Multicast
IP Multicast
A packet delivery method where one sender transmits to a group address and the network replicates the stream only where subscribers exist — used for IPTV, live video distribution, network discovery protocols, and routing updates.
Multicast sits between unicast (one-to-one) and broadcast (one-to-all). A sender transmits a single stream to a multicast group address in the 224.0.0.0/4 range (IPv4). Routers along the path replicate the stream only at points where downstream subscribers have joined the group — not before. A single video source serving 1,000 subscribers sends one stream up to the first router branch point, then duplicates only as the tree fans out. This is far more efficient than unicast (1,000 separate streams) or broadcast (flooding all devices regardless of interest).
Unicast vs broadcast vs multicast
| Method | Destination | Who receives | Typical use |
|---|---|---|---|
| Unicast | Single IP | One specific host | Web, email, most TCP traffic |
| Broadcast | 255.255.255.255 | All hosts on segment | DHCP discovery, ARP |
| Multicast | 224.0.0.0/4 (IPv4), ff00::/8 (IPv6) | Subscribed hosts only | IPTV, mDNS, routing protocols |
| Anycast | Shared IP (routing) | Nearest matching host | DNS root servers, CDNs |
Multicast address ranges
IPv4 multicast addresses occupy the entire 224.0.0.0/4 block (224.0.0.0 through 239.255.255.255). Within this range, sub-ranges have specific purposes:
- 224.0.0.0/24 — Link-local multicast: never forwarded by routers. Used for protocols that must stay on the local segment: OSPF hellos (224.0.0.5/6), EIGRP (224.0.0.10), VRRP (224.0.0.18), mDNS (224.0.0.251), IGMP (224.0.0.1/2).
- 224.0.1.0–238.255.255.255 — Globally scoped: routable across the internet (subject to provider filtering). Includes well-known assignments like NTP (224.0.1.1).
- 239.0.0.0/8 — Administratively scoped: analogous to RFC 1918 private addresses — intended for internal use, not routed externally. SSDP/UPnP uses 239.255.255.250.
In IPv6, multicast addresses begin with ff and occupy the ff00::/8 prefix. The second byte encodes the scope (link-local, site-local, global) and flags. All-nodes (ff02::1) and all-routers (ff02::2) are the most common link-local IPv6 multicast addresses. IPv6 uses multicast in place of broadcast for neighbour discovery, replacing ARP with NDP (Neighbour Discovery Protocol).
IGMP: group membership at the host level
IGMP (Internet Group Management Protocol) is the signalling protocol hosts use to join and leave multicast groups. When an application wants to receive a multicast stream, the OS sends an IGMP Membership Report (Join) to the local router for the group address. The router adds the interface to its multicast forwarding table for that group and begins delivering the stream. When the application stops, the host sends an IGMP Leave message (IGMPv2+), and the router stops delivering the stream to that interface after confirming no other subscribers remain. IGMPv3 adds Source-Specific Multicast (SSM) support, allowing hosts to specify which source address they want to receive from — preventing unwanted streams from other senders to the same group address.
PIM: multicast routing between routers
IGMP handles host-to-router signalling within a subnet. Between routers, multicast routing uses PIM (Protocol Independent Multicast). PIM is "protocol independent" because it leverages the existing unicast routing table to determine the reverse path toward a multicast source — it does not require a separate routing protocol. Two primary PIM modes exist:
- PIM Sparse Mode (PIM-SM): used when multicast subscribers are spread sparsely across the network. Traffic is pulled toward subscribers via Rendezvous Points (RPs) — designated routers that act as meeting points between sources and receivers.
- PIM Dense Mode (PIM-DM): floods multicast traffic everywhere and prunes branches that have no subscribers. Suitable only for dense subscriber distributions; generates excessive traffic on large networks.
Consumer routers do not run PIM. Multicast works within a single LAN segment but is blocked at the router boundary — which is why Chromecast and AirPlay devices must be on the same VLAN as the controlling device.
