Monday, February 28, 2011

The Danger of Broadcost Storm and the Solution

If you've taken the Cisco Academy program or been in the network world for a while, you must have heard about broadcast storm.

Broadcast storm is a state in a network where a frame broadcast in a switch environment is continually being flooded through the network.

This is mostly happen in a switch environment where you have redundant connection between switches, remember that routers segment or isolate broadcast between networks.

Redundant connections are important if you want to create a backup path between switches. If one path fails the other will take over.
This won't work out with switches that don't have any loop avoidance mechanism.

This is how a broadcast storm can happen, I have two switches connected with redundant links and one switch connected to a client and the other switch connected to a server.

Then the client sends a broadcast, say an Address Resolution Protocol or ARP to find out where the location of the server like this, pay attention to the red arrow, pretend that the arrow is a broadcast frame sent by the client.

Remember the rule of a switch, a switch forwards a broadcast frame to all ports except the port where it receives the request.

The Switch A receives the frame and forward it to the two links it has:

The broadcast frame received by the Switch B from two different ports and forward it again to other ports including the port where the Server is attached.

But it doesn't stop there, the frames are flooded again back to Switch A and back to the client.

From now on, back again to picture 2 then 3 and so on, this will keep going on forever until you shutdown the network.
This condition can also be called switch loop and it leads to broadcast storm.
Most likely you can find a question about this in the CCNA exam.

Luckily Cisco switches have loop avoidance mechanism called Spanning Tree Protocol or STP.

What STP does is eliminating loops in the network while allowing redundant links, the switches in the network will send out BPDU or Bridge Protocol Data Unit.

BPDU is like a boomerang send out to all ports in the switch. The BPDUs will travel all over the network and when the switch receive the BPDU it sent, then the switch knows that switch loop is occuring in the network and will block one of the ports where the loop occured.

Actually there's a set of session needed just to explain STP, there's even books specialized to explain STP considering that STP is very important in a redundant network.

STP eliminates redundant links in your network that's it, but if you don't carefully design your network even if you're using Cisco devices, your network will someday experience a melt down.

There's a great article about a network meltdown in a hospital related to STP that you can read here. In a hospital!! Man, that's serious business, we're talking about people lives here.
So the case study can be a valuable resource for you, just read it.

This happened to me once when I went on a client. They're just a small office kinda like SOHO, they're not using Cisco devices, they just using network devices from Linksys and D-Link.

So they called me and said for some reason the network went down.

After checking the network for a while, no problem with the configuration and the cabling but still no connectivity.
Then after tracing all the cables - it was not exactly a neat cabling they have there - I found that one cable was connected end to end to the same switch which created the broadcast storm.

So the moral of this story, it's very easy to take down an entire network with just a single network cable, especially if the networks are using average home usage network devices .

No need to say that it is very important to keep the physical security of your network devices. You can't trust the employees again nowadays.

No comments:

Post a Comment