- rayc's Blog
- Log in to post comments
There are a few different types of transmission methods for IP packets with the most common being unicast. A Unicast packet, is a packet that is sent from a single source to a single destination. Most traffic on modern networks would be unicast. Another transmission method for IP packets, is broadcast. A Broadcast message is sent from a single source, to everywhere. Each device on the IP network within that subnet will receive a broadcast packet. An example of a broadcast is a DHCP request packet. Broadcast packets are addressed to the network broadcast address or 255.255.255.255 in the case of a DHCP request. 255.255.255.255 with a multicast MAC of FFFF.FFFF.FFFF is the all devices broadcast address.
As you can understand, Broadcast traffic would generate a lot of unnecessary noise on the network and can mean that devices are receiving packets, and taking CPU time out to process the packet only to discover that it's not needed. This is where Multicast comes in. Multicast is a one to many form of IP transmission. Multicast packets will originate from the Multicast source and are sent to a specific Multicast address. IPv4 has specific ranges reserved for Multicast. These are called Class D address range 224.0.0.0/4. This provides multicast address in the range of 224.0.0.0 - 239.255.255.255. There are specific addresses within this block that are reserved for specific services that IP use which are listed below. IPv6 reserves the address range ff00::/8 for multicast.
| IP Multicast Address | Description |
| 224.0.0.0 | Base address (reserved) |
| 224.0.0.1 | All hosts in this subnet (all-hosts group) |
| 224.0.0.2 | All routers in this subnet |
| 224.0.0.5 | AllSPFRouters |
| 224.0.0.6 | AllDRouters |
| 224.0.0.9 | All RIPv2 Routers |
| 224.0.0.10 | All EIGRP Routers |
| 224.0.0.13 | All PIM Routers |
| 224.0.0.18 | VRRP |
| 224.0.0.22 | IGMPv3 |
| 224.0.0.102 | HSRPv2 and GLBP |
| 224.0.1.1 | NTP |
| 224.0.1.39 | Cisco-RP-Announce |
| 224.0.1.40 | Cisco-RP-Discovery |
Some of the well-known ranges for IPv6 Multicast addresses include:
| IPv6 Multicast Address | Description |
| ff02:0:0:0:0:1:ff00::/104 | Solicited Node Multicast |
| fe80::/10 | Link Local address range |
| ff02::5 | All OSPF routers |
| ff02::6 | All OSPF DR Routers |
| ff02::a | All EIGRP routers |
| ff02::1 | All IPv6 nodes |
| ff02::2 | All IPv6 routers |
| ff02::9 | All RIPng Routers |
There are some Multicast ranges that are reserved for special use just like with IPv4 Unicast address. The ranges are
- 232.0.0.0/8 - Source Specific Multicast (SSM) range. I will discuss SSM more later
- 233.0.0.0/8 - GLOB range. This range is assigned specifically to ASNs and uses the ASN value as X.Y to make the multicast subnet 233.X.Y.0/24.
- 239.0.0.0/8 - This range is reserved for private group/organisation use similar to the RFC 1918 address ranges for unicast IPv4 packets.
Like Layer 3, there are also layer 2 multicast addresses. Layer 2 Multicast addresses were created to help reduce the requirement for each node to process the Ethernet frame only to realise that it's a Multicast frame that the host is not listening for. Each Layer 2 multicast address begins with the first 24 bits of the MAC address set to 0100.5e. When you break down the first half of the Multicast MAC address into each octet, you get 01:00:5e or in binary, 00000001:00000000:01011110:. In order for the MAC to be a multicast MAC, the lowest bit in the first octet, must be a 1 (01). To calculate the Multicast IP's MAC from here, the lowest 23 bits of the MAC address directly relate to the IP of the Multicast address but the 25th Bit of the 48 bit MAC is always a 0. For example, a multicast address of 239.255.0.1 would have a multicast MAC of 01:00:5e:7f:00:01 (Note it's only the last 3 octets of the Multicast IP address that are converted for the MAC).
| Numerical IP | 239.255.0.1 |
| Binary IP | 11101111.11111111.00000000.00000001 |
| Numerical MAC | 01:00:5e:7f:00:01 |
| Binary MAC | 00000001:00000000:01011110:01111111:00000000:00000001 |
As you can probably already tell, this would mean that there could be several Multicast IP addresses with the same Multicast MAC address. For example, 239.255.0.1 and 239.127.0.1, will have the same Multicast MAC of 01:00:5e:7f:00:01. While this could lead to some hosts receiving and processing frames not destined for the host, the likelihood of this is pretty slim.