IGMP snooping on switches
Without IGMP snooping, a switch treats multicast traffic like broadcast and floods it to every port on the VLAN. On a network with high-bandwidth IPTV streams, this can saturate ports on devices that never requested the content. IGMP snooping enables the switch to listen to IGMP Join and Leave messages passing through it and build a table of which ports have active subscribers for each group. The switch then forwards multicast frames only to subscribed ports, significantly reducing unnecessary traffic. IGMP snooping is enabled by default on most managed switches and is essential in any IPTV or multicast-heavy deployment.
IPTV using multicast
IPTV (Internet Protocol Television) is one of the most common real-world multicast deployments. A cable or fibre provider assigns each TV channel a distinct multicast group address. The set-top box sends an IGMP Join for the channel the viewer selects; the provider's DSLAM or OLT delivers that single multicast stream to the subscriber's connection. Hundreds of channels are available simultaneously on the provider's network, but only the streams actively requested by subscribers are delivered to each access port. Without multicast, delivering live TV to thousands of simultaneous viewers would require a separate unicast stream per viewer per channel — an unsustainable bandwidth load.
Multicast on Wi-Fi
Wi-Fi handles multicast poorly. The 802.11 standard transmits multicast frames at the lowest mandatory data rate (typically 6 Mbps or 1 Mbps depending on the band) because there is no per-client acknowledgement mechanism for multicast. On a 5 GHz network where unicast clients connect at 300–1200 Mbps, a single multicast stream transmitted at 6 Mbps consumes a disproportionate share of airtime. Enterprise access points can convert multicast to unicast for known clients (multicast-to-unicast conversion), delivering the stream at each client's full negotiated rate — but this requires supported hardware and configuration. Home access points typically transmit multicast as broadcast, which creates airtime waste and can degrade overall Wi-Fi performance on busy networks.
Multicast DNS (mDNS)
mDNS (RFC 6762) enables zero-configuration service discovery within a local network without a DNS server. Devices send DNS-format queries to the multicast address 224.0.0.251 (IPv4) or ff02::fb (IPv6) on UDP port 5353. Any device that can answer the query responds directly — no central server required. mDNS powers Apple Bonjour (printer discovery, AirDrop, AirPlay), Avahi on Linux, and Chromecast device discovery. Because mDNS uses link-local multicast, it does not cross router boundaries — devices on different VLANs cannot discover each other via mDNS unless the router implements mDNS proxying or reflection.
Source-Specific Multicast (SSM)
Standard multicast (Any-Source Multicast, ASM) allows any source to send to a group address and any receiver to join it. Source-Specific Multicast (SSM, RFC 4607) uses the 232.0.0.0/8 address range and requires receivers to specify both the group address and the source IP they want to receive from. SSM eliminates the need for a Rendezvous Point and prevents unwanted sources from injecting traffic into a group — a significant security improvement. SSM is used in large-scale live video distribution where the source is known and fixed.
Multicast security concerns
Multicast carries security risks that unicast does not. An attacker on the same network segment can join any multicast group and receive all streams sent to that group — there is no per-subscriber authentication in standard multicast. An attacker can also send to a multicast group address and reach all subscribers, potentially for denial-of-service or data injection. On the public internet, most ISPs filter multicast at their borders to prevent multicast traffic from leaking between customers. Within enterprise networks, IGMP authentication, SSM, and access control lists on multicast group addresses are used to restrict who can join or send to sensitive groups.
Frequently Asked Questions
What is the difference between multicast, broadcast, and unicast?
Unicast is one-to-one. Broadcast reaches every device on a segment regardless of interest. Multicast reaches only subscribed hosts — routers duplicate the stream only at tree branch points where subscribers exist, making it efficient for one-to-many delivery at scale without the overhead of flooding every device.
What is IGMP and why does it matter?
IGMP is how hosts signal to their local router which multicast groups they want to join. Without IGMP, routers cannot know where to deliver multicast streams. IGMP snooping on switches lets them track subscriptions per port, preventing multicast from flooding every port on the LAN like broadcast would.
Why does my home router block multicast between VLANs?
Consumer routers do not run PIM multicast routing. Multicast works within a single LAN segment but is not forwarded across VLAN or subnet boundaries without explicit PIM configuration. Home routers handle mDNS locally (sometimes via mDNS proxy) but drop most other multicast at network boundaries.