Broadcast Storm

A broadcast storm is also known as a network storm. It is an abnormally high number of broadcast packets within a short period of time. The broadcast storm is one of the major deficiencies in computer network systems and it can shut down entire network in seconds.

When different nodes are sending/broadcasting data over a network link, and the other network devices are rebroadcasting the data back to the network link in response, this eventually causes the whole network to melt down and lead to the failure of network communication. A broadcast storm can overwhelm switches and endpoints as they struggle to keep up with processing the flood of packets. In LAN, it is common that the switches are interconnected for redundancy. At this time, a serious network problem can occur, which is known as broadcast storm. A broadcast originating from a device connected to any switch, can cause the circulation of broadcasts around the network and can saturate the network consuming all available bandwidth. Broadcast storms consume entire bandwidth and deny bandwidth for normal network traffic.

Source: www.auvik.com

 

 

Typical Root Causes of a Broadcast Storm 

1- When an end user connects a hub to the company network, and by some mistake this device is then connected back onto another switch port in the company network. The loop created will catch all frames passing by, keeping them in the loop. When both Ethernet ports of an IP Phone connect to a switch, the loop will create. Also when by connecting a computer to a port while still connected to the company wireless, and the network cards have been set into bridging mode.

2- Not making the proper settings in the VLANs configuration can create loop that will lead to broadcast storm. Reading these two article will help you understand how loops can be created in network switches.

• Network loops and loop avoidance
• Preventing network loops with Spanning-Tree Protocol (STP) 802.1d

3- High volume of requests for an IP address via DHCP. DHCP protocol is the most common way for a networked host to obtain an IP address from a network controller.

A storm of broadcast packets is sometimes expected behavior. One of them is when a network is brought back online after an outage and all clients are attempting to negotiate an IP address. But in normal cases, having a continuous stream of broadcast packets in a network segment or from a specific host is suspicious.

4- The broadcast domain is too big. The amount of broadcast traffic you should see within a broadcast domain is directly proportional to the size of the broadcast domain—the number of hosts within the L2 VLAN or L3 subnet. So, try to divide your network into smaller VLANs to make the broadcast domains as small as possible.

Source: www.auvik.com

If we intend to summarize all the above, we must say that the following elements play an effective role in creating a broadcast storm:

• Poor network management
• Poor monitoring of the network (Read this post about network monitoring)
• The use of cheap devices, including hubs
• Improperly network configuration
• The lack of a network diagram design, which is needed for proper management and to provide guidelines for all network traffic routes

 

 

Sources:

www.auvik.com