Cisco IOS マルチキャスト L2 Multicast IGMP Filterの設定方法

マルチキャストはL2機能でも、ある程度の制御ができます。IGMPを覗き見し、特定のマルチキャストグループのみ参加を許したり、レシーバーの数を制限したりする事ができます。

概要
コマンド一覧
構成図
仕様説明
IGMP filter
1. 設定投入
2. 動作確認
max-groups
1. 設定投入
2. 動作確認
max-groups
1. 設定投入
2. 動作確認

概要

Layer 2機器において、Multicastをfilterする技術についてまとめます。

コマンド一覧

このシナリオで重要なコマンド一覧は以下の通りです。

Switch(config)#ip igmp profile <profile_number>
Switch(config-igmp-profile)# { permit | deny }
Switch(config-igmp-profile)# range <low_addr> <high_addr>

Switch(config)# interface <interface>
Switch(config-if)# ip igmp filter <profile_number>
Switch(config-if)# ip igmp max-groups <num>
Switch(config-if)# ip igmp max-groups action { deny | replace }

構成図

以下の環境で行います。

             f0/0                        f0/13
     +--------+.1    f0/1+------+f0/13   .8+--------+
     |   R1   +----------+      +----------+   SW2 | 
     +--------+          |      |          +--------+
             f0/0        |      |        f0/13
     +--------+.3    f0/3|      |f0/16   .9+--------+
     |   R3   +----------+  SW1 +----------+   SW3 | 
     +--------+          |      |          +--------+
             f0/0        |      |        f0/13
     +--------+.5   f0/5 |      |f0/19  .10+--------+
     |   R5   +----------+      +----------+   SW4 | 
     +--------+          +------+          +--------+

               192.168.100.0/24 VLAN_100

 [R1]
ip multicast-routing
!
interface FastEthernet0/0
 ip address 192.168.100.1 255.255.255.0
 ip pim dense-mode

 [R3]
interface FastEthernet0/0
 ip address 192.168.100.3 255.255.255.0

 [R5]
interface FastEthernet0/0
 ip address 192.168.100.5 255.255.255.0

 [SW2]
interface FastEthernet0/13
 no switchport
 ip address 192.168.100.8 255.255.255.0

 [SW3]
interface FastEthernet0/13
 no switchport
 ip address 192.168.100.9 255.255.255.0

 [SW4]
interface FastEthernet0/13
 no switchport
 ip address 192.168.100.10 255.255.255.0

設定全文は下記ファイルです。詳細設定は下記を参照ください。

!
! Last configuration change at 03:16:49 UTC Sat May 4 2013
! NVRAM config last updated at 03:20:51 UTC Sat May 4 2013
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
ip multicast-routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.100.1 255.255.255.0
 ip pim dense-mode
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface Serial0/1
 no ip address
 shutdown
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 logging synchronous level 0 limit 20
line aux 0
line vty 0 4
!
!
end

!
! Last configuration change at 03:20:19 UTC Sat May 4 2013
! NVRAM config last updated at 03:20:20 UTC Sat May 4 2013
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.100.3 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 no ip address
 shutdown
!
interface Serial1/1
 no ip address
 shutdown
!
interface Serial1/2
 no ip address
 shutdown
!
interface Serial1/3
 no ip address
 shutdown
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 logging synchronous level 0 limit 20
line aux 0
line vty 0 4
!
!
end

!
! Last configuration change at 03:20:20 UTC Sat May 4 2013
! NVRAM config last updated at 03:20:22 UTC Sat May 4 2013
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
warm-reboot
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.100.5 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
!
interface Serial0/1/0
 no ip address
 shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 logging synchronous level 0 limit 20
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

SW1

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 shutdown
!
interface FastEthernet0/3
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 shutdown
!
interface FastEthernet0/5
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/6
 shutdown
!
interface FastEthernet0/7
 shutdown
!
interface FastEthernet0/8
 shutdown
!
interface FastEthernet0/9
 shutdown
!
interface FastEthernet0/10
 shutdown
!
interface FastEthernet0/11
 shutdown
!
interface FastEthernet0/12
 shutdown
!
interface FastEthernet0/13
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/14
 shutdown
!
interface FastEthernet0/15
 shutdown
!
interface FastEthernet0/16
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/17
 shutdown
!
interface FastEthernet0/18
 shutdown
!
interface FastEthernet0/19
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/20
 shutdown
!
interface FastEthernet0/21
 shutdown
!
interface FastEthernet0/22
 shutdown
!
interface FastEthernet0/23
 shutdown
!
interface FastEthernet0/24
 shutdown
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
 logging synchronous level 0 limit 20
line vty 0 4
 login
line vty 5 15
 login
!
end

SW2

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
 no switchport
 ip address 192.168.100.8 255.255.255.0
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
 logging synchronous level 0 limit 20
line vty 0 4
 login
line vty 5 15
 login
!
end

SW3

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW3
!
!
no aaa new-model
ip subnet-zero
!
vtp file vlan.dat
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
 switchport mode dynamic desirable
!
interface FastEthernet0/2
 switchport mode dynamic desirable
!
interface FastEthernet0/3
 switchport mode dynamic desirable
!
interface FastEthernet0/4
 switchport mode dynamic desirable
!
interface FastEthernet0/5
 switchport mode dynamic desirable
!
interface FastEthernet0/6
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 no switchport
 ip address 192.168.100.9 255.255.255.0
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport mode dynamic desirable
!
interface FastEthernet0/20
 switchport mode dynamic desirable
!
interface FastEthernet0/21
 switchport mode dynamic desirable
!
interface FastEthernet0/22
 switchport mode dynamic desirable
!
interface FastEthernet0/23
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 switchport mode dynamic desirable
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
 logging synchronous level 0 limit 20
line vty 0 4
 login
line vty 5 15
 login
!
end

