Multicast

Submitted by rayc on Mon, 02/14/2022 - 15:32

There are a few different types of transmission methods for IP packets with the most common being unicast. A Unicast packet, is a packet that is sent from a single source to a single destination. Most traffic on modern networks would be unicast. Another transmission method for IP packets, is broadcast. A Broadcast message is sent from a single source, to everywhere. Each device on the IP network within that subnet will receive a broadcast packet. An example of a broadcast is a DHCP request packet. Broadcast packets are addressed to the network broadcast address or 255.255.255.255 in the case of a DHCP request. 255.255.255.255 with a multicast MAC of FFFF.FFFF.FFFF is the all devices broadcast address. 

As you can understand, Broadcast traffic would generate a lot of unnecessary noise on the network and can mean that devices are receiving packets, and taking CPU time out to process the packet only to discover that it's not needed. This is where Multicast comes in. Multicast is a one to many form of IP transmission. Multicast packets will originate from the Multicast source and are sent to a specific Multicast address. IPv4 has specific ranges reserved for Multicast. These are called Class D address range 224.0.0.0/4. This provides multicast address in the range of 224.0.0.0 - 239.255.255.255. There are specific addresses within this block that are reserved for specific services that IP use which are listed below. IPv6 reserves the address range ff00::/8 for multicast. 

IP Multicast Address Description
224.0.0.0 Base address (reserved)
224.0.0.1 All hosts in this subnet (all-hosts group)
224.0.0.2 All routers in this subnet
224.0.0.5 AllSPFRouters
224.0.0.6 AllDRouters
224.0.0.9 All RIPv2 Routers
224.0.0.10 All EIGRP Routers
224.0.0.13 All PIM Routers
224.0.0.18 VRRP
224.0.0.22 IGMPv3
224.0.0.102 HSRPv2 and GLBP
224.0.1.1 NTP
224.0.1.39 Cisco-RP-Announce
224.0.1.40 Cisco-RP-Discovery

 

Some of the well-known ranges for IPv6 Multicast addresses include:

IPv6 Multicast Address Description
ff02:0:0:0:0:1:ff00::/104 Solicited Node Multicast
fe80::/10 Link Local address range
ff02::5 All OSPF routers
ff02::6 All OSPF DR Routers
ff02::a All EIGRP routers
ff02::1 All IPv6 nodes
ff02::2 All IPv6 routers
ff02::9 All RIPng Routers

 

There are some Multicast ranges that are reserved for special use just like with IPv4 Unicast address. The ranges are

  • 232.0.0.0/8 - Source Specific Multicast (SSM) range. I will discuss SSM more later
  • 233.0.0.0/8 - GLOB range. This range is assigned specifically to ASNs and uses the ASN value as X.Y to make the multicast subnet 233.X.Y.0/24.
  • 239.0.0.0/8 - This range is reserved for private group/organisation use similar to the RFC 1918 address ranges for unicast IPv4 packets.

 

Like Layer 3, there are also layer 2 multicast addresses. Layer 2 Multicast addresses were created to help reduce the requirement for each node to process the Ethernet frame only to realise that it's a Multicast frame that the host is not listening for. Each Layer 2 multicast address begins with the first 24 bits of the MAC address set to 0100.5e. When you break down the first half of the Multicast MAC address into each octet, you get 01:00:5e or in binary, 00000001:00000000:01011110:. In order for the MAC to be a multicast MAC, the lowest bit in the first octet, must be a 1 (01). To calculate the Multicast IP's MAC from here, the lowest 23 bits of the MAC address directly relate to the IP of the Multicast address but the 25th Bit of the 48 bit MAC is always a 0. For example, a multicast address of 239.255.0.1 would have a multicast MAC of 01:00:5e:7f:00:01 (Note it's only the last 3 octets of the Multicast IP address that are converted for the MAC). 

