[magma] Cross-Vlan IGMP query-forwarding.

"Kimball, Karen E" <karen.kimball@hp.com> Wed, 12 October 2011 17:35 UTC

Return-Path: <karen.kimball@hp.com>
X-Original-To: magma@ietfa.amsl.com
Delivered-To: magma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FB3F21F869E for <magma@ietfa.amsl.com>; Wed, 12 Oct 2011 10:35:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.999
X-Spam-Level:
X-Spam-Status: No, score=-105.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id glAw2Z8j++TC for <magma@ietfa.amsl.com>; Wed, 12 Oct 2011 10:35:55 -0700 (PDT)
Received: from g4t0017.houston.hp.com (g4t0017.houston.hp.com [15.201.24.20]) by ietfa.amsl.com (Postfix) with ESMTP id 90D4921F8634 for <magma@ietf.org>; Wed, 12 Oct 2011 10:35:55 -0700 (PDT)
Received: from G2W1953G.americas.hpqcorp.net (g2w1953g.austin.hp.com [16.238.8.185]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by g4t0017.houston.hp.com (Postfix) with ESMTPS id 1CE483822C for <magma@ietf.org>; Wed, 12 Oct 2011 17:35:55 +0000 (UTC)
Received: from G4W3200G.americas.hpqcorp.net (16.234.105.236) by G2W1953G.americas.hpqcorp.net (16.238.8.185) with Microsoft SMTP Server (TLS) id 14.1.289.1; Wed, 12 Oct 2011 17:32:34 +0000
Received: from G4W3296.americas.hpqcorp.net ([169.254.10.66]) by G4W3200G.americas.hpqcorp.net ([16.234.105.236]) with mapi id 14.01.0289.001; Wed, 12 Oct 2011 17:32:29 +0000
From: "Kimball, Karen E" <karen.kimball@hp.com>
To: "magma@ietf.org" <magma@ietf.org>
Thread-Topic: Cross-Vlan IGMP query-forwarding.
Thread-Index: AQHMiQTqbHdhDL/zF02vWRnar3IqAQ==
Date: Wed, 12 Oct 2011 17:32:26 +0000
Message-ID: <CE5DDD3ABC3B9640B260C2DEA18DC423039F20@G4W3296.americas.hpqcorp.net>
References: <mailman.608.1318434810.3002.magma@ietf.org>
In-Reply-To: <mailman.608.1318434810.3002.magma@ietf.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [16.216.12.10]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [magma] Cross-Vlan IGMP query-forwarding.
X-BeenThere: magma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multicast and Anycast Group Membership <magma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/magma>, <mailto:magma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/magma>
List-Post: <mailto:magma@ietf.org>
List-Help: <mailto:magma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/magma>, <mailto:magma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2011 17:35:57 -0000

Hello, all,

IGMP is not responsible for routing across VLANs. It is actually designed to keep things local to its own VLAN-- to reduce flooding, rather than create it.

Indranil's diagram is shown below:

>                           VLANA(10.x.x.x)         VLANB(20.x.x.x)
>
> RTR--------------------------sw-------------------------HOST.


If you want to route IGMP Queries from one VLAN to IGMP hosts on another, then you use a multicast routing protocol such as PIM.

IGMP alone is not expected to perform this function.


Thank you and best regards,
  Karen Kimball



Message: 1
Date: Wed, 12 Oct 2011 19:54:26 +0530
From: Indranil Bhattacharya <myselfindranil@gmail.com>;
To: "Beeram, Suresh KumarReddy" <sbeeram@hp.com>;
Cc: "magma@ietf.org"; <magma@ietf.org>;
Subject: Re: [magma] Question about IGMP host implementation
Message-ID:
	<CAAaur94fK2C+HnnbnOjdrOTfDatJ9g1gATxvkzQ-LcdrW7ogVw@mail.gmail.com>;
Content-Type: text/plain; charset="iso-8859-1"

Hi Suresh,
                           VLANA(10.x.x.x)         VLANB(20.x.x.x)

RTR-------------------------------sw------------------------------HOST.

All the queries received on VLANA will be forwared to VLANB. When mcast data
is received on vlanA those will also be forwarded on vlanB after some header
rewrite. Please let me know if this answers your question.
Thanks,
Indranil
On Wed, Oct 12, 2011 at 4:16 PM, Beeram, Suresh KumarReddy
<sbeeram@hp.com>wrote:

