Unicast flood
Treatment of unicast as broadcast
title: "Unicast flood" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["internet-architecture"] description: "Treatment of unicast as broadcast" topic_path: "arts" source: "https://en.wikipedia.org/wiki/Unicast_flood" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0
::summary Treatment of unicast as broadcast ::
In computer networking, a unicast flood occurs when a switch receives a unicast frame and the switch does not know that the addressee is on any particular switch port. Since the switch has no information regarding which port, if any, the addressee might be reached through, it forwards the frame through all ports aside from the one through which the frame was received.
Background
Unicast refers to a one-to-one transmission from one node in a network to another. This diagram illustrates the unicast transmission of a frame from one network node to another: center|200px When a switch receives a unicast frame with a destination address not in the switch’s forwarding table, the frame is treated like a broadcast frame and sent to all network segments to which it is attached except the one from which it received the frame: center|200px
Causes
The learning process of transparent bridging requires that the switch receive a frame from a device before unicast frames can be forwarded to it. Before any such transmission is received, unicast flooding is used to ensure transmissions reach their intended destinations. This is normally a short-lived condition as receipt typically produces a response that completes the learning process. The process occurs when a device is initially connected to a network segment, or after its address and port identifier is purged from the forwarding information base. An entry is purged when the link goes down on the original port or when it expires due to inactivity (five minutes is the default on many switches). A time limit is necessary because a switch does not necessarily see any indication when a network node is moved or disconnected.
When a bridge or switch has no room left in its forwarding information base and so cannot add an entry for a new node, it must forward any frame addressed to that node through all ports except the one on which the frame was received. This is a common problem on networks with many hosts.{{ cite web | url = https://forums.FreeBSD.org/threads/dup-icmp-redirect-from-localhost-when-using-bridge0-also-bridge0-unicast-flooding.20260/post-163796 | title = Fix for unicast flooding | author = Rudy Rucker | date = 2012-01-27 | accessdate = 2021-03-08
Another common cause is a host with an ARP cache timeout longer than the timeout of the forwarding information base (FIB) in a switch—the switch forgets which port connects to the target before the host forgets the MAC address of the target.{{ cite web | url = http://mailman.nanog.org/pipermail/nanog/2009-June/011311.html | title = Unicast Flooding | author = Steven King | date = 2009-06-17 | accessdate = 2012-01-27
Misconfigured features of the networks may lead to unicast flooding as well. If there are two layer-2 paths from Host A to B and Host A uses path 1 to talk to Host B, but Host B uses path 2 to respond to Host A, then intermediate switches on path 1 will never learn the destination MAC address of Host B and intermediate switches on path 2 will never learn the destination MAC address of Host A.{{ cite web | url = http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/VSS30dg/VSS-dg_ch3.html#wp1079669 | title = Elimination of Asymmetric Forwarding and Unicast Flooding | accessdate = 2012-01-27 | publisher = Cisco Systems Inc.
A final cause of unicast floods are topology changes. When a link state changes on a network port that participates in Rapid Spanning Tree Protocol, the address cache on that switch will be flushed causing all subsequent frames to be flooded out of all ports until the addresses are relearned by the switch. cite web | url = http://www.ciscopress.com/articles/article.asp?p=336872 | title = Troubleshooting Unicast Flooding Due to Topology | author = Balaji Sivasubramanian | date = 2004-09-10 | accessdate = 2012-01-27 | publisher = Cisco Press
Remedies
A feature blocking unicast floods is available on Cisco switches but is not enabled by default. After ensuring that timeouts and security features have been configured to maintain table entries on client access ports longer than typical host ARP cache timeouts, this command is used to quiet down the unicast floods on those ports:{{ cite web | url = http://packetlife.net/blog/2010/jun/4/blocking-unknown-unicast-flooding/ | title = Blocking Unknown Unicast Flooding | author = Jeremy Stretch | date = 2010-06-04 | accessdate = 2012-01-27 | publisher = PacketLife.net Switch(config-if)# switchport block unicast
Other techniques involve isolating hosts at Layer 2. Ports configured as protected ports are forbidden to communicate with other protected ports.{{cite web |url = http://blog.ine.com/2008/07/14/private-vlans-revisited/ |author = Petr Lapukhov |title = Private VLANs Revisited |date = 2008-07-14 |accessdate = 2012-04-07 |archive-date = 2012-04-21 |archive-url = https://web.archive.org/web/20120421173547/http://blog.ine.com/2008/07/14/private-vlans-revisited/ |url-status = dead cite web | url = http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swpvlan.html#wp1038479 | title = Configuring Private VLANs | publisher = Cisco | accessdate = 2012-04-07
Effects on Networks
When a network is experiencing unicast flooding, network performance may be degraded. Here is a graph of a bridge before and after adjusting the size of the bridge address cache: center|580px 80% of the frames were flooded out never to be received by the destination address, while 20% was valid traffic. In high-volume networks, the flooded traffic may cause ports to saturate, leading to packet loss and high latency.
Another side effect of exhausted address tables is the compromise of data. The security considerations are discussed in the MAC flooding—one of several causes of unicast floods. If an end user is running a packet sniffer, the flooded frames can be captured and viewed.
References
References
::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::