Multicast networking I - Basics

 Please be advised that this article is work-in-progress. The information here may be vague, incomplete, misleading or plainly wrong.  MULTICAST    -> Definition -> a type of communication where data transmission is addressed to a group of hosts simultaneously. COMMUNICATION              -> multicast traffic can be used in one-to-many or many-to-many applications. -> Differences -> from unicast -> can also be used in one-to-many application in the form of replicated unicast -> replicated unicast means that there is an individual stream of traffic between source and each receiver. -> what distinguishes multicast (and broadcast) from any form of replicated unicast is a source's behaviour -> a multicast source sends one copy of a pcaket -> for replicated unicast, a source would have to send as many copies as known receivers -> benefits -> better resource utilization at the source. One copy of a packet vs a multitude -> better bandwidth utilization -> the packets are replicated by the multicast source on an as needed basis -> no single link should have multiple copies of the same packet -> from broadcast -> multicast is designed for groups of receivers, not for all of them (broadcast) -> multicast receivers only receive packets if they express interest beforehand -> benefits -> better resuorce utilization at the receiver -> receiver does not receive unwanted packets -> better bandwidth utilization -> packets are only replicated by the network devices if actually requested. -> MECHANICS -> layer 3 addressing -> IPv4 -> the format of the packet is the same as unicast or broadcast -> Source IP: the unicast address of the sender -> Destination IP -> a multicast IP which represents the receiving group of hosts -> the destination multicast IP addresses belong to Class D -> all IP addresses that start with 1110 -> 224.0.0.0 - 239.255.255.255 -> 2^28 or 228 million addresses -> class D is considered flat IP space -> no concept of subnetting -> every single IP simply represents a multicast group -> the are reserved ranges (not subnets) within Class D -> 224.0.0.0/24 -> Local Network Control Block (Routing Protocols) -> Operate within link-local scope -> TTL 1 or 2 (TTL 2 used in NBMA networks using distance vector routing protocols) -> example: 224.0.0.5 and 224.0.0.6 for OSPF and 224.0.0.9 for EIGRP -> 224.0.1.0 - 238.255.255.255 -> Globally scoped addresses -> operate on a broader scope thant 224.0.0.0/24 -> subsets -> 232.0.0.0/8 -> Source specific multicast block -> for multicast streams whose sources are already known by the receivers -> most multicast streams do not qualify here, but there are some instances where the receivers know the sources -> 233.0.0.0 - 233.255.255.255 -> GLOP Addresses -> globally unique multicast addresses based on AS number -> for example the organization with AS 65000 -> has the global multicast address space 233.253.232.0/24 -> 65000 = FDE8; FD = 253; E8 = 232 -> 239.0.0.0/8 -> Organization-Local Scope (Private IPs) -> Comparable to RFC 1918 IP addresses -> Should be limited to use within an AS or between ASes that have some kind of agreement -> this is not global multicast

+--8 bits--+ +-4 bits-+ +-4 bits-+ +-112 bits-+ |	     | |        | |        | |          |			                         -> IPv6 -> format: 1111  1111     Flags      Scope     Group ID -> the ipv6 multicast addresses begin with ff (1111 1111). Example: ff04::10 -> Flags -> 0RPT bits -> 0 bit is reserved and always set to 0 -> R bit -> if it is set to 1, bits P and T must also be set to 1 -> this indicates that there is a Rendezvous Point address embedded in the multicast address -> Scope -> 0, 3, F: reserved -> 1: Interface-Local Scope -> 2: Link-Local Scope -> 4: Admin-Local Scope -> 5: Site-Local Scope -> 6, 7, 9, A, B, C, D: Unassigned -> 8: Organization-Local Scope -> E: Global Scope

-> layer 2 addressing -> ethernet -> Source MAC address -> the source IP is unicast so there is a one to one mapping between the source IP and the source MAC address. -> This would be the MAC address of the source or the gateway -> Destination MAC address -> destionation IP is multicast so a suitable destination MAC that represents the destination IP must be used in the frame. -> the same destination MAC is used for a specific multicast IP, so a client joining a multicast group, knows what destination MAC to listen for -> for that to happen, L3 addresses are mapped to L2 addresses -> need for mapping process -> a receiver already knows which L3 multicast addresses it will accept -> this is done at the application layer -> works its way down the stack -> ultimately results in the NIC tuned to the l3 multicast address -> the same NIC also needs to accept the L2 frame carrying the multicast before the l3 packet can be extracted for processing -> for unicast this address is the burned-in address (MAC) and is provided to the sender via ARP. ARP is not designed for multicast addressing -> for multicast, the address must be dynamic as well as well-known -> dynamic because the L3 multicast group are highly arbitrary -> well-knwon because a unique l3 multicast address must have a consistent l2 address -> to provide this, a simple mapping procedure is used to generate a well known multicast MAC address -> mapping process -> ipv4 -> 1. for IPv4 multicast, the 01:00:5E OUI is used exclusively -> this means that protocols such as STP or IS-IS, while still broadcasted through a network, they do not use this OUI because they are not IP packets ^												                                                 |												                                           00000001 -> I/G bit Individual/Group bit -> if it is 0 then the MAC address is individual, if the bit is 1 then the MAC is multicast -> so, for any multicast MAC, IP or not, this bit has to be 1 -> 2. of the remaining 24 bits, the most significat bit is always 0 -> only 23 bits are dynamic and are used to map to IP addresses -> 3. The least significat 23 bits of the IP address are copied to the least significat 23 bits of the MAC address. -> observation: Since 23 bits are dynamic -> 2^28 possible IP multicast addresses must be mapped to 2^23 multicast mac addresses -> this means that 2^5 addresses share the same MAC -> for example -> 230.1.2.3, 230.129.2.3 and 239.1.2.3 all map to 01:00:5E:01:02:03 -> however, since the address block is split, there are 2 IP addresses per /8 block than might conflict, so this was deemed acceptable -> this conflict translates into a client which listens to multicast 01:00:5E:01:02:03, will accept packets at layer 2 for any of the 230.1.2.3, 230.129.2.3 and 239.1.2.3 addresses and it will have to filter them at layer 3. -> ipv6 -> TO BE DISCUSSED

