The Ethernet protocol, used as standard in today's Local Area Networks was not designed to operate in a redundant configuration. When multiple links exist to the same destination the protocol tends to endlessly forward packets between devices causing a loop and overwhelming the hardware. For this reason, a protocol call Spanning Tree was invented. Spanning tree (IEEE standards 802.1d, 802.1w or 802.1s) enables network designers to build in redundant links without creating Ethernet loops. Spanning tree achieves this by logically blocking one of the redundant paths thereby breaking the loop. Should the primary path fail, spanning tree will re-enable the previously blocked link in order to provide connectivity.
Figure 1. Spanning tree blocks one link to prevent loops
Figure 2. Without a physical loop between devices storms cannot occur
When another computer's IP address is accessed on an Ethernet network requests are translated from IP which is a logical address, to an Ethernet MAC address which is a physical address. It is this physical address that is located by Ethernet switches in a LAN for the delivery of the data. For this reason switches must learn the precise physical location of every MAC address in the LAN.
But there are a number of situations where MAC addresses are not known and therefore data has to be broadcast to every device in order to find the recipient. Those situations include:
- The first time a machine is accessed - this is known as an Unknown unicast packets.
- When all devices are the intended recipients - this is known as a broadcast packet.
Both of these situations are legitimate and are not normally a problem. However, under certain conditions each of these types of packets can be caught in an endless loop that may eventually overwhelm and bring down the network.
It is the combination of a logical Ethernet Loop (the absence of a Spanning Tree blocked port) and the requirement for Ethernet to broadcast packets that causes storms. The causes of an Ethernet loop are usually associated with spanning tree either being switched off or prevented from operating correctly by filtering BPDUs ( Cisco's BPDU filter is one such command).
Figure 3. When all devices are connected and links are not logically blocked (because spanning tree is disabled or filtered) Broadcast Storms occur.