The strangest Communication? (Doesn't even know who gets it?)

The strangest Communication? (Doesn't even know who gets it?)

Show Video

Do you know which technology allows me to  send a stream of data from one device to   multiple devices but only send it  once and have it received by these devices? In this example I've got an  Ubuntu laptop, I've got an Android phone,   a iPhone and I've got a Windows laptop these four  devices are receiving a stream of data from this   laptop. This laptop is sending one stream of  data into the network. The term used is called   Multicasting. Multicasting is used in networking  in many places. Routing protocols such as OSPF and   EIGRP use Multicasting. If you don't know what  those are don't worry about it. A more familiar   example may be on trading flows where traders want  to receive the same data on multiple computers at   exactly the same time. Information such as stock  tickers can be sent via Multicasting. It's also   used very heavily in IPv6. Broadcasting which is  different to Multicasting has been removed in  

IPv6. IPv6 relies on Unicast and  Multicast. So what's the difference? A Unicast is   a one to one communication this is typically what  you used to. As an example when you open up a web   browser and you go to for instance google.com  you're setting up a session from your computer   to Google that is a single communication from one  device to another typically using TCP. So https as   an example uses TCP as a protocol. Here we are not  doing that. We are not sending one stream of data  

to the iPhone, one stream of data to the Windows  laptop, third to the Android phone and a fourth   to the Linux laptop it's one stream of data. This  device actually doesn't even know who's receiving   the multicast it simply sends a stream of data  into the network and these devices receive it if   they've subscribed to the multicast. That's  different to broadcasting with broadcasting   we send one stream of data and everyone receives  it. So Unicast is one to one, Multicast is one to   many, Broadcast is one to all. On a local segment  if you send traffic to the broadcast address   everyone receives that traffic but Broadcasts  are often blocked by routers so you can't send   a Broadcast in most cases from one subnet or  one network to another routers will block that.  

We have what are called local broadcasts as an  example where we only send Broadcasts within a   subnet or a link they are blocked from going to  another subnet or another link by a router. It's   really important that you understand these basics.  Difference between Unicast one to one, Multicast one   to many and Broadcast one to all. Broadcasts are  blocked in most cases by routers, so you won't be  

able to send traffic from one network to another  using a Broadcast it's normally contained to stop   what was called smurf attacks in the old days and  various types of Nefarious uh activities basically   we don't want traffic to go everywhere. But as  an example an ARP request or Address Resolution   Protocol request is used on the local segment to  discover the MAC address of another device. But   let's look at Multicasting, so in this example I'm  using an application called VLC. VLC is fantastic I   did turn the audio here but notice what I've got  here is an application that allows me I can turn   the volume up I've just turn it down for all  of these devices so this is VLC running on the   iPhone as well as the other devices. As an example  here I could stop the stream or I could reenable   it I have subscribed to Multicast address 239.1.2.3  port number 1234. So if I click on that   that Multicast should start up again and there you  go notice it's starting in a similar place to all   the other devices these devices are synchronized  notice what happens when I stop the application   on the transmitting device these devices will all  stop and they stop at exactly the same point. This  

is not a one to one communication, this is a one  to many communication where these devices have   subscribed to the Multicast. So I'll show you  how to set this up on the transmitting device   in this case the Windows laptop .I'll go to Media  stream, I'll click add I'm going to select my video   which in this case is fiber small, I'm going to  click stream click next and I'm going to display   the video locally but I'm going to add in this  case UDP. Multicasting users UDP or User Datagram   Protocol not TCP or Transmission Control Protocol  because the transmitter doesn't even know who's   receiving the traffic, could be one device it could  be thousands of devices it doesn't know that it   simply sends one stream of data into the network  I'll click add here and the IP address I'll use is   239.1.2.3 in the old days we had what were called  Class A, Class B, Class C, addresses they aren't  

really used these days because of CIDR Address  Notation but an example of a Class A address would   be 10, a Class B address would be 172, a Class  C address would be 192. You've probably on your   network seen 192.168.1 something as the IP address  on your home router 172.16 something something is   a Class B address 10.x.x.x is an example of a  Class A address. We have those ranges in Unicast  

