Internet Group Management Protocol

Last updated December 14, 2024

The Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IPv4 networks to establish multicast group memberships. IGMP is an integral part of IP multicast and allows the network to direct multicast transmissions only to hosts that have requested them.

Architecture

A network designed to deliver a multicast service using IGMP might use this basic architecture:

IGMP operates between a host and a local multicast router. Switches featuring IGMP snooping also derive useful information by observing these IGMP transactions. Protocol Independent Multicast (PIM) is then used between the local and remote multicast routers to direct multicast traffic from hosts sending multicasts to hosts that have registered through IGMP to receive them.

IGMP operates on the network layer (layer 3), just the same as other network management protocols like ICMP.^[1]

The IGMP protocol is implemented on hosts and within routers. A host requests membership to a group through its local router while a router listens for these requests and periodically sends out subscription queries. A single router per subnet is elected to perform this querying function. Some multilayer switches include an IGMP querier capability to allow their IGMP snooping features to work in the absence of an IGMP-capable router in the layer 2 network.

IGMP is vulnerable to some attacks,^[2]^[3]^[4]^[5] and firewalls commonly allow the user to disable it if not needed.

Versions

There are three versions of IGMP.^[6] IGMPv1 was defined in 1989.^[7] IGMPv2, defined in 1997,^[8] improves IGMPv1 by adding the ability for a host to signal a desire to leave a multicast group.

In 2002, IGMPv3 improved IGMPv2 by supporting source-specific multicast ^[9] and introduces membership report aggregation.^[10] The support for source-specific multicast was improved in 2006.^[11]

The three versions of IGMP are backward compatible. A router supporting IGMPv3 can support clients running IGMPv1, IGMPv2, and IGMPv3. IGMPv1 uses a query-response model. Queries are sent to 224.0.0.1. Membership reports are sent to the group's multicast address. IGMPv2 accelerates the process of leaving a group and adjusts other timeouts. Leave-group messages are sent to 224.0.0.2. A group-specific query is introduced. Group-specific queries are sent to the group's multicast address. A means for routers to select an IGMP querier for the network is introduced. IGMPv3 introduces source-specific multicast capability. Membership reports are sent to 224.0.0.22.

Messages

There are several types of IGMP messages:

General membership queries: Sent by multicast routers to determine which multicast addresses are of interest to systems attached to the network(s) they serve to refresh the group membership state for all systems on its network.
Group-specific membership queries: Used for determining the reception state for a particular multicast address.
Group-and-source-specific queries: Allow the router to determine if any systems desire reception of messages sent to a multicast group from a source address specified in a list of unicast addresses.
Membership reports: Sent by multicast receivers in response to a membership query or asynchronously when first registering for a multicast group.
Leave group messages: Sent by multicast receivers when specified multicast transmissions are no longer needed at the receiver.

IGMP messages are carried in bare IP packets with IP protocol number 2.^[10]^: §4 Similar to the Internet Control Message Protocol, there is no transport layer used with IGMP messaging.

IGMPv2 messages

IGMPv2 packet structure^[8]^: §2
Offset	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	Type								Maximum Response Time								Checksum
4	32	Group Address

Type: 8 bits:Indicates the message type as follows:

Message	Type value
Membership Query	0x11
IGMPv1 Membership Report	0x12
IGMPv2 Membership Report	0x16
IGMPv3 Membership Report	0x22
Leave Group	0x17

Maximum Response Time: 8 bits:Specifies the required responsiveness of replies to a Membership Query (0x11). This field is meaningful only in Membership Query; in other messages, it is set to 0 and ignored by the receiver. The field specifies time in units of 0.1 second (a field value of 10 specifies 1 second). Larger values reduce IGMP traffic burstiness and smaller values improve protocol responsiveness when the last host leaves a group.^[8]^: §2.2

Checksum : 16 bits:This is the 16-bit ones' complement of the ones' complement sum of the entire IGMP message. Computed before sending, with this field set to zero. When re-computed on reception of the packet, this field is included, and the result should be zero.

Group Address: 32 bits:This is the multicast address being queried when sending a Group-Specific or Group-and-Source-Specific Query. The field is zeroed when sending a General Query.

