Check Igmp Groups Filtering

The IGMP protocol can be configured to allow or deny the sending of multicast traffic from specific groups.

../../../_images/igmpgroupsfilteringtopology.svg

Test IGMP Groups Filtering

Description

The following scenario shows how to configure DUT0 to forward the multicast traffic generated by DUT1 to DUT2, only when the latter has been previously added to an allowed multicast group.

Scenario

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 vif 101 address 10.0.0.1/24
set interfaces ethernet eth1 vif 102 address 20.0.0.1/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1:

set interfaces ethernet eth0 vif 101 address 10.0.0.2/24
set interfaces ethernet eth0 vif 101 traffic policy out TTL
set protocols static route 224.0.0.0/4 interface eth0.101
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy TTL rule 1 set ttl 64

Step 3: Set the following configuration in DUT2:

set interfaces ethernet eth0 vif 102 address 20.0.0.2/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Modify the following configuration lines in DUT0:

set interfaces ethernet eth0 vif 101 ip pim
set interfaces ethernet eth1 vif 102 ip igmp query-interval 24
set interfaces ethernet eth1 vif 102 ip multicast boundary-list IGMP_GROUPS
set interfaces ethernet eth1 vif 102 ip pim
set protocols ip prefix-list IGMP_GROUPS rule 1 action deny
set protocols ip prefix-list IGMP_GROUPS rule 1 prefix 224.0.55.0/24
set protocols ip prefix-list IGMP_GROUPS rule 2 action permit
set protocols ip prefix-list IGMP_GROUPS rule 2 prefix 224.0.0.0/4
set protocols pim rp address 10.0.0.1 group 224.0.0.0/4

Note

Initially, DUT0 has no information about multicast groups, since DUT2 has not requested to join any multicast group.

Step 5: Run command interfaces ethernet eth1 vif 102 ip igmp show statistics json at DUT0 and expect this output:

Show output
{
  "eth1.102":{
    "name":"eth1.102",
    "queryV1":0,
    "queryV2":0,
    "queryV3":0,
    "leaveV2":0,
    "reportV1":0,
    "reportV2":0,
    "reportV3":3,
    "mtraceResponse":0,
    "mtraceRequest":0,
    "unsupported":0,
    "totalReceivedMessages":3,
    "peakGroups":0,
    "totalGroups":0,
    "totalSourceGroups":0,
    "joinsFailed":0,
    "joinsSent":4,
    "generalQueriesSent":1,
    "groupQueriesSent":0
  }
}

Step 6: Run command protocols igmp show groups at DUT0 and check if output contains the following tokens:

224.0.44.44
Show output
Total IGMP groups: 0
Watermark warn limit(Not Set): 0
Interface        Group           Mode Timer    Srcs V Uptime

Step 7: Run command protocols ip show multicast route at DUT0 and check if output does not match the following regular expressions:

[*]\s+224.0.44.44\s+SC\s+IGMP
Show output
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
       R - SGRpt Pruned, F - Register flag, T - SPT-bit set
 Source  Group  Flags  Proto  Input  Output  TTL  Uptime

Step 8: Run command protocols igmp show groups at DUT0 and check if output contains the following tokens:

224.0.55.55
Show output
Total IGMP groups: 0
Watermark warn limit(Not Set): 0
Interface        Group           Mode Timer    Srcs V Uptime

Step 9: Run command protocols ip show multicast route at DUT0 and check if output does not match the following regular expressions:

[*]\s+224.0.55.55\s+SC\s+IGMP
Show output
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
       R - SGRpt Pruned, F - Register flag, T - SPT-bit set
 Source  Group  Flags  Proto  Input  Output  TTL  Uptime

Note

Once DUT2 requests to join multicast group 224.0.55.55, DUT0 should have no information on that group since it is denied in DUT0.

Step 10: Run command monitor test connection server 1234 udp local-address 224.0.55.55 local-interface eth0.102 multicast at DUT2.

Step 11: Run command interfaces ethernet eth1 vif 102 ip igmp show statistics json at DUT0 and expect this output:

Show output
{
  "eth1.102":{
    "name":"eth1.102",
    "queryV1":0,
    "queryV2":0,
    "queryV3":0,
    "leaveV2":0,
    "reportV1":0,
    "reportV2":0,
    "reportV3":8,
    "mtraceResponse":0,
    "mtraceRequest":0,
    "unsupported":0,
    "totalReceivedMessages":8,
    "peakGroups":0,
    "totalGroups":0,
    "totalSourceGroups":0,
    "joinsFailed":0,
    "joinsSent":4,
    "generalQueriesSent":2,
    "groupQueriesSent":0
  }
}

Step 12: Run command protocols igmp show groups at DUT0 and check if output contains the following tokens:

