Multicast :: Part II – IP multicast

Multicast in an Ethernet network explained:
There are tons of multicast posts that talk about Multicast routing at IP level. But how exactly does multicast behave in an Ethernet environment? This series tries to answer that question.

IP multicast:
IP multicast over Ethernet utilizes the underlying Ethernet multicast mechanism. IP multicast packets are encapsulated in an Ethernet frame with the I/G bit set. Does this mean that IP multicast packets are simply flooded throughout the Ethernet broadcast domain? It depends, it depends on the scope of the IP multicast address, the IGMP snooping settings of the switches and the availability of a IGMP querier.

The advantage of IP multicast compared to Ethernet multicast is that IP multicast can cross Ethernet (Layer 2) boundaries. IP multicast was developed at the early 1980s at Stanford University. The idea was to extend the Ethernet multicast mechanism to work at the IP layer (layer 3).

The reason for IP multicast is the same than Ethernet multicast: being able to address a subset of hosts identified by a single IP (multicast) address (potentially at a global scale). A host subscribed to an IP multicast address (IP multicast group) programs the host network stack to listen to a specific MAC address that represents the IP multicast group. To make this work there must be a mapping between the IP multicast address and the MAC address.

IP multicast addresses:
The Internet Assigned Number Authority (IANA) assigned the class D address space for IP multicast use. The class D range represents IP multicast addresses ranging from through

multicast class

As you can see class D addresses start with the binary prefix 1110 which leaves room for 28^2 multicast addresses.

The class D multicast range is further subdivided in scopes, these scopes are important to know because multicast traffic in the “link-scope” is treated differently by the Ethernet network (if IGMP snooping is turned on) than the “global scope” and “administrative scope”.

  • Link scope: –
  • Global scope: –
  • Administrative scope: –

Link scoped (link-local) multicast addresses ( –
This range is reserved for use by network protocols. Link scoped IP multicast packets will never be forwarded from the local Ethernet segment by a multicast router. Also, link scoped packets will always be flooded throughout the Ethernet broadcast domain. IGMP snooping will not affect flooding. The following list shows some examples of well-known link-local multicast addresses:

  • All Hosts multicast group.
  • All Routers multicast group.
  • All OSPF Routers

Globally scoped multicast addresses ( –
Global scoped multicast IP addresses are meant for global use (public use). Forwarding of Globally scoped multicast packets in an Ethernet network is affected by IGMP snooping.

Administratively scoped multicast addresses ( –
These multicast addresses can be used privately (RFC 2365), the idea is the same as private IP addressing described in RFC 1918. Just like global scoped addresses forwarding of these packets in an Ethernet network are affected by IGMP snooping.

IP multicast to MAC address mapping:
Ethernet forwards IP unicast packets based on their destination MAC. A host looks up the MAC address of the target in its ARP table. For multicast such a mechanism does not exist and it would not work because a multicast sender doesn’t know which hosts are listening (the host just transmits IP multicast packets, it’s the responsibility of the network to deliver multicast packets to the interested receivers).

In IP multicast the IP multicast (group) address is encoded within the MAC address.  This encoded multicast MAC address is used by the host to program its network stack. This mechanism allows multicast applications to listen to a specific IP multicast address.

The following figure shows how the IP multicast address is encoded within the multicast MAC address:

IP Multicast Ethernet mapping

If you search the IEEE OUI database for 00-00-5E you will see that this range was registered by the IANA. As described in the previous post the IEEE assigns next to the 00-00-5E prefix the 01-00-5E prefix for multicast. The first 25 bits of the MAC address are fixed (represented by the red boxes). IANA reserved half of the 01-00-5E multicast range for IP multicast. More specific: 01-00-5E-00-00-00 through 01-00-5E-7F-FF-FF. That is why only 23 bits can be mapped from the IP address (represented by the green boxes and arrows) not 24.

Class D IP addresses start with 1110 (purple boxes) this leaves 28 bits for multicast addresses. To map the full 28 bits into the MAC address, 16 OUI ranges of the size of 2^25 would be needed. The story is told that there was not enough budget to allocate 16 OUIs (source: Developing IP Multicast Networks ISBN-10: 1-58714-289-9). So we ended up with 23 bits instead of 28.

Because of the budget problem there is 5 bit translation error (the blue boxes). For this reason a single multicast MAC address maps to 2^5 (32) different multicast IP addresses. If there are more multicast groups active on the same VLAN that map to the same MAC address the host CPU will be interrupted unnecessary for multicast packets it did not subscribe to. The host will simply discard the received packets with IP multicast addresses it did not subscribe to.

Continue with part III of the series: IGMP snooping.

The opinions expressed in this blog are my own views and not those of Cisco.

Leave a Reply

Your email address will not be published. Required fields are marked *