WB1 8.22 IGMP Filtering

8.22 IGMP Filtering

• Only permit R3 to accept IGMP joins for groups in the range 239.1.1.0/24
via its connection to SW1.
• Limit the number of concurrent IGMP states on the interface to 10.

--------------------------------------------------------

IGMP is the protocol used by multicast receivers to communicate their
willingness to listen to a particular multicast group. When a host wants to join a
multicast group, it sends an IGMP report message to the multicast address heard
by all routers on the segment. This report contains the multicast group that the
host wants to join. The multicast router may control groups allowed to be joined
by the receivers. When you apply the command ip igmp access-group
<ACL> to an interface, the router will filter all attempts to join groups not matching
the access-list. Recall that can accomplish this goal using the command ip
multicast boundary, but ip igmp access-group is more commonly used
on the interfaces facing receivers. Notice that you can use either standard or
extended access-lists with this command.

If you use a standard access-list, your configuration applies to IGMP v1, v2 and
v3 receivers. The hosts are allowed to listen to the channels (multicast groups)
matching an entry in the access-list. If you use an extended access-list, then you
may also selectively filter IGMPv3 reports. IGMPv3 allows receivers to join
explicit sources along with the multicast group. That is, every IGMPv3 report
contains the list of groups along with the multicast sources that the receiver
wants to listen. The access-list entry will have the format permit ip <srcip>
<src-mask> <group-ip> <group-mask>. If you want to filter joins to
any source, use the 0.0.0.0 255.255.255.255 wildcard pair. However, if you want
to filter IGMPv2 or v1 joins, that don’t support explicit source specification, use
the host IP address of 0.0.0.0 for the source.

Another useful feature is limiting the number of mroute states created for the
interface as a result of IGMP reports. The same command ip igmp limit
<N> can be applied globally and per-interface at the same time. In the first case,
it limits the aggregate number of multicast groups joined by directly connected
receivers on all multicast interfaces. When applied per-interface, it limits the
number of different multicast groups that can be joined on this particular
interface.

R3:
ip access-list standard IGMP_FILTER
permit 239.1.1.0 0.0.0.255
!
interface FastEthernet0/0
ip igmp access-group IGMP_FILTER
ip igmp limit 10

Start by checking the IGMP settings on R3’s interface. Notice that the maximum
number of allowed IGMP states is 10.

Rack1R3#show ip igmp interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
  Internet address is 155.1.37.3/24
  IGMP is enabled on interface
  Current IGMP host version is 2
  Current IGMP router version is 2
  IGMP query interval is 60 seconds
  IGMP querier timeout is 120 seconds
  IGMP max query response time is 10 seconds
  Last member query count is 2
  Last member query response interval is 1000 ms
  Inbound IGMP access group is IGMP_FILTER
  IGMP activity: 5 joins, 4 leaves
  Interface IGMP State Limit : 1 active out of 10 max
  Multicast routing is enabled on interface
  Multicast TTL threshold is 0
  Multicast designated router (DR) is 155.1.37.7 
  IGMP querying router is 155.1.37.3 (this system)
  IGMP helper address is 155.1.0.5
  No multicast groups joined by this system

Rack1R3#show ip igmp groups
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
239.1.1.7        FastEthernet0/0          00:00:27  00:02:32  155.1.37.7      Ac
224.110.110.110  Loopback0                1d02h     00:02:35  150.1.3.3      
224.0.1.39       Serial1/0.1              07:07:15  00:02:22  155.1.0.5      
224.0.1.40       Serial1/0.1              1d02h     00:02:15  155.1.0.3      
Rack1R3#

Now configure SW1 to join a different group, e.g. 239.2.2.7.

SW1:
interface FastEthernet 0/3
ip igmp join-group 239.2.2.7

Check that there is still just one IGMP state created on R3:

Rack1R3#show ip igmp groups
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
239.1.1.7        FastEthernet0/0          00:00:27  00:02:32  155.1.37.7      Ac
224.110.110.110  Loopback0                1d02h     00:02:35  150.1.3.3      
224.0.1.39       Serial1/0.1              07:07:15  00:02:22  155.1.0.5      
224.0.1.40       Serial1/0.1              1d02h     00:02:15  155.1.0.3      
Rack1R3#

被過濾掉了，那我們在SW1上..持續加........