IGMP
While we're talking about layer 2, let's discuss how switches keep track of which ports to send multicast frames to. We know the a switch maintains a CAM table with a list of MAC addresses and the ports that they are connected to for unicast transmissions, but what about multicast? Well this is where IGMP Snooping (Internet Group Management Protocol) comes in. Before I get into IGMP snooping however ill discuss what IGMP is.
IGMP is a protocol that end devices use to communicate with neighbouring multicast routers, which multicast groups it is a member of.
Notes
relies on IGMP for layer 2 and PIM for layer 3
unicast not good if IP Directed Broadcast not enabled and open to DDOS
MCAST data packet called stream, dest IP group addr, recipients called receivers
224.0.0.0/4 reserved for MCAST
IANA reserved MCAST ranges
| Designations | MCAST address |
| Local Network Control Block | 224.0.0.0/24 |
| Internetwork Control Block | 224.0.1.0/24 |
| Ad Hoc block | 224.0.2.0/24 |
| Reserved | 224.1.0.0/16 |
| SDP/SAP Block | 224.2.0.0/16 |
| Ad hoc Block 2 | 224.3.0.0.0/15 |
| Reserved | 224.5.0.0/8 |
| Reserved 2 | 225.0.0.0-231.255.255.255 |
| SSM | 232.0.0.0/8 |
| GLOP Block | 233.0-255.X.0 |
| Ad hoc Block 3 | 233.252-255.0.0/16 |
| Reserved | 234-238.255.255.255 |
| Administrativly Scoped | 239.0.0.0/8 |
Local Network control block used for protocol control traffic in local network
Internetwork block used for protocol control traffic that may be forwarded through the Internet (NTP, Cisco-RP-Announce/Discovery)
SSM Block is PIM extension. Forwards traffic to receivers from only sources requested by receivers
GLOP Block globally scoped statically assigned for domains with 16bit ASN by mapping ASN in octets XY into middle 2 octets of GLOB address 233.X.Y.0/24
admin scop similar to RFC 1918 addresses
IGMP must be supported by receivers and router interfaces facingin receivers
3 versions of IGMP
- IGMPv1 - Not used
- IGMPv2 - Most common
- IGMPv3 - used by SSM
IGMPv2 packets encapsulated in IP packet with protocol number 2. Messages sent with IP router alerts options set + TTL of 1.
IGMP message format fields
- Type - Describrs 5 different types of IGMP messages used by routers and receivers
- v2 membership report (0x16) - also referred to as IGMP Join. Used by receivers to join mcast group or respond to local routers member queries.
- v1 membership report (0x12) - Used by receivers for V1 backward compatability.
- v2 Leave group (0x17) - USed by receivers to leave a group
- General Membership Query (0x11) - preiodically sent to all hosts 224.0.0.1 to see if any receivers in subnet
- Group Specific Query (0x11) - Response to leave message to group address receiver is leaving. Group address is the destination of IP packet and the group address field
- Max Response Time - Only sent in an 0x11 query. Is the max allowed time before sending responding report. All other messages set this to 0x00 by sender and ignored by receiver
- Checksum - standard TCP/IP checksum filed
- Group Address
When receiver joins MCAST stream, sends unsolicited membership report (IGMP Join) to default router. Router forwards upstream using PIM Join messages.
Routers send GMQ to subnet every max response time. In response receivers set internal random time between 0-10. When expires, receivers send membership report for each group. If receiver receives report from another member, it doesn't send it's own report.
When receiver wants to leave, if it is last receiver to send query, it sends leave message to 224.0.0.2, otherwise it leaves quietly.
