Broadcast, unknown-unicast and multicast traffic

Last updated

Broadcast, unknown-unicast and multicast traffic (BUM traffic) [1] is network traffic transmitted using one of three methods of sending data link layer network traffic to a destination of which the sender does not know the network address. This is achieved by sending the network traffic to multiple destinations on an Ethernet network. [2] As a concept related to computer networking, it includes three types of Ethernet modes: broadcast, unicast and multicast Ethernet. BUM traffic refers to that kind of network traffic that will be forwarded to multiple destinations or that cannot be addressed to the intended destination only. [3] [4]

Contents

Overview

Broadcast traffic is used to transmit a message to any reachable destination in the network without the need to know any information about the receiving party. When broadcast traffic is received by a network switch it is replicated to all ports within the respective VLAN except the one from which the traffic comes from. [5]

Unknown-unicast traffic happens when a switch receives unicast traffic intended to be delivered to a destination that is not in its forwarding information base. In this case the switch marks the frame for flooding and sends it to all forwarding ports within the respective VLAN. Forwarding this type of traffic can create unnecessary traffic that leads to poor network performance or even a complete loss of network service. [6] This flooding of packets is known as a unicast flooding. [7] [5]

Multicast traffic allows a host to contact a subset of hosts or devices joined into a group. This causes the message to be broadcast when no group management mechanism is present. [5] Flooding BUM frames is required in transparent bridging and in a data center context this does not scale well causing poor performance.

BUM traffic control

Throttling

One issue that may arise is that some network devices cannot handle high rates of broadcast, unknown-unicast or multicast traffic. In such cases, it is possible to limit the BUM traffic for specific ports in order to have a control on the number of packets or bytes that are flooded on the VLAN to other devices. This threshold is represented in kilobits per second (kbps), and it can be set for broadcast rate, multicast rate and unknown unicast rate independently. [8] [9]

Network port security

In the case of unknown-unicast traffic, a security issue may arise. To prevent flooding unknown-unicast traffic across the switch, it is possible to configure the network equipment to divert unknown-unicast traffic to specific trunk interfaces in order to split broadcast coming from different VLANs or to use specific trunk interfaces for multiple VLANs. [10] [11]

BUM handling in VXLAN

The use of VXLAN as overlay technology allows for providing data link layer connectivity services between endpoints that may be deployed across network layer network domains. Since those endpoints are logically part of the same data link layer domain, they must be capable of sending and receiving data link layer multi-destination frames (BUM traffic). BUM traffic can be exchanged across network layer network boundaries by encapsulating it into VXLAN packets addressed to a multicast group, so to leverage the network for traffic replication services. [12] [13]

With the adoption of overlay networks as the standard deployment for multi-tenant network, data link layer over network layer protocols have been the favorite among network engineers. One of the data link layer over network layer (or Layer-2 over UDP) protocols adopted by the industry is VXLAN. Now, as with any other overlay network protocol, its scalability is tied into how well it can handle the Broadcast, Unknown unicast and Multicast (BUM). [14]

In Data Plane Learning the broadcast traffic is flooded to multicast group members. In Control Plane Learning addresses are collected and forwarded via BGP. Broadcast traffic is reduced and VXLAN tunnel endpoints (VTEPs) reply to the caller directly.

VXLAN can handle BUM in two ways: Multicast and Head End Replication.

Multicast is the most common approach, and each VXLAN network identifier (VNI) is mapped to a single multicast group, while each multicast group may map to one or more VNIs. When a VTEP comes alive it uses the Internet Group Management Protocol to join the multicast groups for the VNIs it uses. When a VTEP has to send BUM traffic it will send it only to the relevant multicast group. This is a method for VTEP discovery. [15]

Head End Replication is only available if using BGP EVPN. It is less efficient than multicast and does not scale well but it is simpler to implement if you do not have a multicast-enabled infrastructure. In Head End Replication, when BUM arrives, the VTEP creates several unicast packets and sends one to each VTEP that supports the VNI. [16]

BUM handling in EVPN

Example of BUM in PBB-EVPN in the case of Dual home device and all-active load-balancing BUM in PBB-EVPN.png
Example of BUM in PBB-EVPN in the case of Dual home device and all-active load-balancing

Ethernet VPN (EVPN) and Provider Backbone Bridging EVPN (PBB-EVPN) provide Ethernet multipoint services over MPLS networks. In EVPN operations, the Provider Edge (PE) routers automatically discover each other when connected on the same Ethernet segment and select a Designated Forwarder (DF) responsible for forwarding BUM traffic. [17]

