flokinet-006 - Layer 2 Broadcast vs Unicast
| title: flokinet-006 - Layer 2 Broadcast vs Unicast |
| author: Nicholas Morrison nick@nanocat.net |
| draft: false |
| tags: [network, workshop, arista, presentation] |
| categories: [workshop] |
| noindex: true |
Broadcast vs Unicast
| - sent to every host |
- sent to a single host |
| - processed by every host |
- ignored by other hosts |
| - MAC address destination FF:FF:FF:FF:FF:FF |
- MAC address destination of the host |
| - eg: ARP, IPv6-NDP, OSPF, DHCP |
- eg: ping, ssh, http, ftp, traceroute |
| - all about discovery |
- transferring data from host to host |
Broadcast Domain
- area of the network in which a broadcast frame is repeated
- broadcast frames do not leave their own broadcast domain
- usually this will be:
- but also could be:
- VXLAN
- MPLS-L2VPN
- ZeroTier
- EVPN-L2VPN
Broadcast example: ARP
- ARP: Address Resolution Protocol, Layer 2, ethertype
0x0806
- maps MAC addresses (layer 2 addresses) to IP addresses (layer 3
addresses)
- example flow:
- Host A at
192.168.10.55/24 wants to talk to Host B at
192.168.10.10/24
- Host A and B are in the same network (layer 3)
- and the same broadcast domain (layer 2)
- Host A needs to know the MAC address of Host B to send it
traffic
- Host A sends a Broadcast to the network
ARP WHO-HAS 192.168.10.10 TELL 192.168.10.55
- Host B hears the Broadcast
- Host B replies directly to Host A from its own MAC address
192.168.10.10 IS-AT xx:xx:xx:xx
Broadcast example: ARP
A single broadcast domain shared by 24 hosts.
Single broadcast domain
Broadcast example: ARP
192.168.0.24 (MAC 44:e5:17:00:00:18) wants
to send a packet to 192.168.0.15, so it needs to know
192.168.0.15’s MAC address. It sends a single layer 2
broadcast to the network, addressed to
ff:ff:ff:ff:ff:ff.
ARP packet sent
Broadcast example: ARP
The switch sees the broadcast coming in on port 24, and copies that
broadcast to every port in the same VLAN, except port
24. Every host must send this packet to its CPU and take a look
at it.
ARP packet copied
Broadcast example: ARP
The host that HAS the address 192.168.0.15 realises that
this question is for it, and replies quietly (with a UNICAST frame) to
the host who asked. All other hosts stay silent on the matter.
Now the two hosts can communicate directly with one another!
The host replies
Broadcast example: ARP
Broadcast packets are not forwarded by routers into other broadcast
domains!
Broadcast packets are not forwarded
Broadcast and (Unknown-)Unicast and Multicast and Switches
- Layer 2 switches optimise traffic flow by:
- remembering which MAC address is connected to which switch port
(
show mac address-table)
- only copying frames to ports when it’s necessary
- Broadcast packets must always be sent to
every port in the broadcast domain!
- except the port from which the broadcast packet was
received (split-horizon)
- Unknown-Unicast packets are
flooded to every port until the switch learns which
port has the MAC address attached.
- Once they’re learned, they are just Unicast packets.
- Multicast packets must always be sent to
every port in the broadcast domain
- except in the case that the switch is doing
IGMP-snooping
- IGMP-snooping can “prune” ports from the Multicast group
- Broadcast, Unknown-Unicast and Multicast packets are known
collectively as BUM packets
Layer 2 Loops and Broadcast Storms
- Creating a loop between switches can break your network
- broadcast packets will loop between switches as fast as the switches
can go
- each broadcast packet will be copied to every port (except the
receiving port)
- every device must process the broadcast packet
- … raising CPU on every device in the broadcast domain
- The Spanning Tree Protocols (STP, MSTP, RSTP, PVSTP et al) are
designed to break such loops
Happy network with no loop
Network with no loop
Happy network with two switches and no loop
Two switches, no loop
Sad network a loop between two switches
Somebody disabled spanning tree.
A network with a loop
The beginning of the storm - an innocent “arp who-has”
Calm before the storm
The broadcast who-has is repeated by the switches
The packet is forwarded
.. and the broadcast storm begins ..
The storm begins
.. and continues until devices run out of capacity
The storm destroys everything
Aftermath
- Since every single device has to process a broadcast packet,
all devices on the LAN / Broadcast Domain will be
affected by the broadcast storm.
- Because is often consumed before network switching capacity,
unexpected failures can occur, such as routing protocols being unable to
send their HELLOs quickly enough
- Spanning Tree Protocol is used to break layer 2 loops
- Always* run spanning tree!