Similar to IGMP snooping, MLD snooping is a Layer 2 function of the switch; it does not require multicast routing to be enabled. In MLD snooping, the Layer 2 switch keeps track of MLD reports and only forwards multicast traffic to the part of the local network that requires it. MLD snooping optimizes the use of network bandwidth and prevents multicast traffic from being flooded to parts of the local network that do not need it.
MLD snooping is disabled by default on all VLANs in the switch.
When MLD snooping is disabled on a VLAN, all MLD and IPv6 multicast traffic floods within the VLAN.
MLD snooping expects at least one device on every VLAN to periodically generate MLD query messages.
Multicast packets with a scope id less than 2 are not forwarded by the MLD snooping enabled switch. Kill entry is installed in the hardware for this traffic.
Multicast packets with a scope id of 2 and group address in the range of FF02::/111 (Addresses allocated by IANA as per RFC 3307) are always flooded to all ports of the VLAN by hardware and a copy of the packet is provided to slow path. There are no cache entries in software or hardware for these addresses.
Multicast packets with a scope id of 2 and group address as solicited multicast address (FF02::1:FFXX:XXXX/104) are flooded to all ports of VLAN for 135 seconds (Default MLD query interval + Maximum response time), if there are no members for this group.
Otherwise, the traffic is forwarded based on the snooping database. Multicast cache entries for these addresses are maintained only in the software and traffic is always slow path forwarded.
Multicast addresses with a scope id of 2 and that do not qualify in the above categories will be forwarded based on the snooping database.
Cache entries for these multicast addresses will be installed in hardware. Unregistered packets are dropped.
For multicast packets with a scope id greater than 2 on PIMv6 enabled VLANs, cache entries are controlled by the PIMv6 protocol.
PIMv6 provides a list of egress VLANs for which packets need to be forwarded. The snooping database is used to construct the set of ports for ingress VLANs as well as for each egress VLAN.
On PIMv6 disabled VLANs, traffic is forwarded based on the snooping database on the ingress VLAN.
In both cases, cache entry is installed in the hardware, and traffic is fast path forwarded.
Only the MLD leave for last host is forwarded upstream.
When a switch receives an MLD leave message on a port, it sends a group-specific query on that port if proxy is enabled (even if it is a non-querier). The switch removes the port from the group after the leave timeout (a configuable value from 0 - 175000ms with a default of 1000ms). If all the ports are removed from the group, the group is deleted and the MLD leave is forwarded upstream. If MLD snooping proxy is disabled, then all the MLD reports are forwarded upstream.
NoteMLD snooping proxy does not apply to MLDv2 reports.
MLD snooping is implemented primarily through ACLs, which are processed on the interfaces. These special purpose ACLs are called MLD snooping hardware filters. The software allows you to choose between two types of MLD snooping hardware filters: per-port filters (the default) and per-VLAN filters.
The two types of MLD snooping hardware filters use switch hardware resources in different ways.
NoteThe impact of the per-VLAN filters on the ACL table increases with the number of VLANs configured on the switch. If you have a large number of configured VLANs, we suggest that you use the per-port filters.