What is a broadcast storm? What is the outcome of the layer 2 broadcast storm? And its prevention
In every function network, there is broadcast traffic generated by the devices. Some services use broadcast traffic as it allows them to send packets and communicate with all other devices on the network.
However, sometimes generated broadcast traffic is so high that it can bring down the network in a short time.
Broadcast storm does not occur in normal circumstances however, due to wrong network configuration or hardware fault, this scenario is possible.
When the device sends the broadcast in the network then it is forwarded to all the devices by the switch and if any other switch exists in the network then packets are forwarded to that switch as well. Now, the second switch will not send the broadcast back to the ports on which it received the broadcast packets however it will send it back to same switch on the redundant link.
What is the outcome of a layer 2 broadcast storm?
Spanning tree protocol blocks the redundant link to prevent the loop in the network however if spanning tree protocol is configured wrongly or a hardware fault causes the switch to forward the packets on the blocked port then it can cause a broadcast storm as packets generated by the devices will loop continuously. All new broadcast traffic generated will continue to loop. This will bring a storm of broadcast traffic into the network and this will use all the available bandwidth of the network.
In the below animation, you can check how switches are looping the broadcast packets forward and backward continuously.
The first sign of the broadcast storm is that all switch port lights will blink continuously. Blinking lights mean that ports are continuously sending and receiving traffic, this kind of switch behavior is abnormal as switch port lights do not blink continuously for every port because switches do not forward and receive high traffic all the time.
All ports blinking show that something is abnormal as in a normal network; we expect some ports to stay idle.
We have intentionally created a broadcast storm in the below network, you can see the reaction of switches in the storm.
The second sign is an extremely slow network and high processor utilization all the time.
As the network device is looping the traffic, it will increase the processor cycle which will also slow down the performance of the device.
Broadcast storm prevention
Broadcast storms can be prevented if we carefully set up the switch when configuring the spanning tree protocol. When there is a high number of redundant links between switches then STP should be enabled with care and testing the network before implementing it on the staging.
A broadcast storm can also be caused by the attacker where some device can be used to generate the broadcast traffic continuously to affect the performance of the network however; this will be as harmful as the looping issue because the switch will not create a loop.