The message is sent to the following IP multicast addresses:^[8]^: §9

Message type	Multicast address
General Query	All hosts (224.0.0.1)
Group-Specific Query	The group being queried
Membership Report (all IGMP versions)	The group being reported
Leave Group	All routers (224.0.0.2)

IGMPv3 membership query

IGMPv3 membership query^[10]^: §4.1
Offset	Octet	0								1								2								3
Octet	Bit	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31
0	0	Type (0x11)								Maximum Response Code								Checksum
4	32	Group Address
8	64	Reserved				S	QRV			QQIC								Number of Sources (N)
12	96	Source Address[1]
16	128	Source Address[2]
⋮	⋮	⋮
8+4n	64+32n	Source Address[n]

Type: 8 bits:Indicates the type of the packet. A value of 0x11 indicates IGMPv3 Membership Query.
Maximum Response Code: 8 bits:This field is used to compute the Maximum Response Time (in 1/10 second increments) allowed before sending a responding report. If the number is below 128, the value is used directly. If the value is 128 or more, it is interpreted as an exponent and mantissa.
Checksum : 16 bits:This is the 16-bit ones' complement of the ones' complement sum of the entire IGMP message. Computed before sending, with this field set to zero. When re-computed on reception of the packet, this field is included, and the result should be zero.
Group Address: 32 bits:This is the multicast address being queried when sending a Group-Specific or Group-and-Source-Specific Query. The field is zeroed when sending a General Query.
Reserved: 4 bits:This field is reserved. It should be zeroed when sent and ignored when received.
Suppress Router-side Processing (S): 1 bit:When this flag is set, it indicates to receiving routers that they are to suppress the normal timer updates.
Querier's Robustness Variable (QRV): 3 bits:If this is non-zero, it contains the Robustness Variable value used by the sender of the query. Routers should update their Robustness Variable to match the most recently received query unless the value is zero.
Querier's Query Interval Code (QQIC): 8 bits:This code is used to specify the Query Interval value (in seconds) used by the querier. If the number is below 128, the value is used directly. If the value is 128 or more, it is interpreted as an exponent and mantissa.
Number of Sources (N): 16 bits:This field specifies the number of source addresses present in the query. For General and Group-Specific Queries, this value is zero. For Group-and-Source-Specific Queries, this value is non-zero, but limited by the network's MTU.
Source Address [i]: 32 bits:The Source Address [i] fields are a vector of n IP unicast addresses, where n is the value in the Number of Sources (N) field.

Implementations

FreeBSD,^{[note 1]} Linux ^{[note 2]} and Windows all support IGMP on the host side.

Notes

↑ IGMPv3 was added to FreeBSD in version 8.0.
↑ IGMPv3 was added in the Linux 2.5 kernel series.

Related Research Articles

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

An Internet Protocol address is a numerical label such as 192.0.2.1 that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface identification, and location addressing.

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address. For example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.

Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. Multicast addressing can be used in the link layer, such as Ethernet multicast, and at the internet layer for Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) multicast.

Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS).

The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination. The largest number of hops allowed for RIP is 15, which limits the size of networks that RIP can support.

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by RFC 826, which is Internet Standard STD 37.

In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers.

A broadcast address is a network address used to transmit to all devices connected to a multiple-access communications network. A message sent to a broadcast address may be received by all network-attached hosts.

The Resource Reservation Protocol (RSVP) is a transport layer protocol designed to reserve resources across a network using the integrated services model. RSVP operates over an IPv4 or IPv6 and provides receiver-initiated setup of resource reservations for multicast or unicast data flows. It does not transport application data but is similar to a control protocol, like Internet Control Message Protocol (ICMP) or Internet Group Management Protocol (IGMP). RSVP is described in RFC 2205.

Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN, WAN or the Internet. It is termed protocol-independent because PIM does not include its own topology discovery mechanism, but instead uses routing information supplied by other routing protocols. PIM is not dependent on a specific unicast routing protocol; it can make use of any unicast routing protocol in use on the network. PIM does not build its own routing tables. PIM uses the unicast routing table for reverse-path forwarding.

The Neighbor Discovery Protocol (NDP), or simply Neighbor Discovery (ND), is a protocol of the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the internet layer of the Internet model, and is responsible for gathering various information required for network communication, including the configuration of local connections and the domain name servers and gateways.

Multicast DNS (mDNS) is a computer networking protocol that resolves hostnames to IP addresses within small networks that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as unicast Domain Name System (DNS). It was designed to work as either a stand-alone protocol or compatible with standard DNS servers. It uses IP multicast User Datagram Protocol (UDP) packets and is implemented by the Apple Bonjour and open-source Avahi software packages, included in most Linux distributions. Although the Windows 10 implementation was limited to discovering networked printers, subsequent releases resolved hostnames as well. mDNS can work in conjunction with DNS Service Discovery (DNS-SD), a companion zero-configuration networking technique specified separately in RFC 6763.

IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is the IP-specific form of multicast and is used for streaming media and other network applications. It uses specially reserved multicast address blocks in IPv4 and IPv6.

Internet Control Message Protocol version 6 (ICMPv6) is the implementation of the Internet Control Message Protocol (ICMP) for Internet Protocol version 6 (IPv6). ICMPv6 is an integral part of IPv6 and performs error reporting and diagnostic functions.