Rack1R3#show ip igmp groups                   
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
239.1.1.7        FastEthernet0/0          00:04:16  00:02:49  155.1.37.7      Ac
239.1.1.9        FastEthernet0/0          00:01:27  00:02:45  155.1.37.7      Ac
239.1.1.8        FastEthernet0/0          00:01:31  00:02:46  155.1.37.7      Ac
239.1.1.11       FastEthernet0/0          00:01:24  00:02:46  155.1.37.7      Ac
239.1.1.10       FastEthernet0/0          00:01:25  00:02:47  155.1.37.7      Ac
239.1.1.13       FastEthernet0/0          00:01:22  00:02:49  155.1.37.7      Ac
239.1.1.12       FastEthernet0/0          00:01:23  00:02:47  155.1.37.7      Ac
239.1.1.14       FastEthernet0/0          00:00:06  00:02:53  155.1.37.7      Ac
239.1.1.19       FastEthernet0/0          00:00:05  00:02:54  155.1.37.7      Ac
224.110.110.110  Loopback0                1d02h     00:02:41  150.1.3.3      
224.0.1.39       Serial1/0.1              07:11:04  00:02:29  155.1.0.5      
224.0.1.40       Serial1/0.1              1d02h     00:02:23  155.1.0.3      
Rack1R3#show ip igmp interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
  Internet address is 155.1.37.3/24
  IGMP is enabled on interface
  Current IGMP host version is 2
  Current IGMP router version is 2
  IGMP query interval is 60 seconds
  IGMP querier timeout is 120 seconds
  IGMP max query response time is 10 seconds
  Last member query count is 2
  Last member query response interval is 1000 ms
  Inbound IGMP access group is IGMP_FILTER
  IGMP activity: 13 joins, 4 leaves
  Interface IGMP State Limit : 9 active out of 10 max
  Multicast routing is enabled on interface
  Multicast TTL threshold is 0
  Multicast designated router (DR) is 155.1.37.7 
  IGMP querying router is 155.1.37.3 (this system)
  IGMP helper address is 155.1.0.5
  No multicast groups joined by this system
Rack1R3#

直我們家超過第11組, R3就會有告警...並且無法加入
Rack1R3#
*Mar  2 15:10:15.654: %IGMP-6-IGMP_GROUP_LIMIT: IGMP limit exceeded for group (*, 239.1.1.21) on FastEthernet0/0 by host 155.1.37.7
Rack1R3#

Rack1R3#show ip igmp groups
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
239.1.1.7        FastEthernet0/0          00:06:09  00:02:55  155.1.37.7      Ac
239.1.1.9        FastEthernet0/0          00:03:20  00:02:57  155.1.37.7      Ac
239.1.1.8        FastEthernet0/0          00:03:24  00:02:50  155.1.37.7      Ac
239.1.1.11       FastEthernet0/0          00:03:17  00:02:58  155.1.37.7      Ac
239.1.1.10       FastEthernet0/0          00:03:18  00:02:51  155.1.37.7      Ac
239.1.1.13       FastEthernet0/0          00:03:15  00:02:57  155.1.37.7      Ac
239.1.1.12       FastEthernet0/0          00:03:16  00:02:51  155.1.37.7      Ac
239.1.1.14       FastEthernet0/0          00:01:59  00:02:58  155.1.37.7      Ac
239.1.1.19       FastEthernet0/0          00:01:58  00:02:54  155.1.37.7      Ac
239.1.1.20       FastEthernet0/0          00:01:03  00:02:51  155.1.37.7      Ac
224.110.110.110  Loopback0                1d02h     00:02:51  150.1.3.3      
224.0.1.39       Serial1/0.1              07:12:58  00:02:38  155.1.0.5      
224.0.1.40       Serial1/0.1              1d02h     00:02:38  155.1.0.3      
Rack1R3#