SPARCstation 2 with a standard built-in Ethernet card. As indicated by the results shown, an IP workstation can be effectively shut down by broadcasts flooding the network. Although extreme, broadcast peaks of thousands of broadcasts per second have been observed during broadcast storms. Testing in a controlled environment with a range of broadcasts and multicasts on the network shows measurable system degradation with as few as 100 broadcasts or multicasts per second. Most often, the host does not benefit from processing the broadcast, as it is not the destination being sought. The host does not care about the service that is being advertised, or it already knows about the service. High levels of broadcast radiation can noticeably degrade host performance. The three sources of broadcasts and multicasts in IP networks are workstations, routers, and multicast applications. Workstations broadcast an Address Resolution Protocol (ARP) request every time they need to locate a MAC address that is not in the ARP table. Although the numbers in Figure might appear low, they represent an average, well-designed IP network. When broadcast and multicast traffic peak due to storm behavior, peak CPU loss can be orders of magnitude greater than average. Broadcast storms can be caused by a device requesting information from a network that has grown too large. So many responses are sent to the original request that the device cannot process them, or the first request triggers similar requests from other devices that effectively block normal traffic flow on the network. As an example, the command telnet mumble.com translates into an IP address through a Domain Name System (DNS) search. To locate the corresponding MAC address an ARP request is broadcast. Generally, IP workstations cache 10 to 100 addresses in their ARP tables for about two hours. The ARP rate for a typical workstation might be about 50 addresses every two hours or 0.007 ARPs per second. Thus, 2000 IP end stations produce about 14 ARPs per second. The routing protocols that are configured on a network can increase broadcast traffic significantly. Some administrators configure all workstations to run Routing Information Protocol (RIP) as a redundancy and reachability policy. Every 30 seconds, RIPv1 uses broadcasts to retransmit the entire RIP routing table to other RIP routers. If 2000 workstations were configured to run RIP and, on average, 50 packets were required to transmit the routing table, the workstations would generate 3333 broadcasts per second. Most network administrators only configure a small number of routers, usually five to ten, to run RIP. For a routing table that has a size of 50 packets, 10 RIP routers would generate about 16 broadcasts per second. IP multicast applications can adversely affect the performance of large, scaled, switched networks. Although multicasting is an efficient way to send a stream of multimedia data to many users on a shared-media hub, it affects every user on a flat switched network. A particular packet video application can generate a seven megabyte (MB) stream of multicast data that, in a switched network, would be sent to every segment, resulting in severe congestion.

Content 8.2 Collision Domains and Broadcast Domains 8.2.5 Broadcast domains A broadcast domain is a grouping of collision domains that are connected by Layer 2 devices. Breaking up a LAN into multiple collision domains increases the opportunity for each host in the network to gain access to the media. This effectively reduces the chance of collisions and increases available bandwidth for every host. But broadcasts are forwarded by Layer 2 devices and if excessive, can reduce the efficiency of the entire LAN. Broadcasts have to be controlled at Layer 3, as Layer 2 and Layer 1 devices have no way of controlling them. The total size of a broadcast domain can be identified by looking at all of the collision domains that the same broadcast frame is processed by. In other words, all the nodes that are a part of that network segment bounded by a layer three device. Broadcast domains are controlled at Layer 3 because routers do not forward broadcasts. Routers actually work at Layers 1, 2, and 3. They, like all Layer 1 devices, have a physical connection to, and transmit data onto, the media. They have a Layer 2 encapsulation on all interfaces and perform just like any other Layer 2 device. It is Layer 3 that allows the router to segment broadcast domains. In order for a packet to be forwarded through a router it must have already been processed by a Layer 2 device and the frame information stripped off. Layer 3 forwarding is based on the destination IP address and not the MAC address. For a packet to be forwarded it must contain an IP address that is outside of the range of addresses assigned to the LAN and the router must have a destination to send the specific packet to in its routing table.
Web Links How LAN Switches Work http://www.howstuffworks.com/ lan-switch3.htm

Content 8.2 Collision Domains and Broadcast Domains 8.2.6 Introduction to data flow Data flow in the context of collision and broadcast domains focuses on how data frames propagate through a network. It refers to the movement of data through Layer 1, 2 and 3 devices and how data must be encapsulated to effectively make that journey. Remember that data is encapsulated at the network layer with an IP source and destination address, and at the data-link layer with a MAC source and destination address. A good rule to follow is that a Layer 1 device always forwards the frame, while a Layer 2 device wants to forward the frame. In other words, a Layer 2 device will forward the frame unless something prevents it from doing so. A Layer 3 device will not forward the frame unless it has to. Using this rule will help identify how data flows through a network. Layer 1 devices do no filtering, so everything that is received is passed on to the next segment. The frame is simply regenerated and retimed and thus returned to its original transmission quality. Any segments connected by Layer 1 devices are part of the same domain, both collision and broadcast. Layer 2 devices filter data frames based on the destination MAC address. A frame is forwarded if it is going to an unknown destination outside the collision domain. The frame will also be forwarded if it is a broadcast, multicast, or a unicast going outside of the local collision domain. The only time that a frame is not forwarded is when the Layer 2 device finds that the sending host and the receiving host are in the same collision domain. A Layer 2 device, such as a bridge, creates multiple collision domains but maintains only one broadcast domain. Layer 3 devices filter data packets based on IP destination address. The only way that a packet will be forwarded is if its destination IP address is outside of the broadcast domain and the router has an identified location to send the packet. A Layer 3 device creates multiple collision and broadcast domains. Data flow through a routed IP based network, involves data moving across traffic management devices at Layers 1, 2, and 3 of the OSI model. Layer 1 is used for transmission across the physical media, Layer 2 for collision domain management, and Layer 3 for broadcast domain management.

Content 8.2 Collision Domains and Broadcast Domains 8.2.7 What is a network segment? As with many terms and acronyms, segment has multiple meanings. The dictionary definition of the term is as follows:

A separate piece of something
One of the parts into which an entity, or quantity is divided or marked off by or as if by natural boundaries

In the context of data communication, the following definitions are used:

Section of a network that is bounded by bridges, routers, or switches.
In a LAN using a bus topology, a segment is a continuous electrical circuit that is often connected to other such segments with repeaters.
Term used in the TCP specification to describe a single transport layer unit of