The strangest Communication? (Doesn't even know who gets it?)
Do you know which technology allows me to send a stream of data from one device to multiple devices but only send it once and have it received by these devices? In this example I've got an Ubuntu laptop, I've got an Android phone, a iPhone and I've got a Windows laptop these four devices are receiving a stream of data from this laptop. This laptop is sending one stream of data into the network. The term used is called Multicasting. Multicasting is used in networking in many places. Routing protocols such as OSPF and EIGRP use Multicasting. If you don't know what those are don't worry about it. A more familiar example may be on trading flows where traders want to receive the same data on multiple computers at exactly the same time. Information such as stock tickers can be sent via Multicasting. It's also used very heavily in IPv6. Broadcasting which is different to Multicasting has been removed in
IPv6. IPv6 relies on Unicast and Multicast. So what's the difference? A Unicast is a one to one communication this is typically what you used to. As an example when you open up a web browser and you go to for instance google.com you're setting up a session from your computer to Google that is a single communication from one device to another typically using TCP. So https as an example uses TCP as a protocol. Here we are not doing that. We are not sending one stream of data
to the iPhone, one stream of data to the Windows laptop, third to the Android phone and a fourth to the Linux laptop it's one stream of data. This device actually doesn't even know who's receiving the multicast it simply sends a stream of data into the network and these devices receive it if they've subscribed to the multicast. That's different to broadcasting with broadcasting we send one stream of data and everyone receives it. So Unicast is one to one, Multicast is one to many, Broadcast is one to all. On a local segment if you send traffic to the broadcast address everyone receives that traffic but Broadcasts are often blocked by routers so you can't send a Broadcast in most cases from one subnet or one network to another routers will block that.
We have what are called local broadcasts as an example where we only send Broadcasts within a subnet or a link they are blocked from going to another subnet or another link by a router. It's really important that you understand these basics. Difference between Unicast one to one, Multicast one to many and Broadcast one to all. Broadcasts are blocked in most cases by routers, so you won't be
able to send traffic from one network to another using a Broadcast it's normally contained to stop what was called smurf attacks in the old days and various types of Nefarious uh activities basically we don't want traffic to go everywhere. But as an example an ARP request or Address Resolution Protocol request is used on the local segment to discover the MAC address of another device. But let's look at Multicasting, so in this example I'm using an application called VLC. VLC is fantastic I did turn the audio here but notice what I've got here is an application that allows me I can turn the volume up I've just turn it down for all of these devices so this is VLC running on the iPhone as well as the other devices. As an example here I could stop the stream or I could reenable it I have subscribed to Multicast address 239.1.2.3 port number 1234. So if I click on that that Multicast should start up again and there you go notice it's starting in a similar place to all the other devices these devices are synchronized notice what happens when I stop the application on the transmitting device these devices will all stop and they stop at exactly the same point. This
is not a one to one communication, this is a one to many communication where these devices have subscribed to the Multicast. So I'll show you how to set this up on the transmitting device in this case the Windows laptop .I'll go to Media stream, I'll click add I'm going to select my video which in this case is fiber small, I'm going to click stream click next and I'm going to display the video locally but I'm going to add in this case UDP. Multicasting users UDP or User Datagram Protocol not TCP or Transmission Control Protocol because the transmitter doesn't even know who's receiving the traffic, could be one device it could be thousands of devices it doesn't know that it simply sends one stream of data into the network I'll click add here and the IP address I'll use is 239.1.2.3 in the old days we had what were called Class A, Class B, Class C, addresses they aren't
really used these days because of CIDR Address Notation but an example of a Class A address would be 10, a Class B address would be 172, a Class C address would be 192. You've probably on your network seen 192.168.1 something as the IP address on your home router 172.16 something something is a Class B address 10.x.x.x is an example of a Class A address. We have those ranges in Unicast
but in Multicasting it's a Class D address 224 to 239 in the first octet. As an example OSPF which is a routing protocol uses 224.0.0.5 and 224.0.0.6 those kind of Multicasts are scoped to the local subnet. 239 is an address that you would typically want to use for your multicasting. 239 is known as administratively scoped address there are various Multicast address ranges which I'll put on screen but I wouldn't try and remember all of them unless you're studying for instance for CCNP or CCIE exam. 239 in this example means that I could set it to whatever I wanted to I can specify the port number 1 2 3 and what I'll do is click next. I'm going to enable transcoding the encapsulation that I'm going to use is MP4 or movie video Codec I'm going to leave at the original value and I'll do the same for the audio I'll click save and then I'll click next and I'll say stream all elementary elements and click stream. What you should notice now is these devices start sending traffic. Notice
they all kind of synchronized depends on the cache depends on the network. In this case I'm on a Wi-Fi network little TP Link router not necessarily the best way to send Multicasts but multicasting is being sent by that device depending on the cache that you configure it's then received by these devices and then streamed to the local device. Okay so now let's get a little bit more technical I am going to open up Wireshark which allows me to see what's actually happening on the network. I'll capture traffic on the Wi-Fi network what you'll notice here is there's a lot of traffic going to 239.1.2.3 from 192.168.1.113 IP config shows us that that's the IP address of that
Windows laptop so that Windows laptop is sending multicast traffic into the network. So I'll stop the Wireshark capture and what you'll notice is something interesting with regards to the Mac addresses. Source Mac address is my device ipconfig/all will show us that Mac address of this device ends in EA-68 so that's the laptop sending traffic to this special address 01:00:5e that is the vendor code for multicasting. Notice how Wireshark shows it as IPv4mcast just like you'll have a vendor code for for instance an Intel network card or a Cisco network card this is the vendor code for multicasting and notice the next half of the Multicast address is 01: 02: 03. And this is where it gets a little bit weird because the host portion of the MAC Address is actually only derived from the last 23 bits of the IPv4 address that doesn't make any difference here because if we look at the second octet one in decimal is seven zeros followed by one. So the first bit is set to zero and that's remains the same so the MAC Address is
01:02:03 but if this was 239.129 as the second octet 2.3 the first bit in binary would be set to a 0 so the MAC Address for 239.129.2.3 would actually be 01:02:03 the same Mac Address as what we're seeing here and that's why in Multicasting it's important that you make sure that there's no overlap between your Multicast streams because only the last 23 bits of the IP Address are used to determine the ma Mac Address not the last 24 bits. 239 is ignored last 23 bits gives us that Mac Address over there. We can see the type field is showing us that this is IPv4 you can see the IPv4
address here so host sending traffic to the Multicast address you can see the source Port is 64631 destination Port is 1234 that's what I configured on these clients. So as an example on the Ubuntu computer if I stop this and and I go media and I select open network stream and specify UDP the address that I am subscribing to is UDP://@239.1.2.3 port number 1234 and notice if I click play it should start at the same place as the other devices because one stream of data is being sent into the network not multiple streams. Now there's a lot of fragmented data here as the
traffic needs to be put back to together again on the receiving side but notice you can see information about the video being transmitted into the network the most important part that I wanted to point out here is the Well-known Multicast Address 01:00:5e that's the vendor code for multicast followed by the host portion using the last 23 bits of the IP Address. Now I can go into a lot more detail if you're interested. I've had some comments on previous videos that Multicasting is the same as Broadcasting no it's not. The advantage of Multicasting over Broadcasting is devices only receive the traffic that they want to in other words the traffic is dropped at the network interface card or NIC it's not dropped by the CPU. If your device receives a Broadcast
that has to be received by the Network Interface Card and sent to the CPU in other words there's an interruption it needs to process the Broadcast traffic to see if it's for the local device or not. If I had a device on this network and I was sending a broadcast that device would receive it whether it wanted it or not. It disturbs the CPU now obviously with computers today things have got a lot better than in the past but in the past when we had a single CPU that was a problem because the CPU kept getting interrupted by the broadcast and couldn't do other things. Here the Network
Interface Card on NIC drops the traffic depending on whether an application such as VLC has told it to receive traffic going to this Mac Address associated with the Multicast. So that's one big advantage of Multicasting over Broadcasting. Routers also as mentioned drop Broadcasts to stop as I mentioned the Smurf of attack from years ago. So the idea is in this case a Multicast would be transmitted through routers, they use a special routing protocol such as Protocol Independent Multicast or PIM they're different types of PIM which I won't get to in today's discussion but we have PIM Dense Mode, Pim Sparse Mode, Pim Sparse Dense Mode, various routing protocols can be used to determine where the Multicast should go in the network. So routers can be configured to forward Multicasts and to forward them efficiently. On a network switch as an example a layer 2
switch which receives a Broadcast will flood that Broadcast out of all ports except on the port in which it was received. If you've got VLANs you can contain the Broadcast but all let's assume all devices are in VLAN1 the traffic received on one port is flooded out of all other ports that happens all the time. With multicasting if the device is not intelligent it will do the same so a Multicast received on a single port will be flooded out of all other ports but if the switch supports something called IGMP Snooping it can snoop on what are called the IGMP Messages, Internet Group Management Protocol messages that's how a device tells its local router if it wants to receive the multicast. So the PC will tell the router that it wants to receive the multicast, the switch can listen in or snoop in on those messages and only send the multicast out of the ports that have clients that have subscribed or subscribers to the multicast. So if you have 24 ports on a switch
and only port one and two have subscribers to a specific multicast on that switch traffic will only be forwarded out of those two ports it won't be forwarded out of other ports on the switch. If IGMP Snooping is enabled on the switch. If it was a Broadcast it would just be flooded out of all ports. So Multicasting is much more efficient than Broadcasting. Don't interrupt the CPU we can use IGMP Snooping to only forward the traffic out of certain ports on a switch. You can also configure your routers to run a routing protocol such as PIM to only for the multicast through a certain part the network and not try flooded everywhere. So broadcast again would be blocked but if it was a pure broadcast and it was just allowed would go all across the whole internet as an example or all across your entire network. We obviously don't want to do that we want to contain the traffic to only
the devices that want the Multicast. So by using what's called a Multicast tree we can decide for instance only forward the traffic here but not forward it there based on the tree built by the routing protocols. I just wanted to introduce the concept of multicasting. Multicasting is one of those technologies that a lot of people seem to struggle with the idea here is only devices that want the multicast receive it other devices don't. Think about it as follows if you don't want to receive a certain magazine or email listing you don't subscribe to that. If you want to receive a magazine or you want to receive an email you would subscribe to that list or in this case you subscribe to the multicast and you would receive the multicast, people who haven't subscribed don't receive the multicast. Now let's take this a step further in this topology I've got two Cisco router and a Cisco switch. This Windows computer is the transmitter and here I've got
some receivers but notice in this topology the VLC server is connected to router 1, router 1 is connected to router 2 and then we've got these clients connected to router 2 and this example I've got two phones rather than just a PC as shown in the diagram, router 1 is also connected to the internet. Notice these two phones the Android phone as well as the iPhone 15 are connected via Ethernet to the network I've turned off Wi-Fi they're receiving the Multicast frame from the VLC server and I can prove that by simply unplugging this cable between the two routers. Notice this server is continuing to send a stream into the network, it doesn't know who's receiving the stream continues to send it but notice these two phones have stopped at the same point. If I
plug that connection back again what should happen and it might take a while is that these two phones should start receiving the traffic once again. Hopefully you can see that the lights are blinking a lot here as traffic has been sent between the devices what I'll do is simply start the stream again, notice now that the stream has started on these two phones. If I unplug the connection between the two routers stream is stopped but this is being routed from one network to another across two routers to a switch. This switch is running IGMP Snooping which means a PC, this PC in front of me that's also connected to the same switch won't receive the traffic because the multicast is only sent out of specific ports. So switch1 in this topology the only switch that I've got at the bottom here. If I use the command sh ip igmp snooping IGMP or Internet Group Management Protocol
allows a client to tell its local router that it wants to receive a multicast. It indicates the subscription to the router so it subscribes to the multicast to tell the router that it wants to receive the multicast. A layer 2 switch by default will flood multicast out of all ports but if we only want to send traffic out of specific ports we can enable IGMP Snooping which is actually enabled by default on the Cisco switch so if I use the command show ip igmp snooping groups what you can see here is this group 239.1.2.3 has a port list of gigabit 1/0/1, 1/0/3, 1/0/4 those are the ports that my phones are connected to. The PC that I'm currently working on is connected to gigabit 1/0/2 it's it's not part of that port list so it won't receive the traffic and we can prove that by running Wireshark on the PC so if I run Wireshark you can see a whole bunch of traffic but if I search for that IP address 239.1.2.3 notice no traffic is received by the PC even though it's connected to the same switch traffic is limited. This is different to a broadcast which would be
sent out of all ports on the switch within a VLAN and this example traffic is only sent out of ports where hosts have subscribed to the multicast. We can look at our multicast router, the router is on gigabit 1/0/1 so you can see this little cable here hopefully that's how the router is connected to the switch. We can see who the query is. So who's querying the segment to find out who wants multicast that's once again router 2 here which has IP address 10.1.2.254. Now to make the point I'm going to make this smaller notice no multicasts are shown on or within Wireshark if I type the command no ip igmp snooping and disable snooping on the switch notice suddenly I get multicast on my PC even though I haven't subscribed to the multicast. In this case the multicast is being
forwarded out of all ports, so notice snooping is disabled for VLAN1 so if I look at groups we don't see any groups at the moment multicasts are being flooded out of all the ports because I've disabled IGMP Snooping. If I enable IGMP Snooping again what should happen and this might take it a while is it should stop forwarding traffic to the PC and there you go notice I'm not receiving any multicasts now if we look at our groups you can see that it's learned this multicast should be sent out of those ports and not Port 2 where the PC is. So the PC doesn't receive the multicast. Big difference between a multicast and a broadcast with IGMP Snooping traffic is only forwarded out of ports where there are subscribers so clients. So as an example if I turn off this multicast on the
phone notice I can subscribe to that multicast in this example I'm using RTP rather than UDP and I'll show you in a moment how to set that up but what should happen is that Port is removed from the list and you can see that so 239.12.3 is only being sent out of these ports rather than that port because we disabled the multicast. If I open up the network stream on the phone what we should see is traffic is now sent out of that Port so there's the multicast on the phone and you can see the IGMP list includes that port now. So Internet Group Management Protocol or IGMP is used by a client to indicate to the network that it wants to receive a multicast so the phone actually sends an IGMP join message to the local router to the queror on the segment. This router then forwards the multicast to the switch when there are clients that want to receive it. The
switch in this example is using IGMP Snooping so it listens in on that message or snoops in on the message between the client and the router and then only forwards the multicast out of specific ports. If IGMP Snooping is disabled the switch will receive the multicast and just flood it out of all ports as I demonstrated with my PC when I disabled IGMP Snooping the PC received the multicast. Okay but how is the topology built? This client has no idea who's receiving the multicast. Routers build a tree to forward the multicast through the network so what I'll do here is telnet to router1 and log in show ip route shows me the unicast routing table on the router. So as an example here we running a protocol OSPF Open Shortest Path First, that is a unicast routing protocol. If we use the command show ip mroute that shows us the multicast routing table and what you'll notice here is a device with this IP address is sending a multicast to 239.1.2.3 that is this