In a VXLAN-EVPN, MAC learning occurs via the control plane instead of data plane. Furthermore, it is accepted only traffic from VTEPs whose information is learnt via the control plane, otherwise it is dropped. This presents a secure fabric where traffic will only be forwarded between VTEPs validated by the control plane. [18]

See also

Related Research Articles

<span class="mw-page-title-main">Multicast</span> Computer networking technique for transmission from one sender to multiple receivers

In computer networking, multicast is group communication where data transmission is addressed to a group of destination computers simultaneously. Multicast can be one-to-many or many-to-many distribution. Multicast should not be confused with physical layer point-to-multipoint communication.

Multiprotocol Label Switching (MPLS) is a routing technique in telecommunications networks that directs data from one node to the next based on labels rather than network addresses. Whereas network addresses identify endpoints, the labels identify established paths between endpoints. MPLS can encapsulate packets of various network protocols, hence the multiprotocol component of the name. MPLS supports a range of access technologies, including T1/E1, ATM, Frame Relay, and DSL.

A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

A multilayer switch (MLS) is a computer networking device that switches on OSI layer 2 like an ordinary network switch and provides extra functions on higher OSI layers. The MLS was invented by engineers at Digital Equipment Corporation.

<span class="mw-page-title-main">Protocol Independent Multicast</span> Multicast routing protocol

Protocol-Independent Multicast (PIM) is a family of multicast routing protocols for Internet Protocol (IP) networks that provide one-to-many and many-to-many distribution of data over a LAN, WAN or the Internet. It is termed protocol-independent because PIM does not include its own topology discovery mechanism, but instead uses routing information supplied by other routing protocols. PIM is not dependent on a specific unicast routing protocol; it can make use of any unicast routing protocol in use on the network. PIM does not build its own routing tables. PIM uses the unicast routing table for reverse-path forwarding.

Packet forwarding is the relaying of packets from one network segment to another by nodes in a computer network. The network layer in the OSI model is responsible for packet forwarding.

In computer networking, a media access control attack or MAC flooding is a technique employed to compromise the security of network switches. The attack works by forcing legitimate MAC table contents out of the switch and forcing a unicast flooding behavior potentially sending sensitive information to portions of the network where it is not normally intended to go.

Virtual Private LAN Service (VPLS) is a way to provide Ethernet-based multipoint to multipoint communication over IP or MPLS networks. It allows geographically dispersed sites to share an Ethernet broadcast domain by connecting sites through pseudowires. The term sites includes multiplicities of both servers and clients. The technologies that can be used as pseudo-wire can be Ethernet over MPLS, L2TPv3 or even GRE. There are two IETF standards-track RFCs describing VPLS establishment.

IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is the IP-specific form of multicast and is used for streaming media and other network applications. It uses specially reserved multicast address blocks in IPv4 and IPv6.

<span class="mw-page-title-main">Network bridge</span> Device that creates a larger computer network from two smaller networks

A network bridge is a computer networking device that creates a single, aggregate network from multiple communication networks or network segments. This function is called network bridging. Bridging is distinct from routing. Routing allows multiple networks to communicate independently and yet remain separate, whereas bridging connects two separate networks as if they were a single network. In the OSI model, bridging is performed in the data link layer. If one or more segments of the bridged network are wireless, the device is known as a wireless bridge.

Provider Backbone Bridge Traffic Engineering (PBB-TE) is a computer networking technology specified in IEEE 802.1Qay, an amendment to the IEEE 802.1Q standard. PBB-TE adapts Ethernet to carrier class transport networks. It is based on the layered VLAN tags and MAC-in-MAC encapsulation defined in IEEE 802.1ah, but it differs from PBB in eliminating flooding, dynamically created forwarding tables, and spanning tree protocols. Compared to PBB and its predecessors, PBB-TE behaves more predictably and its behavior can be more easily controlled by the network operator, at the expense of requiring up-front connection configuration at each bridge along a forwarding path. PBB-TE Operations, Administration, and Management (OAM) is usually based on IEEE 802.1ag. It was initially based on Nortel's Provider Backbone Transport (PBT).

A broadcast storm or broadcast radiation is the accumulation of broadcast and multicast traffic on a computer network. Extreme amounts of broadcast traffic constitute a broadcast storm. It can consume sufficient network resources so as to render the network unable to transport normal traffic. A packet that induces such a storm is occasionally nicknamed a Chernobyl packet.