224.0.44.44
Show output
Total IGMP groups: 0
Watermark warn limit(Not Set): 0
Interface        Group           Mode Timer    Srcs V Uptime

Step 13: Run command protocols ip show multicast route at DUT0 and check if output does not match the following regular expressions:

[*]\s+224.0.44.44\s+SC\s+IGMP
Show output
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
       R - SGRpt Pruned, F - Register flag, T - SPT-bit set
 Source  Group  Flags  Proto  Input  Output  TTL  Uptime

Step 14: Run command protocols igmp show groups at DUT0 and check if output contains the following tokens:

224.0.55.55
Show output
Total IGMP groups: 0
Watermark warn limit(Not Set): 0
Interface        Group           Mode Timer    Srcs V Uptime

Step 15: Run command protocols ip show multicast route at DUT0 and check if output does not match the following regular expressions:

[*]\s+224.0.55.55\s+SC\s+IGMP
Show output
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
       R - SGRpt Pruned, F - Register flag, T - SPT-bit set
 Source  Group  Flags  Proto  Input  Output  TTL  Uptime

Note

And consequently, if DUT1 generates multicast traffic for group 224.0.55.55, DUT0 should not forward it to DUT2, and this traffic should not be received by DUT2.

Step 16: Run command traffic dump monitor interface eth1.102 at DUT0.

Step 17: Run command monitor test connection client 224.0.55.55 1234 udp source-port 1235 at DUT1.

Note

However, after DUT2 requests to join multicast group 224.0.44.44, DUT0 should have information about that group since it is among the allowed set.

Step 18: Run command monitor test connection server 1234 udp local-address 224.0.44.44 local-interface eth0.102 multicast at DUT2.

Step 19: Run command interfaces ethernet eth1 vif 102 ip igmp show statistics json at DUT0 and expect this output:

Show output
{
  "eth1.102":{
    "name":"eth1.102",
    "queryV1":0,
    "queryV2":0,
    "queryV3":0,
    "leaveV2":0,
    "reportV1":0,
    "reportV2":0,
    "reportV3":11,
    "mtraceResponse":0,
    "mtraceRequest":0,
    "unsupported":0,
    "totalReceivedMessages":11,
    "peakGroups":1,
    "totalGroups":1,
    "totalSourceGroups":0,
    "joinsFailed":0,
    "joinsSent":4,
    "generalQueriesSent":2,
    "groupQueriesSent":0
  }
}

Step 20: Run command protocols igmp show groups at DUT0 and check if output contains the following tokens:

224.0.44.44
Show output
Total IGMP groups: 1
Watermark warn limit(Not Set): 0
Interface        Group           Mode Timer    Srcs V Uptime
eth1.102         224.0.44.44     EXCL 00:00:57    1 3 00:00:02

Step 21: Run command protocols ip show multicast route at DUT0 and check if output matches the following regular expressions:

[*]\s+224.0.44.44\s+SC\s+IGMP
Show output
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
       R - SGRpt Pruned, F - Register flag, T - SPT-bit set
 Source    Group        Flags  Proto  Input     Output    TTL  Uptime
 *         224.0.44.44  SC     IGMP   eth0.101  pimreg    1    00:00:02
                               IGMP             eth1.102  1
 10.0.0.2  224.0.55.55  SFTP   none   eth0.101  none      0    --:--:--

Step 22: Run command protocols igmp show groups at DUT0 and check if output contains the following tokens:

224.0.55.55
Show output
Total IGMP groups: 1
Watermark warn limit(Not Set): 0
Interface        Group           Mode Timer    Srcs V Uptime
eth1.102         224.0.44.44     EXCL 00:00:57    1 3 00:00:02

Step 23: Run command protocols ip show multicast route at DUT0 and check if output does not match the following regular expressions:

[*]\s+224.0.55.55\s+SC\s+IGMP
Show output
IP Multicast Routing Table
Flags: S - Sparse, C - Connected, P - Pruned
       R - SGRpt Pruned, F - Register flag, T - SPT-bit set
 Source    Group        Flags  Proto  Input     Output    TTL  Uptime
 *         224.0.44.44  SC     IGMP   eth0.101  pimreg    1    00:00:02
                               IGMP             eth1.102  1
 10.0.0.2  224.0.55.55  SFTP   none   eth0.101  none      0    --:--:--

Note

And consequently, if DUT1 generates multicast traffic for group 224.0.44.44, DUT0 should forward it to DUT2, and this traffic should be received by DUT2.

Step 24: Run command traffic dump monitor interface eth1.102 at DUT0.

Step 25: Run command monitor test connection client 224.0.44.44 1234 udp source-port 1235 at DUT1.