Local Area Network design/IGMP snooping
Bridges forward frames in different ways depending on the type of destination MAC address:
- unicast frames: they are sent just on the port toward the single destination, thanks to the filtering database;
- broadcast frames: they are always sent in flooding on all ports, since destinations are all the hosts in the network;
- multicast frames: they are always sent in flooding on all ports, even if destinations are just some of the hosts in the network.
If the bridge knew which multicast groups stations connected to its ports belong to, the bridge could forward frames addressed to a certain multicast group just on the ports which hosts registered to that multicast group are connected to, in order to decrease traffic sent in flooding.
allows a station to communicate its membership multicast group to the bridge.
However GMRP is barely used, because exploiting an already existing and commonly used technology, namely IGMP, is preferred to adding a new network protocol.
allows a station to communicate its membership multicast group to routers on the IP network:
- Host Membership Query message: the router sends to all hosts an IGMP message asking whether some of them are interested in registering to a certain multicast group;
- Host Membership Report message: the host sends back an IGMP message accepting the request for registration to the multicast group.
The Host Membership Report message arrives, besides the router, also at all the other stations over the LAN → every other station interested in the multicast group, while knowing that at least one station over the LAN has registered to that group, can avoid sending a Host Membership Report message to the router, because traffic related to that multicast group exits the router interface and propagates to the whole LAN.
Each IGMP message has:
- destination IP address: it is the IP address of the multicast group being queried or reported, starting always with bits '1110';
- destination MAC address: it is derived from the multicast IP address:
|01:00:5E||0||last 23 bits from the multicast IP address|
'224.0.0.x'-like multicast IP addresses are 'well-known' addresses which do not require IGMP (e.g. multicast packets sent by network-layer routing protocols).
How IGMP is exploitedEdit
The IGMP snooping feature allows a bridge to learn which multicast groups stations connected to its ports are registered to, by observing IGMP messages going through the bridge itself:
- Host Membership Query message: the bridge records the port which it is coming from as the port toward the router, and sends it in flooding on all the other ports;
- Host Membership Report message: the bridge records the port which it is coming from as a port toward an interested station, and sends it only on the port toward the router (that is the one which the Host Membership Query came from).
The bridge does not send it on the other ports, because otherwise hosts on receiving would disable sending Host Membership Report messages, preventing the bridge from knowing which hosts are interested in that multicast group;
- frame sent in multicast: the bridge analyzes its destination MAC address to identify its multicast group:
- if it is a 'well-known' multicast address, it forwards it on all the other ports in flooding;
- if it is a dynamic multicast address, it sends it only on the ports connected to stations registered to that multicast group.
IGMP snooping is a violation of the OSI model: bridges are required to recognize whether the data-link-layer frame encapsulates an IP packet which in turn encapsulates an IGMP message → bridges do no longer work independently of the network layer: bridges which do not support the IPv6 protocol may discard multicast packets, used a lot in IPv6 (e.g. in the autoconfiguration process), because they can not recognize them.
- Actually a single multicast MAC address is corresponding to 25 IP addresses = 25 multicast groups.