Flooding

Author Yana

Date 08/12/2024

This article covers the definition of network flooding, its advantages and disadvantages, its differences from broadcasting, and strategies for managing its impact.

What is Floodng?

The definition of flooding is that a network device sends data received from a certain port out of all ports of the device except the current port. The switch compares the destination MAC address in the data frame with the established MAC address table, and decides which port to forward the data to. If the destination address is not in the MAC address table, the data will be forwarded to all ports. In the OSFP protocol, flooding is used to transmit LSA (it is for topology updates). For example, in VXLAN technology, the flooding mode is also used for address learning, the purpose of which is to learn the correspondence between VTEP and MAC. In many cases, flooding is benign and has no impact on the network. Flooding is also a very common network phenomenon in data centers.

Advantages of Flooding

The configuration of flooding does not require learning routing protocols, and the implementation is very simple. Since the message will be sent to all ports, even if some nodes in the network are down, the data packet can still reach the destination address through other paths.

Disadvantages of Flooding

Flooding messages will occupy too much network bandwidth. Although there may be only one destination address, every host will receive the flooding message. If the TTL or hop count is not set for the data packets, these data packets may be forwarded in a loop forever, causing the network load to be too high. As a result, the service processing speed of the device is greatly affected or even interrupted.

Many network attack methods also use the flooding feature to achieve. For example, the common UDP flood attack. Hackers will send a large number of UDP packets to the server, and the server will send a large number of replies after receiving them. ARP message flooding attack is similar to the former, in that malicious users also send a large number of ARP messages, causing the ARP table of the Layer 3 device to overflow, affecting the forwarding of normal users. But just like a knife, flooding is a handy tool when used correctly, but incorrect use can lead to serious consequences.

How Can We Deal with Flooding?

If you want to solve the problem of duplicate information and excessive bandwidth usage, you can use TTL settings and hop count settings to limit it. You can also use selective flooding to only forward data to some devices to reduce the impact. If a full three-layer network is used for forwarding interconnection between devices, no broadcast domain will be generated between the devices, which can greatly suppress the impact of flooding.

To against flood attacks, the best method is still to add a dedicated firewall. I will not describe it in detail here.

Is Flooding and Broadcast the Same?

There are similarities between the two, but there are obvious differences. When the broadcast address (255.255.255.255) is the destination address, the data packet will be sent to all other devices in the LAN. This is an active sending behavior and belongs to the layer-3. Flooding is when the destination MAC address is not in the address table, except for the port that sends data, the data packet will be sent out from all ports. Flooding is a passive behavior and belongs to the layer-2.