JUNOSe 9.1.x Multicast Routing Configuration Guide > Configuring IPv4 Multicast > Blocking and Limiting Multicast Traffic

Blocking and Limiting Multicast Traffic

You can either block mroute creation, limit the multicast bandwidth admitted on an outgoing interface, or limit outgoing interface creation on a port.

Blocking Mroutes

By default, when an interface that is configured with one or more multicast protocols (for example, PIM or IGMP) receives multicast traffic, even when the scope of that traffic exceeds link-local, the virtual router creates an mroute. You can use the ip block-multicast-sources command to block all multicast traffic with a scope larger than link-local (for example, global) and prevent mroute creation under these conditions.

NOTE: Issuing this command does not affect reception of link-local multicast packets.

ip block-multicast-sources

• Use to prevent mroute creation by blocking multicast traffic that has a scope larger than link-local (for example, global).
• Example

host1(config-if)#ip block-multicast-sources

• Use the no version to restore the default behavior of creating mroutes on received multicast packets.

Limiting Interface Admission Bandwidth

Interface-level multicast admission control is performed when an OIF on the interface is added to the mroute for a given (S,G) multicast data stream and the multicast bandwidth map contains a set admission-bandwidth action for that (S,G).

When enabled, the admission-bandwidth for a particular (S,G) is read from the multicast bandwidth map and recorded in the mroute when the (S,G) mroute is created. When an OIF is subsequently added to the mroute, the OIF is blocked from forwarding data if the additional bandwidth contributed by the (S,G) would exceed the admission-bandwidth limit for the interface.

CAUTION: Before you can limit interface-level admission bandwidth, you must first create a bandwidth map. See Defining a Multicast Bandwidth Map for details.

Enabling Interface Admission Bandwidth Limitation

You can use the ip multicast admission-bandwidth-limit command to enable multicast admission control on interfaces (including dynamic IP interfaces) that are configured to run IGMP. You can also use this command on a PIM (sparse-mode, dense-mode, or sparse-dense-mode) interface if IGMP is configured on the interface (including the ip igmp version passive command).

ip multicast admission-bandwidth-limit

• Use to limit bandwidth for an interface that accepts IGMP groups.
• Example

host1:boston(config-if)#ip multicast admission-bandwidth-limit 2000000

• Use the no version to remove the bandwidth limitation for the interface.

OIF Interface Reevaluation Example

If you change the admission bandwidth for an interface, all mroutes with that interface as an OIF are reevaluated as follows:

• If the bandwidth limit is increased, blocked OIFs may become unblocked. If the interface is a blocked OIF on multiple mroutes, the order in which the mroutes are visited, and which (S,G) streams become unblocked, is not specified.
• If the bandwidth limit is decreased, no currently admitted OIFs are blocked. However, no new OIFs are admitted until the total admitted bandwidth for the interface drops below the new limit.
• If the bandwidth is increased to the point that the bandwidth limit for an interface is now exceeded, no currently admitted OIFs for the affected mroutes are blocked. However, no new OIFs are admitted until the total admitted bandwidth drops below the configured limit.
  

  NOTE: If the multicast bandwidth map that includes the set admission-bandwidth command is changed, all affected mroutes are reevaluated in the same manner described previously.

  
  

As an example of this function, if the interface has accepted a total bandwidth of 2000000 bps, and you set a limit of 1000000 bps on the interface, the router does not disconnect any already connected OIFs but prevents the interfaces from accepting any more groups. Over time, some groups leave the interfaces and, eventually, the interface limit of 1000000 bps is reached and maintained by the router.

If you set limits for both a port and interfaces on that port, the router uses the lower of the two limits when determining whether or not an interface can accept any new IGMP groups. For example, if you specify an admission bandwidth limit of 2000000 bps for the port and 3000000 bps groups for each interface, additional groups can only be accepted until the port limit of 2000000 bps is reached.

Creating Mroute Port Limits

When a multicast forwarding entry (that is, an mroute) is added with an outgoing interface (OIF) on a port, the OIF count for that port is incremented. If you configure a port limit, and the OIF count on the port exceeds that limit, no OIFs on that port are added to mroutes (that is, OIFs are blocked).

mroute port limit

• Use to configure a limit on the number of mroute OIFs that can be added across different virtual routers, on a port.
• Example

host1(config)#mroute port 3/0 limit 10

• Use the no version to remove any OIF port limits.