but in Multicasting it's a Class D address 224 to  239 in the first octet. As an example OSPF which is   a routing protocol uses 224.0.0.5 and 224.0.0.6 those  kind of Multicasts are scoped to the local subnet.   239 is an address that you would typically want  to use for your multicasting. 239 is known as   administratively scoped address there are various  Multicast address ranges which I'll put on screen   but I wouldn't try and remember all of them unless  you're studying for instance for CCNP or CCIE exam.   239 in this example means that I could set it  to whatever I wanted to I can specify the port   number 1 2 3 and what I'll do is click next. I'm  going to enable transcoding the encapsulation   that I'm going to use is MP4 or movie video Codec  I'm going to leave at the original value and I'll   do the same for the audio I'll click save and then  I'll click next and I'll say stream all elementary   elements and click stream. What you should notice  now is these devices start sending traffic. Notice  

they all kind of synchronized depends on the cache  depends on the network. In this case I'm on a Wi-Fi   network little TP Link router not necessarily the  best way to send Multicasts but multicasting is   being sent by that device depending on the cache  that you configure it's then received by these   devices and then streamed to the local device. Okay  so now let's get a little bit more technical I am   going to open up Wireshark which allows me to  see what's actually happening on the network.   I'll capture traffic on the Wi-Fi network what  you'll notice here is there's a lot of traffic   going to 239.1.2.3 from 192.168.1.113 IP config  shows us that that's the IP address of that  

Windows laptop so that Windows laptop is sending  multicast traffic into the network. So I'll stop   the Wireshark capture and what you'll notice  is something interesting with regards to the   Mac addresses. Source Mac address is my device  ipconfig/all will show us that Mac address of   this device ends in EA-68 so that's the laptop  sending traffic to this special address 01:00:5e   that is the vendor code for multicasting. Notice  how Wireshark shows it as IPv4mcast just like   you'll have a vendor code for for instance an  Intel network card or a Cisco network card this   is the vendor code for multicasting and notice  the next half of the Multicast address is 01: 02:   03. And this is where it gets a little bit weird  because the host portion of the MAC Address is   actually only derived from the last 23 bits of  the IPv4 address that doesn't make any   difference here because if we look at the second  octet one in decimal is seven zeros followed by   one. So the first bit is set to zero and that's  remains the same so the MAC Address is

01:02:03 but if this was 239.129 as the second octet 2.3  the first bit in binary would be set to a 0 so   the MAC Address for 239.129.2.3 would actually be  01:02:03 the same Mac Address as what we're seeing   here and that's why in Multicasting it's important  that you make sure that there's no overlap between   your Multicast streams because only the last  23 bits of the IP Address are used to determine   the ma Mac Address not the last 24 bits. 239 is  ignored last 23 bits gives us that Mac Address   over there. We can see the type field is showing  us that this is IPv4 you can see the IPv4  

address here so host sending traffic to  the Multicast address you can see the source Port   is 64631 destination Port is 1234 that's what  I configured on these clients. So as an example   on the Ubuntu computer if I stop this and and I go  media and I select open network stream and specify   UDP the address that I am subscribing to is UDP://@239.1.2.3 port number 1234 and notice if I   click play it should start at the same place as  the other devices because one stream of data is   being sent into the network not multiple streams.  Now there's a lot of fragmented data here as the  

traffic needs to be put back to together again  on the receiving side but notice you can see   information about the video being transmitted into  the network the most important part that I wanted   to point out here is the Well-known Multicast  Address 01:00:5e that's the vendor code for multicast   followed by the host portion using the last 23  bits of the IP Address. Now I can go into a lot   more detail if you're interested. I've had some  comments on previous videos that Multicasting   is the same as Broadcasting no it's not. The  advantage of Multicasting over Broadcasting is   devices only receive the traffic that they want  to in other words the traffic is dropped at the   network interface card or NIC it's not dropped  by the CPU. If your device receives a Broadcast  

that has to be received by the Network Interface  Card and sent to the CPU in other words there's an   interruption it needs to process the Broadcast  traffic to see if it's for the local device or   not. If I had a device on this network and I was  sending a broadcast that device would receive   it whether it wanted it or not. It disturbs the CPU  now obviously with computers today things have got   a lot better than in the past but in the past when  we had a single CPU that was a problem because the   CPU kept getting interrupted by the broadcast  and couldn't do other things. Here the Network  