>  Hi Indranil,****
>
> Why the Query coming from VLAN-A has to be forwarded to VLAN-B?****
>
> In general switch should forward the Query packets to all the ports in same
> VLAN(VLAN-A). Hosts receiving the Query can reply to the query even the
> source address of the Query is in different subnet.****
>
> Is there anything I am missing in your reply???****
>
> Thanks****
>
> B S  Reddy****
>
> ** **
>
> *From:* magma-bounces@ietf.org [mailto:magma-bounces@ietf.org] *On Behalf
> Of *Indranil Bhattacharya
> *Sent:* Wednesday, October 12, 2011 2:06 PM
> *To:* Kunal Shah
> *Cc:* magma@ietf.org
> *Subject:* Re: [magma] Question about IGMP host implementation****
>
> ** **
>
> Hi Kunal,****
>
>  ****
>
>              Yes it should. The scenario that I have in mind is a switch
> whose mrouter interface is in vlanA and igmp joins are received on an
> interface in vlanB. In this case, query coming from vlanA(different subnet)
> has to be answered by hosts in vlanB.****
>
>  ****
>
> Thanks,****
>
> Indranil****
>
> On Wed, Oct 12, 2011 at 6:08 AM, Kunal Shah <kunal.shah@ericsson.com>;
> wrote:****
>
> Hi all,****
>
>  ****
>
> Can an IGMPv2 host respond to a general query originated from a subnet
> other then its own?? RFC 2236 states: ****
>
>  ****
>
> ""query received" occurs when the host receives either a valid
>      General Membership Query message, or a valid Group-Specific
>      Membership Query message.  To be valid, the Query message must be
>      at least 8 octets long, and have a correct IGMP checksum.  The
>      group address in the IGMP header must either be zero (a General
>      Query) or a valid multicast group address (a Group-Specific Query)" *
> ***
>
>  ****
>
> There is no requirement for the source address to be on the same subnet as
> the host.****
>
>  ****
>
> Thanks,****
>
> Kunal****
>
>  ****
>
>
> _______________________________________________
> magma mailing list
> magma@ietf.org
> https://www.ietf.org/mailman/listinfo/magma****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ietf.org/mail-archive/web/magma/attachments/20111012/33211bfd/attachment.htm>

------------------------------

Message: 2
Date: Wed, 12 Oct 2011 19:55:14 +0530
From: Indranil Bhattacharya <myselfindranil@gmail.com>;
To: Bharat Joshi <bharat_joshi@infosys.com>;
Cc: "magma@ietf.org"; <magma@ietf.org>;
Subject: Re: [magma] Question about IGMP host implementation
Message-ID:
	<CAAaur94VkhghN+VaL7ZUzyt_t9LDKG4JmqDG8fPPA5ba29dsbA@mail.gmail.com>;
Content-Type: text/plain; charset="iso-8859-1"

Hi Bharat,

              I was thinking on the line of cat3k switches where we can
configure SVIs.

Thanks,
Indranil

On Wed, Oct 12, 2011 at 4:53 PM, Bharat Joshi <bharat_joshi@infosys.com>wrote:

> How is a switch has two different subnets on its two ports? Typically
> switch divides the broadcast domain. Right?
>
> Regards,
> Bharat
> ________________________________________
> From: magma-bounces@ietf.org [magma-bounces@ietf.org] On Behalf Of
> Indranil Bhattacharya [myselfindranil@gmail.com]
> Sent: Wednesday, October 12, 2011 2:05 PM
> To: Kunal Shah
> Cc: magma@ietf.org
> Subject: Re: [magma] Question about IGMP host implementation
>
> Hi Kunal,
>
>             Yes it should. The scenario that I have in mind is a switch
> whose mrouter interface is in vlanA and igmp joins are received on an
> interface in vlanB. In this case, query coming from vlanA(different subnet)
> has to be answered by hosts in vlanB.
>
> Thanks,
> Indranil
>
> On Wed, Oct 12, 2011 at 6:08 AM, Kunal Shah <kunal.shah@ericsson.com
> <mailto:kunal.shah@ericsson.com>> wrote:
> Hi all,
>
> Can an IGMPv2 host respond to a general query originated from a subnet
> other then its own?? RFC 2236 states:
>
> ""query received" occurs when the host receives either a valid
>     General Membership Query message, or a valid Group-Specific
>     Membership Query message.  To be valid, the Query message must be
>     at least 8 octets long, and have a correct IGMP checksum.  The
>     group address in the IGMP header must either be zero (a General
>     Query) or a valid multicast group address (a Group-Specific Query)"
>
> There is no requirement for the source address to be on the same subnet as
> the host.
>
> Thanks,
> Kunal
>
>
> _______________________________________________
> magma mailing list
> magma@ietf.org<mailto:magma@ietf.org>
> https://www.ietf.org/mailman/listinfo/magma
>
>
>
> **************** CAUTION - Disclaimer *****************
> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
> solely
> for the use of the addressee(s). If you are not the intended recipient,
> please
> notify the sender by e-mail and delete the original message. Further, you
> are not
> to copy, disclose, or distribute this e-mail or its contents to any other
> person and
> any such actions are unlawful. This e-mail may contain viruses. Infosys has
> taken
> every reasonable precaution to minimize this risk, but is not liable for
> any damage
> you may sustain as a result of any virus in this e-mail. You should carry
> out your
> own virus checks before opening the e-mail or attachment. Infosys reserves
> the
> right to monitor and review the content of all messages sent to or from
> this e-mail
> address. Messages sent to or from this e-mail address may be stored on the
> Infosys e-mail system.
> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ietf.org/mail-archive/web/magma/attachments/20111012/29af8268/attachment.htm>

------------------------------

Message: 3
Date: Wed, 12 Oct 2011 11:47:59 -0400
From: Kunal Shah <kunal.shah@ericsson.com>;
To: Bharat Joshi <bharat_joshi@infosys.com>;, "magma@ietf.org";
	<magma@ietf.org>;
Subject: Re: [magma] Question about IGMP host implementation
Message-ID:
	<4FD1E7CD248BF84F86BD4814EDDDBCC151401F3B7A@EUSAACMS0703.eamcs.ericsson.se>;
	
Content-Type: text/plain; charset="us-ascii"

Hi Bharat,

The security consideration addresses the processing of a report from a different subnet on the router. My question pertains to the processing of a Query from a different subnet on the host.