Numerical IP 239.255.0.1
Binary IP 11101111.11111111.00000000.00000001
Numerical MAC 01:00:5e:7f:00:01
Binary MAC 00000001:00000000:01011110:01111111:00000000:00000001

 

As you can probably already tell, this would mean that there could be several Multicast IP addresses with the same Multicast MAC address. For example, 239.255.0.1 and 239.127.0.1, will have the same Multicast MAC of 01:00:5e:7f:00:01. While this could lead to some hosts receiving and processing frames not destined for the host, the likelihood of this is pretty slim. 

IGMP

While we're talking about layer 2, let's discuss how switches keep track of which ports to send multicast frames to. We know the a switch maintains a CAM table with a list of MAC addresses and the ports that they are connected to for unicast transmissions, but what about multicast? Well this is where IGMP Snooping (Internet Group Management Protocol) comes in. Before I get into IGMP snooping however ill discuss what IGMP is. 

IGMP is a protocol that end devices use to communicate with neighbouring multicast routers, which multicast groups it is a member of.

 

 

 

 

Notes

relies on IGMP for layer 2 and PIM for layer 3

unicast not good if IP Directed Broadcast not enabled and open to DDOS

MCAST data packet called stream, dest IP group addr, recipients called receivers

224.0.0.0/4 reserved for MCAST

IANA reserved MCAST ranges

Designations MCAST address
Local Network Control Block 224.0.0.0/24
Internetwork Control Block 224.0.1.0/24
Ad Hoc block 224.0.2.0/24
Reserved 224.1.0.0/16
SDP/SAP Block 224.2.0.0/16
Ad hoc Block 2 224.3.0.0.0/15
Reserved 224.5.0.0/8
Reserved 2 225.0.0.0-231.255.255.255
SSM 232.0.0.0/8
GLOP Block 233.0-255.X.0
Ad hoc Block 3 233.252-255.0.0/16
Reserved 234-238.255.255.255
Administrativly Scoped 239.0.0.0/8

 

Local Network control block used for protocol control traffic in local network

Internetwork block used for protocol control traffic that may be forwarded through the Internet (NTP, Cisco-RP-Announce/Discovery)

SSM Block is PIM extension. Forwards traffic to receivers from only sources requested by receivers

GLOP Block globally scoped statically assigned for domains with 16bit ASN by mapping ASN in octets XY into middle 2 octets of GLOB address 233.X.Y.0/24

admin scop similar to RFC 1918 addresses

IGMP must be supported by receivers and router interfaces facingin receivers

3 versions of IGMP

  1. IGMPv1 - Not used
  2. IGMPv2 - Most common
  3. IGMPv3 - used by SSM

 

IGMPv2 packets encapsulated in IP packet with protocol number 2. Messages sent with IP router alerts options set + TTL of 1.

IGMP message format fields

  • Type - Describrs 5 different types of IGMP messages used by routers and receivers
    • v2 membership report (0x16) - also referred to as IGMP Join. Used by receivers to join mcast group or respond to local routers member queries.
    • v1 membership report (0x12) - Used by receivers for V1 backward compatability.
    • v2 Leave group (0x17) - USed by receivers to leave a group
    • General Membership Query (0x11) - preiodically sent to all hosts 224.0.0.1 to see if any receivers in subnet
    • Group Specific Query (0x11) - Response to leave message to group address receiver is leaving. Group address is the destination of IP packet and the group address field
  • Max Response Time - Only sent in an 0x11 query. Is the max allowed time before sending responding report. All other messages set this to 0x00 by sender and ignored by receiver
  • Checksum - standard TCP/IP checksum filed
  • Group Address

 

When receiver joins MCAST stream, sends unsolicited membership report (IGMP Join) to default router. Router forwards upstream using PIM Join messages.

Routers send GMQ to subnet every max response time. In response receivers set internal random time between 0-10. When expires, receivers send membership report for each group. If receiver receives report from another member, it doesn't send it's own report. 

When receiver wants to leave, if it is last receiver to send query, it sends leave message to 224.0.0.2, otherwise it leaves quietly. 

Router will check for other receivers before removing IGMP state.

If more than 1 router in subnet, querier election occurs. Router with lowest IP is elected. All non-querier routers set timer which resets when membership query report is received from querier router. 