Interface Card on NIC drops the traffic depending  on whether an application such as VLC has told it   to receive traffic going to this Mac Address  associated with the Multicast. So that's one   big advantage of Multicasting over Broadcasting. Routers also as mentioned drop Broadcasts to stop   as I mentioned the Smurf of attack from years ago.  So the idea is in this case a Multicast would be   transmitted through routers, they use a special  routing protocol such as Protocol Independent   Multicast or PIM they're different types of PIM  which I won't get to in today's discussion but   we have PIM Dense Mode, Pim Sparse Mode, Pim Sparse  Dense Mode, various routing protocols can be used   to determine where the Multicast should go in the  network. So routers can be configured to forward   Multicasts and to forward them efficiently.  On a network switch as an example a layer 2  

switch which receives a Broadcast will flood that  Broadcast out of all ports except on the port in   which it was received. If you've got VLANs you  can contain the Broadcast but all let's assume   all devices are in VLAN1 the traffic received  on one port is flooded out of all other ports that   happens all the time. With multicasting if the  device is not intelligent it will do the same   so a Multicast received on a single port will be  flooded out of all other ports but if the switch   supports something called IGMP Snooping it can snoop on  what are called the IGMP Messages, Internet Group   Management Protocol messages that's how a device  tells its local router if it wants to receive the   multicast. So the PC will tell the router that  it wants to receive the multicast, the switch can   listen in or snoop in on those messages and only  send the multicast out of the ports that have   clients that have subscribed or subscribers to the  multicast. So if you have 24 ports on a switch  

and only port one and two have subscribers to a  specific multicast on that switch traffic will   only be forwarded out of those two ports it won't  be forwarded out of other ports on the switch. If   IGMP Snooping is enabled on the switch. If it was  a Broadcast it would just be flooded out of all   ports. So Multicasting is much more efficient than  Broadcasting. Don't interrupt the CPU we can use   IGMP Snooping to only forward the traffic out of  certain ports on a switch. You can also configure   your routers to run a routing protocol such as PIM  to only for the multicast through a certain part   the network and not try flooded everywhere. So  broadcast again would be blocked but if it was   a pure broadcast and it was just allowed would go  all across the whole internet as an example or all   across your entire network. We obviously don't want  to do that we want to contain the traffic to only  

the devices that want the Multicast. So by using  what's called a Multicast tree we can decide for   instance only forward the traffic here but not  forward it there based on the tree built by the   routing protocols. I just wanted to introduce the  concept of multicasting. Multicasting is one of   those technologies that a lot of people seem to  struggle with the idea here is only devices that   want the multicast receive it other devices don't.  Think about it as follows if you don't want to   receive a certain magazine or email listing you  don't subscribe to that. If you want to receive   a magazine or you want to receive an email you  would subscribe to that list or in this case you   subscribe to the multicast and you would receive  the multicast, people who haven't subscribed   don't receive the multicast. Now let's take this  a step further in this topology I've got two   Cisco router and a Cisco switch. This Windows  computer is the transmitter and here I've got  

some receivers but notice in this topology the  VLC server is connected to router 1, router 1 is   connected to router 2 and then we've got these  clients connected to router 2 and this example   I've got two phones rather than just a PC as  shown in the diagram, router 1 is also connected   to the internet. Notice these two phones the  Android phone as well as the iPhone 15 are   connected via Ethernet to the network I've turned  off Wi-Fi they're receiving the Multicast frame from   the VLC server and I can prove that by simply  unplugging this cable between the two routers.  Notice this server is continuing to send a stream  into the network, it doesn't know who's receiving   the stream continues to send it but notice these  two phones have stopped at the same point. If I  

plug that connection back again what should happen  and it might take a while is that these two phones   should start receiving the traffic once again.  Hopefully you can see that the lights are blinking   a lot here as traffic has been sent between the  devices what I'll do is simply start the stream   again, notice now that the stream has started  on these two phones. If I unplug the connection   between the two routers stream is stopped but this  is being routed from one network to another across   two routers to a switch. This switch is running  IGMP Snooping which means a PC, this PC in front   of me that's also connected to the same switch  won't receive the traffic because the multicast   is only sent out of specific ports. So switch1  in this topology the only switch that I've got at   the bottom here. If I use the command sh ip igmp snooping IGMP or Internet Group Management Protocol  

