I'm looking for some good technical explanations on what affect unicast flooding or just excessive unicast traffic can have on a network. I know that my network's cam and arp timers are out of sync and unicast flooding is occurring every 5 minutes, but I'm looking for justification to get these synced up.
Here's the partial results of a 'sho int' from one of my vlans:
broadcast floods are rare these days, unicast floods are common and can hurt your network. I just had an issue at one of my customers last night where some server in a DMZ was for some reason sending so much traffic to the Internet that their checkpoint firewall was having difficulties forwarding traffic kill all DMZ traffic. So yes, excessive unicast traffic can be bad. If you suspect it, go through your switches, find the port that has a high rate of inbound traffic and find out why that's occuring.
Effectively, a unicast flood behaves much as a multicast flood without IGMP snooping. Host NICs will ignore the packets, but links can be saturated with traffic. Or, perhaps, even better, you can think of it much like a hub. Every port gets a copy of every unicast (flooded) packet. Again, host NICs will ignore the packets. The network effect is bandwidth wasted on traffic that ports are not interested in seeing. (The one advantage vs. broadcast, the host doesn't need to examine the packet to determine whether it desires it or not.)