HPE Aruba Networking access points (APs) and gateways offer a suite of features that can be enabled to filter and/or optimize
the forwarding and propagation of broadcast multicast traffic to wireless stations.
For APs, options configured within each WLAN profile influences which broadcast multicast frames received by APs on either a LAN uplink or overlay tunnel are forwarded to wireless stations. The options also influence the transmit data rate that 802.11 broadcast multicast frames are transmitted by each radio in addition to converting specific broadcast multicast frames to unicast prior to transmission. All filtering and optimization options configured in a WLAN profiles apply to all forwarding modes.
For gateways, options enabled on each user VLAN influences which broadcast multicast frames received by gateways on either a LAN port or overlay tunnel are propagated and forwarded to APs and gateways. The options influence which broadcast multicast frames are replicated and forwarded for each overlay tunnel and if specific broadcast multicast frames are converted to unicast prior to forwarding. All filtering and optimization options configured on a user VLAN applies to tunnel forwarding mode.
1 - Transmit data rates
Deep dive into default transmit rates, recommendations and configuration guidelines.
Broadcast multicast traffic destined to wireless stations is forwarded differently than unicast data frames. When no optimization is performed, all broadcast and multicast frames are forwarded out each BSSID at the transmitting radios lowest configured transmit data rate consuming valuable airtime.
The following default minimum transmit data rates are configured for each radio:
2.4 GHz – 1 Mbps
5 GHz – 6 Mbps
6 GHz – 6 Mbps
The data rate used to transmit broadcast multicast frames will impact channel utilization. When lower transmit rates are used, more time is required to transmit each broadcast multicast frame reducing the opportunity for the AP radio or stations to transmit data frames. The more broadcast multicast frames that are transmitted results in higher channel utilization and less time for data transmission at higher rates. An example of the impact to channel utilization on a 5 GHz radio for broadcast multicast frames transmitted at different frequencies and transmit rates is depicted below:
Recommendation
For modern Wi-Fi networks, HPE Aruba Networking recommends configuring the minimum transmit data rates of each radio to 12 Mbps or 24 Mbps depending on the AP density and RF environment. Higher transmit data rates are also achievable if the environment and stations allow. The minimum transmit data rate you select for each radio will need to be configured to suit your specific environment and lower rates may be required to accommodate your specific environment or client device needs.
Configuration
The minimum transmit data rates for 2.4 GHz and 5 GHz radios are configured within each WLAN profile. In classic Central,the transmit data rates are configured for each WLAN profile by following the the steps in the Advanced Settings section.
New Central includes intelligent defaults for each WLAN profile based on the Network Configuration selection. The selected Network Configuration option determines the minimum transmit data rates that are applied to 2.4 GHz and 5 GHz radios servicing the WLAN profile:
Most Compatible – 1 Mbps for 2.4 GHz and 6 Mbps for 5 GHz
Balanced – 12 Mbps for 2.4 GHz and 5 GHz
High Density – 24 Mbps for 2.4 GHz and 5 GHz
Custom – User defined
Custom transmit data rates for 2.4 GHz and 5 GHz radios are configured under Data Rates
The minimum transmit data rates for 6 GHz radios are configured within the radio profile in classic Central and the RF profile in New Central. The configuration is separated from the WLAN profile to accommodate the multiple BSSID (MBSSID) implementation for Wi-Fi 6E and Wi-Fi 7 standards.
In classic Central, the transmit data rates for 6 GHz radios are configured under Radio Profile for 6 GHz radios in the default or custom radio profile:
In New Central, the transmit data rates for 6 GHz radios are configured under the default or custom RF Profile.
Before and after
The following packet capture depicts broadcast multicast frames being forwarded out a 5 GHz radio at the default 6 Mbps data transmit rate:
The following packet capture depicts broadcast multicast frames being forwarded out a 5 GHz radio at the recommended 24 Mbps data transmit rate:
2 - Broadcast filtering
Overview of broadcast filtering: recommendations, configuration, and results before-and-after.