Limiting Port Admission Bandwidth

Port-level multicast admission control is performed when an OIF on that port is added to the mroute for a given (S,G) multicast data stream and the multicast bandwidth map contains a set admission-bandwidth action for that (S,G).

When enabled, the admission-bandwidth for a particular (S,G) is read from the multicast bandwidth map and recorded in the mroute when the (S,G) mroute is created. If you configure a port limit and the OIF count on the port exceeds that limit, no OIFs on that port are added to mroutes (that is, OIFs are blocked).

When a multicast forwarding entry (an mroute) is added with an outgoing interface, OIF is blocked from forwarding data if the additional bandwidth contributed by the (S,G) would exceed the admission-bandwidth limit for the port on which the interface resides.

CAUTION: Before you can limit port-level admission bandwidth, you must first create a bandwidth map. See Defining a Multicast Bandwidth Map for details.

Enabling Port Admission Bandwidth Control

You can use the mroute port admission-bandwidth-limit command to limit the total multicast bandwidth that can be admitted on a port. The admitted bandwidth is summed across all virtual routers with IPv4 and IPv6 mroutes that have OIFs on the port.

NOTE: Admission bandwidth values for a given (S,G) mroute are determined from the bandwidth map. See Defining a Multicast Bandwidth Map for details.

Dynamic Port Admission Bandwidth Control

You can configure the system to dynamically limit the total multicast bandwidth that can be admitted on a port. The system performs dynamic port-level admission control when an OIF on that port is added to the mroute for a given <S, G> multicast stream.

After the priority bandwidth limit on the port is reached, OIFs on the prioritized <S, G> are only allowed to forward the traffic and unprioritized <S, G> streams are blocked from forwarding data on the OIF.

To enable a priority value for the <S, G> multicast stream, issue the set priority command in the multicast bandwidth map. A priority value of 0 indicates an unprioritized stream and any value other than 0 indicates a prioritized stream. Currently there is no support for classification of prioritized streams. For more information about the set priority command, see Defining a Multicast Bandwidth Map.

You can configure limits for the bandwidth that is dynamically admitted on the port. The priority bandwidth limit controls the priority bandwidth admitted on a port. The hysteresis limit sets the minimum priority bandwidth limit before the system evaluates mroutes and admits any blocked OIFs.

mroute port admission-bandwidth-limit

• Use to configure a limit on the total multicast bandwidth that can be admitted on a port.
• Use the priority-bandwidth-limit keyword to configure the priority bandwidth admitted on a port.
• Use the hysteresis keyword to configure the minimum priority bandwidth limit before the system evaluates mroutes and admits any blocked OIFs.
• Example

host1(config)#mroute port admission-bandwidth-limit 3000000

• Use the no version to remove any OIF admission bandwidth limits.

OIF Port Reevaluation Example

If you change the admission bandwidth for a port, all mroutes with an OIF on that port are reevaluated as follows:

• If the bandwidth limit is increased, blocked OIFs can become unblocked. However, the order in which the mroutes are visited, and which (S,G) streams become unblocked, is not specified.
• If the bandwidth limit of a port is decreased, no currently admitted OIFs are blocked. However, no new OIFs are admitted until the total admitted bandwidth for the port drops below the new limit.
• If the bandwidth is increased to the point that the bandwidth limit for an interface is now exceeded, no currently admitted OIFs for the affected mroutes are blocked. However, no new OIFs are admitted until the total admitted bandwidth drops below the configured limit.
  

  NOTE: If the multicast bandwidth map that includes the set admission-bandwidth command is changed, all affected mroutes are reevaluated in the same manner described previously.

  
  

As an example of this function, if the port has accepted a total bandwidth of 3000000 bps, and you set a limit of 2000000 bps on the port, the router does not disconnect any already connected OIFs but prevents the interfaces from accepting any more groups. Over time, some groups leave the interfaces and, eventually, the port limit of 2000000 bps is reached and maintained by the router.

If you set limits for both a port and interfaces on that port, the router uses the lower of the two limits when determining whether or not an interface can accept any new IGMP groups. For example, if you specify an admission bandwidth limit of 2000000 bps for the port and 3000000 bps groups for each interface, additional groups can only be accepted until the port limit of 2000000 bps is reached.