broadcast, unknown-unicast and multicast traffic
{{short description|Computer networking concept}}
{{Network science}}
Broadcast, unknown-unicast and multicast traffic (BUM traffic){{cite web |title=Network Dictionary – BUM |url=https://etherealmind.com/network-dictionary-bum/ |accessdate=8 September 2018}} is network traffic transmitted using one of three methods of sending data link layer network traffic to a destination of which the sender does not know the network address. This is achieved by sending the network traffic to multiple destinations on an Ethernet network.{{cite book |last1=Sosa |first1=Elver Sena |title=VCP6-NV Official Cert Guide (Exam #2V0-641): VCPNV Offi Cer Gui ePub_1 |date=2016 |publisher=VMWare Press |isbn=9780134133720 |url=https://books.google.com/books?id=iv3UDAAAQBAJ&q=bum+ethernet&pg=PT280 |accessdate=8 September 2018 |language=en}} As a concept related to computer networking, it includes three types of Ethernet modes: broadcast, unicast and multicast Ethernet. BUM traffic refers to that kind of network traffic that will be forwarded to multiple destinations or that cannot be addressed to the intended destination only.Deploying ACI: The complete guide to planning, configuring, and managing Application Centric Infrastructure, Frank Dagenhardt, Jose Moreno and Bill Dufresne, 12 feb 2018 by Cisco PressIP Multicast, Volume I: Cisco IP Multicast Networking by Josh Loveless, Ray Blair and Arvind Durai, 12 Oct 2016 by Cisco Press. Part of the Networking Technology series
Overview
{{gallery |title=BUM scenarios |width=250
|File:GIF Broadcast traffic.gif|Example of Broadcast traffic
|File:GIF Unknown unicast traffic.gif|Example of Unknown unicast traffic where A is the source and B is the unknown destination
|File:GIF Multicast traffic.gif|Example of Multicast traffic to five destinations
}}
Broadcast traffic is used to transmit a message to any reachable destination in the network without the need to know any information about the receiving party. When broadcast traffic is received by a network switch it is replicated to all ports within the respective VLAN except the one from which the traffic comes from.{{cite web |title=Unicast, Broadcast, and Multicast |url=https://erg.abdn.ac.uk/users/gorry/course/intro-pages/uni-b-mcast.html |website=erg.abdn.ac.uk |accessdate=8 September 2018}}
Unknown-unicast traffic happens when a switch receives unicast traffic intended to be delivered to a destination that is not in its forwarding information base. In this case the switch marks the frame for flooding and sends it to all forwarding ports within the respective VLAN. Forwarding this type of traffic can create unnecessary traffic that leads to poor network performance or even a complete loss of network service.{{cite book |last1=Jansen |first1=David |last2=Krattiger |first2=Lukas |last3=Kapadia |first3=Shyam |title=Building Data Centers with VXLAN BGP EVPN: A Cisco NX-OS Perspective |date=2017 |publisher=Cisco Press |isbn=9780134514925 |url=https://books.google.com/books?id=D_KaDgAAQBAJ&q=bum+ethernet&pg=PT78 |language=en}} This flooding of packets is known as a unicast flooding.[https://www.juniper.net/documentation/en_US/junos/topics/concept/rate-limiting-unknown-unicast-forwarding-understanding.html Juniper Networks TechLibrary Security Feature Guide]
Multicast traffic allows a host to contact a subset of hosts or devices joined into a group. This causes the message to be broadcast when no group management mechanism is present. Flooding BUM frames is required in transparent bridging and in a data center context this does not scale well causing poor performance.
