Network Uptime

With the advent of switches, the corporate network environment has changed. High speed, high capacity routers have been replaced by core switches, and why not? Switches are faster and less complex than routers. However, unlike routers, switches allow MAC level broadcast frames to pass through. These broadcast frames have a specific address structure that tells a switch to copy the frame to all ports on the switch. Due to this corporate network redesign phenomenon, broadcast traffic has become a significant issue. Some may argue that with Fast Ethernet and Gigabit Ethernet, the broadcast bandwidth constriction issue is less relevant, thus making any attempt in reducing unnecessary broadcast traffic on the network a waste of time and energy. This is incorrect! Bandwidth is not the biggest issue caused by broadcast storms.

Broadcasts should be reduced in order to decrease unnecessary CPU usage on every workstation and server. Each broadcast frame must be resolved by every network interface attached to the network. This means that every node that sees the broadcast frame has to use a portion of it's CPU to read the data within the frame and determine whether the frame is important. There are increasing numbers of network broadcasts, but only a small percentage of these is helpful to the receiving workstations. Why put this unnecessary load on your printers, servers, workstations, routers and switches?

In many cases, the protocol analyzer broadcast counter hits the red zone on many networks, large or small. Often, broadcast traffic can be seen propagating through the router, into the WAN. Router filtering or router spoofing functions are not used, allowing broadcast traffic to traverse the WAN and use precious and expensive WAN bandwidth.

Here's an example:

A large corporate network showed a dramatic increase in WAN performance once IPX spoofing was implemented. Prior to performing a performance analysis of the WAN link, this company contemplated installing another T1 line and increasing the Committed Information Rate of every remote office. This large (and ongoing) expense was unnecessary after improving the efficiency of broadcasts across the WAN.

Now that the broadcast case is made, what proactive measures can a network analysis professional take to reduce broadcast traffic?

1 - Is there more than one frame type on the file servers, routers, print servers, etc.? If the answer is yes, then determine if every application and/or protocol on the network can run on one single frame type. Using a single frame type reduces redundant broadcast traffic.

2 - Is the network using many protocols, such as IPX, TCP/IP, LAT, SNA, NetBEUI, etc...? Is it possible to run all applications using a single protocol? If so, reconfigure the applications to run over this single protocol. Each protocol type requires it's own broadcasts, so minimizing the number of protocol families can lead to fewer broadcasts.

3 - External print servers and print server cards are known as 'plug-and-play' or 'ease of installation' devices. This simplicity comes with a price. Often, these devices are packaged with all of the major network protocols enabled, and sometimes multiple frame types are enabled. Most print servers have a management console or configuration screen to display what protocols and frame types are enabled. Disable all of the protocols and frame types not used on the network for printing.

4 - Most network switches default to enabling the spanning tree bridge protocol. Spanning tree is used for fault tolerance if redundant routes exist on the network. Unless your network is extra-mission-critical, it probably does not have redundant routes from every workstation. If possible, disable the spanning tree protocol. Spanning tree prevents loops on a network by sending out a 'hello' frame from each port every 2 seconds, which then gets resolved by every bridge or switch on the network. On a network with many switched nodes, a misconfiguration of the spanning tree protocols can create MANY broadcasts!

5- Make sure the WAN devices or routers have spoofing and/or filtering enabled. Contact your router manufacturer for specific functionality. The goal is to reduce the amount of broadcasts traversing the LAN and WAN, and to help conserve buffering memory inside the routers.

6- Have a network baseline analysis performed by an impartial 3rd party. A properly executed analysis will define protocols in use, identify problematic nodes, and give other pertinent information relating to the network's overall performance at all layers.

Keep in mind that these proactive measures should be tackled individually, and in a careful manner. Also, the size of the network should be considered. If the network has 50 workstations and no WAN links, there aren't enough nodes on the network to cause a significant performance impact or increase.

Take proactive measures to reduce broadcast traffic on the network and have the network analyzed to verify optimal network performance, and it's a guarantee that you won't be singing the Broadcast Storm Blues!

The Broadcast Storm Blues

Somethin' slowing my network,
Tell me what could it be,
It ain't my magination'
C I O’s callin' me.

Workin' quarter past midnight,
Restin' my head on wood,
Gettin' no dinner break and
Tryin' all that I could

You see my director done told me,
that "I got the network's slow blues,
If I don't get to fixin',
then somebody else fills my shoes."