allows a client to tell its local router that it  wants to receive a multicast. It indicates the   subscription to the router so it subscribes to  the multicast to tell the router that it wants   to receive the multicast. A layer 2 switch  by default will flood multicast out of all   ports but if we only want to send traffic out  of specific ports we can enable IGMP Snooping   which is actually enabled by default on the Cisco  switch so if I use the command show ip igmp snooping  groups what you can see here is this group 239.1.2.3  has a port list of gigabit 1/0/1, 1/0/3, 1/0/4 those are   the ports that my phones are connected to. The  PC that I'm currently working on is connected to   gigabit 1/0/2 it's it's not part of that port list  so it won't receive the traffic and we can prove   that by running Wireshark on the PC so if I run  Wireshark you can see a whole bunch of traffic   but if I search for that IP address 239.1.2.3 notice  no traffic is received by the PC even though it's   connected to the same switch traffic is limited.  This is different to a broadcast which would be  

sent out of all ports on the switch within a VLAN  and this example traffic is only sent out of ports   where hosts have subscribed to the multicast. We  can look at our multicast router, the router is on   gigabit 1/0/1 so you can see this little cable here  hopefully that's how the router is connected to   the switch. We can see who the query is. So who's  querying the segment to find out who wants multicast   that's once again router 2 here which has  IP address 10.1.2.254. Now to make the point I'm   going to make this smaller notice no multicasts  are shown on or within Wireshark if I type the   command no ip igmp snooping and disable snooping  on the switch notice suddenly I get multicast   on my PC even though I haven't subscribed to the  multicast. In this case the multicast is being  

forwarded out of all ports, so notice snooping  is disabled for VLAN1 so if I look at groups   we don't see any groups at the moment multicasts  are being flooded out of all the ports because I've   disabled IGMP Snooping. If I enable IGMP Snooping  again what should happen and this might take it   a while is it should stop forwarding traffic to  the PC and there you go notice I'm not receiving   any multicasts now if we look at our groups you  can see that it's learned this multicast should be   sent out of those ports and not Port 2 where the  PC is. So the PC doesn't receive the multicast. Big   difference between a multicast and a broadcast  with IGMP Snooping traffic is only forwarded out   of ports where there are subscribers so clients. So  as an example if I turn off this multicast on the  

phone notice I can subscribe to that multicast  in this example I'm using RTP rather than UDP   and I'll show you in a moment how to set that up  but what should happen is that Port is removed   from the list and you can see that so 239.12.3 is  only being sent out of these ports rather than   that port because we disabled the multicast. If  I open up the network stream on the phone what   we should see is traffic is now sent out of that  Port so there's the multicast on the phone and   you can see the IGMP list includes that port now.  So Internet Group Management Protocol or IGMP is   used by a client to indicate to the network that  it wants to receive a multicast so the phone   actually sends an IGMP join message to the local  router to the queror on the segment. This router   then forwards the multicast to the switch when  there are clients that want to receive it. The  

switch in this example is using IGMP Snooping  so it listens in on that message or snoops in on   the message between the client and the router and  then only forwards the multicast out of specific   ports. If IGMP Snooping is disabled the switch will  receive the multicast and just flood it out of all   ports as I demonstrated with my PC when I disabled  IGMP Snooping the PC received the multicast. Okay   but how is the topology built? This client has no  idea who's receiving the multicast. Routers build   a tree to forward the multicast through the  network so what I'll do here is telnet to router1   and log in show ip route shows me the unicast  routing table on the router. So as an example here   we running a protocol OSPF Open Shortest Path First, that is a unicast routing protocol. If   we use the command show ip mroute that shows  us the multicast routing table and what you'll   notice here is a device with this IP address  is sending a multicast to 239.1.2.3 that is this  

device. So if I open up a terminal and I type ip config you can see that's the IP address of this   device and it's forwarding multicasts to and I'll  just redo this actually so that you can see the   whole process it's forwarding multicast to that  address. So if I open up VLC notice the multicast   is stopped now or the stream is stopped on these  two devices because the transmitter in this case   this device has stopped sending. So I'll go media  stream because I want to start a stream and I'll add   the file which is Fiber small in this example and  I'll click stream that's the file that we're going   to send into the network I'm going to display it  locally but in this example I'm going to use RTP   to forward the traffic to 239.1.2.3 and the port  number I'm using has just the default of 5004  

