The following works with Neutron VLAN provider networks, and requires configuration on the physical switches. Multicast works on br-int because the ML2 OVS driver/agent uses OVS in standalone mode (no external controller). The packets on br-int hit the NORMAL flow action, and so get treated by the ovs-vswitchd code that does IGMP snooping (when enabled). All IGMP packets are sent to the slow path (userspace ovs-vswitchd).
The following will not work on Neutron tunnel backed networks (VxLAN, GRE), as the neutron-openvswitch-agent hardcodes flows on br-tun that treats multicast the same as broadcasts and the NORMAL action is not used.
+----------------------------+ +----------------------------+
| +----+ +----+ | | +----+ +----+ |
| | VM | | VM | | | | VM | | VM | |
| +-+--+ +--+-+ | | +-+--+ +--+-+ |
| | | | | | | |
| +-----+----------+-----+ | | +-----+----------+-----+ |
| | | | | | | |
| | br-int | | | | br-int | |
| | (IGMP snooping) | | | | (IGMP snooping) | |
| | | | | | | |
| +-----------+----------+ | | +-----------+----------+ |
| | | | | |
| +-----------+----------+ | | +-----------+----------+ |
| | | | | | | |
| | br-ethX | | | | br-ethX | |
| | | | | | | |
| +-------+--------+-----+ | | +-------+--------+-----+ |
| | ethX | | | | ethX | |
+----------+----+---+--------+ +----------+----+---+--------+
| |
| |
+---------------+-----------------------------------+------------+
| physical switch/router |
| (IGMP snooping) |
+----------------------------------------------------------------+
See the ovs-vsctl man page for all the multicast snooping options.
# ovs-vsctl set Bridge br-int mcast_snooping_enable=true
# ovs-vsctl set Bridge br-int other_config:mcast-snooping-disable-flood-unregistered=true
You also need to open the Neutron security groups to allow IGMP (protocol 2). This will allow the VMs to receive the IGMP queries from the router.
Here the switch is a HPE5930, and IGMPv3 querier is enabled on VLAN 32. The special and general query source addresses need to be something other than 0.0.0.0, or OVS won't work.
<hp5930>display igmp-snooping
IGMP snooping information: Global
IGMP snooping: Enabled
Host-aging-time: 260s
Router-aging-time: 260s
Max-response-time: 10s
Last-member-query-interval: 1s
Report-aggregation: Enabled
Dot1p-priority: --
IGMP snooping information: VLAN 32
IGMP snooping: Enabled
Drop-unknown: Enabled
Version: 3
Host-aging-time: 260s
Router-aging-time: 260s
Max-response-time: 10s
Last-member-query-interval: 1s
Querier: Enabled
Query-interval: 125s
General-query source IP: 172.16.32.1
Special-query source IP: 172.16.32.1
Report source IP: 0.0.0.0
Leave source IP: 0.0.0.0
Dot1p-priority: --
Start a multicast source on the VLAN. Iperf will send a constant stream of UDP at 1Mbps to 226.94.1.1:
$ iperf -c 226.94.1.1 –u –t 3600
On a VM start a multicast listener - you can do this on more than one VM. This will cause IGMP join packets to be sent. The OVS br-int and the physical switches are snooping and will detect them and update their multicast forwarding tables. Iperf should start receiving the stream. Remember to open Neutron security groups for iperf - UDP port 5001.
$ iperf -s -u -B 226.94.1.1
On compute node:
# ovs-appctl mdb/show br-int
port VLAN GROUP Age
7 1 226.94.1.1 36
8 1 querier 41
Here port 7 is the VM running the iperf -s. Port 8 is the patch cable that links br-int to br-ethX. OVS has detected queries from the physical switch on port 8, so it treats it a bit differently. The router/switch send IGMP queries every 125 seconds, and the VMs respond with IGMP reports. The OVS and the physical switch snoop these and refresh their tables.