IGMP snooping is the process of listening to

Internet Group Management Protocol The Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IPv4 networks to establish multicast group memberships. IGMP is an integral part of IP multicast and allows the network to direct ...

(IGMP) network traffic to control delivery of

IP multicast IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is the IP-specific form of multicast and is used for streaming media and other network applications. It uses speci ...

Network switch A network switch (also called switching hub, bridging hub, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A ...

es with IGMP snooping listen in on the IGMP conversation between

hosts A host is a person responsible for guests at an event or for providing hospitality during it. Host may also refer to: Places * Host, Pennsylvania, a village in Berks County People *Jim Host (born 1937), American businessman *Michel Host ...

and routers and maintain a map of which links need which IP multicast transmission. Multicasts may be filtered from the links which do not need them, conserving bandwidth on those links. IGMP snooping is described in an informational IETF RFC but affects bridging operations, the purview of the IEEE. Because of a lack of an authoritative standard, the process may operate differently on different equipment.

Purpose

A switch will, by default,

flood A flood is an overflow of water ( or rarely other fluids) that submerges land that is usually dry. In the sense of "flowing water", the word may also be applied to the inflow of the tide. Floods are an area of study of the discipline hydrol ...

multicast traffic to all the ports in a

broadcast domain A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments. In ...

(or the

VLAN A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).IEEE 802.1Q-2011, ''1.4 VLAN aims and benefits'' In this context, virtual, refers to a phys ...

equivalent). Multicast can cause unnecessary load on host devices by requiring them to process packets they have not solicited. When purposefully exploited, this can form the basis of a

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...

. IGMP snooping is designed to prevent hosts on a local network from receiving traffic for a multicast group they have not explicitly joined. It provides switches with a mechanism to prune multicast traffic from links that do not contain a multicast listener (an IGMP client). Essentially, IGMP snooping is a layer 2 optimization for the layer 3 IGMP. IGMP snooping takes place internally on switches and is not a protocol feature. IGMP snooping allows a switch to only forward multicast traffic to the links that have solicited them. Snooping is therefore especially useful for bandwidth-intensive IP multicast applications such as

IPTV Internet Protocol television (IPTV) is the delivery of television content over Internet Protocol (IP) networks. This is in contrast to delivery through traditional terrestrial, satellite, and cable television formats. Unlike downloaded med ...

Standard status

IGMP snooping, although an important technique, overlaps two standards organizations, namely

IEEE The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operati ...

which standardizes

Ethernet switch A network switch (also called switching hub, bridging hub, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A ...

es, and

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements an ...

which standardizes IP multicast. This means that there is no clear standards body responsible for this technique. This is why on IGMP snooping carries only an ''informational'' status, despite actually being referred to in other standards work, such as , as normative.

Implementations options

IGMP querier

In order for IGMP, and thus IGMP snooping, to function, a multicast router must exist on the network and generate IGMP queries. Without a querier IGMP membership reporting may be incomplete and the tables associating member ports and multicast groups are potentially incomplete and snooping will not work reliably. Some IGMP snooping implementations include full querier capability. IGMPv2 and IGMPv3 contain provision for selecting a querier when multiple are available. The querier with the lowest IP address is given the role. IGMP general queries from the querier must be unconditionally forwarded by all switches involved in IGMP snooping.

Proxy reporting

IGMP snooping with ''proxy reporting'' or ''report suppression'' actively filters IGMP packets in order to reduce load on the multicast router. Joins and leaves heading upstream to the router are filtered so that only the minimal quantity of information is sent. The switch is trying to ensure the router only has a single report for the group, regardless of how many active listeners there are. If there are two active listeners in a group and the first one leaves, then the switch determines that the router does not need this information since it does not affect the status of the group from the router's point of view. The next time there is a routine query from the router the switch will forward the reply from the remaining host. In the presence of proxy reporting, the router will generally only know about the most recently joined member of the group.

References

{{Reflist, refs= {{cite IETF , rfc=2236 , title=Internet Group Management Protocol, Version 2 , author1=W. Fenner , publisher=

, date=November 1997 {{cite IETF , rfc=3376 , title=Internet Group Management Protocol, Version 3 , author1=B. Cain , display-authors=etal , publisher=

, date=October 2002 {{cite IETF , rfc=4541 , title=Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches , author1=M. Christensen , author2=K. Kimball , author3=F. Solensky , publisher=