home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers


ON THE WIRE

Are Laws Of Entropy Affecting Your Network?

by Bill Alderson and J. Scott Haugdahl

We recently analyzed a large corporate campus network

consisting of several LAN segments interconnected by routers. Among the many problems we discovered were an abundance of broadcast traffic, this time NetWare IPX Type 20 broadcasts that were flooding all the LAN segments. Since this is the third time we've observed this phenomenon in as many weeks, we thought we'd better focus on this topic for our readers.

Scott: Hey Bill, not another broadcast problem!

Bill: That's right. In the past we've seen broadcast storms caused by ill-behaved applications or router misconfigurations. But this time, the broadcasts are caused by a fundamental flaw in the standard IPX Type 20 (the so-called "IPX WAN broadcast") broadcasting algorithms.

Scott: So a node can start by sending a single IPX Type 20 broadcast packet (see the "IPX Packet Structure" chart on the following page)ż

Bill: żand that causes a broadcast storm that floods all the segments in the network.

Scott: In a way this is similar to the theory in which a butterfly flapping its wings in Brazil triggers a sequence of seemingly random events that end up causing a tornado in Texas.

Bill: At least it would explain why our weather predictions are never accurate.

Scott: The butterfly theory and our network problem are both studies in entropy.

Bill: Entropy is defined a s "the measure of the unavailable energy in a closed thermodynamic system so related to the state of the systems that a change in the measure varies with the change in the ratio of the increment of heat taken into the absolute temperature at which it is absorbed."

Scott: Who said that, some kind of mad scientist or something?

Bill: No, Webster's!

Scott: A variant of the definition of entropy found in Webster's applies to our network: entropy; a measure of the amount of information in a message that is based on the logarithm of the number of possible equivalent messages.

Bill: The IPX broadcast problem does, in fact, increase exponentially with increased parallelism (read: redundancy) in a network, along with an increase in the number of segments.

Scott: Let's start with the butterfly: the source of the broadcasts.

Bill: The source of these packets is peer-to-peer nodes such as CD-ROM sharing systems, Windows for Workgroups, NT Workstations and NT Servers. These devices use NetBIOS on top of IPX, right out of the box.

Scott: Broadcasts are sent out periodically from these nodes to find, as well as announce, services.

Bill: The broadcasts that are IPX Type 20 are treated specially by routers that handle IPX routing in that they are broadcast on all of the possible routes and ports of every router.

Scott: Every router then broadcasts to every other router, causing a few packets that a node sends to become thousands of packets across the router.

Bill: We could see if there's a way to eliminate IPX Type 20 broadcasts emanating from our various NetBIOS broadcasting devices all over our network.

Scott: Or we could block IPX Type 20 broadcasts in the router, provided that our applications don't require NetBIOS over IPX and could perhaps get by on NetBIOS over LLC (NetBEUI) alone.

Bill: Or we co uld set up filters on our routers to disable the reception and/or forwarding of Type 20 broadcasts on a given interface, creating an "upstream/downstream" broadcasting capability so we can still reach our NetBIOS serving devices.

Scott: Or we could set up more complex filters where broadcasts are directed to a set of segments or a specific node on a segment.

Bill: Or we could configure a router to accept packets only from a single interface that is the primary route back to the source. Then, similar packets from the same source received via other networks will be dropped, creating an IPX Type 20 broadcast loop detection mechanism.

Scott: Of course, maintaining complex filters on multiple routers isn't much fun, so the best solution may be to cut them off at the pass (the routers, that is) and rearchitect our network or protocols a bit to handle NetBIOS differently, or use another protocol altogether.

Bill: That sounds good to me. What we ended up doing at our most recent site was filter the Type 20 broadcasts at the router.

Scott: Fortunately our customer could continue operating its NetBIOS applications using the NetBEUI flavor of NetBIOS.

Bill: On the other hand, if you still need NetBIOS over IPX, then you should consider controlling these broadcasts at the router. Check with your favorite router vendor to determine the best method of handling Type 20 broadcast suppression.

Scott: Especially in those networks designed with many highly redundant and parallel routes.

Bill: Whatever the solution, it sure beats watching those tornadoes appear all over your network!

Bill and Scott are principals of Pine Mountain Group. They can be reached at otw@pmg.com. Portions of the actual trace files from selected columns are available via Pine Mountain Group's Home Page (http://www.pmg.com).

October 15, 1995







Looking for a new job?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
IT Jobs Stabilize; Tech Unemployment Rate 5.5%
The tumbling of IT jobs stopped in the second quarter, as the IT sector added about 44,000 jobs.

Oracle Execs See First Hints Of IT Spending Turnaround
It's just a glimmer, but Oracle is starting to see a bit of light at the end of the recession tunnel.

More articles from our career center










2009 IT Salary Survey: Meager Raises, Solid Prospects
Though raises are notably smaller than a year ago, and job security’s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



Techweb
Informationweek Business Technology Network
InformationweekInformationweek 500Informationweek 500 ConferenceInformationweek AnalyticsInformationweek Events
Informationweek MagazineGlobal CIOIWK Government ITbMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingPlug Into The CloudDr. DobbsContentinople
space
TechWeb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0Mobile Business ExpoNoJitter
Black HatGTECEnergy CampCloud ConnectGov 2.0 ExpoGov 2.0 Summit
space
Light Reading Communications Network
Light ReadingLight Reading AsiaUnstrungCable Digital NewsInternet EvolutionPyramid Research
Heavy ReadingLight Reading LiveLight Reading InsiderEthrnet ExpoTelco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems and TechnologyInsurance and TechnologyWall Street and TechnologyAccelerating WallstreetBST SummitBuyside Trading SummitIT Summit
space
Microsoft Technology Network
MSDNTechNetTotal IT ProTotal Dev ProNET Total Dev Pro CommunitySQL Total Dev Pro Community
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2009  United Business Media LLC  |  Privacy Statement  |  Terms of Service