Example: Configuring IGMP Snooping
This example shows how to configure IGMP snooping. IGMP snooping can reduce unnecessary traffic from IP multicast applications.
This example uses the following hardware components:
One MX Series router
One Layer 3 device functioning as a multicast router
Before you begin:
Configure the interfaces. See the Interfaces User Guide for Security Devices.
Configure an interior gateway protocol. See the Junos OS Routing Protocols Library.
Configure a multicast protocol. This feature works with the following multicast protocols:
Overview and Topology
IGMP snooping controls multicast traffic in a switched network. When IGMP snooping is not enabled, the Layer 2 device broadcasts multicast traffic out of all of its ports, even if the hosts on the network do not want the multicast traffic. With IGMP snooping enabled, a Layer 2 device monitors the IGMP join and leave messages sent from each connected host to a multicast router. This enables the Layer 2 device to keep track of the multicast groups and associated member ports. The Layer 2 device uses this information to make intelligent decisions and to forward multicast traffic to only the intended destination hosts.
This example includes the following statements:
proxy—Enables the Layer 2 device to actively filter IGMP packets to reduce load on the multicast router. Joins and leaves heading upstream to the multicast router are filtered so that the multicast router has a single entry for the group, regardless of how many active listeners have joined the group. When a listener leaves a group but other listeners remain in the group, the leave message is filtered because the multicast router does not need this information. The status of the group remains the same from the router's point of view.
immediate-leave—When only one IGMP host is connected, the immediate-leave statement enables the multicast router to immediately remove the group membership from the interface and suppress the sending of any group-specific queries for the multicast group.
When you configure this feature on IGMPv2 interfaces, ensure that the IGMP interface has only one IGMP host connected. If more than one IGMPv2 host is connected to a LAN through the same interface, and one host sends a leave message, the router removes all hosts on the interface from the multicast group. The router loses contact with the hosts that properly remain in the multicast group until they send join requests in response to the next general multicast listener query from the router.
When IGMP snooping is enabled on a router running IGMP version 3 (IGMPv3) snooping, after the router receives a report with the type BLOCK_OLD_SOURCES, the router suppresses the sending of group-and-source queries but relies on the Junos OS host-tracking mechanism to determine whether or not it removes a particular source group membership from the interface.
query-interval—Enables you to change the number of IGMP messages sent on the subnet by configuring the interval at which the IGMP querier router sends general host-query messages to solicit membership information.
By default, the query interval is 125 seconds. You can configure any value in the range 1 through 1024 seconds.
query-last-member-interval—Enables you to change the amount of time it takes a device to detect the loss of the last member of a group.
The last-member query interval is the maximum amount of time between group-specific query messages, including those sent in response to leave-group messages.
By default, the last-member query interval is 1 second. You can configure any value in the range 0.1 through 0.9 seconds, and then 1-second intervals from 1 through 1024 seconds.
query-response-interval—Configures how long the router waits to receive a response from its host-query messages.
By default, the query response interval is 10 seconds. You can configure any value in the range 1 through 1024 seconds. This interval should be less than the interval set in the query-interval statement.
robust-count—Provides fine-tuning to allow for expected packet loss on a subnet. It is basically the number of intervals to wait before timing out a group. You can wait more intervals if subnet packet loss is high and IGMP report messages might be lost.
By default, the robust count is 2. You can configure any value in the range 2 through 10 intervals.
group-limit—Configures a limit for the number of multicast groups (or [S,G] channels in IGMPv3) that can join an interface. After this limit is reached, new reports are ignored and all related flows are discarded, not flooded.
By default, there is no limit to the number of groups that can join an interface. You can configure a limit in the range 0 through a 32-bit number.
host-only-interface—Configure an IGMP snooping interface to be an exclusively host-side interface. On a host-side interface, received IGMP queries are dropped.
By default, an interface can face either other multicast routers or hosts.
multicast-router-interface—Configures an IGMP snooping interface to be an exclusively router-facing interface.
By default, an interface can face either other multicast routers or hosts.
static—Configures an IGMP snooping interface with multicast groups statically.
By default, the router learns about multicast groups on the interface dynamically.
Figure 1 shows networks without IGMP snooping. Suppose host A is an IP multicast sender and hosts B and C are multicast receivers. The router forwards IP multicast traffic only to those segments with registered receivers (hosts B and C). However, the Layer 2 devices flood the traffic to all hosts on all interfaces.
Figure 2 shows the same networks with IGMP snooping configured. The Layer 2 devices forward multicast traffic to registered receivers only.
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the  hierarchy level, and then enter commit from configuration mode.
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure IGMP snooping:
Configure the bridge domain.[edit bridge-domains domain1]user@host# set domain-type bridgeuser@host# set interface ge-0/0/1.1user@host# set interface ge-0/0/2.1user@host# set interface ge-0/0/3.1
Enable IGMP snooping and configure the router to serve as a proxy.[edit bridge-domains domain1]user@host# set protocols igmp-snooping proxy
Configure the limit for the number of multicast groups allowed on the ge-0/0/1.1 interface to 50.[edit bridge-domains domain1]user@host# set protocols igmp-snooping interface ge-0/0/1.1group-limit 50
Configure the router to immediately remove a group membership from an interface when it receives a leave message from that interface without waiting for any other IGMP messages to be exchanged.[edit bridge-domains domain1]user@host# set protocols igmp-snooping immediate-leave
Statically configure IGMP group membership on a port.[edit bridge-domains domain1]user@host# set protocols igmp-snooping interface ge-0/0/3.1 static group 220.127.116.11
Configure an interface to be an exclusively router-facing interface (to receive multicast traffic).[edit bridge-domains domain1]user@host# set protocols igmp-snooping interface ge-0/0/2.1 multicast-router-interface
Configure an interface to be an exclusively host-facing interface (to drop IGMP query messages).[edit bridge-domains domain1]user@host# set protocols igmp-snooping interface ge-0/0/1.1 host-only-interface
Configure the IGMP message intervals and robustness count.[edit bridge-domains domain1]user@host# set protocols igmp-snoopingrobust-count 4user@host# set protocols igmp-snooping query-last-member-interval 0.1user@host# set protocols igmp-snooping query-interval 200user@host# set protocols igmp-snooping query-response-interval 0.4
If you are done configuring the device, commit the configuration.user@host# commit
Confirm your configuration by entering the show bridge-domains command.
To verify the configuration, run the following commands: