Multicast prot quick ref

Right let’s see if I can up my terrible score of 14% on Multicast at my first take at the written (R&S)…

Generic

Mcast applications use UDP at the transport layer, which provides connectionless service

Configuring Mcasting on a Cisco router is relatively easy. A Mcast routing protocol must be configured first

Multicast addresses

Class D: 1st 4 bits 0x1110
Entire range: 224.0.0.0 to 239.255.255.255

A Mcast address is unstructured and does not use any subnet mask. It is never assigned to a network device, so it is never used as a source address. A source address on any IP packet is always a unicast address.

When asked whether the addresses are static then this has nothing to do with router or host configuration: A multicast address can be permanently assigned by IANA or can be temporarily assigned and relinquished.

Important IANA assigned ranges

  • Permanent multicast groups, in the range 224.0.0.0–224.0.1.255
  • Addresses used with Source-Specific Multicast (SSM), in the range 232.0.0.0–232.255.255.255
  • GLOP addressing, in the range 233.0.0.0–233.255.255.255
  • Private multicast addresses, in the range 239.0.0.0–239.255.255.255 (Written Question)

GLOP (RFC 2770) aims to allocate the 233/8 range of Mcast addresses amongst different ASes such that each AS is statically allocated /24 block of Mcast addresses. the Easynet (ASN:4589) GLOP range would be: 233.17.237.0 – 255 (GLOP is not an acronym and does not stand for anything)

 0 1 - 6 7 8 9 0 - 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   233   |       16 bits AS      |  local bits   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Source-Specific Multicast (SSM): allows a host to select a source for the Mcast group. A host can select a better-quality source and can help administrators to defend agains DoS attacks. Only IGMPv3-capable hosts can use the SSM feature and IGMPv3 is still a new protocol.

Private multicast domains: IANA has assigned the range 239.0.0.0 – 239.255.255.255 (RFC 2365). Think RFC1918 but then for Mcast and with the same limitations (must be filtered at AS borders).

Transient groups / transient multicast addresses: All other class D address space not mentioned above. Not assigned by IANA an free for anyone to use. Addresses must be dynamically allocated when needed and must be released when no longer in use.The wild west of Mcast… untill the IETF comes up with a way of regulating dynamic usage (allocation).

Well known reserved addresses

224.0.0.0 – Base address (reserved)
224.0.0.1 – All multicast systems on this subnet
224.0.0.2 – All multicast routers on this subnet (ao: PIMv1)
224.0.0.4 – All DVMRP routers
224.0.0.5 – All OSPF routers
224.0.0.6 – All OSPF Designated Routers
224.0.0.9 – RIPv2 routers
224.0.0.10 – (E)IGRP routers
224.0.0.12 – DHCP server / Relay agent
224.0.0.13 – All PIM(v2) routers
224.0.0.22 – IGMPv3 (Membership Reporting)
224.0.0.14 – RSVP encapsulation
224.0.0.18 – VRRP
224.0.0.25 – RGMP
224.0.1.21 – DVMRP on MOSPF
224.0.1.39 – Cisco-RP-Announce (auto-RP)
224.0.1.40 – Cisco-RP-Discovery (auto-RP)

Routed vs. non-routed (Written Question)

  • 224.0.0.x = non routed (local)
  • 224.0.1.x = routed

TTL Scoping

0 – Restricted to the same host
1 – Restricted to the same subnet
15 – Restricted to the same site
63 – Restricted to the sameregion
127 – Worldwide
191 – Worldwide; limited bandwidth
255 – Unrestricted in scope

(conventional values)

Administrative scoping

239.0.0.0/8 should remain within an organisations network (much like RFC1918 for Unicast)
239.255.0.0/16 – “local” scope
239.253.0.0/16 – site-local
239.192.0.0/14 – organisation-local (notice the /14)

MAC to Mcast address mapping (= automagic)

Example: 224.0.0.5 (OSPFallRouters) = 0x0100.5e00.0005

How does it really work? MAC = 48 bits, IP = 32 bits. But the allocatable space of either is 24 for MAc and 28 for IP. So not the first 4 bits but the first 9 bits of the IP address are discarded. The first 4, de class D indicator of 1110, plus 5 extra bits. The effect of this is that there will be 16 Mcast addresses with the same MAC address due to the 4 LSB of the 1st octet of the IP address (224-239), the 5th bit is always ‘0’.

