IPV4-II1.3 # INTRODUCING THE UNICAST ADDRESS
Unicast communication in IP networking is the process of sending packets from a source to a destination based on the destination IP address in the Layer 3 header of the packet. The main property of this method is that it is a one-to-one communication between a source and a destination, as shown in the following diagram.
For example, PC1 is sending one traffic stream destined for PC2, another to PC3, and another for each host it wants to communicate with. Therefore, the number of streams increases proportionally with the number of receivers. This is a scaling limitation in scenarios where a single source must send streams to a large number of receivers.
For example, suppose PC1 must send a video stream to 100,000 receivers. Even though the content of the stream may be the same for every receiver, PC1 must replicate the stream 100,000 times using unicast traffic flows. This may completely exhaust the available resources on the source, even if it is the most powerful server or cluster. Additionally, replicating the same stream a thousand times substantially impacts the network. It may consume all available bandwidth and impact the transmitted data's quality by incurring packet loss and latency.
In unicast cases, Network devices forward unicast packets following the route to the destination IP/MAC address. Let's look at the example shown in the following diagram.
PC1 wants to send traffic to PC5. It inserts the default gateway's MAC address (R1) as DST MAC and PC5's IP address as DST IP and sends the packet onto the local LAN segment. PC1 finds the MAC address it needs using ARP.
When a layer 2 switch receives a frame with a unicast destination MAC address, it forwards the frame to the switchport according to its MAC address table. If there is no entry in the table, it floods the frame to all switchports except the incoming port (the flood-and-learn behavior).
When a router receives a packet with an unicast IP destination address, it forwards it according to its unicast routing table. If there is no entry in the routing table, it discards the packet.
🔹 In summary:
→ Unicast is one-to-one between PC1 and PC5.
→ A Layer 2 switch forwards unicast frames according to its MAC address table.
If there is no entry in the table, the switch floods the frame as broadcast.
→ A layer 3 switch or router forwards unicast packets according to its routing table.
If there is no entry in the routing table (and no default route), the device discards the packet.
1.4 # INTRODUCING THE BROADCAST ADDRESS
Broadcast is a very different communication method that delivers each packet to all hosts within a network segment. Broadcast communication within a local segment is typically referred to as "flooding" because it has flooding behavior. When a host sends a broadcast message, the LAN network replicates it and sends a copy of the message to ALL hosts on the segment, even if the message is not intended for them and they do not want to receive it.
In broadcast cases, Broadcast is essential for various network functions such as ARP, DHCP, SNMP, and WoL. It is the foundation of the "flood and learn" behavior of Ethernet networks. However, it has two main inefficiencies:
i. Broadcast communication is generally confined to a local network segment (called the broadcast domain). Routers do not forward broadcast messages between networks. (Technically, a "directed broadcast" capability can be used to send broadcast messages to remote network segments; it is considered a legacy technology now and is generally not allowed in modern networks because it has significant cybersecurity implications. More on it later
ii. Broadcast messages go to ALL hosts. This may not be desired in scenarios where you want to send a stream only to the interested receivers.
When a layer 2 switch receives an Ethernet frame with the destination MAC address set to 48 1s in binary (hexadecimal 0xFFFF.FFFF.FFFF), it knows that this broadcast message must be replicated to all hosts on the segment. The switch sends a copy of the Ethernet frame to all ports except the incoming one, as shown in the following diagram.
Every device on an Ethernet LAN receives and processes a copy of every broadcast frame. Various network functions such as ARP, DHCP, SNMP, and WoL rely on this flood-and-learn mechanism.
🔹 In summary:
→ A broadcast frame has the destination MAC address of all 1s (hex FFFF.FFFF.FFFF).
→ A layer 2 switch floods broadcast frames out all switchports except the incoming ones.
→ Broadcast stops at routers. Hence, routers divide the network into different broadcast domains.
1.5 # INTRODUCING THE MULTICAST ADDRESS
Multicast combines the best of both unicast and broadcast communications while offsetting the inefficiencies of broadcast. With multicast, the network replicates each packet and forwards it ONLY to interested receivers, as shown in the following diagram. For example, PC1 sends a video stream that only hosts PC3 and PC8 want to receive.
Another important difference between multicast and broadcast is that, with multicast, the receivers can be on any IP segment, while with broadcast, all receivers must be on the local segment.
Multicast packets can be transmitted from one source to many interested receivers, from many sources to many receivers, and from many receivers to one source. Multicast communication is the most efficient from a network resources point of view. The network can replicate a single multicast stream to a large number of receivers.
Note : An important point here is that a multicast IPv4 address cannot be used as a source IP. Multicast IP is always used as a destination address.
🔹 In summary, there are three main communication modes in TCP/IP networks:
→ Unicast: One-to-One
→ Broadcast: One-to-ALL
→ Multicast: One-to-Many
In multicast cases, When a layer 2 switch receives a frame with a multicast destination MAC address, it sends a copy of the packet ONLY to the switchports with interested receivers, as shown in the following diagram.
For example, PC1 sends a multicast stream to group 239.1.1.1. It inserts the group address 239.1.1.1 as DST IP and the corresponding multicast 0100.5E01.0101 as DST MAC. The essential point here is that there is no ARP with multicast. The destination MAC is a result of the multicast group IPv4 address. We will see the process of converting multicast IP to MAC later on.
When the layer 2 switch receives the frame, it knows it is multicast by looking at the multicast MAC. It forwards the frame to PC2 and R1 because they are the only interested receivers. When the router gets the frame, it looks at the destination multicast IPv4 address and forwards the packet according to its multicast routing table. In the end, only the interested hosts receive a copy of the multicast packet. If you are new to multicast, at this point, you most probably ask yourself - "WTF is a multicast MAC address?"
1.6 # HOW DO NETWORK DEVICES DIFFERENTIATE UNICAST BROADCAST AND MULTICAST ?
At this point, you might be wondering how network devices differentiate the different types of traffic. How does a LAN switch differentiate unicast from multicast from broadcast frames ?
The reply is that network devices look at the information in packets' headers to determine whether they are unicast, multicast, or broadcast. Keep in mind that network devices process MAC and IP addresses in binary (as ones and zeros). The decimal representation of IP addresses and the hexadecimal of MAC addresses are only used so that humans can make sense of the addresses.
🔹 Layer 2 switches differentiate different types of traffic by looking at the destination MAC address in the frame's layer 2 header.
→ Broadcast : A frame with the destination MAC address set to all 1s (in hex FFFF.FFFF.FFFF) is a broadcast frame.
→ Multicast : The IEEE 802.3 Ethernet standard specifies that all MAC addresses with the 8th bit set to “1” are multicast addresses.
→ Unicast : On the other hand, all MAC addresses with the 8th bit set to “0” are unicast ones.
🔹 Layer 3 switches and routers differentiate different types of traffic by looking at the destination IP address in the packets' layer 3 header.
→ Broadcast : If the destination IP address is the last address in the subnet (according to the subnet mask, it means the packet is broadcast.
→ Multicast : If the destination IP address is from the multicast address range 224.0.0.0/4, it means the packet is multicast.
→ Unicast : If the destination IP address is a valid address (not the first or the last address in a subnet, according to the subnet mask), it is unicast. As you can see in Low Level overview diagram.
