Concepts of unicast, multicast, broadcast, multicast, and pan-broadcast are differentiated
Source: Internet
Author: User
Assume that X represents all machines, Y represents some machines in X, Z represents a group of machines, and 1 represents a machine.
Is unicast;
1: Y is multicast;
1: X is broadcast;
1: Z is multicast;
When Y = x, multicasting means broadcasting; y = z multicast means multicast;
Wildcard playback is also called arbitrary playback. It refers to the communication between the nearest receivers in the topology of any sender in a group.
Multicast refers to a communication that a single sender corresponds to a group of selected receivers.
1. What is multicast? 1. multicast features
1) What is multicast?
Multicast is a data packet transmission method. When multiple hosts become the receiver of a data packet at the same time, multicast becomes the best choice for bandwidth and CPU load.
2) How does multicast work?
Multicast uses the Class D address of 224.0.0.0-239.255.255.255 as the destination address. One source host sends a packet whose destination address is the multicast address of the above range. In the network, if other hosts are interested in the packets in this group, you can apply to join the group and accept the group, others who are not members of this group cannot receive packets from this group.
3) What is the difference between multicast and unicast?
In order for multiple hosts in the network to receive the same message at the same time, if the single-play method is adopted, the source host must continuously generate multiple identical messages for sending, for latency-sensitive data, the second data packet is generated when multiple identical data packets are generated on the source host, which is usually intolerable. It is also a huge burden for a host to continuously generate a message. If multicast is used, the source host can send only one message to reach each host that needs to be accepted. This is also dependent on the maintenance and selection of the relationship between the vro and the group members.
4) What is the difference between multicast and broadcast?
As in the preceding example, when multiple hosts want to receive the same message, broadcast transmits the message to each host in the LAN regardless of whether the host is interested in the message. This will cause a waste of bandwidth and host resources. Multicast has a set of mechanisms for maintaining the relationship between Members and groups, so that you can clearly know whether hosts in a subnet are interested in such multicast packets, if no packet is sent, the upstream router is notified not to forward the packet to the downstream router.
2. disadvantages of Multicast:
1) Compared with the unicast protocol, there is no error correction mechanism and it is difficult to make up for packet loss errors, but it can be compensated through a certain Fault Tolerance Mechanism and QoS.
2) Although the current network supports multicast transmission, it still needs to be improved in terms of customer authentication and QoS. These shortcomings have mature solutions theoretically, it only needs to be gradually applied to existing networks.
Ii. unicast: 1. unicast Definition
One-to-one communication mode between hosts. vswitches and routers in the network only forward data and do not copy the data. If 10 clients need the same data, the server needs to transmit the data one by one and repeat the same work for 10 times. However, because it can respond to each customer in a timely manner, all current web browsing uses the IP Unicast protocol. Vrouters and vswitches in the network select a transmission path based on the target address, and transmit the IP Unicast data to the specified destination.
2. Advantages of unicast:
1) the server responds to client requests in a timely manner
2) The server can easily implement personalized services by sending inaccessible data for requests from each customer.
3. disadvantages of unicast:
1) the server sends data streams to each client. The server traffic is equal to the number of clients × client traffic. The server is overwhelmed in streaming media applications with a large number of customers and high traffic per client.
2) the existing network bandwidth is a pyramid structure, and the inter-city backbone bandwidth is only equivalent to 5% of the total bandwidth of all its users. If all the unicast protocols are used, the network trunk will be overwhelmed. Now, P2P applications have frequently congested the trunk. As long as 5% of customers use the network at full speed, no one else needs to play. It is almost impossible to expand the trunk by 20 times.
3. Broadcast 1. Definition of Broadcast
One-to-all communication mode between hosts. The network copies and forwards signals from each host unconditionally, all Hosts can receive all the information (whether or not you need it). Because you do not need to select a path, the network cost can be very low. A cable TV network is a typical broadcast network. Our TV actually receives signals from all channels, but only restores signals from one channel to a screen. Broadcast is also allowed in the data network, but it is restricted within the LAN of a layer-2 switch. Broadcast Data is prohibited from passing through the router to prevent broadcast data from affecting hosts in a large area.
2. Advantages of broadcast:
1) simple network equipment, simple maintenance, and low network deployment cost
2) because the server does not need to send data to each client separately, the server traffic load is extremely low.
3. disadvantages of broadcast:
1) unable to provide personalized services in a timely manner based on the requirements and time of each customer.
2) The network allows the server to provide data with limited bandwidth. The maximum bandwidth of the client = the total bandwidth of the service. For example, the cable TV client line supports 100 channels (IF digital compression technology is used, 500 channels can be provided theoretically ), even if the service provider has more financial resources to configure more sending devices and change them to the fiber trunk, the limit cannot be exceeded. That is to say, it is impossible to provide more diversified and personalized services to many customers.
3) broadcast cannot be transmitted over the Internet broadband network.
Iv. Multicasting 1. Definition of Multicast
"Multicast" can be understood as a person talking to multiple people (but not all people present), which can improve the call efficiency. If you want to notify a specific person of the same thing, but do not want others to know, It is very troublesome to use the phone to notify one by one. Instead, you can use the speakers of daily life to broadcast notifications, the goal of notifying individual users is not achieved. In this case, "multicasting" is very convenient and convenient, but there are very few multicast devices in real life. Multicast includes multicast and broadcast. multicast is a form of multicast.