224.0.0.1 has the same MAC address as for example 225.0.0.1; 236.0.0.1 and 224.128.0.1 (01-00-5E-00-00-01 the bold number will never be higher than 7F [ox0111.1111])

239.195.64.5 => 195=B3, 64=40, 5=05 => 01-00-5E-B3-40-05
WRONG !
239.195.64.5 => 195=43 (B-8=4) … => 01-00-5E-43-40-05
(or subtract 128 from 195 and then calculate the MAC address)

  • The 4th octet in a Mcast MAC address can never be larger than 7F

*** Protocols (Layer3)

IGMP

  • Provides communication between hosts and a router connected to the same subnet
  • IP protocol number 2
  • IP TTL set to 1
  • Not routed (TTL of 1 ensures this)
  • Join & leave messages from host to router
  • querier election process: Selects one Mcast router to send out Queries and forward Mcast onto the subnet (redundancy & efficiency)

Hosts send Membership messages
Routers send Query messages
Switches do not send IGMP messages

  • Routers do not keep track of hosts that are members of a group, only the group memberships that are active (per interface)

IGMPv0 (RFC988)

IGMPv1 (RFC1054)

  • Message Type 1: Host Membership Query (Used only by routers) sent to 224.0.0.1
  • Message Type 2: Host Membership Report (Used only by hosts) sent to group address
  • Message Type 3: DVMRP

  • Membership Query: “Does anyone want to receive traffic for any group?” (sent to 224.0.0.1 /w router’s IP & MAC source address)
  • Message Group Address: 0.0.0.0 when a router sends a Membership Query, contains the Mcast group address when a host sends a Membership Report (!= destination address)
  • Query interval: Time between Membership Queries (default v1 = 60 seconds)
  • (Solicited) Host Membership Report: Reply to a Membership Query
  • (Unsolicited) Host Membership Report: Join a new Mcast group (not a reply to anything)

  • Has a fixed Maximum Response Time (MRT) of 10 seconds (Query Response Interval): Used to randomise the host responses to a router’s Membership Queries (in 100 msec, thus the default = 100)
  • Report Suppression: If a host receives a report sent by another host for the same Mcast group for which it was about to send a report, it does not send the report. Supposed to reduce redundant reports
  • Has no querier election process, uses Mcast routing protocol instead to select a designated Mcast router for the subnet
  • Mcast hosts must listen to the well-known 224.0.0.1 Mcast group address to participate in IGMP

  • v1 does not have an explicit “Leave” mechanism
  • Group Membership Interval: Mcast traffic is forwarded out interfaces (after all hosts on an interface have left the group) for (up to) 3 minutes by default. = 3 times the MRT

IGMPv2 (RFC2236)

Same as IGMPv1 plus:

  • The Version and Type fields of IGMPv1 have been combined into an single octet: Type Code. Prepend v1 Type with “1” to find the v2 Type Code. (IGMPv1 message type 2 has a Type Code of 0x12 in v2)
  • Contains the IP Router Alert option in their IP header (can be used by RSVP)
  • Type Code 0x11: Generic Membership Query (same as IGMPv1 Type 1) sent to 224.0.0.1
  • Type Code 0x11: Group-Specific Membership Query, sent to group address
  • Type Code 0x12: Membership Report (same as IGMPv1 Type 2) sent to group address
  • Type Code 0x16: Membership Report. Used only by hosts to indicate that at least one host is using the group. Sent to group address
  • Type Code 0x17: Leave Group. Sent by a host, to inform the router (according to RFC: if it’s the last to send a Membership Report. Practically always sent) Sent to 224.0.0.2
  • Type Code 0x24: Multicast Router Advertisement
  • Type Code 0x25: Multicast Router Solicitation
  • Type Code 0x26: Multicast Router Termination