Each WLAN profile supports the option to filter unnecessary broadcast multicast frames prior to forwarding in addition to converting specific ARP requests destined to wireless stations to unicast. Broadcast filtering applies to all broadcast multicast frames transmitted by AP radios for all forwarding modes. When enabled in a WLAN profile, the AP will filter specific broadcast and multicast frames prior to transmission except the broadcast multicast frames that are permitted by the filtering option.
When no broadcast filtering is applied to a WLAN profile, all broadcast multicast frames propagated over a user VLAN with active wireless stations will be forwarded over the air at the lowest configured transmit data rate. This includes layer 2 and layer broadcast and multicast frames which include spanning-tree bridge protocol data units (BPDUs), virtual router redundancy protocol (VRRP) advertisements, multicast DNS (MDNS) and more. All transmitted broadcast and multicast frames are received by all wireless stations associated with the BSSID regardless of actual assigned VLAN.
Recommendation
WLAN profiles support four broadcast filtering options. HPE Aruba Networking recommends configuring most restrictive filtering option ARP for each WLAN. When the ARP option is selected, the AP filters all broadcast and multicast frames except DHCP, ARP, IGMP and IPv6 neighbor discovery unless DMO is enabled. When DMO is enabled, MDNS and SSDP multicast frames will be forwarded. Additionally, ARP requests destined for wireless stations originating from the LAN or an overlay tunnel are converted to unicast and forwarded to the recipient wireless station as its unicast data rate.
Configuration
Broadcast filtering is enabled within each WLAN profile. In classic Central, broadcast filtering is configured for each WLAN under Broadcast filtering
New Central includes intelligent defaults for each WLAN profile based on the Network Configuration selection. The selected Network Configuration option determines the broadcast filtering option that is applied to each WLAN profile:
The following packet capture depicts the broadcast multicast traffic received by a wireless station when no broadcast filtering is applied to the WLAN profile. Note the variety of broadcast multicast frames that are forwarded and received by the wireless stations:
The following packet capture depicts the broadcast and multicast frames received by a wireless station when the recommended broadcast filtering ARP is applied to the WLAN profile. Note that only necessary broadcast multicast frames are forwarded and received by the wireless stations:
3 - ARP unicast conversion
Overview of ARP Conversion option.
When broadcast filtering in a WLAN profile is configured for ARP (recommended) or Unicast ARP only, the APs provide additional optimization by converting ARP requests destined to wireless stations that originate from the LAN or overlay tunnel to unicast.
When an ARP request is converted to unicast, the destination broadcast address is replaced with the recipients host MAC address and is transmitted at the recipients unicast data rate versus the minimum configured transmit data rate configured in the WLAN profile. This provides several benefits:
The ARP requests are only transmitted to specific recipients versus all the stations associated with the BSSID.
The ARP requests are transmitted at higher transmit data rates vs. the lowest configured transmit data rate conserving airtime.
Additionally, converting ARP requests to unicast ensures the recipient station receives the request as unicast frames are acknowledged by the recipient. If the ARP request is lost in transmission, the AP can retry and retransmit the ARP request frame.
Before and after
The following packet capture depicts a broadcast ARP request for a wireless station that is forwarded at the minimum transmit data rate. The receiver’s destination address in the 802 11 header is a broadcast address (ff:ff:ff:ff:ff:ff) and the ARP request is received by all wireless stations associated with the BSSID irrespective of their assigned VLAN:
The following packet capture depicts an ARP request for a wireless station that has been converted to unicast and is forwarded to the recipient station at its unicast data rate. The reciever address in the 802.11 frame header is replaced with the recipients host MAC address and the ARP request is only received by the recipient:
4 - Router advertisement unicast conversion
Recommendations, configuration, and before-and-after details for Router Unicast Conversion.
For IP version 6 (IPv6) deployments, IPv6 hosts rely on router advertisements (RAs) for host addressing, other information and router discovery. RAs are transmitted by IPv6 routers on their assigned link (i.e. VLAN) and are either solicited by IPv6 hosts or periodically advertised at a configured interval.
RAs are a type of control message (type 134) within the internet control message protocol version 6 (ICMPv6) framework. When configured, RAs are transmitted by IPv6 routers on each VLAN with the destination multicast address ff02::1. By default these frames are transmitted to wireless stations at the WLANs lowest configured transmit rate.
