Hi i am on creating streaming application. in that i am using IP Multicasting.
Tell me how to validate the client before adding it in the group.
is that anything i have to do with IGMP?
+6
A:
You don't do it with your application.
IGMP is an internet layer protocol, it may not even reach your application.
Whenever a unit wants to receive multicast to a certain address, it sends an IGMP request to join a group. A router receives the request and remembers that this user wants to belong to this group.
Whenever the router receives a multicast packed destined for that address, it routes it to all the group members, possibly taking some access control restrictions into account.
All group manupulation is performed by routers. You just send your UDP packets to a multicast address (that is 224/4), and the routers decide whether to route it to a subscriber.
If you want to limit destinations where your multicast packets go, you do it on routers.
You should understand though, that the word "routes" above means that the router emits the packet into appripriate interface with a multicast destination address in Ethernet header and multicast destination address in IP header. An Ethernet switch attached to the interface, if any, will distribute the packet over all active ports. Since it knows nothing about internet routing, it will just see the broadcast/multicast bit set in the Ethernet header and act accordingly.
There are, though, some link layer devices (Ethernet switches) who peek into network layer headers and limit multicast to the subscribed units. That is called IGMP snooping. Some of them can also be capable to control access.
Quassnoi
2009-02-03 12:22:22
A bit inaccurate. The router emits the multicast with a multicast ethernet header, not a broadcast. There's a fixed mapping from IP multicast addresses to MAC multicast addresses. This way not all the Ethernet interfaces on the line will receive all multicasts
Eli Bendersky
2009-03-05 17:43:19
By broadcast here I mean a packet with bit 8 set. A non-IGMP snooping switch will distribute all multicast packets into all connected ports anyway, won't it?
Quassnoi
2009-03-05 19:01:08
A:
In addition to Quassnoi's comments on how multicast works, I have to wonder... Why do you want to restrict multicast membership and/or validate the recipient before having it added to the group?
Vatine
2009-02-03 12:51:24
Well, it is a perfectly legitimate desire (to cut unpaying customers off the streaming video, for instance).
Quassnoi
2009-02-03 13:08:58
Indeed, though there may be other ways of accomplishing that. One is to provide an out-of-band encryption key for the media stream and thus control the usefulness of the multicast data. Another (though taht probably requires control of the end router) is filtering IGMP at the destination.
Vatine
2009-02-03 13:56:13
I did once this task too, for a campus LAN, to distribute lectures online in realtime. Encryption key is good for large satellite providers but it's quite an overkill for one stream and 100 receivers. After all, if some scum watches a movie for free, well, shame on him then, no big deal anyway.
Quassnoi
2009-02-03 14:51:38
yes i should validate client(receiving host) before adding it in a group.because to allow only a authenticated users.without doing that any host can join to that multicast address and invoke the UDP packets.
krishnakumar
2009-02-04 07:20:27
+1
A:
OK, there is a legitimate need to control who can join a multicast group. The only way I can see that being done is by filtering IGMP packets inbound on the router interfaces. This would work if the list of "allowed subscribers" is sufficiently static, but if there's a lot of changes, it would rapidly become untenable.
If (and only if) there's administrative control all the way down to a "customer-placed" router, I suspect something could be done there, to limit the groups that device has visibility of, but that is heavily dependent of environment (in a "broadband and multicast video from a single provider" scenario, a contractual requirement for using a provider-managed DSL router would be possible).
Vatine
2009-02-04 11:47:50