Broadcast Storm Impedance On Network Performance: A Case of Koforidua Polytechnic Local Area Network

International Journal of Advance Foundation and Research in Computer (IJAFRC)
Volume 2, Issue 10, October - 2015. ISSN 2348 4853, Impact Factor 1.317
Broadcast Storm Impedance On Network Performance: A

Case Of Koforidua Polytechnic Local Area Network
1Seth
Alornyo 2Michael Asante

1I.C.T Directorate, Koforidua Polytechnic
2Computer Science Department, KNUST, Kumasi
1bigseth1099@yahoo.com and 2mickasst@yahoo.com
ABSTRACT
Slow data transmission on the internet and other IP services on institutional local area network
are mostly not caused by the limited amount of bandwidth available or purchased from the
Service Provider but rather congestion that may exist on the Local Area Network which causes
congestion to packets sent to a destination network. This paper touches on how excessive User
Datagram Protocol (UDP) broadcast impedes the performance of Local Area Network. A virtual
manageable switch was attached to the physical network infrastructure of the Polytechnics
network. A Popular open source Network Protocol Analyzer was used to capture traffic traversing
over the virtual switch through the physical switch connected to the Polytechnics network.
Analyzed data revealed that there are excessive User datagram Protocol (UDP) packets than
Transmission Control Protocol (TCP) packets requests on the network. This excess UDP packets
causes network congestion thereby leading to data loss, slow data transmission on the internet
and excessive inefficiencies in other Internet Protocol (IP) services on the network. Internet and
other IP services requested on institutional Local Area Network should not be attributed to only
the size of bandwidth available or purchased from the service provider but rather the effect of
excessive User Datagram Protocol (UDP) storm radiation on the Local Area Network.
Keywords: User Datagram Protocol (UDP), Transmission Control Protocol (TCP, Internet Protocol
(IP), Storm Radiation, Dynamic Host Configuration Protocol (DHCP), Storm control
I.
INTRODUCTION
Bandwidth can be described as the amount of information that can flow through a network connection in
a given period of time[1] .In other words, regardless of the media used to build the network, there are
limits on the capacity of that network to carry information. Bandwidth is limited by the laws of physics
and by the technologies used to place information on the media. For example, the bandwidth of a
conventional modem is limited to about 56 kbps by both the physical properties of twisted-pair phone
wires and by modem technology, [2] .However, the technologies employed by Digital Subscriber Line
(DSL) also use the same twisted-pair phone wires, yet DSL provides much greater bandwidth than is
available with conventional modems. Optical fiber has the physical potential to provide virtually limitless
bandwidth. However, the bandwidth of optical fiber cannot be fully realized until technologies are
developed to take full advantage of its potential. It is possible to buy equipment for a Local-Area Network
(LAN) that will provide nearly unlimited bandwidth over a long period of time. For wide-area network
(WAN) connections, it is almost always necessary to buy bandwidth from a service provider[1] . In either
case, an understanding of bandwidth and changes in demand for bandwidth over a given time can save
an individual or a business a significant amount of money. A network manager needs to make the right
decisions about the kinds of equipment and services to buy. A networking professional understand the
tremendous impact of bandwidth and throughput on network performance and design and information
97 | 2015, IJAFRC All Rights Reserved
www.ijafrc.org