A forwarding information base (FIB), also known as a forwarding table or MAC table, is most commonly used in network bridging, routing, and similar functions to find the proper output network interface controller to which the input interface should forward a packet. It is a dynamic table that maps MAC addresses to ports. It is the essential mechanism that separates network switches from Ethernet hubs. Content-addressable memory (CAM) is typically used to efficiently implement the FIB, thus it is sometimes called a CAM table.

In network routing, the control plane is the part of the router architecture that is concerned with establishing the network topology, or the information in a routing table that defines what to do with incoming packets. Control plane functions, such as participating in routing protocols, run in the architectural control element. In most cases, the routing table contains a list of destination addresses and the outgoing interface(s) associated with each. Control plane logic also can identify certain packets to be discarded, as well as preferential treatment of certain packets for which a high quality of service is defined by such mechanisms as differentiated services.

IEEE 802.1aq is an amendment to the IEEE 802.1Q networking standard which adds support for Shortest Path Bridging (SPB). This technology is intended to simplify the creation and configuration of Ethernet networks while enabling multipath routing.

TRILL is an Internet Standard implemented by devices called TRILL switches. TRILL combines techniques from bridging and routing, and is the application of link-state routing to the VLAN-aware customer-bridging problem. Routing bridges (RBridges) are compatible with and can incrementally replace previous IEEE 802.1 customer bridges. TRILL Switches are also compatible with IPv4 and IPv6, routers and end systems. They are invisible to current IP routers, and like conventional routers, RBridges terminate the broadcast, unknown-unicast and multicast traffic of DIX Ethernet and the frames of IEEE 802.2 LLC including the bridge protocol data units of the Spanning Tree Protocol.

In computer networking, a unicast flood is when a switch receives a unicast frame from an unknown sender and treats it as a broadcast frame, flooding the frame to all other ports on the switch.

Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs).

<span class="mw-page-title-main">Multicast routing</span> Computer networking protocol for forwarding transmissions from one sender to multiple receivers

Multicast routing is one of the routing protocols in IP networking.

References

  1. "Network Dictionary – BUM" . Retrieved 8 September 2018.
  2. Sosa, Elver Sena (2016). VCP6-NV Official Cert Guide (Exam #2V0-641): VCPNV Offi Cer Gui ePub_1. VMWare Press. ISBN   9780134133720 . Retrieved 8 September 2018.
  3. Deploying ACI: The complete guide to planning, configuring, and managing Application Centric Infrastructure, Frank Dagenhardt, Jose Moreno and Bill Dufresne, 12 feb 2018 by Cisco Press
  4. IP Multicast, Volume I: Cisco IP Multicast Networking by Josh Loveless, Ray Blair and Arvind Durai, 12 Oct 2016 by Cisco Press. Part of the Networking Technology series
  5. 1 2 3 "Unicast, Broadcast, and Multicast". erg.abdn.ac.uk. Retrieved 8 September 2018.
  6. Jansen, David; Krattiger, Lukas; Kapadia, Shyam (2017). Building Data Centers with VXLAN BGP EVPN: A Cisco NX-OS Perspective. Cisco Press. ISBN   9780134514925.
  7. Juniper Networks TechLibrary Security Feature Guide
  8. Limiting Broadcast, Multicast, and Unknown Unicast Traffic (BUM)
  9. Skaljo, E.; Hadziahmetovic, N.; Akyel, C. (2010). "Impact of broadcast, multicast and unknown unicast at low speed DSL connections based at SHDSL". Proceedings ELMAR-2010: 187–190. Retrieved 8 September 2018.
  10. Rate limiting unknown unicast forwarding
  11. Reynolds, Harry; Marschke, Doug (2009). JUNOS Enterprise Switching: A Practical Guide to JUNOS Switches and Certification. O'Reilly Media. ISBN   9781449379186 . Retrieved 8 September 2018.
  12. Cisco-paper:737855
  13. Goralski, Walter (2017). The Illustrated Network: How TCP/IP Works in a Modern Network. Morgan Kaufmann. ISBN   9780128110287 . Retrieved 8 September 2018.
  14. A Summary of Cisco VXLAN Control Planes: Multicast, Unicast, MP-BGP EVPN
  15. "Configure VXLAN Flood and Learn with Multicast Core". Cisco. Retrieved 8 September 2018.
  16. "Understanding BUM Frame Replication Modes". pubs.vmware.com. Retrieved 8 September 2018.
  17. Cisco-paper:731864
  18. Configuring VXLAN BGP-EVPN
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.