Supplemental 57: Multicast Networking: IGMP, PIM and RPF

Author: Patrick Luan de Mattos
Category: network-l1
Level: Advanced
Generated: 2026-04-22T13:29:14.125Z

SUPPLEMENTAL CHAPTER: Serial 57

Multicast Networking: IGMP, PIM, and RPF – Efficiently Delivering Data to Groups

Advanced Networking Concepts for Scalable and Secure Data Distribution

In today's increasingly data-intensive world, the efficient delivery of information to multiple recipients simultaneously is paramount. While unicast (one-to-one) and broadcast (one-to-all) serve specific purposes, multicast networking emerges as the optimal solution for scenarios requiring one-to-many or many-to-many communication. This advanced chapter delves into the core protocols that power multicast, specifically focusing on Internet Group Management Protocol (IGMP), Protocol Independent Multicast (PIM), and the critical Reverse Path Forwarding (RPF) check. We will explore how these technologies enable scalable and efficient data distribution, and importantly, how understanding them contributes to a robust cybersecurity posture by illuminating potential vulnerabilities and mitigation strategies.

This chapter is designed for advanced networking professionals seeking a deep understanding of multicast. We will navigate the intricacies of multicast group addressing, the vital role of IGMP snooping in managing multicast traffic on Layer 2 networks, and the operational modes of PIM, including PIM-SM (Sparse Mode) and PIM-SSM (Source-Specific Multicast). Furthermore, we will demystify the concepts of Rendezvous Point (RP) election and the indispensable RPF check, a cornerstone of multicast security. While the primary focus is on the mechanics of multicast, we will also touch upon its implications for cybersecurity, particularly in understanding how multicast traffic can be exploited if not properly secured, and how protocols like PIM help prevent certain types of attacks.

1. The Power of Multicast: Efficient Group Communication

Multicast is a network addressing and delivery method that allows a single data stream to be sent to a group of interested recipients simultaneously. This is in stark contrast to unicast, where each recipient requires a separate data stream, or broadcast, where data is sent to every device on a network segment, regardless of interest.

Key Advantages of Multicast:

• Bandwidth Efficiency: Reduces network congestion by sending a single copy of data to multiple destinations.
• Reduced Server Load: Servers don't need to manage individual connections for each recipient.
• Scalability: Easily scales to accommodate a large number of receivers.

Multicast Group Addressing:

Multicast uses a special range of IP addresses, known as Class D addresses, which span from 224.0.0.0 to 239.255.255.255. These addresses are not assigned to specific hosts but rather represent multicast groups. Devices that wish to receive traffic destined for a particular multicast group "join" that group.

• Well-Known Multicast Addresses (224.0.0.0 to 224.0.0.255): Reserved for specific protocols and applications (e.g., 224.0.0.1 for all hosts on the local network, 224.0.0.2 for all routers).
• Administratively Scoped Multicast Addresses (239.0.0.0 to 239.255.255.255): Can be used within an organization's private network without conflicting with global multicast traffic.

Example Scenario: Imagine a live video streaming event. Instead of sending individual streams to thousands of viewers (unicast), or flooding the network with a broadcast, a single multicast stream is sent to a specific multicast group. Viewers interested in the stream join that group, and their routers and switches efficiently deliver the single stream to them.

2. IGMP: The Language of Multicast Group Membership

Internet Group Management Protocol (IGMP) is the cornerstone of multicast communication on IP networks. It is used by hosts (end devices) to inform their local multicast routers about their interest in joining or leaving specific multicast groups. IGMP operates between hosts and their directly connected multicast routers.

IGMP Versions:

• IGMPv1 (RFC 1112): Basic functionality, primarily using "Membership Query" and "Membership Report" messages. Hosts report membership when queried.
• IGMPv2 (RFC 2236): Introduces "Leave Group" messages, allowing routers to quickly remove inactive hosts, thus reducing unnecessary traffic. Also introduces "Query Other Router" to find the multicast router responsible for a subnet.
• IGMPv3 (RFC 3376): The most advanced version, enabling Source-Specific Multicast (SSM). Hosts can specify not only which groups they want to join but also which specific sources they want to receive traffic from within those groups. This significantly enhances efficiency and security.

