Configuring IGMP Snooping with VXLAN

By snooping IGMP messages it is possible to determine the (local) port membership for multicast groups. It is also possible to include the logical ports associated with VXLAN tunnels and their remote VTEPs when IGMP messages are snooped on remote overlay network nodes.


The following command supports this feature:

 

CLI (network-admin@switch) > igmp-snooping-modify vxlan|no-vxlan


vxlan|no-vxlan

Enable IGMP on VXLAN. Disabled by default.

 

CLI (network-admin@switch) > igmp-snooping-modify vxlan


CLI (network-admin@switch) > igmp-snooping-show

 

enable:                       yes

vxlan:                        yes

enable-vlans:                 1-4092

snoop-link local-vlans:       none


To disable it:


CLI (network-admin@switch) > igmp-snooping-modify no-vxlan


CLI (network-admin@switch) > igmp-snooping-show

enable:                yes

vxlan:                 no

enable-vlans:          1-4092

snoop-linklocal-vlans: none

 

Informational Note: IGMP Snooping is enabled by default while the VXLAN option is disabled by default.


Let us consider an  example: Assume that IGMP join messages for group 239.1.1.1 (from source 10.1.1.2) are received on a tunnel associated with VLAN 10 (with VNI 10), as shown in the command output below:


CLI (network-admin@switch) > vlan-show vxlan 10


id   type   vxlan vxlan-type replicators scope description active stats    ports        untagged-ports active-edge-ports

---- ------ ----- ---------- ----------- ----- ----------- ------ ----- --------------- -------------  -------------

10   public  10    user       none       local  vlan-10     yes    no    9,41,69-72,253   9              9



Group IP 239.1.1.1 is associated to source IP 10.1.1.2 and its port membership list only contains the logical port ID (12755068416) associated with a VXLAN tunnel:


CLI (network-admin@switch) > igmp-show group-ip 239.1.1.1

 

group-ip  node-ip  vnet vxlan bd vlan port       source node-type expires(s)

--------- -------– ---- ----- -- ---- ---------- ------ --------- ------–-–

239.1.1.1 10.1.1.2            10  12 12755068416 0.0.0.0 host      0


You can check the tunnel info (such as its associated VTEP IP addresses) corresponding to logical port 1275068416 with the following command:


CLI (network-admin@switch) > tunnel-show tunnelID 1275068416


scope:              local

name:               auto-tunnel-70

type:               vxlan

vrouter-name:       vr1

local-ip:           70.1.1.2

remote-ip:          80.1.1.2

router-if:          eth1.4092

next-hop:           70.1.1.1

next-hop-mac:       66:0e:94:70:61:7f

remote-switch:      0

active:             yes

state:              ok

bfd:                disabled

bfd-state:          unknown

error:

route-info:         80.1.1.0/24

ports:              19

auto-tunnel:        auto


You can also verify that the L2 table contains the MAC address corresponding to group IP 239.1.1.1 (i.e., 01:00:5e:01:01:01):


CLI (network-admin@switch) > l2-table-hw-show mac 01:00:5e:01:01:01


mac          vlan  vxlan  ports   state            hw-flags  mc-index

-----------------  ----- -----  -----  ----------------   ------- ---------

01:00:5e:01:01:01   10    10    none   active,static,hit            201326595