Router will check for other receivers before removing IGMP state.
If more than 1 router in subnet, querier election occurs. Router with lowest IP is elected. All non-querier routers set timer which resets when membership query report is received from querier router.
New election takes place if no message heard. Router waits 2 x Query interval (60 sec default) before triggering an election.
IGMPv3 allows for MCAST source filtering so receivers can pick source to accept MCAST from.
IGMPv3 is backward compatible with v1 and v2
IGMPv3 added fields to membership query and new message type called Version 3 membership report to support source filtering.
IGMPv3 recevirs signal mebrship to group using report in 2 modes:
- Include mode - Receiver announces membership to MACST group and provides list of source-address it wants to receive.
- Exclude mode: Same but provides list of addresses to not receive from. To receive from all (IGMPv2), uses exclude mode with empty list.
Switches reduce MCAST flooding by using IGMP snooping or static MAC entries.
IGMP Snooping listens for join messages from receivers and maintains a table.
Cisco only fully supports PIM routing protocol
MCAST Routers create 2 types of trees to route traffic
- Source Tree (Shortest Path Tree)
- Shared Tree
Source tree has source as root and branches to receivers using the shortest path
Source tree forwarding state notation (S,G)
Shared tree uses RP as MCAST root. MCAST packets forwarded down shared tree regardless of source address. Forwarding state on shared tree is (*,G)
Downside to Shared tree is all receivers receive traffic from all sources so could mean unwanted traffic could be sent to receivers that don't need it
RPF interface is interface with lowest cost path (AD and Metric) to the IP of the SPT or RP for shared tree
Multiple interfaces, highest IP wins
RPF Neighbour is neighbour on RPF interface. Upstream is towards the source. Upstream interface is interface towards source tree. Downstream is away from source.
Incoming Interface (IIF) only interface that accepts mcast traffic from source
Last Hop Router (LHR) Router directly attached to receiver
First Hop Router (FHR) router directly attached to source
MCAST RIB derived from RIP and PIM. Contains Source, Group, IIF, OIF, RPF neighbour info
5 PIM Operating modes
- PIM-DM - Dense Mode
- PIM-SM - Sparse Mode
- PIM Sparce/Dense mode
- PIM-SSM - Source Specific Multicast
- BIDIR-PIM - Bidirectional PIM
All PIM control messages use IP protocol number 103 and are either Unicast (Register/Stop) or mcast with TTL of 1 to 224.0.0.13 All PIM Routers.
PIM Hello are sent every 30 seconds out all PIM interfaces. Hellos used to elect a DR
PIM-DM is used when the receievers are on every subnet.
Packets arriving on non RPF interface are discarded.
PIM-DM prune expires after 3 mins can cause MCAST traffic reflooded to all routers. PIM-DM suitable for small networks.
PIM-SM designed for networks with receivers scattered. Assumes no receivers unless specifically asked
PIM-SM uses IGMP join from receiver to LHR. LHR then sends PIM Join to upstream MCAST router which is RP for shared tree or FHR where the source of MCAST streaming is connected for SPT.
Source registration process
- Source sends packet to FHR
- FHR registers G with RP using register message and sends using Unidirectional PIM tunnel
- If RP has no active shared tree, RP sends stop message saying stop registering
- If active shared tree, forwards MCAST packet down tree and sends (S,G) join to source to create (S,G) SPT
- Once RP receives data natively via SPT from Source, sends register stop to FHR to stop sending register messages
PIM-SM allows LHR to switch from shared tree to SPT for specific source and happens when first MCAST packet received from RP via shared tree.
When LHR receives MCAST packet from RP, LHR checks route table for shortest path to source and sends PIM Join hop-by-hop to FHR to form SPT. Once MCAST packet received through SPT, sends prune to RP to stop duplicate messages.
DR Elected on priority. Default is 1. highest priority wins or if tied, highest IP
On FHR, DR responsible for encapsulating MCAST packets in unicast register message to RP from source
On LHR, DR responsible for sending Join and Prune messages to RP and SPT switchover.
