Broadcast storm

Schematic representation of a broadcast storm

A broadcast storm is the strong accumulation of broadcast and multicast traffic in a computer network . At the end of a broadcast storm, new network connections cannot be established and existing connections may be disrupted. Particularly in large broadcast domains , a broadcast storm can cause the network response time to increase dramatically due to a snowball effect.

causes

The most common cause is redundant cabling with two or more uplinks between two switches . In such a case, broadcasts and multicasts are forwarded to all ports with the exception of the port from which the data traffic came. This creates a loop and the switches forward the broadcasts from the other switch. In addition, a broadcast storm may e.g. B. can also be triggered by denial-of-service attacks (such as the Smurf attack or the Fraggle attack ) or by a faulty network card.

Countermeasures

• Shortest Path Bridging and Spanning Tree Protocol are useful for managing loops between switches. In metropolitan networks, broadcast storms are prevented by Ethernet Automatic Protection Switching (EAPS) .
• Filtering of broadcasts by layer 3 devices, normally by routers , sometimes also by BRouters .
• Physical segmentation of a broadcast domain by routers or layer 3 switches .
• Logical segmentation of a broadcast domain through the use of VLANs .
• Routers and firewalls can be configured to detect and block malicious or excessive broadcasts.

Misinterpretations

• A common misinterpretation is that routing loops have something to do with it. However, routers working on Layer 3 of the OSI model do not forward Layer 2 broadcasts like switches do.
• Another incorrect assumption is that routers cannot forward Layer 3 broadcasts. There are routing protocols that forward broadcasts to other networks.
• Another misjudgment is that only routers can limit a broadcast domain and thus limit broadcast storms. As mentioned in the countermeasures, this can also be done by switches with VLANs or Layer 3 functionalities.
• In addition, a broadcast cannot be answered with a broadcast. However, a broadcast can be used to find out how to respond to a received broadcast. In a redundant topology, such a second broadcast can reach the network interface that sent the initial broadcast.

MANET broadcast storms

In a mobile ad hoc network (MANET), packets requesting routing information (RREQ) are usually sent by broadcast in order to find new routes. These RREQ packets may cause broadcast storms. One approach to alleviating this is to block some hosts from being retransmitted.

swell

1. Appendix E: Broadcasts in Switched LAN Internetworks [1]
2. Defense Against the DoS / DDoS Attacks on Cisco Routers [2] ( Memento from June 21, 2011 in the Internet archive ) (English)
3. Disassociation Broadcast Attack Using ESSID Jack [3]
4. The Broadcast Storm Problem in a Mobile Ad Hoc Network [4] (PDF; 1.2 MB)

See also

• Ethernet
• Switching loop