Layer 2 broadcasts

Layer 2 broadcasts
8.2.4 This page will explain how Layer 2 broadcasts are used.


To communicate with all collision domains, protocols use broadcast and multicast frames at Layer 2 of the OSI model. When a node needs to communicate with all hosts on the network, it sends a broadcast frame with a destination MAC address 0xFFFFFFFFFFFF. This is an address to which the NIC of every host must respond.

Layer 2 devices must flood all broadcast and multicast traffic. The accumulation of broadcast and multicast traffic from each device in the network is referred to as broadcast radiation. In some cases, the circulation of broadcast radiation can saturate the network so that there is no bandwidth left for application data. In this case, new network connections cannot be made and established connections may be dropped. This situation is called a broadcast storm. The probability of broadcast storms increases as the switched network grows.

A NIC must rely on the CPU to process each broadcast or multicast group it belongs to. Therefore, broadcast radiation affects the performance of hosts in the network. Figure shows the results of tests that Cisco conducted on the effect of broadcast radiation on the CPU performance of a Sun SPARCstation 2 with a standard built-in Ethernet card. The results indicate that an IP workstation can be effectively shut down by broadcasts that flood the network. Although extreme, broadcast peaks of thousands of broadcasts per second have been observed during broadcast storms. Tests in a controlled environment with a range of broadcasts and multicasts on the network show measurable system degradation with as few as 100 broadcasts or multicasts per second.

A host does not usually benefit if it processes a broadcast when it is not the intended destination. The host is not interested in the service that is advertised. High levels of broadcast radiation can noticeably degrade host performance. The three sources of broadcasts and multicasts in IP networks are workstations, routers, and multicast applications.

Workstations broadcast an Address Resolution Protocol (ARP) request every time they need to locate a MAC address that is not in the ARP table. Although the numbers in the figure might appear low, they represent an average, well-designed IP network. When broadcast and multicast traffic peak due to storm behavior, peak CPU loss can be much higher than average. Broadcast storms can be caused by a device that requests information from a network that has grown too large. So many responses are sent to the original request that the device cannot process them, or the first request triggers similar requests from other devices that effectively block normal traffic flow on the network.

As an example, the command telnet mumble.com translates into an IP address through a Domain Name System (DNS) search. An ARP request is broadcast to locate the MAC address. Generally, IP workstations cache 10 to 100 addresses in their ARP tables for about 2 hours. The ARP rate for a typical workstation might be about 50 addresses every 2 hours or 0.007 ARPs per second. Therefore, 2000 IP end stations will produce about 14 ARPs per second.

The routing protocols that are configured on a network can increase broadcast traffic significantly. Some administrators configure all workstations to run Routing Information Protocol (RIP) as a redundancy and reachability policy. Every 30 seconds, RIPv1 uses broadcasts to retransmit the entire RIP routing table to other RIP routers. If 2000 workstations were configured to run RIP and, on average, 50 packets were required to transmit the routing table, the workstations would generate 3333 broadcasts per second. Most network administrators only configure RIP on five to ten routers. For a routing table that has a size of 50 packets, 10 RIP routers would generate about 16 broadcasts per second.

IP multicast applications can adversely affect the performance of large, scaled, switched networks. Multicasting is an efficient way to send a stream of multimedia data to many users on a shared-media hub. However, it affects every user on a flat switched network. A packet video application could generate a 7-MB stream of multicast data that would be sent to every segment. This would result in severe congestion.

The next page will describe broadcast domains.