Without DR all LHR routers send PIM Join which can result in duplicate traffic
DR hold time is 3.5 times hello which is 105 seconds by default. if hold reached new DR is elected.
RPF functions as follows:
- if MCAST packet received on interface used to send unicast to source. Packet is from RPF
- Packet arriving on RPF is forwarded out interfaces in the Outgoing Interface List (OIL) of MCAST RIB.
- If not on RPF, packet is discarded
RPF performed differently between the Source and the LHR and the Source and the RP.
- If Router has (S,G) present (BPT) router performs RPF on IP of the source for MCAST packet
- If no (S,G) state (Shared tree) RPF is performed on the address of the RP
(S,G) Joins are sent towards Source and (*,G) joins are sent to the RP
If PIM Router receives (S,G) traffic on OIF, triggeres assert mechanism. When assert triggered, each router sends assert message with AD and Metric to the source. Lowest AD > Metric > Highest IP. Losing router sends a prune.
Assert Prune times out after 3 minutes and forwards again triggering another assert.
PIM-SM requires RP, can be statically or dynamically configured using Cisco Auto-RP or PIM Bootstrap Router (BSR)
Auto-RP distributes group-to-RP mappings automatically.
- Easy to use multiple RPs within network to serve different group ranges
- Load splitting between RPs
- Simplifies RP placement according to location of G participants
- Prevents inconsistent static RP config
- Uses two basic components, candidate RP (C-RP) and RP Mapping agents (MA)
CRP advertises willingness to be RP every announce interval (60 seconds default) to 224.0.1.39
If Multiple CRP then CRP with highest IP preferred
RP MCA join group 224.0.1.39 to receive announcements and stores in group-to-RP mapping cache
If multiple RPs advertise same group range, highest IP wins
RPMA advertises RP to mappings to 224.0.1.40 (Cisco-RP-Discovery) every advertisement interval (60 seconds default or triggered)
All PIM routers join 224.0.1.40
Multiple RP MA routers can be configured and act independantly of advertisements
PIM Bootstrap Router profivdes fault tolerant automated RP-Discovery and Distributrion mechanism
BSR is same as PIMv1 Auto-RP but for PIMv2
RP set is group to RP mapping containing:
- MCAST group range
- RP Priority and adress
- Hash mask length
- SM/BiDir Flag
BSR floods messages to all routers hop by hop. When BSP message is forwarded it is sent out all PIM enabled interfaces including receiving interface to MCAST address 224.0.0.13 with a TTL of 1.
There can be multiple Candidate BSR and all compete in BSR election process with highest priority wins. If tie then Highest IP address
CRP will unicast C-RP-Advertisements to BSR listing groups it can be RP for
BSR sends entire list of CRP to all PIM Routers every 60 seconds by default.
CRP with lowest priority is preferred or Highest IP if priority is tied.
PIM Control Message Types
| Type | Message Type | Destination | PIM Protocol |
| 0 | Hello | 224.0.0.13 (All PIM Rotuers) | PIM-SM, PIM-DM, Bidir-PIM and SSM |
| 1 | Register | RP address (Unicast) |
PIM-SM |
| 2 | Register Stop | FHR (Unicast) | PIM-SM |
| 3 | Join/Prune | 224.0.0.13 | PIM-SM-Bidir-PIM and SSM |
| 4 | Bootstrap | 224.0.0.13 | PIM-SM and Bidir-PIM |
| 5 | Assert | 224.0.0.13 | PIM-SM, PIM-DM and Bidir-PIM |
| 8 | Candidate RP advertisement | Bootstrap Router (SRP) address Unicast | PIM-SM and Bidir-PIM |
| 9 | State refresh | 224.0.0.13 | PIM-DM |
| 10 | DF Election | 224.0.0.13 | Bidi-PIM |
Configuring autorp on pim-ssm
ip pim autorp listener
ip pim accept-rp auto-rp
ip pim send-rp-discovery scope 31 interval 5
and on the RP
ip pim autorp listener
ip pim accept-rp auto-rp
ip pim send-rp-announce Loopback0 scope 31 interval 5
ip pim send-rp-discovery scope 31 interval 5