Broadcast radiation
From Wikipedia, the free encyclopedia
Broadcast radiation is the accumulation of broadcast and multicast traffic on a computer network.
The final stage of a broadcast radiation is called a broadcast storm and it is a state where new network connections cannot be established, and existing connections may be dropped , as the condition is now self-sustaining and magnifying.
Especially within a big broadcast domain a number of causes can generate a snowball effect chain reaction culminating with the broadcast storm with a severe negative impact on network latency.
Contents |
[edit] Causes
Most commonly the cause is a redundant switched topology where two or more links exist between two switches and as broadcasts and multicasts are forwarded by switches out every port except the port that received the traffic the two switches will broadcast each other's broadcasts creating a switching loop.
In some cases, a broadcast storm can be instigated for the purpose of a denial of service (DOS) using one of the magnification attacks smurf.c or fraggle.c , where smurf sends a large amount of ICMP Echo Requests (ping) traffic to a broadcast address, with each ICMP Echo packet containing the spoof source address of the victim host.
When the spoofed packet arrives at the destination network, all hosts on the network reply to the spoofed address. The initial Echo Request is multiplied by the number of hosts on the network. This generates a storm of replies to the victim host tying up network bandwidth, using up CPU resources or possibly crashing the victim.
In wireless networks a disassociation packet spoofed with the source to that of the AP and sent to the broadcast address can generate a disassociation broadcast DOS attack.
[edit] Prevention
- Switching loops are largely addressed with STP , see Switching loop and Spanning tree protocol for more info. In Metro Ethernet rings it is prevented using the Ethernet Automatic Protection System (EAPS) protocol.
- Filtering broadcasts by layer 3 equipment , typically routers (and even switches that employ advanced filtering called brouters) .
- Physically segmenting the broadcast domains using routers (or logically with VLAN's) at Layer 3 in the same fashion switches decrease the size of collision domains at Layer 2.
- Routers and firewalls can be configured to detect and prevent maliciously inducted broadcast storms with the magnification attacks.
[edit] Misinterpretations
- A common misinterpretation is that routing loops have anything to do with broadcast storms. Working at Layer 3, routers (unlike layer 2 equipment) do not forward MAC-level broadcast traffic.
- Another misinterpretation is that routers can not forward broadcasts under special circumstances. Some routable protocols support the use of internetwork-level broadcasts , if the router is configured to forward them the broadcast domain segmentation is compromised.
- Most commonly it is believed that only routers can impact the broadcast domain , or filter broadcasts , but as we seen switches can blur the layer line and do that with VLAN's and can do filtering (they still need a router for forwarding however).
- A misinterpretation is that a broadcast can be responded with a broadcast.This is not true , however a broadcast can be issued to gather information needed to respond to an initially received broadcast, and in a redundant looped topology this second broadcast can reach the interface that sent the initial broadcast.
[edit] MANET broadcast storms
In a mobile ad-hoc network (MANET), route request (RREQ) packets are usually broadcasted to discover new routes. These RREQ packets may cause broadcast storms and compete over the channel with data packets. One approach to alleviate the broadcast storm problem is to inhibit some hosts from rebroadcasting to reduce the redundancy, and thus contention and collision.
![[2]](http://www.cisco.com/univercd/cc/lib/csco/pdf_opt.gif){kind=link}