What methods can I use to protect our network from broadcast and multicast storms?

Puneet Mehta, SDG

What methods can I use to protect our network from broadcast and multicast storms? This is seen when Norton Ghost is run on our network.
This is increasingly becoming a big problem for many organizations. A "broadcast storm" results in performance degradation and often causes Network choking. These storms come from errors or a network loop and may be created by an application on one node. Most of the switches now allow network admins to enable or disable broadcast/Multicast storm control and to set a threshold level at which control applies. These units allow individual port control. This means if the rate at which broadcasts arrive at a port exceeds a defined limit, the switch will block such packets at that port until the rate decreases to a lower threshold. Switches often auto-negotiate baud rate and on such devices broadcast storm control is scaled with the baud rate.

Precautions you can take are:

Check to see if there are more than one frame type on the servers, routers etc. If the answer is yes, verify if all the applications and /or protocol on the network can run on a single frame type. Using a single frame type reduces the redundant broadcast traffic.
Check to see if your network is using multiple protocols. Try configuring your applications to one single protocol. Minimizing the number of protocols can lead to fewer broadcasts.
If possible disable the Spanning tree bridge protocol. Any misconfiguration of the same can lead to broadcast storm.
Make sure your WAN/Edge network devices have spoofing and /or filtering enabled. Almost every router/ Switch today has the functionality for storm control.
Use Network Analyzers to perform network baseline analysis. It will define the type of protocols implemented, identify the problematic nodes/areas and also provide other pertinent information relating to network performance at all the layers.
Enable QoS on your routers. The mapping of the protocol is very important. Packet Shapers do a good job in defining the QoS policies by analyzing the network traffic based on ToS and Frames.

Hope this helps. Let me know if you need any further information.

This was last published in October 2003

What methods can I use to protect our network from broadcast and multicast storms?

Dig Deeper on Network Security Monitoring and Analysis

Managed vs. unmanaged switches: What are the differences?

VLAN (virtual LAN)

iSCSI switch selection and configuration

Will TRILL replace spanning tree protocol in data center networks?

Related Q&A from Puneet Mehta

How do VPN concentrators and network access servers (NAS) differ?

What keeps unauthorized users from accessing my IP address/Internet?

Controlling network access by MAC address restriction on wired networks

SearchUnifiedCommunications

AR and VR in video conferencing offer post-pandemic benefits

Big Tech's uneasy balance of capitalism, censorship

Microsoft slow to fulfill request for more Teams channel control

SearchMobileComputing

Samsung lowers the price of Galaxy phones with S21 line

Qualcomm to buy Nuvia for $1.4 billion

High phone prices driving consumers to the used phone market

SearchDataCenter

Get a template to estimate server power consumption per rack

When the chips are down, Intel turns to VMware's Pat Gelsinger

Intel CEO Bob Swan to be replaced by VMware's Pat Gelsinger

SearchITChannel

Why 2020 may have changed the MSP industry forever

Huntress security platform gets boost from Level Effect EDR

Cloud distributor Pax8 pursues UK growth, tech innovation