device. So if I open up a terminal and I type ip config you can see that's the IP address of this device and it's forwarding multicasts to and I'll just redo this actually so that you can see the whole process it's forwarding multicast to that address. So if I open up VLC notice the multicast is stopped now or the stream is stopped on these two devices because the transmitter in this case this device has stopped sending. So I'll go media stream because I want to start a stream and I'll add the file which is Fiber small in this example and I'll click stream that's the file that we're going to send into the network I'm going to display it locally but in this example I'm going to use RTP to forward the traffic to 239.1.2.3 and the port number I'm using has just the default of 5004
I'll click next I'm going to leave transcoding enabled, I'll leave all of these at their default values so I haven't changed any of that click next I'm going to stream all elements but this is really important you need to add the TTL here of some value. By default VLC is going to use a TTL of 1 which means it will not hop across routers, the multicast will be contained within the VLAN or within the segment here and will'll never get to the other part of the network. So I'm just going to set the TTL to some large amount let's say 50 and then click stream and notice multicast is now received by these two phones from the PC. If we open up Wireshark on the transmitter so over here I'll be able to see that traffic you can see that 10.1.1.101 is sending a multicast to 239.1.2.3 you can see the protocol is UDP notice the MAC address is the PC sending a multicast to the multicast Network address 01: 00: 5e followed by the MAC address of the multicast 01:02:03 in this example there's the source IP address destination IP address 239.1.2.3 what I want to point out here
is notice the TTL Time To Live set to 50 because I set that within the VLC application which means it can hop across a whole bunch of routers. So I'll stop that so multicast is going into the network. Now multicast has to build a tree to send the multicast from the transmitter to various clients in the network or receivers in the network. So the sender in this example, is this device notice that IP address is sending a multicast to 239.1.2.3 in this example the incoming interface is VLAN1 on router 1 this PC is connected to this port which is in VLAN 1 notice there's a switch port in this router. Traffic is arriving on this port which is in VLAN 1 and it's been transmitted out of gigabit 0/0/0/0 notice the outgoing interface list is gigabit 0/0/0. So this transmitter just sends the multicast doesn't know who's going to receive it that's what's interesting about multicasting.
The transmitter just sends it it doesn't know who's going to receive it. The multicast from the transmitter hits the router on VLAN 1 outgoing interface list is gigabit 0/0/0 how did it learn that? Because I'm running PIM spice dense mode to enable multicasting on the router in this example it's Cisco router I use the command ip multicast routing distributed. Unicast routing is enabled by default on a Cisco router but multicast routing isn't enabled by default so we need to enable that and then we need to enable PIM or Protocol Independent Multicast on our interfaces. In this example we're running sparse dense mode which is the recommended mode. In pure sparse mode you need configure rendezvous point in dense mode normally floods and then prunes the multicast we'll cover that in a separate video if you're interested. The moral of the story is notice on the gigabit 0/0/0 interface we've enabled PIM and if I scroll down and go all the way to VLAN 1 notice it's also enabled on that interface. Basically when this router receives an IGMP join message from a client
it tells router one to send traffic to it using that protocol. So if I type show ip pim neighbor notice it has a neighbor here on gigabit 0/0/0. So router 1 sees router 2 as a neighbor and I'll telnet to router 2 show ip pim neighbor it sees router 1 as a neighbor. So it's also building a tree for
the multicast so show ip mroute this host the PC at the top here is sending a multicast to 239.1. 2.3 incoming interface from rouer 2's point of view is the gigabit interface. So router 1 forwards the traffic to rouer 2 using this gigabit interface. Router 2 is then sending it out of VLAN 1, VLAN 1 is configured on these ports so this interface then forwards the traffic to the switch which then sends it to the clients and again I can prove that by simply unplugging some cables. So as an example if I unplug this cable here on the router that interface goes down I've lost my connection now because I was actually telnetting to the device but what you'll see is the multicast has stopped on the clients. If I plug that in what should happen is the multicast should be sent again there you