New election takes place if no message heard. Router waits 2 x Query interval (60 sec default) before triggering an election.

IGMPv3 allows for MCAST source filtering so receivers can pick source to accept MCAST from.

IGMPv3 is backward compatible with v1 and v2

IGMPv3 added fields to membership query and new message type called Version 3 membership report to support source filtering.

IGMPv3 recevirs signal mebrship to group using report in 2 modes:

  1. Include mode - Receiver announces membership to MACST group and provides list of source-address it wants to receive.
  2. Exclude mode: Same but provides list of addresses to not receive from. To receive from all (IGMPv2), uses exclude mode with empty list.

 

Switches reduce MCAST flooding by using IGMP snooping or static MAC entries. 

IGMP Snooping listens for join messages from receivers and maintains a table.

Cisco only fully supports PIM routing protocol

MCAST Routers create 2 types of trees to route traffic

  • Source Tree (Shortest Path Tree)
  • Shared Tree

 

Source tree has source as root and branches to receivers using the shortest path

Source tree forwarding state notation (S,G)

Shared tree uses RP as MCAST root. MCAST packets forwarded down shared tree regardless of source address. Forwarding state on shared tree is (*,G)

Downside to Shared tree is all receivers receive traffic from all sources so could mean unwanted traffic could be sent to receivers that don't need it

RPF interface is interface with lowest cost path (AD and Metric) to the IP of the SPT or RP for shared tree

Multiple interfaces, highest IP wins

RPF Neighbour is neighbour on RPF interface. Upstream is towards the source. Upstream interface is interface towards source tree. Downstream is away from source.

Incoming Interface (IIF) only interface that accepts mcast traffic from source

Last Hop Router (LHR) Router directly attached to receiver

First Hop Router (FHR) router directly attached to source

MCAST RIB derived from RIP and PIM. Contains Source, Group, IIF, OIF, RPF neighbour info

5 PIM Operating modes

  • PIM-DM - Dense Mode
  • PIM-SM - Sparse Mode
  • PIM Sparce/Dense mode
  • PIM-SSM - Source Specific Multicast
  • BIDIR-PIM - Bidirectional PIM

 

All PIM control messages use IP protocol number 103 and are either Unicast (Register/Stop) or mcast with TTL of 1 to 224.0.0.13 All PIM Routers.

PIM Hello are sent every 30 seconds out all PIM interfaces. Hellos used to elect a DR

PIM-DM is used when the receievers are on every subnet. 

Packets arriving on non RPF interface are discarded.

PIM-DM prune expires after 3 mins can cause MCAST traffic reflooded to all routers. PIM-DM suitable for small networks.

PIM-SM designed for networks with receivers scattered. Assumes no receivers unless specifically asked

PIM-SM uses IGMP join from receiver to LHR. LHR then sends PIM Join to upstream MCAST router which is RP for shared tree or FHR where the source of MCAST streaming is connected for SPT.

Source registration process

  • Source sends packet to FHR
  • FHR registers G with RP using register message and sends using Unidirectional PIM tunnel
  • If RP has no active shared tree, RP sends stop message saying stop registering
  • If active shared tree, forwards MCAST packet down tree and sends (S,G) join to source to create (S,G) SPT
  • Once RP receives data natively  via SPT from Source, sends register stop to FHR to stop sending register messages

 

PIM-SM allows LHR to switch from shared tree to SPT for specific source and happens when first MCAST packet received from RP via shared tree.

When LHR receives MCAST packet from RP, LHR checks route table for shortest path to source and sends PIM Join hop-by-hop to FHR to form SPT. Once MCAST packet received through SPT, sends prune to RP to stop duplicate messages.

DR Elected on priority. Default is 1. highest priority wins or if tied, highest IP

On FHR, DR responsible for encapsulating MCAST packets in unicast register message to RP from source

On LHR, DR responsible for sending Join and Prune messages to RP and SPT switchover.

