IGMP Snooping MDB

Linux bridge enables connecting two Ethernet segments together in a protocol independent way. Packets are forwarded based on Ethernet address, rather than IP address (like a router). Since forwarding is done at Layer 2, all protocols can go transparently through a bridge.
IGMP snooping is done by trapping the IGMP packets to the CPU (host CPU). The trapping is needed to listen on the IGMP conversation between hosts and routers and maintain a map of which links need which IP multicast transmission – to control delivery of IP Multicast.
Multicast flooding requires creating a bridge, then you need to bond (enslave) the switchports that are meant to receive multicast traffic by this bridge device. The final step is to create a multicast group that enables the multicast traffic flooding between enslaved ports that are assigned to a multicast group.

MDB entry

MDB is a Multicast group database entry. These objects contain known L2 multicast group addresses (mac address) on a link.
Bridge driver keeps track of all registered multicast groups by grouping them into 'multicast groups', which can hold more than one interface joined to a group (group member).

Creating a static MDB group

A bridge is created by running:
ip link add name br0 type bridge
or
brctl addbr br0

To create a static MDB group (or add port to an already existing group), enter the following command:
bridge mdb add dev DEV port PORT grp GROUP <permanent|temp>
Where,

dev DEV - is the interface where this group address is associated.
port PORT - is the port whose link is known to have members of this multicast group.
grp GROUP - is the multicast group address (Ipv4, Ipv6 or L2 Multicast) whose members reside on the link connected to the port.
permanent - indicates that the MDB entry is permanent
temp - indicates that the MDB entry is temporary (default)

Examples
The following command creates a static MDB group for a MAC address:
bridge mdb add dev br0 port veth1 grp 01:00:00:00:00:04 permanent vid 1
The following command creates a static MDB group for an IPv4 address:
bridge mdb add dev br0 port veth1 grp 239.255.255.255 permanent vid 1

NOTE: The Prestera driver supports both regular ports, as well as LAG interfaces, taking part in multicast flooding.

Deleting a single MDB group

To delete a group (or a single port from a group), enter the following command:
bridge mdb delete dev br0 port veth1 grp <grp> permanent vid 1
NOTE: Deleting a bridge automatically clears all MDB groups associated with this bridge.

Viewing an MDB table

To view an MDB table, enter the following command:
bridge -d -s mdb show dev bridge
Where,

-d shows 'time to live' of any shown MDB group (time till expiration)
-s shows multicast router ports

Multicast configuration

To configure multicast bridging (disable/enable IGMP snooping) on a bridge device, use the following command:
ip link set dev bridgeD type bridge mcast_snooping 0 (where '0' is desired state - either on or off)

Dynamic configuration (ports joining / leaving group due to IGMP control packets)

Dynamic multicast group join/leave events are automatically propagated to the switchdev driver by bridge driver, upon receiving such IGMP control packets.
Bridge's multicast processing should be enabled, in case if it's not - device would trap IGMP control packets to the CPU, but the bridge driver won't process them.
Upon receiving ‘membership report’ IGMP messages, bridge’s MDB table is going to be updated automatically, based on the content of the messages themselves: _the table is populated by IGMP and MLD snooping in the bridge driver automatically. It can be altered by bridge mdb add and bridge mdb del commands manually too (from 'man bridge').

Multicast flooding behavior

Overall flooding behavior depends on the following factors:

bridge's multicast processing state (either enabled or disabled);
whether bridge acts as an multicast querier itself (e.g. querier mode enabled on bridge);
whether multicast router exists (either present or absent);

Condition	Port's joined MDB group that traffic is being sent to	Port's NOT joined MDB group that traffic is being sent to
Bridge's multicast processing disabled	Not flooded	Not flooded
Bridge's multicast processing enabled	Flooded in regards to the MDB table	Flooded to every multicast router (or to every port if querier is enabled)
Bridge is in querier mode	Flooded to every port	Flooded to every port
Bridge is NOT in querier mode	Flooded in regards to the MDB table	Flooded only to every multicast router
Multicast router exists	Flooded in regards to the MDB table	Flooded obly to every multicast router
Multicast router is absent	Flooded in regards to the MDB table	Flooded to every port

Limitations

Trapping IGMP packets is enabled by default, and cannot be disabled.
The switch supports IGMPv3 snooping based only on the destination multicast IP address (Basic IGMPv3 Snooping Support). It does not support snooping based on a source IP address or proxy report (Linux limitation).
Since linux bridge driver (and prestera switchdev driver respectively) handle MDB entries by matched DA MAC address and not IPv4 address, adding an MDB address matched by an Ipv4 address may invoke reception of multicast traffic from multiple multicast groups (since Ipv4 address is being transformed into a wider MAC address range).

Network Configurations

Switch Port
- Switch Port Configuration
- Port Isolation
Layer 2
Layer 3
Dynamic SCT
- Dynamic SCT
Quality of Service (QoS)
- Priority Mapping
Access Control Lists (ACL)
Network Address Translation (NAT)
Debugging Tools and and Methods
Resources and Releases
Marvell® Switchdev Slim (Single-CPU) mode guide

Provide feedback

Saved searches

Use saved searches to filter your results more quickly