Hi,
I would like to understand.
If I have a X.0.0.0/8 network mask and a station send a packet to the broadcast X.255.255.255, the IP Protocol will send the Packets to all the
16581375 ip address in the network, even if the switch or the router arp table will only contained 100 resolved ip address?How can I evaluate the broadcast load over a subnet like the ARP Broadcast, DHCP Broadcast or Virus Broadcast (the most important hihihihi).
Best Regards
Martin
While the arp would go to the address you have said above, a layer 3 arp would have to match the same network address on the router itself, else it will not be propagated. In other words, if that node broadcasts to 10.255.255.255, but the router had the network as a
10.0.0.0 255.255.255.0, then the arp wouldn't go anywhere.Presuming the router has a matching subnet mask and address range, then yes it will forward to that many addresses (presuming they are up), but this is unrealistic unless you have a flat network with that many addresses. An arp is only as big as the owning router's local subnet, since it will not jump vlans or into other virtual/physical interfaces. Also, an arp only goes out physical/virtual interfaces in that same network, so unless you had that many switchports, the question is also limited beyond your hypothetical situation.
Broadcasts are not sent to individual addresses. One packet is sent to the LAN's link-level broadcast address; on Ethernet this is ff:ff:ff:ff:ff:ff. NICs automatically recognize this address and receive the packet as if it were addressed to them.
Use a sniffer and filter for broadcast packets.
There are three different types of broadcasts, Layer 2 broadcasts, and two types of layer 3 broadcasts and ARP broadcasts are layer 2. Layer 3 broadcasts are subnet broadcasts, an IP packet sent to 255.255.255.255 (and is sent as layer 2 broadcast as well) is ONLY propagated on the local subnet. The other type of Layer 3 broadcast is called a "directed broadcast" which is sent to a specific subnet. A directed broadcast will be sent with a layer 2 address of the default gateway, and it will be routed just like any other packet until it gets to the router that has a directly connected interface on that subnet. The router that receives a directed broadcast will only send it out the directly connected interface if A) the directly configured interface is configured to allow directed broadcasts with an "ip directed-broadcast" command on that interface and B) the interfaces subnet (as calculated by the interfaces IP address and subnet mask) is an exact match. If both of these conditions are met, then the packet is sent out the interface as a layer 2 broadcast.
In your example if you have an interface with an IP address of 10.0.0.1/8 and it receives a directed broadcast to 10.255.255.255, then it will send the packet out that interface with a layer 2 destination address of ff:ff:ff:ff:ff:ff. Only one packet is sent, not 16 million. Now if the router has an interface with an IP address of 10.0.0.1/24 and receives a directed broadcast to 10.255.255.255, it would either route the packet to the next hop router if a 10.0.0.0/8 (or a default route) routing table entry exists or drop the packet because it doesn't have a route.
To see how much broadcast traffic is being sent on an interface use the "show interface" command, which will show you how many unicast and broadcast packets have been sent.
I think you also need to do some research on Layer 2 and Layer 3 addressing. In today's IP world, layer 2 addressing and how it works in conjunction with Layer 3 protocols such as IP is not well known.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.