can be used to protect against DOS attacks. One common method of
attack is launched by an intruder who takes over the role of querier, and starts
overloading multicast hosts by sending a large number of group-and-source-
specific queries, each with a large source list and the Maximum Response Time
set to a large value.
To protect against this kind of attack, (1) routers should not forward queries.
This is easier to accomplish if the query carries the Router Alert option. (2) Also,
when the switch is acting in the role of a multicast host (such as when using
proxy routing), it should ignore version 2 or 3 queries that do not contain the
Router Alert option.
To Next Page
Loading...
Need help?
General