-> Multicast Routing -> the purpose of multicast routing is described as 'moving packets away from the source' -> in unicast packet routing -> the packets are moved 'towards a destination' -> the routing table is consulted the packets are forwarded away from the source, towards the destination host, based on the DESTINATION ADDRESS of the packets -> the destination host is always only one -> in multicast packet routing -> the number of multicast receivers listening for a stream is highly variable and dynamic -> there can be one, a thousand, a million or none -> clients can come online or go offline at any time -> the packets are subjected to the RPF check that prevents loops and makes sure a stream of traffic is never sent back towards the source -> since multicast traffic doesn't have a predefined destination and never goes back towards the source, multicast routing is described as 'moving packets away from the source' -> Multicast Routing Table -> Example: R1(config)#do show ip mroute 239.10.10.10 IP Multicast Routing Table -+											(*, 239.10.10.10), 00:00:14/stopped, RP 172.26.0.100, flags: SPF,  | a forwarding state Incoming interface: FastEthernet0/1, RPF nbr 172.26.12.2         | Outgoing interface list: Null                                    | -+											(172.26.1.10, 239.10.10.10), 00:00:14/00:02:55, flags: PFT Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0 Outgoing interface list: FastEthernet0/1, Forward/Sparse, 00:00:05/00:03:24

-> a multicast routing table stores routing information in 'forwarding states' -> These are the multicast equivalent of unicast routes. -> organized in the table based on multicast groups -> for each forwarding state -> has a pair of source IP and group IP -> based on this, coloquially, two types of forwading states are identified. -> Es Comma Gee (S, G) -> S = Known Source IP																											 -> G = Destination Group -> Example: (172.26.1.10, 239.10.10.10) -> Star Comma Gee (*, G) -> * = 'any' or 'unknown' multicast source IP																											  -> G = Destination Group -> Example: (*, 239.10.10.10) -> two types of interfaces are used -> upstream interface -> metrically closest to the multicast source. Think of it as closest router iface towards the multicast source -> Think of it as: if the multicast source would have been a unicast destination, then this interface would have been the exit interface towards the unicast destination (reverse path) -> on this interface the router expects to receive the traffic for a particular combination of source IP and multicast Group, as defined by the forwarding state -> only one per forwarding state -> only one per multicast source. ??? There can not be two upstream interfaces to the same multicast source, not even in different forwarding states -> also called IIF (Incoming interface) -> downstream interfaces -> two characteristics -> they are not upstream interfaces for the same forwarding state -> interfaces with interested multicast receivers for that multicast group -> on the interfaces in this list, the multicast traffic will be forwarded -> it is a list of interfaces: there can be one, more or no interfaces in the list -> also called OIL (Outgoing Interfaces List) -> Reverse Path Forwarding -> is the concept used in multicast routing accoring to whom 'packets are moved away from the source' -> when multicast packets are received, before they would be forwarded, the RPF check is applied to them -> RPF check -> a verification that multicast packets from a particular source IP are received on the REVERSE PATH towards that source IP (upstream interface) -> purpose -> multicast routing is very vulnerable to routing loops -> the RPF check is a mechanism to avoid routing loops -> process -> a router receives multicast packets on an interface -> the source IP of the packets is inspected -> if the interface on which the packet has arrived is NOT the upstream interface for that source IP, the packet is dropped -> if the interface on which the packet has arrived is the upstream interface, the packet will be forwarded. -> Multicast Routing Protocol -> three primary responsibilities (for each state) -> identify the upstream interface -> based on the unicast routing table (FIB) -> interface on the shortest path to the source is the upstream interface -> can be overridden with multicast specific information (RPF check override or the so called 'multicast static routes') -> this override is used in networks where the unicast topology doesn't match the multicast topology -> identify the downstream interfaces -> the routing protocol will provide the procedures for the receivers to signal interest. -> as the requests come to the router, the downstream interfaces list is created -> maintain dynamic multicast trees -> add or remove upstream interfaces and downstream interfaces dynamically as the sources and receivers come online and go offline -> it is the job of the Multicast Routing Protocol to maintain the multicast routing table by doing the above tasks. -> Multicast Data Flow -> a multicast packet is received -> the multicast routing protocol does its job and identifies the upstream interface for the source IP of the multicast packet -> the RPF check is applied to the packet based on the source IP and the upstream interface -> 					       -> Multicast Tree -> once forwarding states are created on each router between a source and its receivers, a tree structure begins to take shape -> the data flow is from the source of the tree, ingress on upstream interfaces, and egress on the downstream interfaces -> the root of the tree -> when the source is known -> the root of the tree is the multicast source -> also called shortest path tree because between the source, and any receiver, the traffic flows on the shortest path -> when the source is unknown -> called shared trees

-> REFERENCES -> https://www.catchpoint.com/network-admin-guide/ip-multicast -> https://lostintransit.se/2015/08/09/many-to-many-multicast-pim-bidir/?doing_wp_cron=1669647330.4276809692382812500000