go multicast has started I'll telnet it back to that router show ip mroute again that sender is sending a multicast to 239.1.2.3 and incoming interface is gigabit 0/0/0 outgoing interface is VLAN 1. Traffic from here through the blue cable to the router, router sends it across this gray cable comes here, this router is forwarding it across the gray cable to the switch, which then sends it to the ports that have subscribed to the multicast. Multicasting is a whole big topic this however gives you a basic idea of multicasting. Again on the routers I have enabled multicasting globally and then on the interfaces that I want to run multicasting on I've enabled PIM Sparse dense mode so gigabit 0/0/0 and on VLAN 1 I've done the same multicasting relies on a multicast routing protocol as well as a unicast routing protocol so I've got OSPF here for unicast and I've got PIM Sparse dense mode for multicasting. It also requires IGMP so show ip igmp groups on the router this is router 2 connected to the switch we can see that multicast is going to be sent out of VLAN 1 the last report in other words the last device that wanted a multicast was 10.1.2.102 if I simply unplug
these cables on these two phones the stream will stop on the phones and what will happen is notice that device is removed, the multicast is no longer going to be forwarded out of that interface show ip mroute the tree gets pruned back so on router 2 for this multicast notice the outgoing list is null because no one is receiving the multicast so it doesn't forward the multicast onto the network down here in other words the switch won't receive it we are pruning back the traffic to conserve traffic on the network. On router 1 show ip mroute what you'll also notice is for that multicast it's been pruned the tree has been pruned so we're not going to forward traffic into the network down here because no one wants the traffic depending on the multicast protocol that you're using we will build the tree and then prune it back if no one wants to receive the multicast or it'll be pruned and then grow depending on clients that request the multicast. So what I'll do now is plug these clients back in they should send IGMP join messages to Router 2 and the tree should be built back. So notice it's still showing prune here on router 1, on router 2 outgoing interface list is still null we got to wait for something to happen. I've seen that sometimes it takes a while for the phones to send their messages so what I'll do is is start the application again and open up the stream hopefully that will start now there you go. Hopefully it'll start on the iPhone I've sometimes had the iPhone take a while but I mean we have got a stream going at the moment so I mean this is not a great idea with an iPhone to use a connector so big I should use something small like this but I haven't got enough here so hopefully this will eventually connect but having one client is good enough. So on router 2, notice we are forwarding now out of
VLAN 1 and on router 1 we are forwarding out of gigabit 0/0/0 notice forward previously on this router it was pruned but now the traffic is being forwarded because this router Router 2 informs router one that there are clients that want to receive the multicast and it should forward the traffic through the network. I could do something similar on my computer as an example so in VLC, open network stream, specify the network that I want to connect to so RTP and that address and notice I'm also receiving the multicast on my PC now. So if I look at the switch so on the switch show ip igmp snooping let's say groups you can see the multicast is now forwarded out of gigabit 1/ 0/1, 1/0/2, 1/0/3 not out of this interface because it looks like the iPhone is struggling to get that interface running. But there you go I've now shown you weird Network traffic. In this example the sender or transmitter doesn't know who's receiving the traffic it simply sends one stream into the network, the routers build a distribution tree to forward the multicast into the parts of the network where there are clients that have asked to subscribe to the multicast. If there are no clients
who want to receive the multicast the trees is pruned back to stop the flooding or forwarding of traffic into parts of the network that don't want to receive the traffic or don't need the traffic. We use IGMP Snooping on a switch to only forward the multicast out of specific ports much better than broadcast which just flood the traffic out of all ports on a switch such as a layer 2 switch. Hopefully you've learned about multicasting. Let me know in the comments what else you want to see.
Do you want me to go into a lot more detail I'm thinking of going deep into networking protocols, deep into networking. I did my CCIE many many years ago and the stuff that I've been teaching on my channel is just the tip of the iceberg of the stuff that I've learned and stuff that I've used in the past if you're interested let me know. I'll cover multicasting, I'll cover MPLS, BGP routing protocols. I'm thinking of going really deep but let me know what you think.
2023-11-29 18:17