  • Message Group Address: 0.0.0.0 when a router sends a Membership Query, contains the Mcast group address when a host sends a ‘Membership Report’ or a ‘Leave Group’ message
  • Query interval: Time between Membership Queries (default v2 = 125 seconds)
  • Group-Specific Membership Query messages: Send a Membership Query for/to a specific group rather than all groups
  • Leave Group messages: a host can notify a router it’s leaving a group. After receiving a Leave Group message a router will immediately send a Group-specific Membership Query

  • Maximum Response Time can be configured from 0.1 to 25.5 seconds. In 100 msec, with a default of 10 being 1 sec. (value 1 – 255)
  • MRT Field: In the packet enables announcement of a variable MRT by routers
  • Report Suppression also applies to Group-specific Queries/Reports

  • When a router receives a Leave Group message, it responds by sending a Group-Specific Membership Query using the same Mcast address as the one used in the received Leave message (no 3 minute excess Mcast flooding)
  • Last Member Query Count: the number of consecutive Group-Specific Queries sent for the same group before the router concludes that there are no active members of the group on a subnet. Default = 2, which results in a 3 second delay between Group leave and removing an interface from a group (3x MRT)

  • Querier election process: Elects the router with the lowest IP address as the querier on a subnet (Generic Query to 224.0.0.1, compare own with received address)
  • Non-querier routers stop sending queries but monitor how frequently querier is sending general IGMPv2 Queries
  • The elected querier is considered to be dead and a new querier is elected when the elected querier does not send a query for two consecutive Query Intervals (125 sec), plus half the MRT (10 sec), this is the Other Querier Present Interval (RFC 2236). The default value for the Other Querier Present Interval is 255 seconds (2x 125 + 5)

  • IGMPv2 is backward compatible
  • If the MRT field is 0 (empty) the a host knows the router is IGMPv1
  • Version 1 Router Present Timeout timer, 400 seconds, reset when a v1 Query is received, back to v2 mode when timer expires
  • Routers determine host compatibilty by what type of Report is returned. 0x12 = v1, 0x16 = v2
  • v2 generic Queries are seen by v1 hosts as v1 Queries, the returned v1 Reports are examined by v2 routers
  • An IGMPv2 router might receive both an IGMPv1 and an IGMPv2 Report in response to a General Query
  • Leave messages are ignored if a v1 host is on the subnet. This means that after a v1 host leaves a group, traffic will be flooded for 3 minutes instead of the 3 seconds v2 is capable of
  • IGMPv1-host-present countdown timer: Leave messages are ignored untill this has timed out. It’s value is equal to the Group Membership Interval, which defaults to 180 sec in v1 and 260 sec in v2

IGMPv3 (RFC3376)

  • Maximum Response Time can be configured from 0 to 53 minutes
  • Backward compatible with IGMPv1 and IGMPv2
  • Still quite new and possibly not very well supported yet
  • Encorporates DoS mitigation by filtering at ingress based on source address
  • Source-Specific Multicast (SSM) allows a host to indicate interest in receiving packets only from specific source addresses, or from all but specific source addresses (spoofing?)

  • IGMPv3 is compatible with IGMPv1 and IGMPv2
  • Report Message Type Code: 0x22
  • Report destination address: 224.0.0.22
  • No report suppression available
  • Leave Group destination address: 224.0.0.22

  • Querier election process: Elects the router with the lowest IP address as the querier on a subnet (Generic Query to 224.0.0.1, compare own with received address) [Same as IGMPv1]

Multicast Listener Discovery (MLD) Protocol

(RFC2710 & IPv6)