The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destination host specified by an IP address. The internet layer derives its name from its function facilitating internetworking, which is the concept of connecting multiple networks with each other through gateways.

IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic to control delivery of IP multicasts. Network switches with IGMP snooping listen in on the IGMP conversation between hosts and routers and maintain a map of which links need which IP multicast transmission. Multicasts may be filtered from the links which do not need them, conserving bandwidth on those links.

An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). Packets consist of control information for addressing and routing and a payload of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer or link layer instead.

References

↑ Forouzan, Behrouz A. (2012). Data Communications and Networking (5th ed.). New York, NY: McGraw-Hill. p. 658. ISBN 978-0073376226.
↑ Spoofed IGMP report denial of service vulnerability.
↑ "Fragmented IGMP Packet May Promote "Denial of Service" Attack". Dec 20, 2004. Archived from the original on 2005-02-13.
↑ IGMP Security Problem Statement and Requirements Archived 2006-10-13 at the Wayback Machine .
↑ "Vulnerability in TCP/IP Could Allow Denial of Service (MS06-007, 913446))". February 14, 2006. Archived from the original on 2007-02-05.
↑ IP Multicast Routing Configuration Guide, Cisco, pp. 25–28, retrieved 2017-05-27
↑ S. Deering (August 1989). Host Extensions for IP Multicasting. Network Working Group. doi: 10.17487/RFC1112 . STD 5. RFC 1112.Internet Standard 5. Obsoletes RFC 988 and 1054. Updated by RFC 2236.
1 2 3 4 W. Fenner (November 1997). Internet Group Management Protocol, Version 2. Network Working Group. doi: 10.17487/RFC2236 . RFC 2236.Proposed Standard. Updates RFC 1112. Updated by RFC 3376.
↑ "Internet Group Management Protocol Overview". Javvin. Archived from the original on 2010-11-10. Retrieved 2010-11-18.
1 2 3 B. Cain; S. Deering; I. Kouvelas; B. Fenner; A. Thyagarajan (October 2002). Internet Group Management Protocol, Version 3. Network Working Group. doi: 10.17487/RFC3376 . RFC 3376.Proposed Standard. Updates RFC 2236. Updated by RFC 4604.
↑ H. Holbrook; B. Cain; B. Haberman (August 2006). Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast. Network Working Group. doi: 10.17487/RFC4604 . RFC 4604.Proposed Standard. Updates RFC 3376 and 3810.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[12] IGMPv3 was added to FreeBSD in version 8.0.

[13] IGMPv3 was added in the Linux 2.5 kernel series.

[Forouzan_2012-1] Forouzan, Behrouz A. (2012). Data Communications and Networking (5th ed.). New York, NY: McGraw-Hill. p. 658. ISBN 978-0073376226.

[2] Spoofed IGMP report denial of service vulnerability.

[3] "Fragmented IGMP Packet May Promote "Denial of Service" Attack". Dec 20, 2004. Archived from the original on 2005-02-13.

[4] IGMP Security Problem Statement and Requirements Archived 2006-10-13 at the Wayback Machine .

[5] "Vulnerability in TCP/IP Could Allow Denial of Service (MS06-007, 913446))". February 14, 2006. Archived from the original on 2007-02-05.

[Cisco_Multicast-6] IP Multicast Routing Configuration Guide, Cisco, pp. 25–28, retrieved 2017-05-27

[rfc1112-7] S. Deering (August 1989). Host Extensions for IP Multicasting. Network Working Group. doi: 10.17487/RFC1112 . STD 5. RFC 1112.Internet Standard 5. Obsoletes RFC 988 and 1054. Updated by RFC 2236.

[rfc2236-8] 1 2 3 4 W. Fenner (November 1997). Internet Group Management Protocol, Version 2. Network Working Group. doi: 10.17487/RFC2236 . RFC 2236.Proposed Standard. Updates RFC 1112. Updated by RFC 3376.

[9] "Internet Group Management Protocol Overview". Javvin. Archived from the original on 2010-11-10. Retrieved 2010-11-18.

[rfc3376-10] 1 2 3 B. Cain; S. Deering; I. Kouvelas; B. Fenner; A. Thyagarajan (October 2002). Internet Group Management Protocol, Version 3. Network Working Group. doi: 10.17487/RFC3376 . RFC 3376.Proposed Standard. Updates RFC 2236. Updated by RFC 4604.

[rfc4604-11] H. Holbrook; B. Cain; B. Haberman (August 2006). Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast. Network Working Group. doi: 10.17487/RFC4604 . RFC 4604.Proposed Standard. Updates RFC 3376 and 3810.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[note 1]

[note 2]