flow as a string of bits from computer to computer throughout the world. These bits represent massive
amounts of information flowing back and forth across the globe in seconds or less. In a sense, it may be
appropriate to say that the Internet is bandwidth[3] .As soon as new network technologies and
infrastructures are built to provide greater bandwidth, new applications are created to take advantage of
the greater capacity. The delivery over the network of rich media content, including streaming video and
audio, requires tremendous amounts of bandwidth. IP telephony systems are now commonly installed in
place of traditional voice systems, which further adds to the need for bandwidth[4].
The institutions Local Area Network access settings are deployed by a Dynamic Host Configuration
protocol (DHCP) server configured on a Cisco 2900 series router. The configuration parameter provides
both public and private IP addresses to hosts connected to the Polytechnic network, these includes IP
address, Subnet mask, default gateway IP and DNS servers IP. The public IP address released by the
DHCP server is the Domain Name Service (DNS) server IP address of the service providers (SP).The
Polytechnic Management Information System and Student Information Portal (SIP) operates on the Local
Area Network. Most of the traffic engaged on the network is mostly Hyper Text Transmission Protocol
(HTTP) requests which includes web browsing by students and staff members, access to the Online
Student Information System ( OSIS) server by a web browser and access to student portals by a web
browser.
II. COMMUNICATION WITHIN THE NETWORK
To communicate with all collision domains, protocols use broadcast and multicast frames at Layer 2 of
the Open System Interconnection (OSI) model. When a node needs to communicate with all hosts on the
network, it sends a broadcast frame with a destination MAC address 0xFFFFFFFFFFFF[5]. This is an
address to which the network interface card (NIC) of every host must respond to. Layer 2 devices must
flood all broadcast and multicast traffic. The accumulation of broadcast and multicast traffic from each
device in the network is referred to as broadcast radiation[6]. In some cases, the circulation of broadcast
radiation can saturate the network so that there is no bandwidth left for application data. In this
situation, new network connections cannot be established, and existing connections may be dropped, a
situation known as a broadcast storm[7]. The probability of broadcast storms increases as the switched
network grows. Because the NIC must interrupt the Central Processing Unit (CPU) to process each
broadcast or multicast group it belongs to, broadcast radiation affects the performance of hosts in the
network [1]. Figure1 shows the results of tests that Cisco conducted on the effect of broadcast radiation
on the CPU performance of a Sun SPARC station 2 with a standard built-in Ethernet card[5].
Figure 1: Effects of Broadcast Radiation on Host in an IP network[8]

www.ijafrc.org

As indicated by the results shown in figure 1, an IP workstation can be effectively shut down by
broadcasts flooding the network. Although extreme, broadcast peaks of thousands of broadcasts per
second have been observed during broadcast storms. Testing in a controlled environment with a range of
broadcasts and multicasts on the network shows measurable system degradation with as few as 100
broadcasts or multicasts per second[5].
Most often, the host does not benefit from processing the broadcast, as it is not the destination being
sought. The host does not care about the service that is being advertised, or a service that is known
already. High levels of broadcast radiation can noticeably degrade host performance. The three sources
of broadcasts and multicasts in IP networks are workstations, routers, and multicast applications.
Workstations broadcast an Address Resolution Protocol (ARP), Dynamic Host Configuration Protocol
(DHCP), Hypertext Transmission Control Protocol (HTTP) and Domain Name Service request every time
they need to locate a server address that is not directly connected to the work station[5]. When broadcast
and multicast traffic at a peak due to storm behavior, peak Central Processing Unit (CPU) loss can be
orders of magnitude greater than average. Broadcast storms can be caused by a device requesting
information from a network that has grown too large. So many responses are sent to the original request
that the device cannot process them, or the first request triggers similar requests from other devices that
effectively block normal traffic flow on the network [2].
IP multicast applications can adversely affect the performance of large scale switched networks. Although
multicasting is an efficient way to send a stream of multimedia data to many users on a shared-media
hub, it affects every user on a flat switched network. A particular packet video application can generate a
seven megabyte (MB) stream of multicast data that, in a switched network, would be sent to every
segment, resulting in severe congestion [2].
As the transport layer sends data segments, it tries to ensure that data is not lost. A receiving host that is
unable to process data as quickly as it arrives could be a cause of data loss. The receiving host is then
forced to discard it. Flow control avoids the problem of a transmitting host overflowing the buffers in the
receiving host. TCP provides the mechanism for flow control by allowing the sending and receiving host
to communicate. The two hosts then establish a data-transfer rate that is agreeable to both[1].
TCP is responsible for breaking messages into segments, reassembling them at the destination station,
resending anything that is not received, and reassembling messages from the segments. TCP supplies a
virtual circuit between end-user applications. Protocols that uses TCP includes File Transfer Protocol
(FTP), Simple Mail Transfer Protocol (SMTP), Hypertext Transmission Protocol (HTTP), Secure Socket
Layer (SSH).Whereas User Datagram Protocol (UDP) is the connectionless transport protocol in the
TCP/IP protocol stack [9]. User Datagram Protocol (UDP) is a simple protocol that exchanges datagram,
without acknowledgments or guaranteed delivery. Error processing and retransmission must be handled
by higher layer protocols. UDP uses no windowing or acknowledgments so reliability, if needed, is
provided by application layer protocols[10]. UDP is designed for applications that do not need to put
sequences of segments together. Protocols that uses UDP includes Dynamic Host Configuration Protocol
(DHCP) Domain Name Service (DNS), Trivial File Transfer Protocol (TFTP), Simple Network Management
Protocol (SNMP)[8] .It is not possible to prevent all types of packet storms and excessive broadcasts, it is
possible to suppress them using storm control. Storm control prevents traffic on a Local Area network
(LAN) from being disrupted by a broadcast, multicast or unicast storm on one of the physical interfaces
[8]. Storm control (or traffic suppression) monitors packets passing from an interface to the switching
bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of
packets of a specified type received within a certain time interval and compares the measurement with a
www.ijafrc.org

