20.1 IGMP互联网组管理协议
IGMP(internet group manage protocol)协议是主机跟路由器之间的控制协议,主机通过IGMP协议向组播路由器报告自己想加入的组,路由器通过IGMP协议查询网段上是否还有特定组的成员,协议号为2.
当前IGMP对IPv4有3个版本:
RFC1112—IGMPv1(参见RFC1112中IGMP的结构)
RFC2236—IGMPv2
RFC3376—IGMPv3
主机跟路由器之间的组控制协议称之为Multicast Listener Discover,对IPv6有2个版本:
MLD V1
MLD V2
加入组播组方法:当一个主机希望接收一个组播组的数据,则发送成员加入报告给组播组。而且由该网段的DR负责发送查询如图20-1所示:
图20-1 路由器的查询以及主机的报告功能
报告抑制功能:
组的其他成员监听到报告后抑制自己的成员关系报告发送。即报告抑制机制,实验证明V1抑制功能很低下,V2可以正常工作,而且增加了最大响应时间来指定延时值来规定所有主机的查询响应延时的上限,此外最大响应时间在IGMP查询器(选举原则为IP地址小的设备)上配置,只应用在成员关系查询信息。如图20-2所示:
图20-2 IGMP查询和抑制机制
组成员离开过程:
主机[必须是last report设备]向224.0.0.2发送离开组消息(报文中含有要离开的组地址224.1.1.1)
1秒钟内没有收到该组的报告,发送第二个特定组查询。
二个查询信息后未收到主机响应,组224.1.1.1超时,离开组。
20.2 IGMP实验拓扑
图中R3和R4为组播网络的最接近接收者(主机)的设备,两台主机由路由器模拟作为接收者,即加组的设备
IP地址说明:每个节点都有一个loopback0,IP地址为XX.1.1.1/32,例如其中R4的loopback0,IP地址为44.1.1.1/32,本拓扑直连在同一网段,如R3的e0/0为10.1.1.3/24。
图20-3 IGMP实验拓扑
20.3 IGMP实验步骤
IGMPv1面临淘汰,不在本书讨论之列。本实验着重研究IGMPv2。
20.3.1 基本的IGMP配置
R3和R4作为最后一跳组播设备,PC1和PC2由路由器模拟加组设备。
R3、R4:
ip multicast-routing---作为组播设备,开启组播功能
interface Ethernet0/0
ip address 10.1.1.3 255.255.255.0
ip pim sparse-mode---pim协议是最流行的组播协议,后续我们会着重介绍,对思科设备来说只要最后
一跳设备必须开启PIM,那么就自动使能了IGMP。
!
ip multicast-routing
interface Ethernet0/0
ip address 10.1.1.4 255.255.255.0
ip pim sparse-mode
PC1和PC2:
interface Ethernet0/0
ip address 10.1.1.1 55.255.255.0
ip igmp join-group 224.1.1.1---加入组播组224.1.1.1
!
