IPv6 Multicast Addresses

This is a continuation of the IPv6 Addressing Model article, but deserves its own article.

 

IPv6 Multicast Address 

The Multicast transmission mode is a one-to-many model, compared to the Unicast transmission mode that is a one-to-one model, or the Anycast transmission mode that is a one-to-closest-of-many model. Unlike the broadcast transmission mode in IPv4, which is a one-to-all model, with Multicast any node can "subscribe to" (join) a Multicast "group" (address) by running a Multicast-aware application. The transmission goes from one node to all nodes that have joined the destination Multicast group. Any node that has not joined a particular Multicast group will ignore any packets sent to that group. Within a subnet, Multicast is easy to do. Ethernet inherently supports Multicast. When a packet is written to the link, all nodes in the link receive it. Beyond the local link, Multicast is a bit more complex, and requires Multicast aware routers and Multicast routing protocols.

Multicast transmission mode works only over UDP and SCTP. You cannot make a TCP connection to multiple nodes simultaneously. There is no way for one sender to do a three way handshake with multiple destination nodes simultaneously. The automatic retransmission of failed packets would be very complex with Multicast. All Multicast traffic is "connectionless" (as opposed to "connection oriented").

In IPv4, Multicast addresses are from 224.0.0.0 to 239.255.255.255 (16 "/8" blocks), a total of 228 (268 million) multicast addresses. Sound like a lot.

In IPv6, Multicast addresses are from the block ff00::/8. There are 2112 (about 5.19 E+33) multicast groups (and each of them available in all scopes). There are 19 trillion trillion times as many IPv6 multicast addresses as there are IPv4 multicast addresses. Makes 268 million seem kinda puny, like everything else about IPv4. Once you've been working with IPv6 for a while, everything about IPv4 seems like a toy (you find yourself thinking "how did they ever make a worldwide Internet with this stuff?").

A multicast "address" contains a multicast "group" (see syntax diagram below). Nodes "join" a Multicast "group". In Windows, you can view all of the Multicast groups that your node has joined with either the netsh CLI command below, or with the NetConf GUI application.

IPv4 Command: netsh int ip show joins

IPv6 Command: netsh int ipv6 show joins

NetConf allows you to easily view all of the Multicast groups your node has joined, in both IPv4 ("IPv4 Multicast" tab) and IPv6 ("IPv6 Multicast" tab). These ListViews are "read only". Unlike the Unicast ListViews, you can't actually do anything with the items listed (e.g. add, delete, edit). All you can do is view them. NetConf interprets the well-known multicast groups for you.

In either case, you will see some Multicast groups that are required to be there by RFC 2460 (IPv6 Specification). Every IPv6 host (a node that does not do packet forwarding) automatically joins the following groups:

ff01::1 - All nodes in local interface
ff02::2 - All nodes in local link
 
Every IPv6 router (a node that has multiple interfaces and does packet forwarding) also automatically joins the following group:
 
ff02::5 - All nodes in local site
 
On Microsoft Windows nodes, the following groups will also always be joined, but these are not required by RFC.
 
ff02::c - Simple Service Discovery Protocol
ff02::1:3 - Link-Local Multicast Name Resolution

There will also be one "Solicited Node" Multicast address listed for each Unicast or Anycast address assigned to the node. These are created automatically by the Operating System. You can recognize these easily, as they all start with "ff02::1:ff". The low 20 bits of each Solicited Node Multicast address is the low 20 bits of the corresponding Unicast or Anycast address. For example:

ff02::1:ff04:57db - Solicited Node multicast
ff02::1:ff6b:7a54 - Solicited Node multicast
ff02::1:ffe3:9c5f - Solicited Node multicast

You don't "assign" a Multicast address to a node, like you do Unicast or Anycast. You run an application on that node that "joins" a UDP socket (which is already bound to a Unicast address) to a Multicast group and scope. Incoming UDP packets whose destination address is either the Unicast address the socket is bound to, or the Multicast group it "joined" will be received by that socket. You can have any number of UDP sockets in your applications, each bound to one Unicast address, and each optionally joined to at most one Multicast group.

The Multicast concept is more fully developed in IPv6 than in IPv4. It is used extensively in the Neighbor Discovery mechanisms and other places. It is made more complex by the existence of a fully developed scope concept. Every IPv6 Multicast address includes a 4-bit scope specifier, and there are more scopes in multicast than in unicast. In IPv6 Unicast there are Interface-Local, Link-Local, ULA and Global scopes. In IPv6 Multicast there are Interface-Local, Link-Local, Admin-Local, Site-Local, Organization-Local and Global scopes. There is no ULA Multicast scope, nor any ULA Multicast addresses. For all Multicast scopes above Link-Local, you must have IPv6 Multicast aware routers configured correctly, and some multicast routing protocol in place. Unlike in IPv4, where not all routers support IPv4 Multicast, in IPv6 support of Multicast is mandatory. So, any IPv6 router or firewall should support it.

