IPv6 MLD Snooping
I have finally finished my first read through of the CCIE R&S Written OCG and now is time to lab out some of my weaker points, read through a pile of RFC’s and then eventually book and take the exam.
I thought today I would do a post on MLD snooping on Cisco switches.
If you have ever configured IGMP snooping for IPv4 then this is pretty much identical!
For this test I used the below topology which comprises of 4 routers (7206VXR’s in this case on Dynagen) and 1 switch (Catalyst 3560).
For this example all I did was enable IPv6 multicast-routing on R4:
R4(config)#ipv6 multicast-routing
Doing this allowed R4 to send out MLD queries to the other routers on the network, it is these queries that the switch listens to and builds it database. To tell the switch to do MLD snooping you need to explicitly tell it to (it is not enabled by default):
SW4(config)#ipv6 mld snooping
Once you have enable this you need to manually (for the purpose of this example) join an IPv6 multicast group on another of the routers (R1 in my case):
R1(config-if)#ipv6 mld join-group FF1E::1
When R1 joined this group it will have sent an MLD join message out on the network which the switch will also have seen. Once the network has settled down (should be immediate but can take a couple of minutes depending on the order you apply the commands) you should see entries in the MLD table on the switch:
SW4#sh ipv6 mld snooping address
Vlan Group Type Version Port List
1 FF1E::1 mld Fa0/1, Fa0/4
This shows that the switch has seen the MLD traffic and added it to its database and has made a note of the ports where traffic has been seen (R1’s and R4’s ports). To test whether this was all working I sent a ping from R2 to FF1E::1 which is the multicast group that R1 has joined.
When I do this I see in Wireshark (taken from the Fa0/0 interface of R3) that no packets reach R3 which is what we want to see:
As with IPv4 multicast as default switches will flood multicast just as if it were a broadcast frame, so it would be sent to every port in the Vlan.
To also test this I removed the MLD snooping from the switch and did the same test:
This shows that the request was received by R3, you do not see the reply as these will be sent from Unicast MAC -> Unicast MAC and therefore not flooded by the switch.
As usual with my posts please let me know any feedback you may have, both positive or negative. If there is anything else that you think I should cover please also let me know.