interface Ethernet0/0
ip address 10.1.1.2 255.255.255.0
ip igmp join-group 224.1.1.1
验证:
R4#show ip pim neighbor ---验证PIM形成的邻居
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.1.1.3 Ethernet0/0 00:00:11/00:01:33 v2 1 / S
R3#show ip igmp interface ethernet 0/0---只要使能了PIM,自然即开启了igmp协议
Ethernet0/0 is up, line protocol is up
Internet address is 10.1.1.3/24
IGMP is enabled on interface---使能PIM就自动使能了IGMP
Current IGMP host version is 2---默认的IGMPv2
Current IGMP router version is 2------默认的IGMPv2
IGMP query interval is 60 seconds---IGMP查询间隔默认为60s
IGMP querier timeout is 120 seconds---负责查询的设备即查询者,监控查询者超时时间为120s
IGMP max query response time is 10 seconds---默认最大响应时间为10s,后续会进行调整
Last member query count is 2
Last member query response interval is 1000 ms
Inbound IGMP access group is not set
IGMP activity: 2 joins, 0 leaves
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 10.1.1.4---此网段的DR为R4
IGMP querying router is 10.1.1.3 (this system)---最后一跳有多个设备,那么R3为查询者:在有多个最后一跳路由器的情况下,由查询路由器发起IGMP的查询(query)消息,IGMPv2和IGMPv3查询路由器的选取原则:接口IP地址小的为查询路由器。
Multicast groups joined by this system (number of users):
224.0.1.40(1)
20.3.2 修改最后一跳位置的的DR设备
PIM的DR,即指定路由器作用和OSPF不同,其作用在于:在有多个第一跳路由器的情况下,由DR负责转发组播源发出的组播流,并向RP发送注册信息;在有多个最后一跳路由器的情况下,由DR负责向组播源或者RP发送PIM的join消息。
PIM的DR的选取原则:优选DR优先级高的为DR,次选IP地址大的为DR。
验证R4:
R4#show ip igmp interface e0/0
Ethernet0/0 is up, line protocol is up
Internet address is 10.1.1.4/24
IGMP is enabled on interface
Current IGMP host version is 2
Current IGMP router version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 10 seconds
Last member query count is 2
Last member query response interval is 1000 ms
Inbound IGMP access group is not set
IGMP activity: 2 joins, 0 leaves
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 10.1.1.4 (this system)—DR为R4
IGMP querying router is 10.1.1.3 ---查询者为R3
Multicast groups joined by this system (number of users):
224.0.1.40(1)
下面的配置使得R3成为DR:
interface Ethernet0/0
ip address 10.1.1.3 255.255.255.0
ip pim dr-priority 10—把默认的优先级改为10,使其成为DR
验证:
R4#show ip pim neighbor---验证pim的邻居时,可以看到dr的情况
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.1.1.3 Ethernet0/0 00:12:47/00:01:16 v2 10/ DR S
20.3.3 组播网络的最后一跳的路由器同IGMP加组设备的关系
需要先了解一下基本的术语和概念:
last reporter设备,即最后发送report报文的设备。该设备和离开组有关系
通过下面的实验让我们来观察report抑制功能以及报告抑制功能。
R3#debug ip igmp
IGMP debugging is on
R2#show ip igmp groups detail
Flags: L - Local, U - User, SG - Static Group, VG - Virtual Group,
SS - Static Source, VS - Virtual Source
Interface: Ethernet0/0
Group: 224.1.1.1
Flags: L U
Uptime: 00:18:32
Group mode: INCLUDE
Last reporter: 10.1.1.1---R2知道R1为最后一个报告者,因为它们在同一个网段内
Source list is empty
此时R3上观察到:
Mar 1 00:42:00.475: IGMP(0): Send v2 general Query on Ethernet0/0---查询者发送一个通用组查询