Interface-Local (scope ID = 1) refers to the loopback interface, where the only Unicast address is ::1. The only Multicast address is ff01::1, all nodes in local interface. This address works, but is of limited use.

Link-Local (scope ID = 2) refers to all interfaces connected to the local link (subnet). Any Multicast address that starts with ff02:: is Link-Local. There are several examples listed above.

Admin-Local (scope ID = 4) refers to "the smallest scope that must be administratively configured". Specifics are left to the network implementer.

Site-Local (scope ID = 5) refers to the local physical network (e.g. one branch office). Site-Local Multicast packets will not cross the site's border router (however that is defined by the network implementer). Unlike Site-Local Unicast, Site-Local Multicast is still valid (not deprecated).

Organization-Local (scope ID = 8) refers to the collection of "sites" used by the Organization administering the local network (possibly linked by VPNs). Organization-Local Multicast packets must not leave the organization's border router to the global IPv6 Internet.

Global (scope ID = E, or 14 decimal) refers to any node on the global IPv6 Internet. Global Multicast packets will cross any router that doesn't specifically filter them.

Aside from Interface-Local, Link-Local and Global multicast scopes, the other scopes can be definde as needed by the network architect on any boundaries, based on where he defines filters in the internal routers or firewalls. It is simple to create a rule that blocks Multicast packets of any specific scope.

 

IPv6 Multicast Address Syntax

|   8    |  4 |  4 |                  112 bits                   |
+------ -+----+----+---------------------------------------------+
|11111111|flgs|scop|                  group ID                   |
+--------+----+----+---------------------------------------------+ 

The first 8 bits contain the binary value 1111 1111 (hex 0xff). 

The next 4 bits contain flags. The only flag currently used is the 4th bit, "T". If T=0, the multicast address is a "well known" address assigned by IANA. If T=1, then the address is a non-permanently assigned "transient" Multicast address.

The next 4 bits contain the Multicast address scope:

0       reserved
1       interface-local scope
2       link-local scope
3       reserved
4       admin-local scope
5       site-local scope
8       organization-local scope
E       global scope
F       reserved

The remaining 112 bits contain a Multicast group. There are a number of "well-known" IPv6 Multicast groups. Here are a few of them:

1       node
2       router
5       OSPF IGP router
6       OSPF IGP Designated router
9       RIP router
a       EIGRP router
b       mobile agent
d       PIM router
16      MLDv2 capable router
fb      DNS server
101     NTP server
108     NIS+ server
1:2     DHCPv6 relay agent or server
1:3     DHCPv6 server (but not relay agent)

So, the address ff02::1 can be interpreted as:

8/0xff = multicast address
4/flags, T=0, well known multicast
4/scope, 2 = link local scope
112/multicast group 1 = node

In other words, "all nodes on local link Multicast address"

Here are some popular IPv6 Multicast addresses:

ff02::1         All nodes on the local link
ff05::1         All nodes in the organization
 
ff02::2         All routers on the local link
ff05::2         All routers in the site
 
ff02::fb        All DNS servers on the local link
ff08::fb        All DNS servers in the organization
 
ff02::1:2       All DHCPv6 relay agents or servers on local link
                (note, DHCPv6 relay agents can only be reached
                via link local addresses, so wider scope
                addresses for relay agents don’t make sense)
 
ff02::1:3       All DHCPv6 servers on the local link
ff05::1:3       All DHCPv6 servers in the site

 

Solicited Node Multicast Address 

IPv6 uses an interesting technique to focus a Multicast transmission in Neighbor Discovery to just the node you are interested in (or at most a small handful of nodes). This uses the Solicited Node Multicast Address. The first 104 bits of this address is ff02:0:0:0:0:1:ff00::/104. The last 24 bits of it are the least significant 24 bits of the target address. For example, given the IPv6 unicast address 2001:470:3d:3000:f02:c8e3:42e3:9c5f, the low 24 bits are ::e3:9c5f (4 bits per hex digit). Put the 104 bit prefix and the 24 bit suffix together, and you get the corresponding 128-bit solicited node Multicast address ff02::1:ffe3:9c5f. If most of the nodes in your network have the low 24 bits of IPv6 addresses randomly generated, or generated from EUI-64, the probability is quite low than any other node in the subnet would have the same least significant 24 bits. If the node in question has a manually configured suffix (like ::13) then there could potentially be a few nodes with the same low 24 bits.

This is liking a well aimed rifle shot, compared to IPv4 broadcast, or ff02::1 (all nodes in local link). Those are more like a shotgun that hits not only the target, but everything near it (broadcast is more like an atomic bomb that hits everything).

Every Unicast or Anycast address on your interface will cause the corresponding Solicited Node Multicast address to be automatically generated and a join done to listen for UDP transmissions to it.

In NetConf, you can see what the Solicited Node Multicast address is for any address - on the IPv6 Unicast ListView, right click on any address and select View Address Details. Among other things it will show you the Solicited Node Multicast address for the selected address.