Due to popular demand, we’re updating a classic 2014 blog by Sam Mitchell.
About Multicast in Cloud
In networking, multicast is the delivery of a message or information to a group of computers simultaneously in a single transmission from the source.
IP multicast is a technique for one-to-many communication over IP infrastructure in a network. Multicast uses network infrastructure efficiently by requiring the source to send a packet only once, even if it needs to be delivered to a large number of receivers.
The most common transport layer protocol to use multicast addressing is User Datagram Protocol (UDP). UDP multicast is widely deployed in enterprises, commercial stock exchanges, and multimedia content delivery networks.
Multicast has been used in data centers and private networks service discovery. Enterprise applications or clustering stacks use multicast to do things like service election and discovery. With more than 70% of workloads moving to cloud, multicast is a key feature for cloud enablement and hybrid cloud networks.
Why is multicast disabled in cloud?
Sending one source pack to every host in the network it very “chatty.” Multicast scales to a larger receiver population by not requiring prior knowledge of who or how many receivers there are. If you think about public cloud networks, you’re usually on a shared VLAN or LAN in a multi tenant environment.
AWS and other cloud providers block multicast and broadcast in the hypervisor (layer 2 network traffic). Cloud provider also use similar types of protocols to provide the cloud to you, the customer. Allowing a “chatty” protocol to span over the cloud network could have a serious impact on the performance of the cloud as a whole.
Rather than re-architect, use VNS3 to enable multicast in public cloud
Cloud users come to Cohesive Networks to help enable multicast applications in the cloud. You too can use a VNS3 Overlay Networks to create a completely encapsulated over-the-top network in the cloud.
VNS3 Overlay Network allows users to redistribute the normally blocked layer 2 network traffic through encapsulated tunnels managed by your VNS3 network appliance. This patented technique is similar to many of the “roll your own” solutions covered in the Internet KB. The main differences are that VNS3 increases performance through dynamic compression/LAN optimization. Plus, VNS3 adds more network features like encrypted router, switch, firewall, vpn concentrator, ADC, and UTM all in one software device.
VNS3 Overlay Network traffic moves through the cloud on UDP 1194. All traffic in the Overlay Networks is encrypted (don’t worry dynamic compression means most enterprise traffic gets the encryption benefit at zero performance cost) and encapsulated. As a result the cloud provider doesn’t block the traffic and VNS3 redistributes as appropriate.
3 Steps to enable multicast with VNS3 overlay:
Step 1 – Launch and Deploy VNS3 Controller
Your VNS3 controller acts as an encrypted switch for all Overlay Network traffic in the cloud, and acts as an encrypted router to address spaces available outside the Overlay Network via tunnels (GRE), VPNs (IPsec or SSL/TLS), routes (VPC/VNET peering, Direct Connect/ExpressRoute), and so on. VNS3 is available in the major cloud catalogs (try it now in AWS or Azure) .
Step 2 – Generate the VNS3 Overlay Network Clientpacks
To deploy the VNS3 Overlay Network, you will use VNS3 to create unique cryptographic X.509 credentials (called clientpacks). Your clientpacks are associated with a specific IP address inside the VNS3 Overlay Network space. This operation is as simple as selecting an Overlay Network address space and click Generate. VNS3 will do the heavy lifting (like key generation, address burn in, and configuration file creation). Next, you’ll distribute clientpacks to your cloud-based servers to build the overlay.
Step 3 – Connect cloud Servers to the Overlay Network
You can next distribute your clientpacks to your cloud-based servers, along with a SSL/TLS client (like OpenVPN). These clientpacks will allow the Overlay Network to pass/receive the multicast or broadcast packets. The SSL/TLS client process uses the clientpack to make an encrypted connection to the VNS3 Controller.
This process is similar to how a physical server connects to a switch using a CAT cable. VNS3 instead makes the connection via software (aka, it’s virtual) instead of in hardware. Overlay Network traffic then passes through the VNS3 encrypted switch.
Finally, you can use your VNS3 Controller to build site-to-site connections to complete a hybrid cloud deployment that leverages multicast and broadcast. Check out the diagram below for a hypothetical multicast deployment in AWS.
Bonuses from VNS3:
Testing – You can use your own application for testing but we can provide some simple python scripts for sending and receiving multicast messages.
Network Sniffer – You can use the VNS3 Network Sniffer from the Controller UI as a troubleshooting tool. You can monitor both the public IP network interface and the tun0 Overlay Network interface. See the FAQ on Network Sniffer
Sealed Overlay Network – You can choose to route all server traffic through the Overlay Network per the requirements of your use-case. To route all all client traffic through the VNS3 overlay, see this FAQ guide.
See our complete Setup and Configuration (PDF documentation) for more details on clientpacks , peering and configuring.