IGMP version 3 adds support for “source filtering”. IGMP version 1 and version 2 allow hosts to join multicast groups but they don’t check the source of the traffic. Any source is able to receive traffic to the multicast group(s) that they joined.
With source filtering, we can join multicast groups but only from specified source addresses. IGMP version 3 is a requirement for SSM (Source Specific Multicast).
Why is this useful? Let me give you an example:
Above, we have a video server streaming multicast traffic on the network using destination address 239.1.1.1. Four hosts are listening to this traffic. Life is good. Suddenly, something happens:
An attacker didn’t like the video stream and decided to stream his favorite video to destination address 239.1.1.1.1. Since we don’t check the source address, everyone will receive the traffic from our attacker. It’s also possible to send bogus traffic and create a DoS attack like this.
IGMP versions 1 and 2 don’t have any protection against this.
With IGMP version 3, our hosts can be configured to receive multicast traffic only from specified source addresses. Let’s see how this works. I’ll use the following topology for this:
We will only use two devices: one multicast-enabled router and a host device. I’m using a Cisco router as the host device as well.
Let’s start with R1:
R1(config)#ip multicast-routing
R1(config)#interface GigabitEthernet 0/1
R1(config-if)#ip pim sparse-mode
R1(config-if)#ip igmp version 3Our router requires multicast routing, and PIM should be enabled on the interface. The default version of IGMP is 2, so we’ll change it to version 3. Before we let H1 join a multicast group, let’s enable debugging on both devices:
R1 & H1#debug ip igmp
IGMP debugging is onR1 will start sending membership general queries like the one below:
Let’s configure H1 to join a multicast group:
H1(config)#interface GigabitEthernet 0/1
H1(config-if)#ip igmp join-group 239.1.1.1 ?
source Include SSM source
<cr>Besides configuring a group, I can configure the host to include a source address. Let’s pick something:
H1(config-if)#ip igmp join-group 239.1.1.1 source 1.1.1.1H1 will now include the source address in its membership report messages. Here’s what you will see on the console:
H1#
IGMP(0): WAVL Insert group: 239.1.1.1 interface: GigabitEthernet0/1Successful
IGMP(0): Create source 1.1.1.1
IGMP(0): Building v3 Report on GigabitEthernet0/1
IGMP(0): Add Group Record for 239.1.1.1, type 5
IGMP(0): Add Source Record 1.1.1.1
IGMP(0): Add Group Record for 239.1.1.1, type 6
IGMP(0): No sources to add, group record removed from report
IGMP(0): Send unsolicited v3 Report with 1 group records on GigabitEthernet0/1
IGMP(0): Building v3 Report on GigabitEthernet0/1
IGMP(0): Add Group Record for 239.1.1.1, type 5
IGMP(0): Add Source Record 1.1.1.1
IGMP(0): Add Group Record for 239.1.1.1, type 6
IGMP(0): No sources to add, group record removed from report
IGMP(0): Send unsolicited v3 Report with 1 group records on GigabitEthernet0/1H1 sends two membership report messages. The first message includes the multicast group and source addresses we want to receive. The second message includes the “mode”. There are two modes:
- Include: this is a list of source addresses that we accept multicast traffic from. Everything else should not be forwarded.
- Exclude: this is a list of source addresses that we refuse to accept multicast traffic from. Everything else should be forwarded.
Here’s what it looks like in wireshark:
Hi Hyun,
Thanks for letting me know, just fixed it.
Rene
liked the fav video
a. so this 1.1.1.1 is the IP address of video server ?
b. in today’s scenerio which igmp version is mostly used now ? is it v3 ?
c. is it correct that here HOST will be actully a router behind which we have PCs ?
d. wont it cause more over-head on client side as now they will have to configure specific IP of video server? is it feasible from scale point of view ?
thanks
Hi Abhishek,
Yes, 1.1.1.1 is the IP address of the multicast source, that could be a video server. IGMP Version 2 is probably still the most common version.
The location of your sources / hosts really depends on your network design. In a small network, it’s possible that you only see switches where the source/hosts are in the same L2 design. In larger networks, your hosts are on the access layer and the source(s) might be somewhere else, behind some router(s).
The client has to keep track of the multicast groups that it wants to receive, each client only joins
... Continue reading in our forumHello Rene,
A few questions and confusions.
- When a multicast address is being used as a group address(for example 239.1.1.1), this address is assigned to the multicast server and this address has to have route in the network design because whenever a host will encapsulate an IP packet, it will use its own address as the source and 239.1.1.1 address as the destination address. Is this correct?
- Would you also please give me a real life scenarion where multicast is used?
- In your IGMP version 3 example, 1.1.1.1 is being used as the source address. What is this add
... Continue reading in our forum