IGMP Operations:

1. Host Joins a Group: When an application on a host wants to receive multicast traffic for a specific group, it sends an IGMP Membership Report message to the multicast router on its subnet.
2. Router Queries for Group Membership: Multicast routers periodically send IGMP Membership Query messages to all hosts on their subnet to discover which groups have active members.
3. Host Reports Membership: Hosts that are members of a queried group respond with an IGMP Membership Report. To reduce redundant reports, hosts typically use IGMP Querier Election and Report Suppression. When multiple hosts are on the same subnet, only one host needs to respond to a general query.
4. Host Leaves a Group: When an application on a host no longer needs to receive multicast traffic for a group, it can send an IGMP Leave Group message (IGMPv2 and v3). This informs the router that no more members exist for that group on that subnet, allowing the router to stop forwarding traffic for that group to that subnet.

ASCII Topology Diagram (IGMP):

+-----------+       +--------------------+       +--------------+
|   Host A  |------>| Multicast Router 1 |------>| Multicast    |
| (Group X) |       | (IGMP Querier)     |       | Stream Source|
+-----------+       +--------------------+       +--------------+
     ^                       ^
     | (IGMP Report)         | (IGMP Query)
     |                       |
+-----------+       +--------------------+
|   Host B  |------>| Multicast Router 1 |
| (Group X) |       |                    |
+-----------+       +--------------------+

In this simplified diagram, Host A and Host B are interested in Group X. They send IGMP Membership Reports to Multicast Router 1. The router periodically sends IGMP Queries to discover active group members. If a source sends traffic to Group X, Multicast Router 1 will forward it to the subnet containing Host A and Host B.

3. IGMP Snooping: Intelligent Multicast Traffic Management on Switches

While IGMP is crucial for host-to-router communication, it doesn't directly address how Layer 2 switches handle multicast traffic. Without intervention, switches would flood multicast traffic out of all ports, negating the efficiency benefits. IGMP Snooping is a Layer 2 switch feature that listens to IGMP messages exchanged between hosts and multicast routers. By doing so, switches can build a forwarding table that maps multicast groups to specific switch ports.

How IGMP Snooping Works:

1. Listen to IGMP: The switch monitors IGMPv1, v2, or v3 messages passing between hosts and the multicast router.
2. Build Multicast Forwarding Table:
   • When a host sends an IGMP Membership Report for a group, the switch records the port where the report originated.
   • When a multicast router sends an IGMP Query, the switch notes which ports have hosts that respond.
   • When a host sends an IGMP Leave Group message, the switch removes that port from the forwarding table for that group.
3. Intelligent Forwarding: When multicast traffic for a specific group arrives at the switch, the switch consults its multicast forwarding table. It then forwards the traffic only to the ports that have active members of that group, or to the multicast router port if there are no directly connected members but the router needs to receive the traffic.

Benefits of IGMP Snooping:

• Reduced Network Congestion: Prevents unnecessary flooding of multicast traffic on the LAN.
• Improved Performance: Hosts only receive multicast traffic they are interested in.
• Enhanced Security: Limits the exposure of multicast traffic to only interested parties.

ASCII Topology Diagram (IGMP Snooping):

+-----------+       +--------------------+       +--------------------+
|   Host A  |------>|  L2 Switch (Snooping)|------>| Multicast Router 1 |
| (Group X) |       |                    |       | (IGMP Querier)     |
+-----------+       +--------------------+       +--------------------+
     ^                       |                       ^
     | (IGMP Report)         | (IGMP Traffic for X)  | (IGMP Query)
     |                       |                       |
+-----------+       +--------------------+       +--------------+
|   Host B  |------>|  L2 Switch (Snooping)|------>| Multicast    |
| (Group X) |       |                    |       | Stream Source|
+-----------+       +--------------------+       +--------------+

In this scenario, the switch, using IGMP snooping, learns that Host A and Host B are interested in Group X. When multicast traffic for Group X arrives, the switch forwards it only to the ports connected to Host A and Host B, and to the multicast router if necessary. If Host C (not shown) was not interested in Group X, it would not receive this traffic.