Mar 1 00:43:09.107: IGMP(0): Received v2 Report on Ethernet0/0 from 10.1.1.1 for 224.1.1.1---收到
来自R1的IGMP report报文,没有收到来自R2的report报文,是因为report抑制功能的原因。R1
发送了有设备在该组中,为了节省报文发送,R2收到该报文之后不再发送report。
Mar 1 00:43:09.111: IGMP(0): Received Group record for group 224.1.1.1, mode 2 from 10.1.1.1 for 0 sources
Mar 1 00:43:09.115: IGMP(0): Updating EXCLUDE group timer for 224.1.1.1
验证R3:
R3#show ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 Ethernet0/0 00:24:33 00:02:43 10.1.1.1
224.0.1.40 Ethernet0/0 00:28:55 00:02:43 10.1.1.3
R1为last report,该角色是不断发生变化的,发送报告的设备即为last report,而其他同组中的设备被抑制发送报告。
可以在R2查看:
R2#debug ip igmp
IGMP debugging is on
R2#
Mar 1 00:52:01.943: IGMP(0): Received v2 Query on Ethernet0/0 from 10.1.1.3---收到了来自R3(查
询者)的查询消息
Mar 1 00:52:01.947: IGMP(0): Set report delay time to 0.2 seconds for 224.1.1.1 on Ethernet0/0---发送
报告的时延设置为0.2秒,该数字为一个随机值,随机值小的为报告者
Mar 1 00:52:02.147: IGMP(0): Send v2 Report for 224.1.1.1 on Ethernet0/0---此时R2发送了报告,
那么R2为last report,原因在于R2的随机报告时延较小
R2#show ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 Ethernet0/0 00:27:39 stopped 10.1.1.2
R2#show ip igmp groups detail
Flags: L - Local, U - User, SG - Static Group, VG - Virtual Group,
SS - Static Source, VS - Virtual Source
Interface: Ethernet0/0
Group: 224.1.1.1
Flags: L U
Uptime: 00:27:41
Group mode: INCLUDE
Last reporter: 10.1.1.2
Source list is empty
为了观察到此过程,以及为了加速发送加组、离开组,需要多次取消和键入加组命令。
为了控制加组设备设置的报告实验,IGMPv2可以设置该时间的最大值,在查询者R3上做如下设置:
interface Ethernet0/0
ip address 10.1.1.3 255.255.255.0
ip igmp query-max-response-time 5---设置最大响应时间为5秒
我们观察新一轮的完整的报告过程:
R3#
*Mar 1 01:06:01.019: IGMP(0): Send v2 general Query on Ethernet0/0---查询者发送一个通用组查询
*Mar 1 01:06:01.019: IGMP(0): Set report delay time to 3.4 seconds for 224.0.1.40 on Ethernet0/0---本
设备针对224.0.1.40的report delay,不用关心该组
R3#
*Mar 1 01:06:04.167: IGMP(0): Received v2 Report on Ethernet0/0 from 10.1.1.2 for 224.1.1.1---从R2
收到报告消息
*Mar 1 01:06:04.171: IGMP(0): Received Group record for group 224.1.1.1, mode 2 from 10.1.1.2 for 0 sources
R1#
*Mar 1 01:06:03.683: IGMP(0): Received v2 Query on Ethernet0/0 from 10.1.1.3---从查询者R3收到
查询消息
*Mar 1 01:06:03.687: IGMP(0): Set report delay time to 4.4 seconds for 224.1.1.1 on Ethernet0/0---本设
备设置一个随机发送报告的时延4.4秒,该值应该大于R2的报告时延,同时该时间小于querier(R3)
上设置的时间
R1#
Mar 1 01:06:06.843: IGMP(0): Received v2 Report on Ethernet0/0 from 10.1.1.2 for 224.1.1.1---从R2
收到了R2发送的报告消息
Mar 1 01:06:06.847: IGMP(0): Received Group record for group 224.1.1.1, mode 2 from 10.1.1.2 for 0 sources
*Mar 1 01:06:06.851: IGMP(0): Cancel report for 224.1.1.1 on Ethernet0/0---R1取消了发送报告,R1
的报告被抑制
R2#
Mar 1 01:06:02.275: IGMP(0): Received v2 Query on Ethernet0/0 from 10.1.1.3
Mar 1 01:06:02.279: IGMP(0): Set report delay time to 2.4 seconds for 224.1.1.1 on Ethernet0/0---本端
设置的一个随机报告时延为2.4秒
R2#