BUM traffic control
= Throttling =
One issue that may arise is that some network devices cannot handle high rates of broadcast, unknown-unicast or multicast traffic. In such cases, it is possible to limit the BUM traffic for specific ports in order to have a control on the number of packets or bytes that are flooded on the VLAN to other devices. This threshold is represented in kilobits per second (kbps), and it can be set for broadcast rate, multicast rate and unknown unicast rate independently.[http://www.netadmin.us/docs/BUM_Traffic_Limiting.pdf Limiting Broadcast, Multicast, and Unknown Unicast Traffic (BUM)]{{cite journal |last1=Skaljo |first1=E. |last2=Hadziahmetovic |first2=N. |last3=Akyel |first3=C. |title=Impact of broadcast, multicast and unknown unicast at low speed DSL connections based at SHDSL |url=https://ieeexplore.ieee.org/document/5606112 |website=Proceedings ELMAR-2010 |accessdate=8 September 2018 |pages=187–190 |date=2010}}
= Network port security =
In the case of unknown-unicast traffic, a security issue may arise. To prevent flooding unknown-unicast traffic across the switch, it is possible to configure the network equipment to divert unknown-unicast traffic to specific trunk interfaces in order to split broadcast coming from different VLANs or to use specific trunk interfaces for multiple VLANs.[https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/rate-limiting-unknown-unicast-forwarding-cli.html Rate limiting unknown unicast forwarding]{{cite book |last1=Reynolds |first1=Harry |last2=Marschke |first2=Doug |title=JUNOS Enterprise Switching: A Practical Guide to JUNOS Switches and Certification |date=2009 |publisher=O'Reilly Media |isbn=9781449379186 |url=https://books.google.com/books?id=PWVJUuLvw3oC&q=bum&pg=PA267 |accessdate=8 September 2018 |language=en}}
BUM handling in VXLAN
{{expandsection|date=August 2019}}
The use of VXLAN as overlay technology allows for providing data link layer connectivity services between endpoints that may be deployed across network layer network domains. Since those endpoints are logically part of the same data link layer domain, they must be capable of sending and receiving data link layer multi-destination frames (BUM traffic). BUM traffic can be exchanged across network layer network boundaries by encapsulating it into VXLAN packets addressed to a multicast group, so to leverage the network for traffic replication services.[https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737855.html Cisco-paper:737855]{{cite book |last1=Goralski |first1=Walter |title=The Illustrated Network: How TCP/IP Works in a Modern Network |date=2017 |publisher=Morgan Kaufmann |isbn=9780128110287 |url=https://books.google.com/books?id=0IzfDQAAQBAJ&q=bum+ethernet&pg=PA538 |accessdate=8 September 2018 |language=en}}
{{quote|1=With the adoption of overlay networks as the standard deployment for multi-tenant network, data link layer over network layer protocols have been the favorite among network engineers. One of the data link layer over network layer (or Layer-2 over UDP) protocols adopted by the industry is VXLAN. Now, as with any other overlay network protocol, its scalability is tied into how well it can handle the Broadcast, Unknown unicast and Multicast (BUM).[https://blogs.cisco.com/perspectives/a-summary-of-cisco-vxlan-control-planes-multicast-unicast-mp-bgp-evpn-2 A Summary of Cisco VXLAN Control Planes: Multicast, Unicast, MP-BGP EVPN]}}
In Data Plane Learning the broadcast traffic is flooded to multicast group members. In Control Plane Learning addresses are collected and forwarded via BGP. Broadcast traffic is reduced and VXLAN tunnel endpoints (VTEPs) reply to the caller directly.
VXLAN can handle BUM in two ways: Multicast and Head End Replication.
Multicast is the most common approach, and each VXLAN network identifier (VNI) is mapped to a single multicast group, while each multicast group may map to one or more VNIs. When a VTEP comes alive it uses the Internet Group Management Protocol to join the multicast groups for the VNIs it uses. When a VTEP has to send BUM traffic it will send it only to the relevant multicast group. This is a method for VTEP discovery.{{cite web |title=Configure VXLAN Flood and Learn with Multicast Core |url=https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/200262-Configure-VxLAN-Flood-And-Learn-Using-Mu.html |website=Cisco |accessdate=8 September 2018 |language=en}}
Head End Replication is only available if using BGP EVPN. It is less efficient than multicast and does not scale well but it is simpler to implement if you do not have a multicast-enabled infrastructure. In Head End Replication, when BUM arrives, the VTEP creates several unicast packets and sends one to each VTEP that supports the VNI.{{cite web |title=Understanding BUM Frame Replication Modes |url=https://pubs.vmware.com/nsxt-11/topic/com.vmware.nsxt.admin.doc/GUID-C3BCEE09-B361-41C0-8FA3-46412D08BCF8.html |website=pubs.vmware.com |accessdate=8 September 2018 |language=en}}
BUM handling in EVPN
File:BUM in PBB-EVPN.png and all-active load-balancing]]
Ethernet VPN (EVPN) and Provider Backbone Bridging EVPN (PBB-EVPN) provide Ethernet multipoint services over MPLS networks. In EVPN operations, the Provider Edge (PE) routers automatically discover each other when connected on the same Ethernet segment and select a Designated Forwarder (DF) responsible for forwarding BUM traffic.[https://www.cisco.com/c/en/us/products/collateral/routers/asr-9000-series-aggregation-services-routers/whitepaper_c11-731864.html Cisco-paper:731864]
In a VXLAN-EVPN, MAC learning occurs via the control plane instead of data plane. Furthermore, it is accepted only traffic from VTEPs whose information is learnt via the control plane, otherwise it is dropped. This presents a secure fabric where traffic will only be forwarded between VTEPs validated by the control plane.[https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/vxlan/configuration/guide/b_NX-OS_VXLAN_Configuration_Guide/configuring-vxlan-bgp-evpn.pdf Configuring VXLAN BGP-EVPN]
{{-}}