CLI Configuration Snippet (Cisco IOS):

! Enable IGMP snooping globally
ip igmp snooping

! Enable IGMP snooping on a specific VLAN
ip igmp snooping vlan 10

! Enable multicast router port detection (e.g., using PIM)
ip igmp snooping mrouter interface GigabitEthernet0/1

! Enable IGMP fast leave (to immediately remove ports when a leave is detected)
ip igmp snooping fast-leave vlan 10

4. Protocol Independent Multicast (PIM): The Multicast Routing Protocol

While IGMP manages group membership at the host-router interface, Protocol Independent Multicast (PIM) is responsible for building and maintaining multicast distribution trees across routers in an IP network. PIM is "protocol independent" because it doesn't rely on a specific unicast routing protocol; it leverages the existing unicast routing table to make forwarding decisions.

PIM has two primary modes:

4.1. PIM-Sparse Mode (PIM-SM)

PIM-SM is the most common mode of PIM. It is designed for networks where multicast traffic is not ubiquitous, meaning not all subnets are interested in all multicast groups. PIM-SM uses a Rendezvous Point (RP) as a central point for receivers to find multicast sources.

Key Concepts in PIM-SM:

• Rendezvous Point (RP): A designated router that acts as a meeting point for sources and receivers. Sources send their multicast traffic to the RP, and receivers register with the RP to receive traffic from sources.
• Rendezvous Tree (RPT): A shared tree rooted at the RP. All sources initially send traffic down the RPT to the RP, and receivers join the RPT to receive this traffic.
• Shortest Path Tree (SPT): Once a receiver has received traffic from a source via the RPT, it can optionally switch to receiving traffic directly from the source via an SPT. This is more efficient as it bypasses the RP.
• Join Messages: Receivers send PIM Join messages towards the RP to join the RPT.
• Register Messages: Sources send PIM Register messages encapsulated in unicast IP packets to the RP. The RP then decapsulates the multicast traffic and forwards it down the RPT.
• Assert Mechanism: If multiple paths exist to a destination, PIM uses an assert mechanism to ensure that only one router forwards multicast traffic onto a given segment.

PIM-SM Operation Flow:

1. Source Registration: A multicast source sends traffic to a multicast group. The first packet from the source to a specific group triggers a PIM Register message from the source's first-hop router to the RP.
2. RP Receives Registration: The RP receives the encapsulated multicast traffic. It then creates a multicast forwarding entry (S,G) and sends a PIM Join message back towards the source to build the SPT.
3. Receiver Joins: A receiver interested in the group sends an IGMP Membership Report to its local router. This router then sends a PIM Join message towards the RP to join the RPT for that group.
4. Traffic Flow:
   • Initially, traffic flows from the source to the RP via the RPT, and from the RP to the receiver via the RPT.
   • Once the receiver has traffic from the source, its router can initiate a switch to the SPT. It sends a PIM Join message directly towards the source.
   • The multicast source's upstream router receives this Join and sends a unicast PIM Register message towards the source.
   • Now, traffic flows directly from the source to the receiver via the SPT, bypassing the RP for that specific source-receiver pair.

ASCII Topology Diagram (PIM-SM):

+--------------------+       +--------------------+       +--------------------+
| Multicast Source A |------>| Router S1 (RP)     |<------| Router R1 (Host B) |
| (Group X)          |       | (RP for Group X)   |       | (IGMP/PIM Join)    |
+--------------------+       +---------+----------+       +--------------------+
                                       | (RPT)
                                       |
                                       v
                                +--------------------+
                                | Router S2          |
                                | (Source A's Upstream)|
                                +--------------------+

In this diagram, Source A sends traffic to Group X. Router S1 is the RP. Router R1 has Host B, which wants to join Group X.

• Initially, Source A's traffic is encapsulated and sent to R1 (the RP).
• R1 forwards this traffic to Host B via the RPT.
• Host B's router (R1) then sends a PIM Join towards Source A to establish an SPT.

RP Election:

Since the RP is a critical component, its availability and location are crucial. RPs can be configured statically, or dynamically elected using protocols like:

• Auto-RP: A Cisco proprietary protocol where routers advertise RP information.
• BSR (Bootstrap Router): An open-standard protocol (part of PIM) where routers elect a BSR that collects RP information and distributes it to other routers.

CLI Configuration Snippet (Cisco IOS - Static RP):

! Configure the RP address for a specific group range
ip pim rp-address 192.168.1.1 group-list 224.0.0.0/4

4.2. PIM-Source-Specific Multicast (PIM-SSM)

PIM-SSM is an evolution of PIM that simplifies multicast deployment by eliminating the need for an RP. In SSM, receivers explicitly specify the multicast source they wish to receive traffic from. This is achieved by using a special range of multicast addresses: 232.0.0.0 to 232.255.255.255.