RAs are an important element for IPv6 host addressing and router discovery. Their transmission as broadcast multicast frames by APs is problematic when VLAN pooling or dynamic VLAN assignment is enabled in a WLAN as RAs originating from different VLANs will be received by all IPv6 hosts associated with the BSSID. Without additional RA optimization:
IPv6 hosts can derive global addressing from an incorrect VLAN.
IPv6 hosts may discover and install IPv6 routers from an incorrect VLAN.
Both situations resulting in poor user or application experience.
Recommendation
No action is required if a WLAN does not support IPv6 wireless hosts or a single VLAN architecture is deployed. RA optimization is only required if a WLAN supports IPv6 hosts if VLAN pooling or dynamic VLAN assignments is implemented. In these deployments HPE Aruba Networking recommends enabling the IPv6 RA and ND optimization feature in the WLAN profile.
When the IPv6 RA and ND optimization feature is enabled in a WLAN profile, APs will convert RAs received on a given VLAN with active wireless stations to unicast. The APs replaces the receiver address in the frame header with each wireless stations host MAC address and will transmit the RA at each station’s unicast transmit rate. The AP will replicate and forward each received RA on a VLAN to each active station assigned to that VLAN. For example, if a BSSID has ten stations assigned to VLAN 20, the AP will forward a separate unicast copy of an RA received on VLAN 20 to all ten stations.
Configuration
RA unicast conversion is enabled within each WLAN profile. In classic Central, IPv6 RA and ND optimization is configured for each WLAN under Broadcast/Multicast
New Central includes intelligent defaults for each WLAN profile based on the Network Configuration selection. The selected Network Configuration option determines if IPv6 RA and ND optimization is applied to each WLAN profile:
The following packet capture depicts RAs that are forwarded as multicast frames at the minimum configured transmit data rate. The receiver’s destination address is a multicast address(33:33:00:00:00:01) and the RAs are received by all wireless stations associated with the BSSID irrespective of their VLAN assignment. One copy of the received RA is forwarded out the BSSID:
The following packet capture depicts RAs that have been optimised and converted to unicast. The reciever’s destination address in the 802.11 wireless header is replaced with each wireless stations host MAC address participating in the VLAN the RA was received on. The RA is then transmited at each wireless stations unicast transmit data rate. One copy of the received RA is forwarded to each wireless station participating in the VLAN the RA was recieved:
5 - Multicast transmission optimization
Deep dive into multicast transmission optimization.
Multicast transmission optimization (MTO) is a HPE Aruba Networking innovation that when used can forward specific multicast frames at higher transmit data rate than other 802.11 broadcast multicast frames. When MTO is enabled in a WLAN profile, IP multicast frames that are marked with a differentiated services code point (DSCP) value that maps to the WMM video access category (VI_AC) are forwarded at the higher transmit data rate.
By default, the following DSCP values map to the VI_AC:
CS4 (32)
AF41 (34)
AF42 (36)
AF43 (38)
CS5 (40)
EF (46)
By default, MTO forwards marked multicast frames at 24 Mbps with a configurable maximum transmit data rate of MCS15. When MTO is enabled, only IP multicast frames assigned to the VI_AC WMM transmit queue are transmitted at the higher data rate. All other 802.11 broadcast multicast frames are transmitted by each radio at their minimum configured transmit data rate.
Recommendation
MTO is a unique feature designed to support IP multicast video distribution for specific use cases. This feature should only be enabled when advised by your HPE Aruba Networking account team.
Configuration
MTO is enabled within each WLAN profile and by default will transmit multicast frames placed into the VI_AC WMM transmit queue at a 24 Mbps transmit data rate. The transmit data rate for MTO is configurable between 6Mbps and MCS15 but is only customizable using an API. In classic Central, MTO is enabled for each WLAN under Broadcast/Multicast
and on New Central, MTO is enabled for each WLAN profile under Broadcast/Multicast
Before and after
The following packet capture depicts an IP multicast video stream transmitted to wireless stations when MTO is disabled. The IP multicast video stream is transmitted at lowest configured transmit data rate, in this example 24 Mbps:
The following packet capture depicts an IP multicast video stream transmitted to wireless stations when MTO is enabled. The IP multicast video stream is marked with a DSCP value assured forwarding 41 that maps to the WMM VI_AC transmit queue. The IP multicast video frames are transmitted by the radio at the configured MTO rate, in this example 54 Mbps:
6 - Dynamic multicast optimization
Deep dive into dynamic multicast optimization.
