What is a broadcast storm?
Letâs first look at the official terminology: Broadcast storms simply refer to when broadcast data floods the network and cannot be processed, and occupies a large amount of network bandwidth, causing normal business to be unable to run, or even completely paralyzed. This is a âbroadcast stormâ. A data frame or packet is transmitted to each node on the local network segment (defined by the broadcast domain). Broadcasting is when a large number of broadcasts are replicated and spread within the network segment due to network topology design and connection problems, or other reasons, causing network performance to degrade or even paralyze the network. This is a broadcast storm.
Did you not understand? To be honest, faced with so many professional terms, I also donât quite understand them. What should I do? Donât worry, keep reading. I will give you a very simple example and you will understand. Letâs first look at what broadcasting is.
What is Broadcasting?
For example: Xiao Ming is a student in Class 3, Grade 5. Xiao Mingâs school has several thousand students. One day, the director of the teaching department wanted to find Xiao Ming for something urgent, but the director did not know which class Xiao Ming was in. What should he do? The director could only run to the teaching department to broadcast a notice, which said: âXiao Ming, Xiao Ming, the director of the teaching department has something urgent to do with you. Please come to the teaching department immediately after hearing the broadcast.â Please note that the broadcast is audible to all students in the school, but other students will not react after hearing the broadcast, because it is Xiao Ming who is being called, not them. Only Xiao Ming will react after hearing the broadcast, and will immediately run to the teaching department to find the director, âReport to the director, I am Xiao Ming from Class 3, Grade 5.â At this time, the director knows that Xiao Ming is a student in Class 3, Grade 5. Next time, if he needs to find Xiao Ming, he will not broadcast, but go directly to the classroom of Class 3, Grade 5 to find Xiao Ming. For Xiao Ming, Xiao Ming also knows that the directorâs office is in the teaching department, so if he needs to find the director, he will go directly to the teaching department.
Now you understand what broadcasting is. Letâs apply it to the network.
For example: If computer A (an ordinary computer) wants to access files on computer B (a file server), but computer A has never accessed files on computer B before, and does not know where computer B is located. This is the first time to access it. Computer A only knows the IP address or host name of computer B (equivalent to the above example, only knowing that the student is Xiao Ming). What should it do? At this time, computer A will send a broadcast data packet to all computers in the LAN. The data packet contains its own IP address or host name, MAC address (source MAC address), and the IP address (destination IP address) or host name of computer B (equivalent to the above example, telling all students that I am the director of the teaching department, I am now in the teaching department, and I have something to do with classmate Xiao Ming). This data packet will be received by all computers in the same network segment. However, other computers will usually discard the packet after receiving it, because this packet is not sent to themselves. Only computer B will return a data packet after receiving the packet. The data packet contains its own IP address, its own MAC address, the IP address of computer A, and the MAC address of computer A. When computer A receives the data packet returned by computer B, it can directly send request data to computer B to access the file. After receiving the request, computer B will also send the file directly to computer A, instead of broadcasting it to all computers in the LAN.
Now you understand how broadcasts are transmitted on the network. Now letâs talk about broadcast storms, which is very simple.
Back to the original topic, what is a broadcast storm?
In our own words, when there are too many devices in the local area network, and multiple computers happen to send broadcasts at the same time, the network is filled with data that cannot be processed, and a large amount of network bandwidth is occupied, resulting in the inability to run normal business, or even complete paralysis. This is what we call a broadcast storm. [Please note: in the network, any device can send broadcast data consciously (human operation) or unconsciously (computer background operation). This is different from the above example where the school can only send broadcasts in the teaching department].
How about it, now you understand what a broadcast storm is, if you still donât understand, let me give you another simple example.
A certain highway has four lanes, and the traffic flow is just enough to maintain normal operation under normal circumstances. But if it happens to be the National Day holiday, all the cars will be squeezed onto this highway. Since the width of the road is fixed, the result is predictable. It is bound to cause traffic congestion and traffic paralysis.
How to avoid broadcast storms?
After saying so much, I finally understand what a broadcast storm is. So how do we avoid a broadcast storm?