Key Concepts in PIM-SSM:

• Source-Specific: Receivers join a specific (Source Address, Group Address) pair.
• No RP Required: Eliminates the complexity of RP configuration and election.
• IGMPv3 Required: Hosts must use IGMPv3 to specify source-specific group membership.
• Direct SPT Construction: Receivers' routers directly build SPTs towards the specified sources.

PIM-SSM Operation Flow:

1. Host Joins Source-Specific Group: A host using IGMPv3 specifies both the group address (e.g., 232.1.1.1) and the source address (e.g., 10.1.1.5) it wants to receive.
2. Router Builds SPT: The host's multicast router receives the IGMPv3 report and immediately sends a PIM Join message towards the specified source address.
3. Traffic Flow: Multicast traffic flows directly from the source to the receiver via the SPT.

Benefits of PIM-SSM:

• Simplicity: No RP configuration or maintenance.
• Scalability: Highly scalable as it avoids the bottleneck of an RP.
• Security: Reduces the attack surface associated with RP vulnerabilities.

ASCII Topology Diagram (PIM-SSM):

+--------------------+       +--------------------+       +--------------------+
| Multicast Source A |------>| Router S1          |------>| Router R1 (Host B) |
| (Group 232.1.1.1)  |       | (SPT toward Source A)|       | (IGMPv3 Join)      |
+--------------------+       +--------------------+       +--------------------+

Here, Host B wants to receive traffic from Source A for group 232.1.1.1. Router R1, upon receiving the IGMPv3 report, directly establishes a path (SPT) towards Source A.

CLI Configuration Snippet (Cisco IOS - Enabling SSM):

! Enable SSM mapping for a specific group range
ip pim ssm range 232.0.0.0/8

5. Reverse Path Forwarding (RPF) Check: A Crucial Security Mechanism

The Reverse Path Forwarding (RPF) check is a critical security feature in multicast routing. Its primary purpose is to prevent IP spoofing and routing loops by ensuring that multicast traffic is received on an interface from which it would be forwarded back towards the source.

How RPF Check Works:

When a multicast router receives a multicast packet, it performs the following steps:

1. Identify the Source IP Address: The router examines the source IP address of the incoming packet.
2. Consult the Unicast Routing Table: The router performs a unicast lookup for the source IP address in its unicast routing table. This lookup determines the unicast next-hop and the incoming interface that the router would use to reach that source.
3. Compare Incoming Interface with Unicast Next-Hop Interface:
   • Strict Mode: The RPF check passes only if the interface on which the multicast packet arrived is the exact same interface that the router would use to reach the source IP address according to the unicast routing table.
   • Loose Mode: The RPF check passes if the interface on which the multicast packet arrived is in the same subnet as the interface the router would use to reach the source IP address. Loose mode is less secure and generally not recommended for multicast.

RPF Failure: If the RPF check fails (i.e., the incoming interface does not match the expected interface for reaching the source), the multicast packet is typically dropped. This prevents packets that are not coming from their legitimate source path from being forwarded.

Benefits of RPF Check:

• Prevents IP Spoofing: Malicious actors cannot easily inject forged multicast traffic into the network by simply crafting packets with arbitrary source addresses.
• Detects Routing Loops: Helps identify and prevent multicast traffic from circulating indefinitely within the network due to routing misconfigurations.
• Enhances Network Stability: Contributes to the overall reliability and security of the multicast infrastructure.

ASCII Topology Diagram (RPF Check):

+--------------------+       +--------------------+       +--------------------+
| Multicast Source A |------>| Router S1          |------>| Router R2 (RPF Check)|
| (IP: 10.1.1.1)     |       | (Unicast route to  |       | (Incoming from Eth0)|
+--------------------+       | 10.1.1.1 is via Eth1)|       +--------------------+
                               +--------------------+              |
                                                                   | (Packet from Eth0)
                                                                   v
                                                         Unicast Routing Table for 10.1.1.1:
                                                         Next-hop: 192.168.1.2
                                                         Interface: Eth1

In this scenario, Router R2 receives a multicast packet with Source IP 10.1.1.1 on its Ethernet0 (Eth0) interface. Router R2 consults its unicast routing table and finds that to reach 10.1.1.1, it should use Ethernet1 (Eth1). Since Eth0 (incoming) does not match Eth1 (unicast next-hop), the RPF check fails, and the packet is dropped.

