Problem solve Get help with specific problems with your technologies, process and projects.

What methods can I use to protect our network from broadcast and multicast storms?

What methods can I use to protect our network from broadcast and multicast storms? This is seen when Norton Ghost is run on our network.
This is increasingly becoming a big problem for many organizations. A "broadcast storm" results in performance degradation and often causes Network choking. These storms come from errors or a network loop and may be created by an application on one node. Most of the switches now allow network admins to enable or disable broadcast/Multicast storm control and to set a threshold level at which control applies. These units allow individual port control. This means if the rate at which broadcasts arrive at a port exceeds a defined limit, the switch will block such packets at that port until the rate decreases to a lower threshold. Switches often auto-negotiate baud rate and on such devices broadcast storm control is scaled with the baud rate.

Precautions you can take are:

  1. Check to see if there are more than one frame type on the servers, routers etc. If the answer is yes, verify if all the applications and /or protocol on the network can run on a single frame type. Using a single frame type reduces the redundant broadcast traffic.
  2. Check to see if your network is using multiple protocols. Try configuring your applications to one single protocol. Minimizing the number of protocols can lead to fewer broadcasts.
  3. If possible disable the Spanning tree bridge protocol. Any misconfiguration of the same can lead to broadcast storm.
  4. Make sure your WAN/Edge network devices have spoofing and /or filtering enabled. Almost every router/ Switch today has the functionality for storm control.
  5. Use Network Analyzers to perform network baseline analysis. It will define the type of protocols implemented, identify the problematic nodes/areas and also provide other pertinent information relating to network performance at all the layers.
  6. Enable QoS on your routers. The mapping of the protocol is very important. Packet Shapers do a good job in defining the QoS policies by analyzing the network traffic based on ToS and Frames.
Hope this helps. Let me know if you need any further information.
This was last published in October 2003

Dig Deeper on Network Security Monitoring and Analysis