Brodcast Issue in LAN

Jul 30th, 2008



we are having multiple VLANs in our infrastructure. for all the VLANs except 1 vlan when we ping the brodcast IP of that vlan pool, we get a reply from the gateway ip of the VLAN. But only for 1 vlan we are getting very wierd behaviour. for this VLAN we get a reply from some random machines from the LAN. We are unable to trace this issue as why any machines in LAN are replying when we ping brodcast IP of that LAN. Can any 1 please suggest possible cause ... Thanks in advance.

Richard Burts Thu, 07/31/2008 - 03:55


To really provide a correct answer we would need more information about your situation. But from what you have described I would say that the most common explanation would be that the machine that is generating the ping request to the broadcast address is in the same VLAN as the machines that are responding to the broadcast ping.



yogeshkelkar Fri, 08/01/2008 - 07:16



Many thanks for the reply. Yes you r right the machines which are replying are in the same VLAN of the brodcast IP. But this is happening only for one vlan not for others even though configurations are same. Anyways its not affecting the network. But I am unable to trace as why this is happening.

Richard Burts Fri, 08/01/2008 - 08:40


If I knew more about the topology of your network I could probably phrase my explanation better (for example I am not clear whether we are talking about using a router or a layer 3 switch as the gateway device). But I will attempt an answer and hope that it will make sense to you.

First I would like to be clear about some terminology. A ping to the broadcast address is known as a directed broadcast (especially when it is for a remote VLAN/remote subnet).

If a device sends a directed broadcast into its own VLAN then it is sent to all the devices within the broadcast domain. All the devices in the local VLAN receive the ping to the broadcast address and at least some of them will probably respond.

If a device sends a directed broadcast to a remote VLAN/remote subnet then it will send it to its default gateway. The local gateway will forward the directed broadcast to the remote gateway. then the question becomes will the remote gateway forward the directed broadcast into its VLAN (into its broadcast domain). It has been the default for quite some time that Cisco devices will not not forward directed broadcasts into their subnets (directed broadcasts can be used in some Denial of Service attacks). In this case the remote gateway will respond to the directed broadcast but will not forward it into its VLAN.

I believe that this is the behavior that you are seeing. Ping to the broadcast of the local VLAN gets responses from multiple machines because the broadcast is local. But ping to the remote VLANs gets responses only from the gateway interface because the default is to not forward directed broadcast.

You could configure the remote gateway interface with the command ip directed-broadcast. This would enable the gateway to forward the directed broadcast and then you would get responses from multiple remote machines. (I say that you COULD do this, I do not suggest that you SHOULD do this).



yogeshkelkar Sat, 08/02/2008 - 06:13



Again thnks for suggesting the possibilities.

1 of my collegue added some network mgmt tool which was scanning our entire network with a very high frequency and also it was polling all the network devices by snmp. We observed that when we unpulgged that server our issue was resolved.

Many thanks again for providing help and replying to my query. Only for security reasons i couldnt disply the running config of my core devices. But now my network is stable...




