IGMP Snooping

I am trying to get a better understanding of some of our ethernet ip systems and i know that you must use managed switches with IGMP turned on to filter out all the multicast traffic.

But i am having a hard time exactly understanding what multicast traffic is and how it is different froma corporate computer ethernet network.

Do most IT systems have multicast traffic and use switches with IGMP snooping? I would think not because everytime i have seen automation devices that use ethernet ip connected to a corporate network it ends in disaater without the proper equipment.

If computer ethernet networks do not use multicast the why do automation ethernet networks use it?

I also can not seem to figure out the difference between multicast and unicast? I see both listed in manuals sometimes but no details on them.

Try this document from rockwell ENET-TD001B-EN-P

The word "multicast" is typically used to refer to IP multicast which is often employed for streaming media and Internet television applications. In IP multicast the implementation of the multicast concept occurs at the IP routing level, where routers create optimal distribution paths for datagrams sent to a multicast destination address spanning tree in real-time. At the Data Link Layer, multicast describes one-to-many distribution such as Ethernet multicast addressing, Asynchronous Transfer Mode (ATM) point-to-multipoint virtual circuits or Infiniband multicast.

Unicast is simply sending to a set station.

On the multicast the management is to control the IP groups that the broadcast is sent to.

A lot of these anwers can also be found on wikepedia which is where I copied this definition from

Quick reply - Multicast traffic is sent WITHOUT the destination MAC address, but sends a Multicast 'Group ID' instead. The basic problem, is that this is a connectionless protocol, and since normal switches use the communicating pair's MAC addresses to filter traffic, they just pass through all multicast traffic everywhere.

Routers that have IGMP snooping, and multicast filtering intelligently determine the actual members of the group, and only forward packets to those members. They also build MAC Targetted multicast messages, by 'snooping' the communication partners and extracting the actual MAC addresses. This allows standard switches to filter out the multicast packets, as they now have MAC addresses attached.

Why do automation networks use multicast and general PC networks don't? Well, basically because automation products often don't 'know' who is trying to talk to them; while there are point to point messages flying around, many automation protocols rely on publishing various data to multiple clients. It is more efficient if the clients can grab information off of the wire, even if it's not expressly addressed to them.

Most PC networks rely purely on point-to-point communications, and 'grabbing' information off the wire is considered bad form, and is a security risk.

Multicast messaging is a standard IP feature that allows messages from one to many, but without sending it to the entire network. (That would be a broadcast message). The problem with the low cost switches is that they simply convert multicast messages to broadcast messages, since it is better to send the messages to too many receivers that to drop the packets. IGMP snooping allows the switch to manage setup and teardown of Multicast Groups without broadcasting the traffic to all the ports on the switch. Anyway, EtherNet IP tends to generate alot of traffic, so even with IGMP snooping on, it's still a good idea to keep it on its own switch or VLAN, as all the Allen Bradly documentation recommends, see the document widelto recommends above.

So now i am understanding that automation devices use multicast because it is more effective in speed and throughput for devices to get info off the wire versus send the message directly to everyone correct?

But then we turn around and setup IGMP snooping to direct the info that is needed only to the point or device that requires it and discards all the rest.

So in effect by using IGMP snooping we are acting like a standard pc network? If so why not do it that way to begin with? Am i way off base?

I am trying to wrap my head around this concept but it is beating me so far.

If you and I were connected to the same hub and if I sent a message to you, that message would be broadcast back out every port on that hub. If that hub was connected to another hub, it would be broadcast all to all those devices as well.

Using a switch if I sent a message to you, that message would be unicast from my switch port to your port. No other ports would see that traffic.

Now if I need to send that message to you and another user using multicast, a standard switch would not recognize who belongs to multicast groups, so the switch acts like a hub and sends that data out on all ports. Again, if we connect that switch to another switch then my message would go to every port on every switch. This results in a flood of multicast messages potentially disrupting the network.

So a managed switch will learn what devices belong to specific multicast groups and direct that traffic only to that port. This gives use the speed benefit of multicast without disrupting the network.

OG

Communications between devices can be fairly complex. In order to ease the complexity when dealing with networking, the process is often broken up into sections, known as "layers." When I first started learning about layers, I seemed to think of them as Layers On A Cake. This confused the bejesus out of me. Later on, after more reading, I came to understand them as more like Layers On An Onion. You start to peal into one of them, but you kind of dig into the others.

To gain a better understanding of "how multicast works" you should really become familiar with the layers. The basic knowledge for these layers comes from understanding what is called the "OSI model." This OSI model breaks the communication down into sections so you can concentrate at what happens at each level (layer).

For an extremely rough idea of the layers:

Physical - the wires that you are using.
Data Link - your MAC Address
Network - your network address
Transport -
Session -
Presentation -
Application -

For the last four layers, don't worry about them as yet.
Hence, there are seven Layers in the OSI model.

As far as your question is concerned, you don't really have to know about the Physical Layer.

