Multicast and Promiscuous Traffic

We use multicast for EH cache replication between multiple nodes.

But one day we had an issue that our PROD environment received data from some testing environments. And trouble shooting gave us a hard time on it as we don’t really understand how multicast working. We are using same port but different multicast group IP address on different address, so we had thought such setup should be safe enough to segregate different environment.

Somehow the data still come across boundaries. After digging into my networking class textbook and finally remembered how multicasting works.

The command Join Multicast Group is a layer 3 (network layer) protocol thus only cares about IP address. It will pass data around same multicast group so if one host join two multicast groups at same time the data may cross over between two multicast groups.

The UDP is at layer 4 (transport layer) and supposed to use both destination address (here it should be multicast group IP) and port for filtering. However, Java (we thought it’s java issue at this moment) couldn’t bind it to multicast group IP, so we only bound it any host which causing the issue as the code shown below.

We found a link which provides a small Java program to listening on Multicast group. The way of calling is quite similar to the code that has been used in EH Cache.

The interesting part is MulticastSocket s = new MulticastSocket(port);

It creates the socket to a given port but any host. This is understandable as most time in TCP you only care about traffic that comes to certain port, but not IP address if you have a host servicing both localhost and LAN. But for UDP, since it’s connectionless, the IP address is only used for filtering.

But if we try to bind MulticastSocket to both multicast group and port like below

When we run the code, java will complaint the IP is not available on the host. It expected a IP address that assigned to the host, which is for TCP case.

Finally we found out it’s actually an entry in Wikipedia and it has a term called Promiscuous Traffic. And also it mentions this is a Linux kernel issue. So we run above code which creates sockets binding to both IP and port on windows and no error given! The program actually is able to segregate two multicast groups. I also found the bug reported on Linux side but seems it was not properly treated.