2. multicast features
Broadcast and multicast are only used in UDP. They are very important for applications that need to transmit packets to multiple receivers at the same time. TCP is a connection-oriented protocol, which means there is a connection between two processes (identified by the port number) running on two hosts (determined by the IP address.
Consider the shared channel networks that contain multiple hosts, such as Ethernet. Each Ethernet frame contains the ethernet address (48 bit) of the source host and the target host ). Generally, each Ethernet frame is sent only to a single destination host. The destination address specifies a single receiving interface, which is called unicast ). In this way, the communication between any two hosts does not interfere with other hosts in the network (except in the case of competition for shared channels ). However, sometimes a host sends frames to all other hosts on the Internet, which is broadcast. You can see this process through ARP and RARP. Multicast (Multicast) is between unicast and broadcast: frames are transmitted only to multiple hosts in multicast groups.
V. Pan Hong 1. Definition of pan-flood
There is a concept on a Cisco device called flooding. If you have a learning device, I will compare it here. For example, if there is an information package coming in from a port of our switch, he wants to find the quality. If there is no address in advance, he will send a message to each port, including himself, to verify whether the address is the other party. Therefore, the vswitch cannot shield the broadcast and the vro can, because it has the memory function, it can form a route table. In the case of flooding on the device, he meant to remove himself from all ports. Everyone wrote down these two concepts. the concept of broadcast address on our IP Address: the IP address is composed of two hexadecimal notation. When all is a temporary IP address, it indicates the broadcast address. The broadcast address host is 1. If the host is all 0, the network segment represents a network.
2. Network Flooding
In terms of definition, a flood attack occurs when attackers send excessive data to network resources. The network resources can be router, switch, host, and application. Common flood attacks include Mac flood, network flood, tcp syn flood, and application flood. Next, let's briefly explain the above:
1) MAC flooding occurs on the second layer of OSI. attackers enter the LAN and send data frames to the pseudo-source MAC address and target MAC address to the Ethernet, resulting in vswitch content addressable memory (CAM) if the bandwidth is full, then the switch loses the forwarding function. As a result, attackers can sniff some frames on a shared-bandwidth Ethernet. This type of attack can be achieved through port security technology, such as port and MAC Address binding.
2) Network Flooding includes Smurf and DDoS:
Smurf occurs on the OSI Layer 3, that is, counterfeit ICMP broadcast ping. If the router does not disable targeted broadcast, attackers can send targeted broadcast ping to other networks in a certain network, the more hosts in that network, the more serious the results will be, because each host will respond to this ping by default, resulting in excessive link traffic and DOS, which is a flood attack, of course, you can also send a broadcast ping to the network.
3) DDoS occurs on Layer 3 and Layer 4 of OSI, which intrude into many systems on the internet, install the DDoS control software, and then these systems infect other systems. Through these agents, attackers send attack commands to DDoS control software, and then the system controls the following proxy system to send a large amount of fake network traffic to a specific IP address, then, the attacker's network will be occupied by these fake traffic and cannot provide services to their normal users.
4) the flood of tcp syn occurs on the fourth layer of OSI. This method utilizes the characteristics of the TCP protocol, that is, three handshakes. The attacker sends tcp syn, which is the first packet in the TCP three-way handshake. When the server returns ACK, the attacker will not confirm the packet, and the TCP connection will be suspended, that is, the so-called semi-connection status. If the server fails to receive the request, the server will repeatedly send ACK to the attacker. This will waste more resources on the server. Attackers can send a large number of such TCP connections to the server. because each of them cannot complete three handshakes, these TCP connections consume CPU and memory because they are suspended, in the end, the server may crash and cannot provide services for normal users.
5) At last, application flooding occurs at Layer 7 of OSI to consume application or system resources. What are common application flooding attacks? Yes, it is spam, But it generally cannot produce serious results. Other types of application flood attacks may be caused by continuous running of High-CPU-consuming programs on servers or flood attacks on servers with continuous authentication requests, this means that after the TCP connection is complete, the response is stopped when the server prompts you to enter the password.
Conflict domain (physical segment): a collection of All workstations connected to the same wire, or a collection of all nodes on the same physical network segment or nodes competing for the same bandwidth over Ethernet. That is to say, all nodes connected with hub or repeater can be considered to be in the same conflicting domain and will not be divided into conflicting domains. Because the broadcast domain is regarded as the L2 concept in OSI, nodes connected to the L2 device, such as the hub and switch, are considered to be in the same broadcast domain.
Collision domain: A group of devices connected to the same physical medium. Any two devices accessing the media at the same time may cause a conflict, only one machine in a conflicting domain can send data at a time.
Broadcast domain: A group of devices in the network that receive broadcast messages from each other.
The first layer of a device, such as a hub, is connected to all devices in the same conflict domain and broadcast domain;
Layer 2 devices, such as switches and bridges, divide the network into multiple network segments. Each network segment is an independent conflict domain, but all connected devices are a broadcast domain, each port of a vswitch is a conflict domain;
A layer-3 device, such as a router, divides the network into multiple conflict domains and broadcast domains.
Ethernet uses the carrier sense multi-access/collision detection technology to reduce conflicts.
That is, the range of Two-layer broadcast frames is the broadcast domain, and the range of Two-layer unicast frames is the conflict domain.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.