What Is Broadcast Traffic?
A broadcast storm simply means that when broadcast data floods the network and cannot be processed, and consumes a lot of network bandwidth, causing normal services to fail to run or even completely paralyzed, a "broadcast storm" occurs. A data frame or packet is transmitted to each node on the local network segment (defined by the broadcast domain). It is a broadcast; due to the design and connection problems of the network topology, or other reasons, the broadcast is copied in the network segment in large numbers, and the data frame is propagated. As a result, the performance of the network is degraded or even the network is down. This is the broadcast storm.
- A broadcast storm is also called a network broadcast storm. A broadcast storm is faulty, that is, a data packet or frame is transmitted to each node on the local network segment (defined by the broadcast domain). It is a broadcast; broadcast frames on the network are forwarded because , The number has increased sharply and the abnormal phenomenon of normal network communication occurs. Broadcast storms can consume considerable network bandwidth and cause normal data packets to fail to run properly. When broadcast data floods the network and cannot process and consumes a lot of network bandwidth, causing normal services to fail to run, a broadcast storm occurs, causing local area network or the entire network to be paralyzed. [1]
- 1. Large-scale consumption of link bandwidth makes normal data cannot be effectively transmitted
- Switching devices such as HUBs and switches in the network flood the broadcast data frames. If a loop occurs in the network, after the switching device floods multiple times, a large number of broadcast streams in different directions will appear on the network, far exceeding the upper limit of the data that the switching device can carry, and the normal data frame transmission is affected. Suppression will cause channel congestion, and the result is often delay or frame loss.
- 2. Switch resources are occupied and crashes
- The switch must perform operations such as buffering, error detection, and querying the MAC address table for each frame. These operations will occupy some of its CPU. When a large number of broadcast frames are processed by the switch, it will occupy a large amount of system resources, and eventually cause "Crash" status. [3]
- There are many reasons for broadcast storms, such as
- 1. Do a good job of preventing network viruses
- If the network is infected by a worm or attacked by an ARP virus, it may cause congestion in the network, consume network bandwidth, and then cause a broadcast storm. For this reason, you should install anti-virus software for each terminal if allowed; temporarily stop some unnecessary network services in the computer system, and shut down those unused network ports; use of storage devices such as U disks Should be as dedicated as possible dedicated network, try to cut off the virus's cross-network transmission path.
- 2. Enable the Spanning Tree Protocol and make a good network topology.
- When there are loops in links on the network, broadcast data frames will be repeatedly generated in the network, causing broadcast storms. If you want to eliminate the broadcast storm caused by this kind of network link ring, you can use the STP protocol in the switch. Its working principle is to form a tree-like forwarding topology with a switch in the network as a node, so that the data in the network will follow The path indicated by this tree is transmitted, logically eliminating network loops, thereby eliminating broadcast storms. However, because the STP algorithm is too expensive for switch resources and CPU, the switch generally does not enable this protocol by default. In addition, when a broadcast storm occurs, you should have an understanding of the temporary changes in the previous network topology, and establish a comprehensive set of documents, including: network wiring diagrams, network topology diagrams, and IP-MAC address correspondence tables. The network documentation can also avoid network loops when changing existing networks.
- 3. Divide VLANs
- VLAN is a data exchange technology that logically divides LAN devices into network segments to implement virtual work units. Currently, Layer 2 and Layer 3 switches are basically equipped with this function. In the same VLAN, all devices are members of the same broadcast domain and receive all broadcasts. Instead of switches of the same VLAN member, all ports will filter broadcast data. Therefore, the division of VLANs can effectively reduce the scope of broadcast storms. It can also locate more accurately when broadcast storms occur and reduce troubleshooting time. [3]
- As a network administrator, when faced with a network broadcast storm, you must calmly analyze the cause of the broadcast storm. You can use a combination of dichotomy, exclusion, replacement, and network cable plug-in methods to troubleshoot step by step. Eliminate and quickly locate the fault point that caused the broadcast storm, find out the cause of the broadcast storm, and take corresponding measures in time to eliminate the broadcast storm. In general, to solve the problem of broadcast storm, we can start from the following aspects:
- First, install the WSUS patch server in the LAN to ensure that all computers on the LAN can apply the latest patches in a timely manner.
- Second, it is best to install a network version of the antivirus server in the local area network. If there is no condition, at least you must ensure that the virus database of the single version of the antivirus software is updated frequently.
- Third, check each computer's network card, network cable and each port of the switch, check if there is
- Broadcast storm
- To avoid broadcast storms, you can use proper division of VLANs, narrow broadcast domains, and isolate broadcast storms. You can also enable broadcast storm control on the Gigabit Ethernet port to prevent the network from becoming paralyzed again. A broadcast storm occurs when a port receives a large number of broadcast, unicast, or multicast packets. Forwarding these packets will cause the network speed to slow down or time out. With the switch's broadcast storm control on the switch, you can effectively prevent the network storm of the broadcast storm caused by hardware damage or link failure.
- From practical experience, more than 90% of network broadcast storms are caused by viruses. Therefore, anti-virus systems are installed in LANs, and IDS intrusion detection systems and network traffic detection tools are purchased to strengthen the prevention of network viruses and the network. Monitor the running status of the line, timely detect and deal with problems such as abnormal traffic and virus attacks on the network, and formulate a computer security management system to ensure the normal operation of the network line.