120 likes | 296 Views
Broadcast Storm. Disaster to Industrial Ethernet Networking Root Causes and Solutions. Preface. Index.
E N D
Broadcast Storm Disaster to Industrial Ethernet Networking Root Causes and Solutions
Preface Index With Ethernet growing popular as an Industrial application protocol, more and more users suffer from broadcast storm especially when a redundant ring technology is used in their networks. Broadcast storm, which overwhelms the network and damages the whole system, is considered as one of the most serious problems in Ethernet networking. This whitepaper reveals the root cause of broadcast storm, and presents how to get free from broadcast storm by korenix’s comprehensive solution: Prevention, Resilience, and Protection. 1. The Root Cause 2. The Result: Worse Than You Think 3. Is Your Redundant Ring Safe? 4. When Broadcast Storm Happens to Redundant Ring 5. Mitigating Broadcast Storm • 6. Korenix Comprehensive Solution • a) Prevention within a Ring • b) Resilience to RM failure • c) Protection beyond a Ring 7. Summary 2
Root Cause: Loop Topology Ethernet Switching Principle Ann Bob • Ethernet switch learns how to forward Unicast (1-to-1) packet according to the destination address of the packet. • Managed switch learns how to forward Multicast (1-to-many) packets on demand by the management features. • Broadcast(1-to-all) packets are flooded everywhere. Eve B B B C M D B A B M B Cat Dan Looping Broadcast Causes Storm B • Broadcast packets are transmitted everywhere. If a network has a loop topology, a broadcast packet goes through the loop again and again. • Endless looping broadcastpackets consume all the bandwidth,overwhelming the network in an instance. 3
Result: Worse Than You Think Not only Broadcast Packets Cause Storm Ann Bob • Unknown Unicastand UnknownMulticastare packets that switches have not learned how to forward them yet. These packets are handled as in the same way as broadcast which may result in storm as well. ? ? ? ? ? Eve • Multicast is commonly used in Industrial protocols such as Ethernet/IP, ProfitNet RT, IEEE 1588, IEC6850-3 GOOSE, video streaming, and so on. Cat Dan Crash The Whole System Three rings in a LAN share the same broadcast domain L2 • Broadcast packets are flooded everywhere, thus a storm will radiate from the origin to the whole network. • Broadcast is received by all network devices. Endless broadcast traffic created by a stormoverwhelms every node inthe system. Broadcast Storm • Industrial Ethernet packet sizes are typically small. A 100Mbps fast Ethernet device might possibly receive more than 100,000 packets within one second when broadcast storm occurs.
Is Your Redundant Ring Safe? Redundant Ring in Danger • Redundant ring technologies are widely used in today’s industrial Ethernet networks. However, they are essentially exposed to the risk of broadcast storm because of their loop topology by nature. • The technology relies on one and only one switch assigned as Ring Manager (RM) to monitor the completeness of the ring • If the ring is complete, RM blocks one of its path • The blocked path works for redundancy.It also cuts off the loop to prevent broadcast storm • Improper design, configuration or operation may result in broadcast storm. R B 5
When Broadcast Storm Happens To Redundant Ring Loop ! Loop ! Loop ! R R R • Link Restoration fixes a Broken ring (Loop!) • At the moment any broadcast leads to a storm • RM cannot detect the loop and cannot block its path because of the storm Broken 1. Link Restoration 2. Network Restart 3. RM Malfunction • Devices’ boot time varies • Before RM starts to function, topology loop and broadcast storm will occur • RM cannot detect the loop and cannot block its path because of the storm • RM is the only manager of the ring • An occasional malfunction, system halt or unexpected problem may lead to a loop and broadcast storm 6
LAN2 LAN3 LAN1 Mitigating Broadcast Storm 1. Rate Limit 2. Dividing the Broadcast Domain • Rate limiting constrains broadcast traffic at a specified level and drops broadcast packets (either good or bad) once the level is exceeded, thus preventing further network outages. • One LAN refers to one single broadcast domain. Dividing a single network into smaller LANs by layer 3 switches protects one another from storm attacks. This, however, is a costly solution to the problem. 100% L3 10% • Mitigating is not the solution to root cause. It reduces the problem, but it does not stop the storm. Duplicated broadcast packets still disturb the system’s normal operation.
Korenix’s Comprehensive Solution 1. Prevention within a Ring • Compared to other redundant ring technologies, korenix patented Seamless Restoration solves the two root causes, link restoration and network restart, by preventing the network from having loop topology at the first moment when a link is restored to a ring. • Broadcast storm • due to loop topology when a link restoration occurs or a network is restarted • Packet loss • Topology change • during link restoration or network restart • Seamless Restoration • No broadcast storm • No packet loss • No topology change
Korenix’s Comprehensive Solution 2. Resilience to RM Failure • Korenix patented RM Redundancy technology is designed to solve the single critical point problem of RM. • When the RM fails or stops sending control packets, a backup RM is activated, which operates automatically without any manual configuration. • It is not primary/secondary but fully redundant. Any number of RM failures/malfunctions can be recovered instantly. • The ring is always under control to prevent broadcast storm. R R R R R R R R
K Korenix’s Comprehensive Solution 3. Protection beyond the Ring • With korenix patented Loop Protection (pending) enabled, a switch becomes a Protector and starts to detect if there is any loop in the network. The connection between the protector and the loop will be disabled if a loop is found. It can: • provide a double insurance on a ring in addition to RM redundancy • protect different parts of a LAN from each other by a korenix layer 2 switch instead of a costly layer 3 switch • add korenix ring to pre-existing third party network and protect the ring from broadcast storm P P Broadcast Storm Rings in a LAN share the same broadcast domain L2 P Broadcast Storm
Summary A broadcast storm occurs to industrial Ethernet networks, and more typically in those, which offer a ring for network redundancy. A ring is exposed to the risk because of its loop topology which is the root cause of broadcast storm. Traditional treatment can only mitigate the problem by rate limit or dividing broadcast domain through layer 3 switches. However, either ways does not aim at the root causes and cannot stop the system being affected. By offering comprehensive solutions that include prevention, resilience and protection, Korenix makes a contribution to the industrial Ethernet world by enabling users to have a reliable network free from broadcast storm. Email sales@korenix.com Web www.korenix.com Phone +886-2-8911-1000 Fax +886-2-2912-3328 Address F2, No. 188, Pao-Chiao Rd. Shing-Tien City, Taipei 23145, Taiwan