*Mar 1 01:06:05.411: IGMP(0): Send v2 Report for 224.1.1.1 on Ethernet0/0---本设备发送了报告,会
抑制R1的报告
R2#
20.3.4 观察IGMPv2的离开组播组
下面描述一个接收者离开组播组224.1.1.1的过程:
主机(作为last report的加组者)向224.0.0.2发送离开组消息(该报文中含有准备要离开的组播组地址224.1.1.1);
查询者如果在1秒钟内没有收到关于224.1.1.1的报告,那么它将发送第二个关于224.1.1.1的查询;
在2个查询信息后,查询者未收到主机响应,那么组224.1.1.1超时,即所有的接收者都离开了该组。
先来观察last report是哪台设备
R3#show ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 Ethernet0/0 01:45:51 00:02:27 10.1.1.1
224.0.1.40 Ethernet0/0 01:50:13 00:02:27 10.1.1.4
让R1离开组:
R1(config)#int e0/0
R1(config-if)#no ip igmp join-group 224.1.1.1
R1(config-if)#
Mar 1 02:10:51.855: IGMP(0): IGMP delete group 224.1.1.1 on Ethernet0/0
Mar 1 02:10:51.859: IGMP(0): Send Leave for 224.1.1.1 on Ethernet0/0---R1发送了离开组的leaver
消息,这点和V1不同,V1是默默的离开
R3#
Mar 1 02:10:49.191: IGMP(0): Received Leave from 10.1.1.1 (Ethernet0/0) for 224.1.1.1---查询者从
R1收到了离开组的消息
Mar 1 02:10:49.195: IGMP(0): Received Group record for group 224.1.1.1, mode 3 from 10.1.1.1 for 0 sources
Mar 1 02:10:49.199: IGMP(0): Lower expiration timer to 2000 msec for 224.1.1.1 on Ethernet0/0
Mar 1 02:10:49.203: IGMP(0): Send v2 Query on Ethernet0/0 for group 224.1.1.1
R3#
Mar 1 02:10:50.203: IGMP(0): Send v2 Query on Ethernet0/0 for group 224.1.1.1---连续发送两次查
询,而且是专门针对该组的查询,而非通用查询,发送次数可以设置
Mar 1 02:10:50.227: IGMP(0): Received v2 Report on Ethernet0/0 from 10.1.1.2 for 224.1.1.1---R2收
到R2的查询,发送了报告,即该子网下还有组播接收者
Mar 1 02:10:50.231: IGMP(0): Received Group record for group 224.1.1.1, mode 2 from 10.1.1.2 for 0 sources
Mar 1 02:10:50.235: IGMP(0): Updating EXCLUDE group timer for 224.1.1.1
Mar 1 02:10:50.235: IGMP(0): MRT Add/Update Ethernet0/0 for (,224.1.1.1) by 0
总结:
当last reporter离开一个组的时候,要发送leave报文通知最后一跳路由器,然后路由器连续发送两个查询报文,查询是否还有该组的接收者存在,此时的查询报文是针对特定组的查询。对于非last reporter离开组,不需要发送leave报文,因为这个时候路由器记录的组播接收者不是该设备。
20.3.5 在最后一跳设备上实现加组的控制
可以在最后一跳设备上限制加入某些组播组,配置如下:
R3:
access-list 10 permit 224.1.1.1
access-list 10 permit 224.1.1.2
interface Ethernet0/0
ip address 10.1.1.3 255.255.255.0
ip pim dr-priority 10
ip pim sparse-mode
ip igmp query-max-response-time 5
ip igmp access-group 10---ACL 10 匹配的组才能加入
验证:
R3#show ip igmp interface e0/0
Ethernet0/0 is up, line protocol is up
Internet address is 10.1.1.3/24
IGMP is enabled on interface
Current IGMP host version is 2
Current IGMP router version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 5 seconds
Last member query count is 2
Last member query response interval is 1000 ms
Inbound IGMP access group is 10
IGMP activity: 2 joins, 0 leaves
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 10.1.1.3 (this system)
IGMP querying router is 10.1.1.3 (this system)
Multicast groups joined by this system (number of users):
224.0.1.40(1)
R1加组:
R1(config)#interface e0/0
R1(config-if)#ip igmp join-group 224.1.1.3