predefined suppression-level threshold. Storm control then blocks traffic when the rising threshold is
reached. Figure 2 illustrates Local Area Network (LAN) storm control over Ethernet network.
If storm control is ensured, when the amount of specified traffic exceeds the threshold within a specific
time period, all traffic of that kind is dropped for the next time period. In figure 2, the broadcast traffic
being forwarded exceeded the configured threshold between time intervals T1 and T2 and between T4
and T5. Therefore, broadcast traffic is blocked during the intervals following T2 and T5. At the next time
interval (for example, T3), if broadcast traffic does not exceed the threshold, it is again forwarded [2].
Figure 2: LAN storm radiation attack [8]

III. MTHODOLOGY
Graphical Network Simulator software was used to simulate a virtual switch which enables connection to
a physical switch on the Polytechnic Network. The virtual switch configured on GNS3 enabled the virtual
switch to build up its Content Addressable Memory (CAM) table on the Polytechnic network. Port one (1)
on the virtual switch was configured by GNS3 simulator which connects to an Ethernet adaptor of a
laptop connected to the Polytechnic network. The simulated virtual switch port was virtualized to the
physical adaptor connected to the polytechnic network. This virtualization enables all unicast, multicast
and broadcast packets forwarded to the laptop adaptor be transmitted over to the virtual switch. Open
source Network Protocol Analyzer was used to capture traffic sent to the laptop adaptor over to the
virtual switch [9]. The captured packets on the laptop adaptor connects to the institutional network, over
598,700,760 bytes of packets were captured. Packets captured include all packets traversing over the
polytechnic network. Among the packets captured were Domain Name Service (DNS) ,Dynamic Host
Configuration Protocol (DHCP),Transmission Control Protocol (TCP),User Datagram Protocol
(UDP),Address Resolution Protocol (ARP),Link Local Multicast Name Resolution (LLMNR),Internet Group
Management Protocol (IGMPV3),IPV4,NetBIOS Name Service (NBNS),Transport Level Security
(TLSV1),Simple Service Discovery Protocol (SSDP),Simple Network Management Protocol (SNMP) and
Multicast Domain Name Service (MDNS) packets.
IV. RESULTS AND ANALYSIS
The open source Network Protocol Analyzer (wireshark) was used to analyze the captured packets over
the Polytechnics network. A filter was applied to the captured packets to sort out only ethernet
Broadcast (ff:ff:ff:ff), UDP and TCP packets. Figure 3 depicts a snapshot of the filtered packet.
www.ijafrc.org

The open source Network Protocol Analyzer (wireshark) was used to analyze the captured packets over
the Polytechnics network. A filter was applied to the captured packets to sort out only ethernet
Broadcast (ff:ff:ff:ff), UDP and TCP packets. Figure 3 depicts a snapshot of the filtered packet.
Figure 3: Broadcast storm radiation on Polytechnics LAN

Horizontal bars represent Ethernet broadcast (ff:ff:ff:ff), the dots represent Transmission Control
Protocol (TCP) and the line graph represent User Datagram Protocol (UDP) packets. User Datagram
Protocol (UDP) radiation exceeds Ethernet broadcast and Transmission Control Protocol (TCP) packets
traversing over the Polytechnics network. The saturation of UDP packets floods the network causing
network congestion, slowness and network downtime. Figure 4 depicts a statistics of a UDP packet type
captured on the Polytechnic network. Dynamic Host Configuration Protocol as a type of UDP packets
depicts statistics of DHCP requests that were analyzed during a particular time interval. The statistics is
shown in figure 4.
Figure 4: Filtered DHCP statistics over Polytechnics LAN