  • Functions like IGMPv2
  • All multicast devices on a subnet use a special IPv6 link-local address as source address (Equivalent of IP TTL of 1)
  • Done Message: (= IGMPv2 Leave message) It is addressed to the all-routers IPv6 link-local scope address FF02::2
  • Multicast Listener Queries (IGMP Query Messages)
  • General Queries are addressed to the all-nodes IPv6 link-local scope address FF02::1
  • Multicast-Address-Specific Query: (similar to IGMPv2 Group-Specific Query)

*** Layer 2 Multicast support

Switch default behaviour: flood multicast traffic to all hosts in a broadcast domain (vlan/subnet)

Currently IGMP snooping is preferred and as a result Cisco is reducing it’s support of CGMP

Cisco Group Management Protocol (CGMP)

  • Propietary (Cisco Group Management Protocol)
  • Same function as IGMP snooping
  • Layer 2 protocol
  • Requires the router (and switch) to be configured with CGMP
  • Routers send CGMP messages
  • Switches receive CGMP messages
  • Hosts do not participate in CGMP
  • Sent to (well-known) MAC address 01-00-0C-DD-DD-DD
  • Contains one or more pairs of MAC addresses:
  1. Group Destination Address (GDA)
  2. Unicast Source Address (USA)
  • CGMP Join: Sent by routers with a GDA of 0, USA is the router’s MAC address (resent every 60 sec)
  • IGMP join: Router will send CGMP Join with GDA of the requested Mcast group, USA is the host’s MAC
  • CGMP Leave: Sent by routers, with same GDA and USA options as Join messages
  • Switches amend their CAM tables with the info in received CGMP messages
  • CGMP Leave messages have two other GDA/USA options:
  1. GDA: Group MAC, USA: 0 (delete the group from the CAM)
  2. GDA: 0, USA: 0 (delete all groups from the CAM)

IGMP snooping

  • Used in: multi vendor environment
  • Also supported by a number of Cisco switches
  • Switch needs to have some L3 capabilities to inspect IGMP messages
  • Switches listen to:
  1. IGMP General Query /w GDA: 01-00-5E-00-00-01
  2. OSPF /w GDA: 01-00-5E-00-00-05 or 01-00-5E-00-00-06
  3. PIM (v1) HSRP hellos /w GDA: 01-00-5E-00-00-02
  4. PIM (v2) hellos /w GDA: 01-00-5E-00-00-0D
  5. DVMRP Probes / w GDA: 01-00-5E-00-00-04
  • When a switch detects router ports in a VLAN, they are added to the port list of all GDAs in that VLAN
  • When an IGMP Report is received, the GDA is examined. It then creates an entry in the CAM table for the GDA, and adds the port to the entry. If this is the first group member then the router port is added as well
  • When an IGMP Leave is received, the GDA is examined . It then removes the port from the group entry (CAM table). The IGMP Leave is forwarded to the router only if this is the last host port for the GDA on the switch
  • As a protection a switch will send an IGMP General Query out the port it received the IGMP Leave message on. This way the switch can verify whether there are other members of this group on the port
  • All in all IGMP snooping slightly reduces the IGMP load on a router, but it also breaks Report Suppression which means that all hosts to send IGMP Reports. The switch only sends one Report per group to the router (reportedly CGMP is slightly more efficient)

Router-Port Group Management Protocol (RGMP) (RFC3488)

IGMP snooping helps switches control distribution of multicast traffic on ports where multicast hosts are connected, but it does not help switches control distribution ofmulticast traffic on ports where multicast routers are connected

  • Layer 2 protocol
  • Router informs switch which groups are/aren’t desired
  • Designed to reduce a router’s overhead
  • Cisco proprietary, but does not work together with CGMP (CGMP is silently disabled when RGMP is turned on)
  • Works well with IGMP snooping (they complement eachother)

  • RGMP Hello message: Router to switch every 30 sec (default). Switch stops forwarding all Mcast when an RGMP Hello is received
  • RGMP Join G message: G = Mcast group address
  • RGMP Leave G message: G = Mcast group address
  • RGMP Bye message: When RGMP is turned off on the router, switch resumes normal Mcast forwarding