R1(config-if)#ip igmp join-group 224.1.1.2
查看R3:
Mar 1 02:27:25.451: IGMP(0): Received v2 Report on Ethernet0/0 from 10.1.1.1 for 224.1.1.3
Mar 1 02:27:25.455: IGMP(*): Group 224.1.1.3 access denied on Ethernet0/0---加入该组224.1.1.3的
信息被拒绝,因为该组没有被ACL允许
R3#show ip igmp groups ---R3上没有收到224.1.1.3的加组信息
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 Ethernet0/0 02:03:29 00:02:52 10.1.1.2
224.0.1.40 Ethernet0/0 02:07:51 stopped 10.1.1.3
R3#show access-lists
Standard IP access list 10
10 permit 224.1.1.1 (213 matches)
20 permit 224.1.1.2 (2 matches
最后做一个ping的测试:
R3#ping 224.1.1.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:
Reply to request 0 from 10.1.1.2, 32 ms
R3#ping 224.1.1.2
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.2, timeout is 2 seconds:
Reply to request 0 from 10.1.1.1, 16 ms
20.3.6 IGMPv3
IGMPv3是最新的关于IGMP的版本
IGMPv3可以和IGMPv1、V2实现互操作,它特定服务于Source Specific Multicast(SSM)模型,默认的组播组为232.0.0.0/8。
IGMPv3允许主机指定组播源,只接收特定组播源发出的组播数据,相比以前的版本,加强了主机的控制能力,不仅可以指定组播组,还能指定组播的源。
IGMPv3增强了接收者对源的控制,可以显式的指定它期望的源,有两种模式:INCLUDE和EXCLUDE。
INCLUDE模式中,接收者通告组成员关系,提供一个INCLUDE列表,其中包含它想接收的流量。即主机只接收除了EXCLUDE LIST中列出的源的流量,通常为空。
IGMPv3专门为SSM设计,主机发送成员关系报告到224.0.0.22,所有的IGMPv3路由器侦听该地址,主机不会侦听或者响应224.0.0.22,IGMPv3也不存在报告抑制功能,因为IGMPv3主机不侦听其他主机。
修改查询者R3为IGMPv3,配置如下:
interface Ethernet0/0
ip address 10.1.1.3 255.255.255.0
ip igmp version 3
R3#show ip igmp interface e0/0
Ethernet0/0 is up, line protocol is up
Internet address is 10.1.1.3/24
IGMP is enabled on interface
Current IGMP host version is 3
Current IGMP router version is 3
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 5 seconds
Last member query count is 2
Last member query response interval is 1000 ms
Inbound IGMP access group is 10
IGMP activity: 3 joins, 0 leaves
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 10.1.1.3 (this system)
IGMP querying router is 10.1.1.3 (this system)
Multicast groups joined by this system (number of users):
224.0.1.40(1)
R1加入232.1.1.1而且指定源
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip igmp join-group 224.1.1.2
ip igmp join-group 232.1.1.1 source 10.1.1.3---指定可以从特性组播10.1.1.3源收的流量
验证:
R1#show ip igmp groups detail
Flags: L - Local, U - User, SG - Static Group, VG - Virtual Group,
SS - Static Source, VS - Virtual Source
Interface: Ethernet0/0
Group: 232.1.1.1
Flags: L
Uptime: 00:05:36
Group mode: INCLUDE---加入了232.1.1.1,而且模式为include模式
Last reporter: 10.1.1.1
Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,
V - Virtual, Ac - Accounted towards access control limit,
M - SSM Mapping, L - Local)
Source Address Uptime v3 Exp CSR Exp Fwd Flags
10.1.1.3 00:05:36 stopped stopped Yes L
Interface: Ethernet0/0
Group: 224.1.1.2---加入了普通组
Flags: L U
Uptime: 00:56:57
Group mode: INCLUDE---include
Last reporter: 10.1.1.1
Source list is empty---没有指定源