What methods are available to protect a network from broadcast and multicast storms?
This is increasingly becoming a big problem for many organizations. A "broadcast storm" results in performance degradation and often causes network choking. These storms come from errors or a network loop and may be created by an application on one node. Most of the switches now allow network admins to enable or disable broadcast/multicast storm control and to set a threshold level at which the control applies. These units allow individual port control. This means if the rate at which broadcasts arrive at a port exceeds a defined limit, the switch will block such packets at that port until the rate decreases to a lower threshold. Switches often auto-negotiate baud rate and on such devices broadcast storm control is scaled with the baud rate.
Precautions you can take are:
- Check to see if there is more than one frame type on the servers, routers, etc. If there are, verify if all the applications and /or protocols on the network can run on a single frame type. Using a single frame type reduces the redundant broadcast traffic.
- Check to see if your network is using multiple protocols. Try configuring your applications to one single protocol. Minimizing the number of protocols can lead to fewer broadcasts.
- If possible, disable the spanning tree bridge protocol. Any misconfiguration of the same can lead to a broadcast storm.
- Make sure your WAN/Edge network devices have spoofing and /or filtering enabled. Almost every router/switch today has the functionality for storm control.
- Use network analyzers to perform network baseline analysis. It will define the type of protocols implemented, identify the problematic nodes/areas and also provide other pertinent information relating to network performance at all the layers.
- Enable QoS on your routers. The mapping of the protocol is very important. Packet shapers do a good job of defining the QoS policies by analyzing the network traffic based on ToS and frames.
Dig Deeper on Network Security Best Practices and Products
Related Q&A from Puneet Mehta
Our expert, Puneet Mehta, tells us what the key difference is between intrusion detection and intrusion prevention, in this expert response. Continue Reading
How do I open port 177 on my router so that other clients can get a GUI display of my server remotel
In this expert response, Puneet Mehta tells us where the placement of the firewall should be architecturally. Continue Reading