Exploring multicast IP in Linux
We show you the practical side of multicasting, including a sample configuration that uses the free XORP routing protocol suite.
IP networks have supported multicast transmission for nearly 20 years, but the technology has only recently entered the realm of widespread use. As the name implies, multicasting is a technique for transmitting data from a single source to a predefined collection of recipients. This concept poses some special challenges that aren't seen in more conventional transmission techniques, such as broadcasting, in which the message is sent to all computers on a network segment, and unicasting, in which a message passes from a single source to a single recipient.
Efficient use of multicasting can significantly reduce traffic load, especially on networks that support streaming-style multimedia transmissions. Multicasting applications and technologies have received increased attention with the rise of audiovisual technologies; however, multicasting remains a mystery to many software developers, system admins, and end users who might benefit from more extensive use of this promising technique. In this article, we offer a glimpse at the practical side of multicasting, including a sample configuration that uses the free XORP routing protocol suite.
What Is IP Multicasting?
Figure 1 shows the idea behind multicast transmission. Source A generates a data stream with throughput of 1Mbps, and the data stream is received by three recipients. Figure 1a shows a unicast transmission between the source and the receivers. The transmission results in three independent, but identical, data streams, which means that a bandwidth of 3Mbps is consumed on the link between the source and distribution networks. In contrast, a multicast scenario (see Figure 1b) requires only one data stream from the source, so the load on the link is constant and independent of the number of receivers.
Data Link Layer
Transmission at the Data Link Layer is performed through the use of the MAC address, which identifies a network interface on the link. MAC addresses are mapped to and from the corresponding IP addresses with the help of the address resolution protocol (ARP) and reverse ARP (RARP). For example, if router B wants to send data to router D, it first sends an ARP request to D's IP address. In response, D sends an ARP reply that contains its MAC address. Once this process is finished, B and D can communicate over the Ethernet transmission medium. In the case of multicasting, the question is how to achieve the effect of Data Link addressing without incurring the overhead of having to resolve an IP address to an arbitrarily complex tangle of recipient MAC addresses.
This particular problem is solved by mapping an IP multicast address to a single MAC address that is then used by all recipients. An ethernet MAC address consists of 48 bits. Ethernet addresses that start with the bit sequence 01.00.5E are assigned to IANA (Internet Assigned Number Authority, the organization responsible for managing IP address ranges). IANA has decided to allocate half of the assigned Ethernet address range to the purpose of multicast transmission. As a result, 23 bits of the MAC address are available for the purpose of group communications.
An IP address, however, has 32 bits, which means 32 bits of the IP address must map to 23 bits of the MAC address. All IP addresses from Class D are reserved for multicast transmission purposes. IP addresses belonging to Class D start with the bit pattern 1110. Because this pattern is constant for all multicast addresses, it doesn't have to be part of the mapping. Consequently, only 28 bits of the IP address are mapped to 23 bits of the MAC address representation. Figure 2 shows how the mapping procedure works.
As you can see in Figure 2, after discarding the initial 4 bits, the next 5 most-significant bits are also ignored. The remaining 23 bits are then directly mapped to the MAC address. Note that this mapping of IP to MAC multicast addresses is not unambiguous; the relation between IP and MAC addresses is not one-to-one. Consequently, 25 IP group addresses have the same MAC addresses.
A simple example will illustrate this process. Consider the multicast address 188.8.131.52, which has the following binary representation: 11101111.00010000.00010000.00101110.
Discard the 4 most-significant bits (the Class D bit pattern) and you have the following sequence: 1111.00010000.00010000.00101110.
If you omit the next 5 bits, for 0010000.00010000.00101110, and combine this bit pattern with the sequence assigned by IANA for the purpose of multicast transmissions, you can compute the MAC address 01.00.5E.10.10.2E corresponding to the IP address 184.108.40.206.
Building a Tree
To receive multicast transmissions, receivers send a data reception demand to the router. This demand is transmitted with IGMP (Internet Group Management Protocol) or, to be more precise, with the help of the IGMP Report message. The router, after receiving the message, sends a Join packet of the PIM-SM protocol to other routers along the path.
The routers are thus responsible for the construction of a multicast transmission tree for the transmission of group data between the receivers and the source. In theory, you do not even need a dynamic multicast routing protocol to build this transmission tree. The smcroute program (the equivalent of the route application for unicast transmission) lets you manually configure multicast routes. As in the case of the unicast transmission, manual configuration often leads to errors and is additionally troublesome when the network configuration is changed. Moreover, multicast transmission trees are usually constructed for a relatively short period of time (for instance, a two-hour movie transmission). This, in practice, excludes the possibility of manually creating the multicast transmission tree in a real-world situation. The only real possibility of implementing group transmission at a practical level is through a multicast routing protocol.
How It Works
When an application requests reception of multicast transmission, the kernel network subsystem computes the corresponding MAC address. This address is then added to the list of received multicast addresses; finally, the kernel calls set_multicast_list from the net_device structure. The set_multicast_list function performs some hardware-specific actions at the driver level so the network card will be able to receive packages sent to this specific MAC address.
Figure 3 shows an example of a multicast transmission taking place between two systems connected to the same Ethernet network segment. The application on computer A transmits data to multicast address 220.127.116.11 (step 1a in Figure 3). The application passes the data, together with the destination address, to the kernel. The kernel then computes a MAC address corresponding to this IP address.
On the other end, the application on computer B informs the Linux kernel that it is interested in receiving a multicast transmission sent to IP address 18.104.22.168 (step 1b in Figure 3). The kernel computes the MAC address corresponding to this IP address (2b) and informs the network card that it should receive packages sent to this MAC address (3b). Once the data package is received (4b), the network card installed in computer B generates an interrupt, and the method responsible for interrupt handling is called (5b). This method hands over the received data to the kernel (6b), which will ultimately relay that data to the application (7b).
Buy this article as PDF
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.