What methods can I use to protect our network from broadcast and multicast storms? This is seen when Norton Ghost is run on our network.
This is increasingly becoming a big problem for many organizations. A "broadcast storm" results in performance degradation and often causes Network choking. These storms come from errors or a network loop and may be created by an application on one node. Most of the switches now allow network admins to enable or disable broadcast/Multicast storm control and to set a threshold level at which control applies. These units allow individual port control. This means if the rate at which broadcasts arrive at a port exceeds a defined limit, the switch will block such packets at that port until the rate decreases to a lower threshold. Switches often auto-negotiate baud rate and on such devices broadcast storm control is scaled with the baud rate.
Precautions you can take are:
- Check to see if there are more than one frame type on the servers, routers etc. If the answer is yes, verify if all the applications and /or protocol on the network can run on a single frame type. Using a single frame type reduces the redundant broadcast traffic.
- Check to see if your network is using multiple protocols. Try configuring your applications to one single protocol. Minimizing the number of protocols can lead to fewer broadcasts.
- If possible disable the Spanning tree bridge protocol. Any misconfiguration of the same can lead to broadcast storm.
- Make sure your WAN/Edge network devices have spoofing and /or filtering enabled. Almost every router/ Switch today has the functionality for storm control.
- Use Network Analyzers to perform network baseline analysis. It will define the type of protocols implemented, identify the problematic nodes/areas and also provide other pertinent information relating to network performance at all the layers.
- Enable QoS on your routers. The mapping of the protocol is very important. Packet Shapers do a good job in defining the QoS policies by analyzing the network traffic based on ToS and Frames.
Dig Deeper on Network Security Monitoring and Analysis
Related Q&A from Puneet Mehta
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading
If you've used MAC address restriction to control your network access on your wireless router, can you extend this to your wired network? Our ... Continue Reading