Blocking and Limiting Multicast Traffic

You can either block mroute creation, limit the multicast bandwidth admitted on an outgoing interface, or limit outgoing interface creation on a port.

Blocking Mroutes

By default, when an interface that is configured with one or more multicast protocols (for example, PIM or IGMP) receives multicast traffic, even when the scope of that traffic exceeds link-local, the virtual router creates an mroute. You can use the ip block-multicast-sources command to block all multicast traffic with a scope larger than link-local (for example, global) and prevent mroute creation under these conditions.

Note: Issuing this command does not affect reception of link-local multicast packets.

Limiting Interface Admission Bandwidth

Interface-level multicast admission control is performed when an OIF on the interface is added to the mroute for a given (S,G) multicast data stream and the multicast bandwidth map contains a set admission-bandwidth action for that (S,G). When enabled, the admission-bandwidth for a particular (S,G) is read from the multicast bandwidth map and recorded in the mroute when the (S,G) mroute is created.

Caution: Before you can limit interface-level admission bandwidth, you must first create a bandwidth map. See Defining a Multicast Bandwidth Map for details.

When an OIF is subsequently added to the mroute, the OIF is blocked from forwarding data if the additional bandwidth contributed by the (S,G) exceeds the admission-bandwidth limit for the interface. In JunosE releases earlier than Release 12.0.x, in an OIF mapping scenario where the DSLAM does not perform per-subscriber multicast admission control, the router disregards the multicast admission bandwidth limit configured on the join interface. If the limit configured on the mapped interface exceeds the admission-bandwidth limit for the interface, the router blocks the mapped interface from forwarding data.

Now, in an OIF mapping scenario where the DSLAM performs per-subscriber multicast admission control, the router checks the bandwidth limit configured on the join interface. If the multicast stream is forwarded over the mapped interface, the router admits the multicast stream and forwards the stream to the join interfaces whose bandwidth does not exceed the configured bandwidth limit. The router also performs QoS Adjust for the multicast stream on the unblocked (forwarding) subscriber interfaces. The router does not replicate the stream to the subscriber interfaces whose bandwidth exceeds the configured bandwidth limit and it does not perform QoS Adjust for the multicast stream on the blocked subscriber interfaces.

If the multicast stream is not forwarded over the mapped interface, the router blocks the multicast stream and does not forward the stream. The router also does not perform QoS Adjust for the multicast stream on the blocked subscriber interface.

Enabling Interface Admission Bandwidth Limitation

You can use the ip multicast admission-bandwidth-limit command to enable multicast admission control on interfaces (including dynamic IP interfaces) that are configured to run IGMP. You can also use this command on a PIM (sparse-mode, dense-mode, or sparse-dense-mode) interface if IGMP is configured on the interface (including the ip igmp version passive command).

OIF Interface Reevaluation Example

If you change the admission bandwidth for an interface, all mroutes with that interface as an OIF are reevaluated as follows:

• If the bandwidth limit is increased, blocked OIFs may become unblocked. If the interface is a blocked OIF on multiple mroutes, the order in which the mroutes are visited, and which (S,G) streams become unblocked, is not specified.
• If the bandwidth limit is decreased, no currently admitted OIFs are blocked. However, no new OIFs are admitted until the total admitted bandwidth for the interface drops below the new limit.
• If the bandwidth is increased to the point that the bandwidth limit for an interface is now exceeded, no currently admitted OIFs for the affected mroutes are blocked. However, no new OIFs are admitted until the total admitted bandwidth drops below the configured limit.

  Note: If the multicast bandwidth map that includes the set admission-bandwidth command is changed, all affected mroutes are reevaluated in the same manner described previously.

As an example of this function, if the interface has accepted a total bandwidth of 2000000 bps, and you set a limit of 1000000 bps on the interface, the router does not disconnect any already connected OIFs but prevents the interfaces from accepting any more groups. Over time, some groups leave the interfaces and, eventually, the interface limit of 1000000 bps is reached and maintained by the router.

If you set limits for both a port and interfaces on that port, the router uses the lower of the two limits when determining whether or not an interface can accept any new IGMP groups. For example, if you specify an admission bandwidth limit of 2000000 bps for the port and 3000000 bps groups for each interface, additional groups can only be accepted until the port limit of 2000000 bps is reached.

