Example: Configuring IGMP Snooping on SRX Series Devices
You can enable IGMP snooping on a VLAN to constrain the flooding of IPv4 multicast traffic on a VLAN. When IGMP snooping is enabled, the device examines IGMP messages between hosts and multicast routers and learns which hosts are interested in receiving multicast traffic for a multicast group. Based on what it learns, the device then forwards multicast traffic only to those interfaces that are connected to relevant receivers instead of flooding the traffic to all interfaces.
This example describes how to configure IGMP snooping:
This example uses the following hardware and software components:
One SRX Series device
Junos OS Release 18.1R1
Before you configure IGMP snooping, be sure you have:
Configured a VLAN, v1, on the device
Assigned interfaces ge-0/0/1, ge-0/0/2, ge-0/0/3, and ge-0/0/4 to v1
Configured ge-0/0/3 as a trunk interface
Overview and Topology
IGMP snooping controls multicast traffic in a switched network. When IGMP snooping is not enabled, the SRX Series device broadcasts multicast traffic out of all of its ports, even if the hosts on the network do not want the multicast traffic. With IGMP snooping enabled, the SRX Series device monitors the IGMP join and leave messages sent from each connected host to a multicast router. This enables the SRX Series device to keep track of the multicast groups and associated member ports. The SRX Series device uses this information to make intelligent decisions and to forward multicast traffic to only the intended destination hosts.
The sample topology is illustrated in Figure 1.
In this sample topology, the multicast router forwards multicast traffic to the device from the source when it receives a membership report for group 184.108.40.206 from one of the hosts—for example, Host B. If IGMP snooping is not enabled on vlan100, the device floods the multicast traffic on all interfaces in vlan100 (except for interface ge-0/0/2.0). If IGMP snooping is enabled on vlan100, the device monitors the IGMP messages between the hosts and router, allowing it to determine that only Host B is interested in receiving the multicast traffic. The device then forwards the multicast traffic only to interface ge-0/0/2.
To configure IGMP snooping on a device:
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the  hierarchy level, and then enter commit from configuration mode.
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure IGMP snooping:
- Configure the access mode interfaces.user@host# set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode accessuser@host# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members v1user@host# set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode accessuser@host# set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members v1user@host# set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode trunkuser@host# set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members v1user@host# set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode accessuser@host# set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members v1
- Configure the VLAN.user@host# set vlans v1 vlan-id 100
- Enable IGMP snooping and configure the device to serve
as a proxy.user@host# set protocols igmp-snooping vlan v1 proxy
- Configure the limit for the number of multicast groups
allowed on the ge-0/0/1.0 interface to 50.user@host# set protocols igmp-snooping vlan v1 interface ge-0/0/1.0 group-limit 50
- Configure the device to immediately remove a group membership
from an interface when it receives a leave message from that interface
without waiting for any other IGMP messages to be exchanged.user@host# set protocols igmp-snooping vlan v1 immediate-leave
- Statically configure interface ge-0/0/4 as a multicast-router
interface.user@host# set protocols igmp-snooping vlan v1 interface ge-0/0/4.0 static group 220.127.116.11
- Configure an interface to be an exclusively host-facing
interface (to drop IGMP query messages).user@host# set protocols igmp-snooping vlan v1 interface ge-0/0/1.0 host-only-interface
- Configure the IGMP message intervals and robustness count.user@host# set protocols igmp-snooping vlan v1 query-interval 200user@host# set protocols igmp-snooping vlan v1 query-response-interval 0.4user@host# set protocols igmp-snooping vlan v1 query-last-member-interval 0.1user@host# set protocols igmp-snooping vlan v1 robust-count 4
- If you are done configuring the device, commit the configuration.user@host# commit
From configuration mode, confirm your configuration by entering the show protocols igmp-snooping command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
Verifying IGMP Snooping Operation
To verify that IGMP snooping is operating as configured, perform the following task:
Displaying IGMP Snooping Information for VLAN v1
Verify that IGMP snooping is enabled on vlan v1 and that ge-0/0/4 is recognized as a multicast-router interface.
From operational mode, enter the show igmp snooping membership command.
user@host> show igmp snooping membership
Instance: default-switch Vlan: v1 Learning-Domain: default Interface: ge-0/0/4.0, Groups: 1 Group: 18.104.22.168 Group mode: Exclude Source: 0.0.0.0 Last reported by: Local Group timeout: 0 Type: Static
By showing information for vlanv1, the command output confirms that IGMP snooping is configured on the VLAN. Interface ge-0/0/4.0 is listed as a multicast-router interface, as configured. Because none of the host interfaces are listed, none of the hosts are currently receivers for the multicast group.