CLI Configuration Snippet (Cisco IOS - Enabling RPF Check):

PIM typically enables RPF checks by default. You can explicitly configure the mode:

! Enable PIM Sparse Mode on an interface
interface GigabitEthernet0/0
 ip pim sparse-mode
 ip rpf-check strict  ! Explicitly configure strict mode (default)
! or
 ip rpf-check loose   ! Configure loose mode (less secure)

Security Analysis and Implications:

• RPF as a Defense: The RPF check is a fundamental defense against IP spoofing attacks that attempt to inject malicious multicast traffic. By ensuring traffic arrives on the expected interface, it significantly hinders such attacks.
• Exploiting Multicast: While PIM and RPF enhance security, misconfigurations can still lead to vulnerabilities. For instance, an attacker might try to exploit a poorly configured RP in PIM-SM or attempt to bypass RPF checks if they are not strictly enforced.
• Denial-of-Service (DoS) Attacks: Flooding a network with illegitimate multicast traffic, especially if RPF checks are weak or absent, can overwhelm routers and switches, leading to a DoS.
• CVEs and Multicast: While specific CVEs directly targeting the core IGMP or PIM protocols are less common than application-level vulnerabilities, vulnerabilities in the implementation of these protocols on network devices can arise. For example, a buffer overflow in a router's PIM packet processing could lead to instability or denial of service. Such vulnerabilities might be associated with specific vendor devices and disclosed as CVEs. The search for "zerosday" or specific CVEs like "cve-2026-5281 exploit" or "cve-2026-5281 poc" could potentially relate to network device vulnerabilities, including those that might impact multicast forwarding or security mechanisms like RPF checks. While this chapter doesn't detail specific CVEs or exploits, understanding the underlying protocols is crucial for network administrators to identify and patch vulnerable systems.
• Anthropic Code Leak and AI: Queries like "anthropic code leak" or "claude code vulnerability" point to concerns around AI code generation and potential security flaws. While not directly related to multicast protocols, this highlights a broader trend in cybersecurity where vulnerabilities can emerge from complex software systems. Network security professionals must be aware of such developments as they can influence the overall attack surface.

6. Troubleshooting Multicast Networking

Diagnosing multicast issues can be challenging due to the distributed nature of group membership and routing. Here's a guide to common problems and troubleshooting steps:

Common Issues and Solutions:

1. Hosts Not Receiving Multicast Traffic:

   • Check IGMP:
     • Host Side: Verify the application is correctly configured to join the multicast group. Use packet capture (e.g., Wireshark) on the host to see if IGMP Membership Reports are being sent.
     • Router Side: Use show ip igmp groups (Cisco) or equivalent commands to check if the router sees the host's membership. Ensure IGMP is enabled on the interface.
   • Check Switches (IGMP Snooping):
     • Verify IGMP snooping is enabled on the relevant VLAN.
     • Check the switch's multicast forwarding table (show ip igmp snooping groups on Cisco). Ensure the host's port is listed for the group.
     • Confirm multicast router ports are correctly identified.
   • Check PIM:
     • Verify PIM is enabled on the router interfaces.
     • If using PIM-SM, check RP reachability and configuration. Use show ip pim rp mapping and show ip pim neighbor.
     • If using PIM-SSM, verify SSM range configuration.
   • Check RPF:
     • Ensure RPF checks are enabled and configured correctly (usually strict mode).
     • Verify unicast routing is correctly populating the routing table for source addresses.

2. Excessive Multicast Traffic (Flooding):

   • IGMP Snooping Misconfiguration: The most common cause. Ensure snooping is enabled and correctly configured on switches.
   • No IGMP Snooping: If snooping is not enabled, switches will flood traffic.
   • RPF Failure on Routers: If RPF checks are failing, routers might forward illegitimate traffic.

3. RPF Failures:

   • Unicast Routing Issues: The router cannot find a valid unicast route to the multicast source. Check the unicast routing table (show ip route <source_ip>).
   • RPF Mode Mismatch: Using strict mode when the network topology doesn't strictly support it (e.g., multiple equal-cost paths to the source). Consider loose mode if absolutely necessary, but understand the security implications.
   • Asymmetric Routing: Traffic to the source takes a different path than traffic from the source.