SW4

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW4
!
!
no aaa new-model
ip subnet-zero
!
vtp file vlan.dat
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
 switchport mode dynamic desirable
!
interface FastEthernet0/2
 switchport mode dynamic desirable
!
interface FastEthernet0/3
 switchport mode dynamic desirable
!
interface FastEthernet0/4
 switchport mode dynamic desirable
!
interface FastEthernet0/5
 switchport mode dynamic desirable
!
interface FastEthernet0/6
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 no switchport
 ip address 192.168.100.10 255.255.255.0
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport mode dynamic desirable
!
interface FastEthernet0/20
 switchport mode dynamic desirable
!
interface FastEthernet0/21
 switchport mode dynamic desirable
!
interface FastEthernet0/22
 switchport mode dynamic desirable
!
interface FastEthernet0/23
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 switchport mode dynamic desirable
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
 logging synchronous level 0 limit 20
line vty 0 4
 login
line vty 5 15
 login
!
end

仕様説明

IGMP filter

以下のコマンドで特定のmulticast groupに対するIGMP joinのみを転送するようにする事ができます。permitまたはdenyで、許可するmulticast groupを定義するか拒否するmulticast groupを定義するのかを指定する事ができます。

Switch(config)#ip igmp profile <profile_number>
Switch(config-igmp-profile)# { permit | deny }
Switch(config-igmp-profile)# range <low_addr> <high_addr>

上記コマンドで定義したigmp profileは、以下のようなip igmp filterコマンドでinterfaceに適用する事ができます。

Switch(config)# interface <interface>
Switch(config-if)# ip igmp filter <profile_number>

IGMP max-group

以下のコマンドで、igmp joinについて転送するmulticast group数の上限を定義する事ができます。

Switch(config)# interface <interface>
Switch(config-if)# ip igmp max-groups <num>

IGMP max-group action

igmp max-groupで定義した上限に達した場合の挙動をip igmp max-groups actionで定義する事ができます。デフォルト設定はdenyで、上限に達した場合は新たなigmp join messageはdropされます。一方のreplaceは、許可したmulticast groupのうち最も古いエントリを新しいエントリに置き換え、igmp join messageは転送されます。

Switch(config)# interface <interface>
Switch(config-if)# ip igmp max-groups <num>
Switch(config-if)# ip igmp max-groups action { deny | replace }

IGMP filter

設定投入

SW1のR3に接続されたポートについて、229.9.9.0/24のIGMP joinのみを許可するように設定します。

 [SW1]
ip igmp profile 4
 permit
 range 229.9.9.0 229.9.9.255
!
interface FastEthernet0/3
 ip igmp filter 4

動作確認

R3からR1に対して、以下2つのIGMP join messageを送信します。

 [R3]
interface FastEthernet0/0
 ip igmp join-group 228.8.8.8
 ip igmp join-group 229.9.9.9

228.8.8.8のIGMPはフィルタされ、229.9.9.9のIGMPはR1からR3へ到達した事が分かります。

 [R1]
R1#show ip igmp groups
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
229.9.9.9        FastEthernet0/0          00:00:38  00:02:21  192.168.100.3
224.0.1.40       FastEthernet0/0          00:09:57  00:02:58  192.168.100.1
R1#

max-groups

設定投入

SW1のR5に接続されたポートについて、最大3つまでのIGMP joinを許可するようにします。

 [SW1]
interface FastEthernet0/5
 ip igmp max-groups 3
 ip igmp filter 4

動作確認

R5からR1に対して、以下5つのIGMP join messageを送信します。

 [R5]
interface FastEthernet0/0
 ip igmp join-group 229.9.9.1
 ip igmp join-group 229.9.9.2
 ip igmp join-group 229.9.9.3
 ip igmp join-group 229.9.9.4
 ip igmp join-group 229.9.9.5

5つのIGMP messageのうち、3つが届いている事が分かります。

 [R1]
R1#show ip igmp groups | include 192.168.100.5
229.9.9.1        FastEthernet0/0          00:00:22  00:02:37  192.168.100.5
229.9.9.3        FastEthernet0/0          00:00:22  00:02:37  192.168.100.5
229.9.9.2        FastEthernet0/0          00:00:22  00:02:37  192.168.100.5
R1#

max-groups

設定投入

SW1のSW2に接続されたポートについて、最大3つまでのIGMP joinを許可するようにします。さらに、許可されたIGMP joinのリストについて、古いエントリは新しいエントリで書き換えられる事を許可します。

 [SW1]
interface FastEthernet0/13
 ip igmp max-groups 3
 ip igmp max-groups action replace
 ip igmp filter 4

動作確認

SW2からR1に対して、以下5つのIGMP join messageを送信します。

 [SW2]
interface FastEthernet0/13
 ip igmp join-group 229.9.9.1
 ip igmp join-group 229.9.9.2
 ip igmp join-group 229.9.9.3
 ip igmp join-group 229.9.9.4
 ip igmp join-group 229.9.9.5

全てのIGMP messageが届いている事を確認します。

 [R1]
R1#show ip igmp groups | include 192.168.100.8
229.9.9.1        FastEthernet0/0          00:02:03  00:02:49  192.168.100.8
229.9.9.3        FastEthernet0/0          00:02:03  00:02:48  192.168.100.8
229.9.9.2        FastEthernet0/0          00:02:03  00:02:47  192.168.100.8
229.9.9.5        FastEthernet0/0          00:00:07  00:00:01  192.168.100.8
229.9.9.4        FastEthernet0/0          00:00:09  00:02:59  192.168.100.8
R1#