I'll click next I'm going to leave transcoding  enabled, I'll leave all of these at their default   values so I haven't changed any of that click  next I'm going to stream all elements but this   is really important you need to add the TTL here  of some value. By default VLC is going to use a TTL   of 1 which means it will not hop across routers,  the multicast will be contained within the VLAN or   within the segment here and will'll never get to  the other part of the network. So I'm just   going to set the TTL to some large amount let's  say 50 and then click stream and notice multicast   is now received by these two phones from the PC.  If we open up Wireshark on the transmitter so   over here I'll be able to see that traffic you  can see that 10.1.1.101 is sending a multicast to   239.1.2.3 you can see the protocol is UDP notice the  MAC address is the PC sending a multicast to the   multicast Network address 01: 00: 5e followed by the  MAC address of the multicast 01:02:03 in this example   there's the source IP address destination IP  address 239.1.2.3 what I want to point out here  

is notice the TTL Time To Live set to 50 because I  set that within the VLC application which means   it can hop across a whole bunch of routers. So I'll  stop that so multicast is going into the network.   Now multicast has to build a tree to send the  multicast from the transmitter to various clients   in the network or receivers in the network. So the  sender in this example, is this device notice that   IP address is sending a multicast to 239.1.2.3 in  this example the incoming interface is VLAN1 on   router 1 this PC is connected to this port which  is in VLAN 1 notice there's a switch port in this   router. Traffic is arriving on this port which  is in VLAN 1 and it's been transmitted out   of gigabit 0/0/0/0 notice the outgoing interface list  is gigabit 0/0/0. So this transmitter just sends the   multicast doesn't know who's going to receive  it that's what's interesting about multicasting.  

The transmitter just sends it it doesn't know  who's going to receive it. The multicast from the   transmitter hits the router on VLAN 1 outgoing  interface list is gigabit 0/0/0 how did it learn   that? Because I'm running PIM spice dense mode to  enable multicasting on the router in this example   it's Cisco router I use the command ip multicast  routing distributed. Unicast routing is enabled by   default on a Cisco router but multicast routing  isn't enabled by default so we need to enable   that and then we need to enable PIM or Protocol  Independent Multicast on our interfaces. In this   example we're running sparse dense mode which is  the recommended mode. In pure sparse mode you need   configure rendezvous point in dense mode normally floods and then prunes the multicast   we'll cover that in a separate video if you're  interested. The moral of the story is notice on the   gigabit 0/0/0 interface we've enabled PIM and if  I scroll down and go all the way to VLAN 1 notice   it's also enabled on that interface. Basically when  this router receives an IGMP join message from a client  

it tells router one to send traffic to it using that  protocol. So if I type show ip pim neighbor notice   it has a neighbor here on gigabit 0/0/0. So router 1 sees router 2 as a neighbor and I'll telnet to router 2 show ip pim neighbor it sees router 1  as a neighbor. So it's also building a tree for  

the multicast so show ip mroute this host the PC at  the top here is sending a multicast to 239.1. 2.3   incoming interface from rouer 2's point of view  is the gigabit interface. So router 1 forwards the   traffic to rouer 2 using this gigabit interface. Router 2 is then sending it out of VLAN 1, VLAN  1 is configured on these ports so this interface  then forwards the traffic to the switch which then   sends it to the clients and again I can prove that  by simply unplugging some cables. So as an example   if I unplug this cable here on the router that  interface goes down I've lost my connection now   because I was actually telnetting to the device but  what you'll see is the multicast has stopped on   the clients. If I plug that in what should happen  is the multicast should be sent again there you  

