Here is the quick explanation
Imagine that you formed a circle with a group of friends and you received just one instruction, "every time you hear a message pass it on". The instructor starts the game by revealing the message to one person in the circle. That person tells the next person and so on. The problem is that in a circle there is no end and so you and your friends will be stuck in an endless loop repeating the same message to each other.
That's the essence of a broadcast storm. The same packets are continually transmitted at high speed and every time a new broadcast is generated it joins the loop until eventually the network is overwhelmed.
Essential Background - Switches and Spanning Tree
The Ethernet protocol, used as standard in today's Local Area Networks was not designed to operate in a redundant configuration. When multiple links exist to the same destination the protocol tends to endlessly forward packets between devices causing a loop and overwhelming the hardware. For this reason, a protocol call Spanning Tree was invented. Spanning tree (IEEE standards 802.1d, 802.1w or 802.1s) enables network designers to build in redundant links without creating Ethernet loops. Spanning tree achieves this by logically blocking one of the redundant paths thereby breaking the loop. Should the primary path fail, spanning tree will re-enable the previously blocked link in order to provide connectivity.
Figure 1. Spanning tree blocks one link to prevent loops
Figure 2. Without a physical loop between devices storms cannot occur
Essential Background - Ethernet and IP
When another computer's IP address is accessed on an Ethernet network requests are translated from IP which is a logical address, to an Ethernet MAC address which is a physical address. It is this physical address that is located by Ethernet switches in a LAN for the delivery of the data. For this reason switches must learn the precise physical location of every MAC address in the LAN.
But there are a number of situations where MAC addresses are not known and therefore data has to be broadcast to every device in order to find the recipient. Those situations include:
- The first time a machine is accessed - this is known as an Unknown unicast packets.
- When all devices are the intended recipients - this is known as a broadcast packet.
Both of these situations are legitimate and are not normally a problem. However, under certain conditions each of these types of packets can be caught in an endless loop that may eventually overwhelm and bring down the network.
Causes of a Broadcast Storm
It is the combination of a logical Ethernet Loop (the absence of a Spanning Tree blocked port) and the requirement for Ethernet to broadcast packets that causes storms. The causes of an Ethernet loop are usually associated with spanning tree either being switched off or prevented from operating correctly by filtering BPDUs ( Cisco's BPDU filter is one such command).
Figure 3. When all devices are connected and links are not logically blocked (because spanning tree is disabled or filtered) Broadcast Storms occur.