It can be inferred from figure3 that within the hours of 01:35pm to 08:15pm a DHCP filter was applied to
the captured packets on the Polytechnic network, 1,318 DHCP request were sent to the DHCP server and
out of which the server was only able to release 7 IP addresses to the requested host, The question is
what then happens to the other 1310 requests sent to the DHCP server? This phenomenon means that
there are excessive DHCP broadcast traversing over the Polytechnics network within 8 hours of packets
captured.
V. CONCLUSION
www.ijafrc.org

Analysis of the result of the paper makes it crystal clear the rate at which User Datagram Protocol (UDP)
floods the Polytechnic network which may cause congestion and data loss. This phenomenon makes it
impossible to realize Quality of Service (QoS) on the Local Area Network.
The accumulation of User Datagram Protocol (UDP) and Ethernet broadcast and multicast traffic from
each device in the network floods the entire network. In some cases, the circulation of broadcast
radiation can saturate the network so that there is no bandwidth left for application data.
New network connections cannot be established, and existing connections may be dropped. Bandwidth
utilization and access to network resources are impaired as a result of the excessive broadcast storm
radiation on the Local Area Network.
VI. RECOMMENDATION
To alleviate the deteriorating effects of broadcast storm traversing over the Polytechnic network and to
boost internet and other IP services accessibility. The following should be considered:
Broadcast storm radiation should be controlled on the Polytechnics network
The Polytechnics Local Area Network should be segmented to control the broadcast storm
radiation.
The network Administrator for the institution should be trained periodically to be abreast with
the current technological trend.
VII. FUTURE WORK
The future work on this thesis will involve setting up effective transmission processes that can help to
reduce broadcast impedance on an institutional network and also to reduce congestion on an
institutional network based on an available network resources such as bandwidth.
VIII. REFERENCES
[1]
Odom, W. (2013). Cisco CCNA: Routing and Switching ICND2 200-101. Pearson Education.
[2]
Press, C. CCNA Academy Curriculum Course Booklet: Network Fundamentals, Version 3.0.
Pearson Education India, 2007.
[3]
Wayne, L. LAN Switching and Wireless, CCNA Exploration Companion Guide. Pearson
Education India ,2008.
[4]
Barker, K., & Morris, S. CCNA Security 640-554 Official Cert Guide: Pearson Education,2012.
[5]
Press, C. CCNA Academy Curriculum Course Booklet: Network Fundamentals, Version 3.1.
Pearson Education India,2009.
[6]
Stewart, K., Adams, A., Reid, A., & Lorenz, J. Designing and Supporting Computer Networks, CCNA
Discovery Learning Guide: Cisco Press,2008.
[7]
Reid, A., & Lorenz, J. (2007). Networking for Home and Small Businesses, CCNA Discovery
Learning Guide: Cisco Press.
www.ijafrc.org

[8]
Johnson, A. 31 Days Before Your CCNA Exam: A day-by-day review guide for the CCNA 640-802
exam. Pearson Education,2008.
[9]
Johnson, A. 31 Days Before Your Ccna Routing and Switching Exam: A Day-by-Day Review Guide
for the Icnd2 (200-101) Certification Exam: Pearson Education,2014.
[10]
Dye, M., McDonald, R., & Rufi, A. Network Fundamentals, CCNA Exploration Companion Guide:
Cisco press,2007.
[11]
Banerjee, U., Vashishtha, A., & Saxena, M. Evaluation of the Capabilities of WireShark as a tool for
Intrusion Detection. International Journal of Computer Applications 6(7),2010.
www.ijafrc.org

Broadcast Storm Impedance On Network Performance: A Case of Koforidua Polytechnic Local Area Network

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Broadcast Storm Impedance On Network Performance: A Case of Koforidua Polytechnic Local Area Network

Uploaded by

Copyright:

Available Formats

International Journal of Advance Foundation and Research in Computer (IJAFRC)