Dynamic multicast optimization (DMO) is a HPE Aruba Networking innovation that optimizes the forwarding of IP multicast groups using administratively scoped IP multicast addresses. When DMO is enabled and active on a WLAN and radio, explicitly joined IP multicast groups are converted to unicast and transmitted to each IP multicast receiver at their unicast transmit data rates:
Permits IP multicast groups to be received by specific wireless stations that explicitly join the IP multicast groups versus all the wireless stations associated with the BSSID.
Provides a reliable transmission of IP multicast frames by permitting the AP to retransmit missing unicast frames.
DMO relies on IGMP and MLD snooping on the APs to track IP multicast group membership for each wireless station. When an IP multicast group is joined by a wireless station, the AP will replace the multicast receiver address in the 802.11 wireless header for each multicast frame with the receiving hosts MAC address. The multicast group is transmitted by the transmitting radio at each receiver’s unicast data rate. One copy of each IP multicast frame is transmitted for each wireless receiver.
When DMO is enabled for a WLAN, it is either in an active or inactive state based on thresholds defined as part of the DMO configuration within the WLAN profile. When enabled and active, each source IP multicast group is forwarded to each receiver at their unicast data transmit rate. For each IP multicast frame received, the AP will replicate and forward the frame to each receiver of that IP multicast group. When the specified channel utilization threshold or client threshold is reached, DMO is deactivated on the transmitting radio. Each active IP multicast group is then forwarded normally as a 802.11 broadcast multicast frame at either the lowest configurated rate for the radio or if MTO is enabled, the configured MTO rate.
Recomendation
DMO is a unique feature designed to support IP multicast applications and should only be enabled after a design consultation with your HPE Aruba Networking account team. Supporting IP multicast in a wireless environment requires additional LAN configuration and if tunnel forwarding is utilized a cluster design review.
Enabling DMO in a WLAN profile also influences how other IP multicast frames are filtered and forwarded by the AP. When DMO is enabled, multicast DNS (MDNS) and simple service discovery protocol (SSDP) frames are forwarded irrespective of the broadcast filtering option applied to the WLAN. Each MDNS/SSDP multicast frame is also converted to unicast prior to forwarding to each active wireless station adding additional load to the APs. If DMO is enabled and MDNS/SSDP needs to be filtered, either AirGroup must be enabled or policies dropping MDNS/SSDP must be applied to the user roles.
Configuration
DMO is enabled and its associated thresholds configured within each WLAN profile. Once DMO is enabled, additional options are displayed within the WLAN profile allowing the channel utilization and client thresholds to be defined. Specific recommendations for threshold values are unique to each environment and are out of scope for this guide.
In classic Central, DMO is configured within each WLAN profile under Broadcast/Multicast and on Central, DMO is configured within each WLAN profile under Broadcast/Multicast
Before and after
The following packet capture depicts an IP multicast video stream received by a wireless station when DMO is disabled or inactive. The IP multicast video stream is transmitted at the lowest configured transmit data rate, in this example 24 Mbps:
The following packet capture depicts an IP multicast video stream received by a wireless station when DMO is enabled and active. The receiver address is replaced with the IP multicast receivers host MAC address, and the video steam is transmitted at the receivers unicast transmit data rate:
7 - AirGroup
An overview of AirGroup.
In addition to facilitating discovery for multicast DNS (MDNS) and simple service discovery protocol (SSDP) services, AirGroup influences which MDNS/SSDP multicast advertisements and discovery frames are propagated and forwarded to wireless stations, and which frames are discarded. AirGroup allows administrators to define and control which services are discoverable by wireless stations based on location, user role or VLAN. Multicast frames for disabled services are filtered by the APs and are not transmitted to wireless stations preventing service discovery and conserving airtime.
