Very commonly a new presence will enter your network, it could be something you have introduced or a product another team member has installed, only to find out there is some type of ‘network communication problem’ with the new product.

After some investigation, the traffic type in question is discovered to be multicast. Some run from this problem like the plaque, others will tell the installer of the new product they are out of luck, because multicast traffic is ‘not supported’. More commonly ‘bandaids’ are put in place to make the product work. The types of fixes implemented could be something like putting all the multicast ‘talkers’ on the same physical switch. Other accommodating changes could be more drastic, such as disabling important features that are enabled on catalyst switches by default.

Now that the picture has been painted, a little explanation:

IGMP is a protocol used by clients wanting to receive a multicast stream. The client sends an IGMP report message to a multicast router telling or confirming that it wants to receive a particular stream. An IGMP query message is used by the multicast router to ask clients if they want to receive a multicast stream. If there is not a client requesting or confirming it wants to receive a stream, the router will not forward the traffic, because it is not needed.

Catalyst switches have a feature called IGMP snooping. Basically the switch transparently listens for these IGMP query/report messages described above. If it does not detect any multicast traffic being requested, it shuts off any traffic from the stream to that switchport. This optimizes the traffic flow even more, since it operates at a switchport level. The reason why igmp snooping often causes issues is when there is no multicast router in place. In many cases there is good reason for this, if multicast across a routed network is not desired, there is no good reason to turn on multicast routing.

However, the problem comes in when snooping blocks a multicast stream on the uplink port (where it normally would receive IGMP query messages from the multicast router). This happens because the switch never sees any IGMP traffic on those ports, therefore it shuts down traffic on them. Therefore the IGMP request messages from the client are never received on a different switch that is connected to the multicast sender.

Many times after researching a similar problem, the resolution will be from the product vendor to disable IGMP snooping with the command ‘no igmp snooping’. If you disable IGMP snooping, all switches treat multicast traffic as broadcast traffic. This floods the traffic to all the ports in that VLAN, regardless of whether the ports have interested receivers for that multicast stream. Obviously, this is not the type of behavior desired in any network - let’s fix the issue properly so snooping can be left enabled.

Solution

Manually configure an mrouter port on each access switch, in the absence of a multicast router on the network. The assigned mrouter port should be the uplink port that connects the access switch to the distribution layer. The access switch will always forward IGMP messages on the mrouter port. Do not configure an mrouter port on the distribution switch. In this scenerio, when the client connected to an access switch requests a multicast stream the IGMP message will be forwarded out the uplink port to the distribution switch. When the distribution detects the IGMP messages from an access switch, it will put the uplink port in it’s IGMP snooping table, thus allowing multicast traffic on the port.

To manually configure an access switch with an mrouter port:

accessSwitch(config)#ip igmp snooping vlan 10 mrouter interface Gig 1/0/49

The previous example assumes all the hosts using multicast is on vlan10 and the access switch uplink port is Gigabit 1/0/49.

Now, when the security guys call and say their new Checkpoint firewalls running on that shiney new Nokia cluster doesn’t work - go armed with the fix. Many high availability/clustering applications use multicast for the heartbeat traffic, the Microsoft clustering built into Windows also uses it.