processing).
Broadcasts are used in each and every networking protocol. How often they occur depends upon the protocol,
the applications running on the network, and how these network services are used.
To avoid the older, chatty protocols, older applications have been rewritten to reduce their bandwidth needs
even though bandwidth availability to desktops has increased since the applications were written.
New−generation applications utilizing multimedia—such as video conferencing, Voice Over IP, Web
applications, multicast, and unicast—are bandwidth−greedy and like to consume all the bandwidth they can
find.
When your company or organization tries to keep up with technology, you’ll find that faulty equipment,
inadequate segmentation, non−switched networks, and poorly designed networks each contribute to the
problems of broadcast−intensive applications. To add insult to injury, protocol designers have found ways to
propagate application data through the switched internetwork. Not only that, but by using applications from
the Web that utilize unicast and multicast, you continue to receive constant broadcasts even between routers.
The old rule—that a router stops broadcasts dead—doesn’t work.
As an administrator, you must make sure the network is properly segmented, to keep problems on one
segment from propagating through the internetwork; you must also create ways of killing the unwanted traffic.
You can do so most effectively through a combination of switching and routing. Switches have become more
cost effective, allowing many companies to replace their flat network hubs and bridges with a pure switched
network utilizing VLANs. As mentioned earlier, all devices in a VLAN are members of the same broadcast
domain and receive all broadcasts from members of the same VLAN. The broadcasts, by default, are filtered
from all ports on a switch that are not members of the same VLAN.
Routers and switches that utilize internal route processors (such as RSMs) are used in conjunction with
Access layer switches and provide connections between network segments or VLANs. If one VLAN wants to
talk to another, the process must be routed at Layer 3. This arrangement effectively stops broadcasts from
propagating through the entire internetwork.
Security is also a benefit of VLANs and switches. A flat Layer 2 network has almost no security. Users on
every network device can see the conversations that take place between all users and devices on the network.
Using certain software, not only can they see the network conversations, the users can alter the data and send
it on to its destination; this action is referred to as a man in the middle attack. In a flat area network, you
cannot stop devices from broadcasting and other devices from trying to respond to broadcasts. Your only
security lies in the passwords assigned to your workstation or other devices on the network. Unfortunately, the
passwords can only be used on the local machine, not on data traversing the network. Let’s take a better look
at how switches improve security in the network.
Switched Internetwork Security
In the previous paragraph, I described the network security issues in a flat internetwork that is implemented by
connecting hubs and switches with routers. In this type of network, security is maintained by the router to
disallow unwanted access—but anyone connecting to the physical network can easily gain access to the
network resources on that physical LAN or network segment. An intrusion in your local network could easily
happen when a person (even a somewhat educated employee) runs certain software (like that available in
Windows NT) to analyze the network packets and obtain passwords and user information without the
knowledge of the network administrators. To make matters worse, in a flat network, the intrusion can be done
from any port—even at a user’s desk. The user does not need access to the wiring closet to see all the traffic in
that network.
By using switches and implementing VLANs, the switch takes care of making sure that data is sent directly
from the port on the switch containing the source node, and that the data only exits out the port on which the
destination node resides. The switch also makes sure that when a broadcast is received, only the ports
assigned to the VLAN that the source port is a member of receive that broadcast.
91