Without DR all LHR routers send PIM Join which can result in duplicate traffic

DR hold time is 3.5 times hello which is 105 seconds by default. if hold reached new DR is elected.

RPF functions as follows:

  • if MCAST packet received on interface used to send unicast to source. Packet is from RPF
  • Packet arriving on RPF is forwarded out interfaces in the Outgoing Interface List (OIL) of MCAST RIB.
  • If not on RPF, packet is discarded

 

RPF performed differently between the Source and the LHR and the Source and the RP.

  • If Router has (S,G) present (BPT) router performs RPF on IP of the source for MCAST packet
  • If no (S,G) state (Shared tree) RPF is performed on the address of the RP

 

(S,G) Joins are sent towards Source and (*,G) joins are sent to the RP

If PIM Router receives (S,G) traffic on OIF, triggeres assert mechanism. When assert triggered, each router sends assert message with AD and Metric to the source. Lowest AD > Metric > Highest IP. Losing router sends a prune.

Assert Prune times out after 3 minutes and forwards again triggering another assert. 

PIM-SM requires RP, can be statically or dynamically configured using Cisco Auto-RP or PIM Bootstrap Router (BSR)

Auto-RP distributes group-to-RP mappings automatically.

  • Easy to use multiple RPs within network to serve different group ranges
  • Load splitting between RPs
  • Simplifies RP placement according to location of G participants
  • Prevents inconsistent static RP config
  • Uses two basic components, candidate RP (C-RP) and RP Mapping agents (MA)

 

CRP advertises willingness to be RP every announce interval (60 seconds default) to 224.0.1.39

If Multiple CRP then CRP with highest IP preferred

RP MCA join group 224.0.1.39 to receive announcements and stores in group-to-RP mapping cache

If multiple RPs advertise same group range, highest IP wins

RPMA advertises RP to mappings to 224.0.1.40 (Cisco-RP-Discovery) every advertisement interval (60 seconds default or triggered)

All PIM routers join 224.0.1.40

Multiple RP MA routers can be configured and act independantly of advertisements

PIM Bootstrap Router profivdes fault tolerant automated RP-Discovery and Distributrion mechanism

BSR is same as PIMv1 Auto-RP but for PIMv2

RP set is group to RP mapping containing: 

  • MCAST group range
  • RP Priority and adress
  • Hash mask length
  • SM/BiDir Flag

 

BSR floods messages to all routers hop by hop. When BSP message is forwarded it is sent out all PIM enabled interfaces including receiving interface to MCAST address 224.0.0.13 with a TTL of 1.

There can be multiple Candidate BSR and all compete in BSR election process with highest priority wins. If tie then Highest IP address

CRP will unicast C-RP-Advertisements to BSR listing groups it can be RP for

BSR sends entire list of CRP to all PIM Routers every 60 seconds by default.

CRP with lowest priority is preferred or Highest IP if priority is tied.

 

PIM Control Message Types

Type Message Type Destination PIM Protocol
0 Hello 224.0.0.13 (All PIM Rotuers) PIM-SM, PIM-DM, Bidir-PIM and SSM
1 Register RP address (Unicast)

PIM-SM

2 Register Stop FHR (Unicast) PIM-SM
3 Join/Prune 224.0.0.13 PIM-SM-Bidir-PIM and SSM
4 Bootstrap 224.0.0.13 PIM-SM and Bidir-PIM
5 Assert 224.0.0.13 PIM-SM, PIM-DM and Bidir-PIM
8 Candidate RP advertisement Bootstrap Router (SRP) address Unicast PIM-SM and Bidir-PIM
9 State refresh 224.0.0.13 PIM-DM
10 DF Election 224.0.0.13 Bidi-PIM

 

Configuring autorp on pim-ssm

ip pim autorp listener
ip pim accept-rp auto-rp
ip pim send-rp-discovery scope 31 interval 5

and on the RP

ip pim autorp listener
ip pim accept-rp auto-rp
ip pim send-rp-announce Loopback0 scope 31 interval 5
ip pim send-rp-discovery scope 31 interval 5