When no broadcast or multicast filtering is enabled in a WLAN, all MDNS/SSDP multicast frames are propagated and forwarded to wireless stations at the lowest configured transmit rate. The total number of MDNS/SSDP frames that are generated by all active wireless stations across the system can be significant as modern operating systems can generate 5-20 MDNS queries during initial association or after roaming.
When the recommended broadcast filtering ARP option is enabled in a WLAN profile and dynamic multicast optimization (DMO) is disabled, the propagation of MDNS/SSDP multicast frames is prevented. AirGroup must be enabled and specific services permitted for service discovery to occur. APs will only respond to MDNS/SSDP queries for services that are explicitly permitted by the admin based on the context of each wireless station.
When DMO is enabled to support an IP multicast application and AirGroup is disabled, all MDNS/SSDP multicast frames are propagated and forwarded to wireless stations irrespective of the configured broadcast filtering option configured in the WLAN profile. Whilst the MDNS/SSDP multicast frames are optimized by being converted to unicast by the AP, no filtering is performed unless AirGroup is enabled. Once enabled, the APs will only respond to queries for services that are allowed.
Recommendation
If MDNS/SSDP services are required for your deployment, HPE Aruba Networking recommends enabling AirGroup and permitting the specific services that are required. This will prevent unnecessary MDNS/SSDP multicast frames from propagating to wireless stations. Once configured, APs will only respond to queries for services that are allowed based on the context of each wireless station.
Alternatively, if MDNS/SSDP services need to be prevented and AirGroup is disabled, role-based policies may also be crafted to drop MDNS and/or SSDP messages originating from wireless stations. As MDNS and SSDP implement well-known destination multicast addresses, policies can be crafted to drop IP packets destined to those addresses:
A detailed overview of the AirGroup service, configuration and operation is available at the AirGroup topic.
8 - Broadcast multicast optimization
This section provides an overview of broadcast and multicast optimization, including recommendations, configuration steps, and before-and-after results.
When broadcast multicast traffic is flooded over a user VLAN, the gateways must replicate each broadcast multicast frame and transmit it to each AP with active stations participating in the user VLAN via device designated gateway (DDG) tunnels. One gateway in each cluster is assigned a DDG role for each AP that is tunneling traffic to that cluster. Each gateway is responsible for replicating and forwarding unfiltered broadcast multicast frames to each AP that it assumes the DDG role for.
The replication and forwarding of broadcast multicast traffic to DDG tunnels can consume significant CPU/thread resources on the gateways in busy network environments impacting application and user experience. The forwarding of unnecessary broadcast multicast traffic also increases the load on APs as each AP must inspect each received broadcast multicast frame received from the overlay tunnels to make a forwarding or discard decision. If no broadcast multicast optimization is enabled in the WLAN, all received broadcast multicast frames will be forwarded to wireless stations participating in the user VLAN the frames were received at the lowest configured transmit data rate consuming valuable airtime.
Broadcast multicast optimization can be enabled per user VLAN and is disabled by default. When enabled, the gateways will prevent unnecessary broadcast and multicast traffic from reaching the APs via DDG tunnels. The gateways will discard all unnecessary broadcast and multicast traffic except DHCP, ARP, VRRP and MDNS/SSDP.
Recommendation
HPE Aruba Networking recommends enabling broadcast multicast optimization for each user VLAN to prevent unnecessary broadcast multicast frames from reaching the APs. The feature should be enabled for each user VLAN unless a specific broadcast multicast application that needs to be forwarded is being filtered. To provide the best possible filtering, this feature should be combined with the WLAN profile recommendations outlined in previous sections.
Configuration
Broadcast multicast optimization is enabled within each user VLAN. In classic Central, broadcast multicast optimization is enabled for a user VLAN within the gateway configuration group or device under Other Options.
In new Central, broadcast multicast optimization is enabled within each VLAN profile under Gateway Specific Parameters
Before and after
The following depicts the CPU/thread utilization on customers 7210 series gateway prior to broadcast multicast optimization being enabled on the user VLANs. Without optimization, the average CPU/thread utilization on the gateway was 54%.
The following depicts the CPU/thread utilization on the same 7210 series gateway after broadcast multicast optimization was enabled on the user VLANs. The average CPU/thread utilization was reduced by 40%.
