beautypg.com

LevelOne GTL-2691 User Manual

Page 517

background image

C

HAPTER

15

| Multicast Filtering

Layer 2 IGMP (Snooping and Query)

– 517 –

When the root bridge in a spanning tree receives a TCN for a VLAN

where IGMP snooping is enabled, it issues a global IGMP leave message

(or query solicitation). When a switch receives this solicitation, it floods

it to all ports in the VLAN where the spanning tree change occurred.

When an upstream multicast router receives this solicitation, it

immediately issues an IGMP general query.
A query solicitation can be sent whenever the switch notices a topology

change, even if it is not the root bridge in spanning tree.

Router Alert Option – Discards any IGMPv2/v3 packets that do not

include the Router Alert option. (Default: Disabled)
As described in Section 9.1 of RFC 3376 for IGMP Version 3, the Router
Alert Option can be used to protect against DOS attacks. One common

method of attack is launched by an intruder who takes over the role of

querier, and starts overloading multicast hosts by sending a large

number of group-and-source-specific queries, each with a large source

list and the Maximum Response Time set to a large value.
To protect against this kind of attack, (1) routers should not forward

queries. This is easier to accomplish if the query carries the Router

Alert option. (2) Also, when the switch is acting in the role of a

multicast host (such as when using proxy routing), it should ignore

version 2 or 3 queries that do not contain the Router Alert option.

Unregistered Data Flooding – Floods unregistered multicast traffic

into the attached VLAN. (Default: Disabled)
Once the table used to store multicast entries for IGMP snooping and

multicast routing is filled, no new entries are learned. If no router port

is configured in the attached VLAN, and unregistered-flooding is

disabled, any subsequent multicast traffic not found in the table is

dropped, otherwise it is flooded throughout the VLAN.

Version Exclusive – Discards any received IGMP messages which use

a version different to that currently configured by the IGMP Version

attribute. (Default: Disabled)

IGMP Unsolicited Report Interval – Specifies how often the

upstream interface should transmit unsolicited IGMP reports when

proxy reporting is enabled. (Range: 1-65535 seconds, Default: 400

seconds)
When a new upstream interface (that is, uplink port) starts up, the

switch sends unsolicited reports for all currently learned multicast

channels via the new upstream interface.
This command only applies when proxy reporting is enabled.

Router Port Expire Time – The time the switch waits after the

previous querier stops before it considers it to have expired.

(Range: 1-65535, Recommended Range: 300-500 seconds,

Default: 300)