Useful Commands (Cisco IOS Example):

• show ip igmp groups: Displays IGMP groups known to the router.
• show ip igmp snooping groups: Displays IGMP snooping groups learned by the switch.
• show ip pim neighbor: Shows PIM neighbors.
• show ip pim rp mapping: Shows RP mapping information.
• show ip pim interface: Shows PIM-enabled interfaces.
• show ip rpf <source_ip>: Shows the RPF information for a given source IP.
• debug ip igmp: Enables IGMP debugging.
• debug ip pim: Enables PIM debugging.
• debug ip igmp snooping: Enables IGMP snooping debugging.
• Packet Captures: Using Wireshark on hosts or SPAN ports on switches to analyze IGMP, PIM, and multicast data packets.

7. Exercises

1. Multicast Group Exploration:

   • Identify three common multicast group addresses used for network services (e.g., OSPF, DHCPv6) and research their purpose.
   • Explain the difference between a well-known multicast address and an administratively scoped multicast address.

2. IGMPv1 vs. IGMPv2 vs. IGMPv3:

   • Compare and contrast the key features of IGMPv1, IGMPv2, and IGMPv3.
   • Why is IGMPv3 essential for PIM-SSM?

3. IGMP Snooping Simulation:

   • Set up a simple GNS3 or Cisco Packet Tracer lab with two hosts, a switch, and a multicast router.
   • Configure one host to join a multicast group. Observe the multicast traffic flow without IGMP snooping and then with IGMP snooping enabled on the switch. Document the differences.

4. PIM-SM RP Configuration:

   • In a simulated network, configure a static RP for a specific multicast group range.
   • Configure a multicast source and a receiver. Verify that traffic flows from the source to the receiver via the RP.

5. PIM-SSM Implementation:

   • Configure PIM-SSM on your simulated network.
   • Configure a host to join a source-specific multicast group.
   • Verify that traffic flows directly from the source to the receiver, bypassing any RP.

6. RPF Check Analysis:

   • Configure a scenario where a router receives a multicast packet with a spoofed source IP address that does not match its unicast routing table.
   • Observe the RPF check failure and packet drop.
   • Modify the unicast routing table to make the RPF check pass. What changes?

7. Troubleshooting a Multicast Delivery Failure:

   • Introduce a misconfiguration in your simulated lab (e.g., disable IGMP on an interface, misconfigure PIM on a router, or introduce an RPF failure).
   • Use the troubleshooting commands and techniques discussed to diagnose and resolve the issue.

8. Security Vulnerability Discussion (Hypothetical):

   • Imagine a scenario where a CVE is discovered related to a buffer overflow in a router's PIM packet handling, potentially allowing for DoS.
   • Discuss how network administrators would typically respond to such a vulnerability (e.g., vendor patches, configuration changes, traffic filtering). Relate this to the importance of keeping network devices updated.

9. Multicast in Real-World Applications:

   • Research and describe how multicast is used in at least two real-world applications (e.g., IPTV, financial data distribution, online gaming).
   • Explain how IGMP, PIM, and RPF contribute to the efficiency and security of these applications.

10. Advanced RPF Scenarios:

    • Explore the implications of asymmetric routing on RPF checks. How might this affect multicast traffic forwarding?
    • Research the concept of "RPF Multicast Tunneling" and its use cases.

Conclusion

Multicast networking, powered by IGMP, PIM, and robust RPF checks, offers a highly efficient and scalable method for delivering data to multiple recipients. Understanding the nuances of IGMP group management, the operational modes of PIM-SM and PIM-SSM, and the critical security role of RPF is essential for designing, deploying, and securing modern networks. As the volume and complexity of network traffic continue to grow, mastering these advanced multicast concepts will be increasingly vital for network professionals aiming to optimize performance, conserve bandwidth, and fortify their networks against potential threats. The ongoing evolution of network security, including the exploration of vulnerabilities in complex systems and the importance of vendor-issued patches, underscores the continuous need for vigilance and deep protocol understanding in the cybersecurity landscape.

This chapter is part of the "From Zero to Network Doctor" open textbook series. All examples are educational and use safe, lab-only environments.