go multicast has started I'll telnet it back to  that router show ip mroute again that sender   is sending a multicast to 239.1.2.3 and incoming  interface is gigabit 0/0/0 outgoing interface   is VLAN 1. Traffic from here through the blue  cable to the router, router sends it across this   gray cable comes here, this router is forwarding  it across the gray cable to the switch, which then   sends it to the ports that have subscribed to the  multicast. Multicasting is a whole big topic this   however gives you a basic idea of multicasting.  Again on the routers I have enabled multicasting   globally and then on the interfaces that I want  to run multicasting on I've enabled PIM Sparse dense   mode so gigabit 0/0/0 and on VLAN 1 I've done the  same multicasting relies on a multicast routing   protocol as well as a unicast routing protocol  so I've got OSPF here for unicast and I've got PIM   Sparse dense mode for multicasting. It also requires  IGMP so show ip igmp groups on the router this is   router 2 connected to the switch we can see that  multicast is going to be sent out of VLAN 1 the   last report in other words the last device that  wanted a multicast was 10.1.2.102 if I simply unplug  

these cables on these two phones the stream will  stop on the phones and what will happen is notice   that device is removed, the multicast is no longer  going to be forwarded out of that interface show   ip mroute the tree gets pruned back so on router  2 for this multicast notice the outgoing list is   null because no one is receiving the multicast so  it doesn't forward the multicast onto the network   down here in other words the switch won't  receive it we are pruning back the traffic   to conserve traffic on the network. On router 1 show ip mroute what you'll also notice is   for that multicast it's been pruned the tree has  been pruned so we're not going to forward traffic   into the network down here because no one wants  the traffic depending on the multicast protocol   that you're using we will build the tree and  then prune it back if no one wants to receive   the multicast or it'll be pruned and then grow  depending on clients that request the multicast.   So what I'll do now is plug these clients back  in they should send IGMP join messages to Router 2   and the tree should be built back. So notice it's  still showing prune here on router 1, on router   2 outgoing interface list is still null we got  to wait for something to happen. I've seen that   sometimes it takes a while for the phones to send  their messages so what I'll do is is start the   application again and open up the stream hopefully  that will start now there you go. Hopefully it'll   start on the iPhone I've sometimes had the iPhone  take a while but I mean we have got a stream going   at the moment so I mean this is not a great idea  with an iPhone to use a connector so big I should   use something small like this but I haven't got  enough here so hopefully this will eventually   connect but having one client is good enough. So  on router 2, notice we are forwarding now out of  

VLAN 1 and on router 1 we are forwarding  out of gigabit 0/0/0 notice forward previously   on this router it was pruned but now the traffic  is being forwarded because this router Router 2   informs router one that there are clients that  want to receive the multicast and it should   forward the traffic through the network. I could  do something similar on my computer as an example   so in VLC, open network stream, specify the network  that I want to connect to so RTP and that address   and notice I'm also receiving the multicast on my  PC now. So if I look at the switch so on the switch   show ip igmp snooping let's say groups you can  see the multicast is now forwarded out of gigabit   1/ 0/1, 1/0/2, 1/0/3 not out of this interface because  it looks like the iPhone is struggling to get that   interface running. But there you go I've now shown  you weird Network traffic. In this example the   sender or transmitter doesn't know who's receiving  the traffic it simply sends one stream into the   network, the routers build a distribution tree  to forward the multicast into the parts of the   network where there are clients that have asked to  subscribe to the multicast. If there are no clients  

who want to receive the multicast the trees is  pruned back to stop the flooding or forwarding of   traffic into parts of the network that don't want  to receive the traffic or don't need the traffic.   We use IGMP Snooping on a switch to only forward  the multicast out of specific ports much better   than broadcast which just flood the traffic out  of all ports on a switch such as a layer 2 switch.   Hopefully you've learned about multicasting. Let  me know in the comments what else you want to see.  

Do you want me to go into a lot more detail I'm  thinking of going deep into networking protocols,   deep into networking. I did my CCIE many many years  ago and the stuff that I've been teaching on my   channel is just the tip of the iceberg of  the stuff that I've learned and stuff that   I've used in the past if you're interested let  me know. I'll cover multicasting, I'll cover MPLS,   BGP routing protocols. I'm thinking of going  really deep but let me know what you think.

2023-11-29 18:17

Show Video

Other news