Kunal 

-----Original Message-----
From: Bharat Joshi [mailto:bharat_joshi@infosys.com] 
Sent: Wednesday, October 12, 2011 4:20 AM
To: Kunal Shah; magma@ietf.org
Subject: RE: Question about IGMP host implementation

Hi Kunal,

        I think to keep the security tight, it is better to not respond to queries received from a source address which does not fall on a subnet on that interface. Please note that this should be done only broadcast interfaces. It may not work on point-to-point links.

        If you look at the security consideration in RFC 2236, it is mentioned that for reports, the above check should be done.

Regards,
Bharat
________________________________________
From: magma-bounces@ietf.org [magma-bounces@ietf.org] On Behalf Of Kunal Shah [kunal.shah@ericsson.com]
Sent: Wednesday, October 12, 2011 6:08 AM
To: magma@ietf.org
Subject: [magma] Question about IGMP host implementation

Hi all,

Can an IGMPv2 host respond to a general query originated from a subnet other then its own?? RFC 2236 states:

""query received" occurs when the host receives either a valid
     General Membership Query message, or a valid Group-Specific
     Membership Query message.  To be valid, the Query message must be
     at least 8 octets long, and have a correct IGMP checksum.  The
     group address in the IGMP header must either be zero (a General
     Query) or a valid multicast group address (a Group-Specific Query)"

There is no requirement for the source address to be on the same subnet as the host.

Thanks,
Kunal


**************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***


------------------------------

Message: 4
Date: Wed, 12 Oct 2011 21:20:11 +0530
From: Bharat Joshi <bharat_joshi@infosys.com>;
To: Kunal Shah <kunal.shah@ericsson.com>;, "magma@ietf.org";
	<magma@ietf.org>;
Subject: Re: [magma] Question about IGMP host implementation
Message-ID:
	<31D55C4D55BEED48A4459EB64567589A1186EB24EB@BLRKECMBX02.ad.infosys.com>;
	
Content-Type: text/plain; charset="us-ascii"

Kunal,

        What I am suggesting is that though RFC does not explicitly suggest it, it might be better to do this for broadcast interfaces.

        But yes, RFC does not suggest anything on this so a host can process a query message with a source address from any other subnet as well.

Regards,
Bharat
________________________________________
From: Kunal Shah [kunal.shah@ericsson.com]
Sent: Wednesday, October 12, 2011 9:17 PM
To: Bharat Joshi; magma@ietf.org
Subject: RE: Question about IGMP host implementation

Hi Bharat,

The security consideration addresses the processing of a report from a different subnet on the router. My question pertains to the processing of a Query from a different subnet on the host.

Kunal

-----Original Message-----
From: Bharat Joshi [mailto:bharat_joshi@infosys.com]
Sent: Wednesday, October 12, 2011 4:20 AM
To: Kunal Shah; magma@ietf.org
Subject: RE: Question about IGMP host implementation

Hi Kunal,

        I think to keep the security tight, it is better to not respond to queries received from a source address which does not fall on a subnet on that interface. Please note that this should be done only broadcast interfaces. It may not work on point-to-point links.

        If you look at the security consideration in RFC 2236, it is mentioned that for reports, the above check should be done.

Regards,
Bharat
________________________________________
From: magma-bounces@ietf.org [magma-bounces@ietf.org] On Behalf Of Kunal Shah [kunal.shah@ericsson.com]
Sent: Wednesday, October 12, 2011 6:08 AM
To: magma@ietf.org
Subject: [magma] Question about IGMP host implementation

Hi all,

Can an IGMPv2 host respond to a general query originated from a subnet other then its own?? RFC 2236 states:

""query received" occurs when the host receives either a valid
     General Membership Query message, or a valid Group-Specific
     Membership Query message.  To be valid, the Query message must be
     at least 8 octets long, and have a correct IGMP checksum.  The
     group address in the IGMP header must either be zero (a General
     Query) or a valid multicast group address (a Group-Specific Query)"

There is no requirement for the source address to be on the same subnet as the host.

Thanks,
Kunal


**************** CAUTION - Disclaimer ***************** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***


------------------------------

_______________________________________________
magma mailing list
magma@ietf.org
https://www.ietf.org/mailman/listinfo/magma


End of magma Digest, Vol 77, Issue 2
************************************