Creating Mroute Port Limits

When a multicast forwarding entry (that is, an mroute) is added with an outgoing interface (OIF) on a port, the OIF count for that port is incremented. If you configure a port limit, and the OIF count on the port exceeds that limit, no OIFs on that port are added to mroutes (that is, OIFs are blocked).

Limiting Port Admission Bandwidth

Port-level multicast admission control is performed when an OIF on that port is added to the mroute for a given (S,G) multicast data stream and the multicast bandwidth map contains a set admission-bandwidth action for that (S,G).

When enabled, the admission-bandwidth for a particular (S,G) is read from the multicast bandwidth map and recorded in the mroute when the (S,G) mroute is created. If you configure a port limit and the OIF count on the port exceeds that limit, no OIFs on that port are added to mroutes (that is, OIFs are blocked).

When a multicast forwarding entry (an mroute) is added with an outgoing interface, OIF is blocked from forwarding data if the additional bandwidth contributed by the (S,G) would exceed the admission-bandwidth limit for the port on which the interface resides.

Caution: Before you can limit port-level admission bandwidth, you must first create a bandwidth map. See Defining a Multicast Bandwidth Map for details.

Enabling Port Admission Bandwidth Control

You can use the mroute port admission-bandwidth-limit command to limit the total multicast bandwidth that can be admitted on a port. The admitted bandwidth is summed across all virtual routers with IPv4 and IPv6 mroutes that have OIFs on the port.

Note: Admission bandwidth values for a given (S,G) mroute are determined from the bandwidth map. See Defining a Multicast Bandwidth Map for details.

Dynamic Port Admission Bandwidth Control

You can configure the system to dynamically limit the total multicast bandwidth that can be admitted on a port. The system performs dynamic port-level admission control when an OIF on that port is added to the mroute for a given <S, G> multicast stream.

After the priority bandwidth limit on the port is reached, OIFs on the prioritized <S, G> are only allowed to forward the traffic and unprioritized <S, G> streams are blocked from forwarding data on the OIF.

To enable a priority value for the <S, G> multicast stream, issue set priority in the multicast bandwidth map. A priority value of 0 indicates an unprioritized stream and any value other than 0 indicates a prioritized stream. Currently there is no support for classification of prioritized streams. For more information about the set priority command, see Defining a Multicast Bandwidth Map .

You can configure limits for the bandwidth that is dynamically admitted on the port. The priority bandwidth limit controls the priority bandwidth admitted on a port. The hysteresis limit sets the minimum priority bandwidth limit before the system evaluates mroutes and admits any blocked OIFs.

OIF Port Reevaluation Example

If you change the admission bandwidth for a port, all mroutes with an OIF on that port are reevaluated as follows:

• If the bandwidth limit is increased, blocked OIFs can become unblocked. However, the order in which the mroutes are visited, and which (S,G) streams become unblocked, is not specified.
• If the bandwidth limit of a port is decreased, no currently admitted OIFs are blocked. However, no new OIFs are admitted until the total admitted bandwidth for the port drops below the new limit.
• If the bandwidth is increased to the point that the bandwidth limit for an interface is now exceeded, no currently admitted OIFs for the affected mroutes are blocked. However, no new OIFs are admitted until the total admitted bandwidth drops below the configured limit.

  Note: If the multicast bandwidth map that includes the set admission-bandwidth command is changed, all affected mroutes are reevaluated in the same manner described previously.

As an example of this function, if the port has accepted a total bandwidth of 3000000 bps, and you set a limit of 2000000 bps on the port, the router does not disconnect any already connected OIFs but prevents the interfaces from accepting any more groups. Over time, some groups leave the interfaces and, eventually, the port limit of 2000000 bps is reached and maintained by the router.

If you set limits for both a port and interfaces on that port, the router uses the lower of the two limits when determining whether or not an interface can accept any new IGMP groups. For example, if you specify an admission bandwidth limit of 2000000 bps for the port and 3000000 bps groups for each interface, additional groups can only be accepted until the port limit of 2000000 bps is reached.