Multicast routing enables efficient distribution of one-to-many traffic. A multicast source, sends multicast traffic in a single stream to a multicast group. The multicast group contains receivers such as hosts and adjacent routers that use the IGMP protocol for multicast communication. Voice over IP, Video on demand, IP television, and Video conferencing are some of the common technologies that use multicast routing. When you enable multicast routing on the Citrix SD-WAN appliance, the appliance acts as a multicast router.
Source specific multicast
Multicast protocols typically allow multicast receivers to receive multicast traffic from any source. With source specific multicast (SSM), you can specify the source from which the receivers receive the multicast traffic. It ensures that the receivers are not open listeners to every source that is sending multicast streams but rather listen to a particular multicast source. SSM reduces the cost of resources used in consuming traffic from every possible source and also provides a layer of security by ensuring that the receivers receive traffic from a known sender.
The following topology shows two multicast receivers at a branch site and a multicast server (220.127.116.11) at the Data Center. The multicast server streams traffic over a particular group (18.104.22.168), the receivers join the group. Any traffic streamed on the multicast group is relayed to all the receivers that joined the group.
For SSM to work, the multicast group IP must fall within the range 22.214.171.124/8.
The multicast receivers send an IP IGMP join request indicating that the receivers want to join the multicast group and want to receive the multicast stream from the source. The IGMP join includes 2 attributes the multicast source and group (S, G). IGMP Version 3 is used for SSM on the multicast source and the receiver to relay some INCLUDE specific source addresses. SSM allows the receivers to explicitly receive streams from specific Multicast servers, whose source address is explicitly provided by the receivers as part of the JOIN request. In this example, an IGMP v3 join request is triggered with an explicit include source list, which contains the source 126.96.36.199, to be the address that sends the multicast stream over the group 188.8.131.52.
The Citrix SD-WAN at the branch listens to all the IGMP requests from these receivers and converts it into a membership report and sends it over the Virtual Path to the SD-WAN appliance at the data center.
The Citrix SD-WAN appliance at the data center receives the membership report over the Virtual Path and forwards it to the Multicast Source, establishing a control channel.
The Multicast source transmits the multicast stream over the Virtual path to the multicast receivers.
The control channel traffic and the multicast stream flow through the established virtual path between the branch and the data center. The Citrix SD-WAN overlay path insures and insulates multicast traffic from WAN degradation or link brownouts.
To configure multicast, perform the following on the SD-WAN appliance at both the source and destination.
- Create a multicast group - Provide a name and IP address for the multicast group. The multicast group IP must fall within the range 184.108.40.206/8 for source specific multicast.
- Enable IGMP proxy – You can configure the Citrix SD-WAN appliance as an IGMP proxy to carry the IGMP control channel information for multicast routing. IGMP V3 is required for single source multicast.
- Define the upstream and downstream services - An upstream interface enables the IGMP PROXY to connect to the SD-WAN appliance closer to the actual multicast source that streams the traffic. A downstream interface enables the IGMP Proxy to connect to the hosts that are farther away from the actual multicast source that streams the traffic. The upstream and downstream services are different for the appliance at the source and the appliance at the destination
To configure multicast, at the site level, navigate to Configuration> Advanced Settings > Multicast Groups. Create a multicast group by providing a name and IP address for the multicast group. Click Enable IGMP Proxy.
Configure the upstream and downstream paths for the Branch and data center appliances.
For the appliance closer to the multicast receiver (Branch), the appliance receives the multicast traffic on the Local Interface and sends the traffic on the virtual path.
For the appliance closer to the multicast source (Data center), the appliance receives the multicast traffic on the virtual path and sends it on the local interface towards the receiver.
When the multicast receivers initiate a join group request, you can see the receiver details under Monitoring > IGMP on the appliance. You can see this information on the appliances at both the source and the destination.
The below image shows an IGMP Version 3 join is initiated and the filter type INCLUDE is used to include specific source addresses. You can also see the IGMP member statistics.
After the multicast control channel is established and the multicast source begins streaming, you can view the multicast flows statistics. You can see that Multicast UDP traffic was sent on the virtual path service from a receiver to the multicast group 220.127.116.11.
If SSM is enabled and if the traffic is received from a different server that is not part of the expected list of source senders the SD-WAN appliance will not have any reporting data.
The firewall table shows the multicast traffic coming over the LAN interface over the Multicast group IP address and is sent over the virtual path.
Multicast group statistics
The multicast group table provides details about multicast traffic such as packets sent and received over source, destination, and the aggregation of both.