Monday, July 21, 2014

Difference between Unicast, Broadcast, Multicast and Anycast traffic. TCP IP [Networking]

| TYPE      | ASSOCIATIONS     | SCOPE           | EXAMPLE |
| Unicast   | 1 to 1           | Whole network   | HTTP    | 
| Broadcast | 1 to Many        | Subnet          | ARP     |
| Multicast | One/Many to Many | Defined horizon | SLP     |
| Anycast   | Many to Few      | Whole network   | 6to4    |
Unicast is used when two network nodes need to talk to each other. TCP by definition is a Unicast protocol, except when there is Anycast involved (more on that below).
When you need to have more than two nodes see the traffic, you have options.
If all of the nodes are on the same subnet, then broadcast becomes a viable solution. All nodes on the subnet will see all traffic. There is no TCP-like connection state maintained. Broadcast is a layer 2 feature in the Ethernet protocol, and also a layer 3 feature in IPv4.
Multicast is like a broadcast that can cross subnets, but unlike broadcast does not touch all nodes. Nodes have to subscribe to a multicast group to receive information. Multicast protocols are usually UDP protocols, since by definition no connection-state can be maintained. Nodes transmitting data to a multicast group do not know what nodes are receiving. By default, Internet routers do not pass Multicast traffic. For internal use, though, it is perfectly allowed; thus, "Defined horizon" in the above chart. Multicast is a layer 3 feature of IPv4 & IPv6.
To use anycast you advertise the same network in multiple spots of the Internet, and rely on shortest-path calculations to funnel clients to your multiple locations. As far the network nodes themselves are concerned, they're using a unicast connection to talk to your anycasted nodes. For more on Anycast, try: What is "anycast" and how is it helpful?. Anycast is also a layer 3 feature, but is a function of how route-coalescing happens.


Some examples of how the non-Unicast methods are used in the real Internet.
ARP is a broadcast protocol, and is used by TCP/IP stacks to determine how to send traffic to other nodes on the network. If the destination is on the same subnet, ARP is used to figure out the MAC address that goes to the stated IP address. This is a Level 2 (Ethernet) broadcast, to the reserved FF:FF:FF:FF:FF:FF MAC address.
Also, Microsoft's machine browsing protocol is famously broadcast based. Work-arounds like WINS were created to allow cross-subnet browsing. This involves a Level 3 (IP) broadcast, which is an IP packet with the Destination address listed as the broadcast address of the subnet (in, the broadcast address would be
The NTP protocol allows a broadcast method for announcing time sources.
Inside a corporate network, Multicast can deliver live video to multiple nodes without having to have massive bandwidth on the part of the server delivering the video feed. This way you can have a video server feeding a 720p stream on only a 100Mb connection, and yet still serve that feed to 3000 clients.
When Novell moved away from IPX and to IP, they had to pick a service-advertising protocol to replace the SAP protocol in IPX. In IPX, the Service Advertising Protocol, did a network-wide announcement every time it announced a service was available. As TCP/IP lacked such a global announcement protocol, Novell chose to use a Multicast based protocol instead: the Service Location Protocol. New servers announce their services on the SLP multicast group. Clients looking for specific types of services announce their need to the multicast group and listen for unicasted replies.
HP printers announce their presence on a multicast group by default. With the right tools, it makes it real easy to learn what printers are available on your network.
The NTP protocol also allows a multicast method (IP for announcing time sources to areas beyond just the one subnet.
Anycast is a bit special since Unicast layers on top of it. Anycast is announcing the same network in different parts of the network, in order to decrease the network hops needed to get to that network.
The 6to4 IPv6 transition protocol uses Anycast. 6to4 gateways announce their presence on a specific IP, Clients looking to use a 6to4 gateway send traffic to and trust the network to deliver the connection request to a 6to4 router.
NTP services for especially popular NTP hosts may very well be anycasted, but I don't have proof of this. There is nothing in the protocol to prevent it.
Other services use Anycast to improve data locality to end users. Google does Anycast with its search pages in some places (and geo-IP in others). The Root DNS servers use Anycast for similar reasons. ServerFault itself just might go there, they do have datacenters in New York and Oregon, but hasn't gone there yet.

No comments:

Post a Comment