- Subnet
- Use VLAN (other VLANs are using subnets, but VLAN is more flexible and convenient, but the settings are also more complicated than dividing subnets)
How do broadcast storms form?
The cause of a broadcast storm is a âloopâ in the network.
So what is a âloopâ? In fact, this is easy to understand. Use a network cable to connect two ports of the same switch (provided that they are in the same broadcast domain) to form a loop. Of course, you can also use two network cables to connect two ports on two switches, as shown in the figure below, to form a loop.
There are many kinds of loop structures, but they all have one thing in common: the switch sends a broadcast packet out, which is then received from another interface of the switch in some form, and then the switch sends the broadcast packet out again, and the cycle continues in this way. This is a loop, or a broadcast storm.
Now letâs take an example to illustrate. There are four switches A, B, C, and D.
When A receives a broadcast packet, A will send it out in the form of flooding (broadcast), which means that B and C will receive the broadcast packet, and then B and C will send it out to C in the form of flooding. Then after C receives the broadcast packet, C will send the broadcast packet received from D to B, and then send the broadcast packet received by B to D. Then B and D will receive each otherâs broadcast packets, and then B will send the broadcast packet received from C to A, D will send the broadcast packet received from C to A, and then A will send the broadcast packet out again, and it will continue in an endless loop. Moreover, each time the switch receives and sends a broadcast packet, a new broadcast packet will be generated. This is the reason why we call a broadcast storm.
Further reading: Broadcast storms occur not only on switches, but also on routers.
What are the consequences of a broadcast storm?
After a broadcast storm occurs, the broadcast packets cannot be processed by network devices, which will cause the switch to use up its own bandwidth and system resources due to forwarding and receiving these broadcast packets. Then the broadcast domain where the broadcast storm is located will be filled with these broadcast packets, resulting in network interruption and business paralysis. It can be said that wherever the broadcast storm goes, no grass will grow.
Simulation experiment:
The experiment of simulating broadcast storm is very simple. You only need to build the topology according to the figure below, and then turn off the STP function of the two switches SW1 and SW2. Then use PC2 to ping an IP address at random (send a broadcast packet), and then the switch will receive the broadcast packet. The experiment of simulating broadcast storm is completed. We can use Wireshark to capture packets and capture a large number of broadcast packets. This is the scenario of broadcast storm.
The command is as follows:
- system-view
- [Huawei]undo stp enable (disable STP command)
- Warning: The global STP state will be changed. Continue? [Y/N] y (Press Y here)
STP needs to be disabled on both switches.
Simulation experiment diagram
This is a broadcast storm scenario simulated by the simulator. Nearly 8,000 broadcast packets were generated in less than half a minute. This was an environment simulated using only two switches and one terminal. The consequences of a broadcast storm in an actual environment can be imagined.
Broadcast Storm Scenario
The loop structure topology shown in the article above is widely used in actual environments. Why are these network structures still used even though broadcast storms may occur? Because these structures can effectively avoid âsingle point failureâ.
Ethernet is a network that supports broadcasting. Broadcast messages are sent to every corner of the network in the form of flooding to ensure that every device in the network can receive it. After receiving the broadcast message, each layer 2 device will resend the broadcast message to all interfaces except the receiving port. Once there is a loop in the Ethernet network, the repeatedly sent data will occupy a large amount of network resources in the form of flooding. This simple broadcast mechanism will lead to catastrophic consequences and affect the entire Ethernet or the broadcast domain.
When an Ethernet loop occurs, the following phenomena may occur:
A. This device cannot go online on the switch, and in serious cases it will interfere with the online access of other devices in the Ethernet.
B. The MAC address reporting on the network management system is abnormal.
C. When using the serial port to log in to the device, the operation is slow.
D. The computer CPU usage exceeds 70%.
E. There is severe packet loss when testing the network using the ping command.
F. The LAN interface indicator light on the device where a loop occurs flashes frequently.
G. After the device is deployed with loop detection, a loop alarm occurs on the device.
The common cause of this type of fault is a loop caused by incorrect device cable connection. Of course, there are also a few causes that are caused by a device in the Ethernet itself.