cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
834
Views
0
Helpful
7
Replies

Diffusion Domains - Best Practices

Translator
Community Manager
Community Manager

Hello, I would like to know if you could share a link or file with which I can understand what would be the limit that we should respect to maintain a diffusion domain and that this does not affect the network? I know that the idea is that very large Domains are not used as much as possible, since this can mean processing overload on the devices that make up the network; but I would like to understand a little more deeply the reasons and the limits this implies for network designs.

What would it mean to have too large a diffusion domain, is my main question.

Thank you very much.

7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame

I was unsure what a "diffusion" domain is, so I did a quick Internet search and found it might be what I would know as a broadcast domain.

Re-reading your OP, with that in mind, it think that's your intent, which was further confirmed, when I noticed this post has an edit history, where in one edit variant, broadcast was used instead of diffusion.

To answer your question, there's two major problems with large diffusion/broadcast domains.

Firstly, they effectively re-create the environment of "hub" (vs. switched) networks.  I.e. packets are sent to hosts, using network bandwidth, that they have no interest in.

Secondly, broadcast packets can NOT be hardware filtered by the NIC.  They need to be NIC accepted and host examined/analyzed to actually determine if their contents is relevant to the host.  (Contrast this to unicast or multicast packets, on a hub network, that a host NIC can just ignore.)

To minimize the impact of both of the above, we often try to minimize the size of a diffusion/broadcast domain.

Actual broadcast usage depends very much on the host applications using a network, and how they operate.  For IP networks, generally the Class C address block, or a /24, usually is a "safe" choice.  Again, depending on what how IP hosts are using the network, up to even a /22 might be fine.  Larger than a /22, you probably really want a good understanding how the IP hosts will act on the network.

By the way, it's possible some IP domains should be smaller than a /24.

Hola,

en redes de TI, las grandes dominios de difusión pueden presentar varios inconvenientes. Aquí algunos de ellos:

Tráfico de Difusión:
En un dominio de difusión, el tráfico de difusión (como las solicitudes ARP) se envía a todos los dispositivos en ese dominio. A medida que aumenta el número de dispositivos, también lo hace el volumen de tráfico de difusión. Grandes cantidades de tráfico de difusión pueden consumir el ancho de banda de la red y los recursos de procesamiento en los dispositivos.

Tamaño del Dominio de Colisión:
En redes Ethernet, un dominio de difusión también es un dominio de colisión. Con un dominio de difusión grande, aumenta el potencial de colisiones. Las colisiones pueden llevar a retransmisiones y a una reducción del rendimiento de la red.

Desafíos de Resolución de Direcciones:
Los grandes dominios de difusión pueden llevar a desafíos en la resolución de direcciones. Por ejemplo, en redes IPv4, el Protocolo de Resolución de Direcciones (ARP) se utiliza para asignar direcciones IP a direcciones MAC. Con un dominio de difusión grande, la tabla ARP en los dispositivos puede necesitar acomodar un gran número de entradas, lo que podría llevar a ineficiencias.

Preocupaciones de Seguridad:
La seguridad puede ser más desafiante en grandes dominios de difusión. El tráfico de difusión es inherentemente visible para todos los dispositivos en el mismo dominio, lo que puede aumentar el riesgo de escuchas y acceso no autorizado. Puede ser más difícil implementar políticas de seguridad detalladas en una red grande y plana.

Tormentas de Difusión:
Los grandes dominios de difusión son más susceptibles a las tormentas de difusión. Una tormenta de difusión ocurre cuando hay un alto volumen de tráfico de difusión circulando continuamente en la red, lo que podría abrumar a los dispositivos y causar inestabilidad en la red.

Limitaciones del Protocolo de Árbol de Expansión (STP):
En redes donde se utiliza el Protocolo de Árbol de Expansión (STP) para prevenir bucles, el tiempo de convergencia de STP puede aumentar en grandes dominios de difusión. STP necesita recalcular la topología si hay cambios, y este proceso puede llevar más tiempo en redes más grandes.

Problemas de Troubleshooting:
Solucionar problemas en la red se vuelve más complejo en grandes dominios de difusión. Identificar la fuente de problemas, como bucles de red o configuraciones incorrectas, se vuelve desafiante debido al tamaño del dominio.

Desafíos de Escalabilidad:
Los grandes dominios de difusión pueden presentar desafíos al escalar la red. Agregar más dispositivos al dominio puede requerir una planificación cuidadosa para evitar la degradación del rendimiento y otros problemas.

Para mitigar estos inconvenientes, los administradores de red a menudo segmentan las redes grandes en dominios más pequeños de difusión mediante técnicas como VLANs (Redes LAN Virtuales) o la subdivisión de subredes. Esta segmentación ayuda a controlar el tráfico de difusión, mejora la seguridad y facilita la administración y solución de problemas de la red.

"Collision Domain Size:
In Ethernet networks, a broadcast domain is also a collision domain. With a large diffusion domain, the potential for collisions increases. Collisions can lead to retransmissions and reduced network performance."

Not necessarily so.  For switches, each port is its own collision domain, but many such ports may be in the same broadcast domain.

"Address Resolution Challenges:
Large broadcast domains can lead to challenges in address resolution. For example, in IPv4 networks, the Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses. With a large broadcast domain, the ARP table on the devices may need to accommodate a large number of entries, which could lead to inefficiencies."

Possibly, but unlikely on current hosts, unless you're dealing with very large broadcast domains.

Possibly, what @Georg Pauwen has in mind is the common reoccurring issue, having an Internet connected router using the Internet outbound interface, alone, as next hop.  As the Internet is rather "large", this often "breaks" such Internet connected, and so configured, routers.

"Safety Concerns:
Security can be more challenging in large broadcast domains. Broadcast traffic is inherently visible to all devices in the same domain, which can increase the risk of eavesdropping and unauthorized access. It can be more difficult to implement detailed security policies on a large, flat network."

Hmm, also true for single collision domains' unicast traffic.  As Georg correctly notes, L3 boarders are often used for security check points.  However, if all the hosts have the same security requirements, I wouldn't say, size of a L2 broadcast domain, alone, is a security consideration.

"Limitations of Spanning Tree Protocol (STP):
In networks where Spanning Tree Protocol (STP) is used to prevent loops, STP convergence time can increase over large broadcast domains. STP needs to recalculate the topology if there are changes, and this process can take longer on larger networks."

Oh, how so?  I would expect the opposite.  More L2 segments make for a larger and/or more complex STP topology.  I.e. more bridge nodes.  I.e. agree larger overall networks, will likely slow STP, but larger in number of L2 bridge nodes or sizes of broadcast domains?

Translator
Community Manager
Community Manager

Thank you for taking the time answering my question, the network I'm describing has about 400 devices and no more than 1000 Access points, so one problem might be the time it takes to recalculate STP , the largest subnet I'm using on a /20

Hello,

A /20 subnet means 4,096 hosts. It doesn't necessarily mean that there will be problems. STP only recalculates when there are topology changes, which should not really happen on a stable network.

Translator
Community Manager
Community Manager

greetings @crange thanks for communicating with cisco community below i share a link to help you understand the difference.

https://redesconfiguracion.blogspot.com/2018/03/en-este-post-vamos-mostrar-las.html#:~:text=Un%20dominio%20de%20colision%20al,por%20otros%20dispositivos%20de%20red.

remember it is very important that you support with a like and if this solves your doubt select as a solved answer.

Translator
Community Manager
Community Manager

@crange please remember to select as a solved answer as this helps us in the community.

Greetings cordial.

Review Cisco Networking for a $25 gift card