In order for a computer to send information to another computer, it needs both the MAC ADDRESS and the Network Address. When you click on a link to something, it usually just points to the Network Address. The sending computer does not have the MAC ADDRESS of the Receiving computer, but it needs that info to establish communications. To get that missing Mac Address, it sends out what is called a "Broadcast Address," meaning it sends out a packet with the correct Network Address but a bit of a fake Mac Address of "Send this to Everyone, have the person with this network address send back their MAC Address so I can put all the routing info into my next message, so we can establish communications.

Let's say that the sending computer is connected to port 1 of the switch. When a typical networking switch receives this packet of info, it doesn't even look at the Network Address, it only operates Layer 2 of the OSI model, so it just looks at the MAC ADDRESS of the incoming port and logs it (note to self, the computer with this mac address can be found at this port). PORT 1 in this case. It also doesn't know what the destination mac address is (because the sending computer sent out a broadcast. requesting that info) and sends it out ALL of its' ports. This is an inherent feature of why Ethernet works so well, you can almost always find the destination computer. The problem with this is that every computer that is connected to any port on the switch has to stop and look at the packet to determine whether
the Network Address is addressed to them. If a receiving computer doesn't have the same network address, they just drop it..which doesn't seem like a big deal, but when these messages are coming into a compter a hundred times a second, it will start to bog. The computer with the correct network address sends back a packet saying "hey, you sent a request for my mac address... here it is." Let's say the destination computer is connected to port 4 of the switch and sends back a reply.

At this point, the switch can see an incoming packet from the replying computer's Mac Address, and it logs that into it's MAC ADDRESS TABLE. Alas, the switch now knows the path between computers, and the computers now have all the info to communicate without any more "broadcasts." THe switch now knows how to forward communication
between these two computers; i.e. port 1 and port 4, don't send anything out the other ports.

Multicast Data is used to send information to Multiple Computers That Want The Same Information. The determination of which computers want to receive this information is based on the network address. This operates at Layer 3 of the OSI model. Layer 2 switches don't know how to "operate at a layer 3 address layer" to the network address level. Therefore, they forward all information out all ports. This is what causes the congestion. IGMP snooping allows the layer 2 switches to operate at the layer 3 level, usually by allowing a Layer 3 device to determine which ports to open up a multicast stream. .

SOrry, this is extremely incomplete and I'm sure it is full of errors, I just wanted to give you a general concept of what multicast involves. Study the OSI when your not trying to fix drive frequencies, set up block transfers, and keep your plant running in general.

OG , bulletin blues

That makes a lot more sense now. Og why exactly is it that a standard switch can not determine who belogs to the multicast groups?

Do the vast majority of corporate IT level switches no have IGMP snooping?

Well IGMP snooping does require more processing power at the switch as well as more on-board memory. a run of the mill switch just can't handle that type of load.

Switches in the corporate environment often rely on passive IGMP snooping where the router above handles the IGMP queries. Some don't use IGMP at the switch level at all. Instead letting the router perform this function.

OG

OG

If corporate gear such as routers have IGMP snooping then why is it when you just conect an ethernet ip network to a corporate network it will crash the corporate network real fast?

I know of this happening a couple times at a couple different sites within our company.

I know connecting an automation network to a corporate LAN is bad practice in the first place.

Thanks BB, That was great post...Ilearned a lot from it...now get that plant running again...:site:

David
:site:

The router all by itself cannot protect everyone downstream from a multicast flood. By pushing these smarter switches further downstream you are preventing those downstream devices from causing and being affected by a flood. Plus you are preventing all that traffic from hitting the router.

If you flood a network, the router has to process all that traffic. Routers have cpus and if you bog them down servicing unnecessary multicast or broadcast traffic then it can affect everything connected to that router.

OG

The Plc Kid said:

OG , bulletin blues

That makes a lot more sense now. Og why exactly is it that a standard switch can not determine who belogs to the multicast groups?

Click to expand...

Multicast packets do NOT include destination MAC addresses (the actual, physical address). Standard Level 2 Switches rely on building routing tables up by MAC addresses.

The Plc Kid said:

OG

If corporate gear such as routers have IGMP snooping then why is it when you just conect an ethernet ip network to a corporate network it will crash the corporate network real fast?

I know of this happening a couple times at a couple different sites within our company.

I know connecting an automation network to a corporate LAN is bad practice in the first place.

Click to expand...

If that is happening, you have other problems. One possibility, is having a sneak connection already present, then you connect up another creating a ring, resulting in 100% duplicate IP's and packet collisions. The only way to have a ring on standard Ethernet, is to use switches that incorporate (AND HAVE ACTIVE) STP, or Spanning Tree Protocol.

Even connecting a patch cord from a switch back to itself (generic Level 2 switch) will bring down a network in a heartbeat.

Still, even just using all level 2 switches, you should see no network degradation unless you are pumping seriously HUGE amounts of data around and have a poor topology. Just looking, here, with more then 100 PLC's, HMI's, Database connections, and assorted automation devices, I'm not seeing any switch with more then 4 or 5% utilization.

rdrast

I have heard of the patch cable connecting to a switch on both ends of the cable i think it is called a packet storm if i am correct.

Thanks everyone for the explanations i have a much better understanding of this now.

Thanks