Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Targeted Broadcast

Targeted broadcast helps in remote administration tasks such as backups and wake-on LAN (WOL) on a LAN interface, and supports virtual routing and forwarding (VRF) instances. The below topic discuss the process and functioning of targeted broadcast, its configuration details, and the status of the broadcast on various platforms.

Understanding Targeted Broadcast

Targeted broadcast is a process of flooding a target subnet with Layer 3 broadcast IP packets originating from a different subnet. The intent of targeted broadcast is to flood the target subnet with the broadcast packets on a LAN interface without broadcasting to the entire network. Targeted broadcast is configured with various options on the egress interface of the router or switch and the IP packets are broadcast only on the LAN (egress) interface. Targeted broadcast helps you implement remote administration tasks such as backups and wake-on LAN (WOL) on a LAN interface, and supports virtual routing and forwarding (VRF) instances.

Regular Layer 3 broadcast IP packets originating from a subnet are broadcast within the same subnet. When these IP packets reach a different subnet, they are forwarded to the Routing Engine (to be forwarded to other applications). Because of this, remote administration tasks such as backups cannot be performed on a particular subnet through another subnet. As a workaround you can enable targeted broadcast, to forward broadcast packets that originate from a different subnet.

Layer 3 broadcast IP packets have a destination IP address that is a valid broadcast address for the target subnet. These IP packets traverse the network in the same way as unicast IP packets until they reach the destination subnet. In the destination subnet, if the receiving router has targeted broadcast enabled on the egress interface, the IP packets are forwarded to an egress interface and the Routing Engine or to an egress interface only. The IP packets are then translated into broadcast IP packets which flood the target subnet only through the LAN interface (if there is no LAN interface, the packets are discarded), and all hosts on the target subnet receive the IP packets. If targeted broadcast is not enabled on the receiving router, the IP packets are treated as regular Layer 3 broadcast IP packets and are forwarded to the Routing Engine. If targeted broadcast is enabled without any options, the IP packets are forwarded to the Routing Engine.

Targeted broadcast can be configured to forward the IP packets only to an egress interface, which is helpful when the router is flooded with packets to process, or to both an egress interface and the Routing Engine.

Note:

Targeted broadcast does not work when the targeted broadcast option forward-and-send-to-re and the traffic sampling option sampling are configured on the same egress interface of an M320 router, a T640 router, or an MX960 router. To overcome this scenario, you must either disable one of the these options or enable the sampling option with the targeted broadcast option forward-only on the egress interface. For information about traffic sampling, see Configuring Traffic Sampling.

Note:

Any firewall filter that is configured on the Routing Engine loopback interface (lo0) cannot be applied to IP packets that are forwarded to the Routing Engine as a result of a targeted broadcast. This is because broadcast packets are forwarded as flood next hop and not as local next hop traffic, and you can only apply a firewall filter to local next hop routes for traffic directed towards the Routing Engine.

Understanding IP Directed Broadcast

IP directed broadcast helps you implement remote administration tasks such as backups and wake-on-LAN (WOL) application tasks by sending broadcast packets targeted at the hosts in a specified destination subnet. IP directed broadcast packets traverse the network in the same way as unicast IP packets until they reach the destination subnet. When they reach the destination subnet and IP directed broadcast is enabled on the receiving switch, the switch translates (explodes) the IP directed broadcast packet into a broadcast that floods the packet on the target subnet. All hosts on the target subnet receive the IP directed broadcast packet.

This topic covers:

IP Directed Broadcast Overview

IP directed broadcast packets have a destination IP address that is a valid broadcast address for the subnet that is the target of the directed broadcast (the target subnet). The intent of an IP directed broadcast is to flood the target subnet with the broadcast packets without broadcasting to the entire network. IP directed broadcast packets cannot originate from the target subnet.

When you send an IP directed broadcast packet, as it travels to the target subnet, the network forwards it in the same way as it forwards a unicast packet. When the packet reaches a switch that is directly connected to the target subnet, the switch checks to see whether IP directed broadcast is enabled on the interface that is directly connected to the target subnet:

  • If IP directed broadcast is enabled on that interface, the switch broadcasts the packet on that subnet by rewriting the destination IP address as the configured broadcast IP address for the subnet. The switch converts the packet to a link-layer broadcast packet that every host on the network processes.

  • If IP directed broadcast is disabled on the interface that is directly connected to the target subnet, the switch drops the packet.

IP Directed Broadcast Implementation

You configure IP directed broadcast on a per-subnet basis by enabling IP directed broadcast on the Layer 3 interface of the subnet’s VLAN. When the switch that is connected to that subnet receives a packet that has the subnet’s broadcast IP address as the destination address, the switch broadcasts the packet to all hosts on the subnet.

By default, IP directed broadcast is disabled.

When to Enable IP Directed Broadcast

IP directed broadcast is disabled by default. Enable IP directed broadcast when you want to perform remote management or administration services such as backups or WOL tasks on hosts in a subnet that does not have a direct connection to the Internet.

Enabling IP directed broadcast on a subnet affects only the hosts within that subnet. Only packets received on the subnet’s Layer 3 interface that have the subnet’s broadcast IP address as the destination address are flooded on the subnet.

When Not to Enable IP Directed Broadcast

Typically, you do not enable IP directed broadcast on subnets that have direct connections to the Internet. Disabling IP directed broadcast on a subnet’s Layer 3 interface affects only that subnet. If you disable IP directed broadcast on a subnet and a packet that has the broadcast IP address of that subnet arrives at the switch, the switch drops the broadcast packet.

If a subnet has a direct connection to the Internet, enabling IP directed broadcast on it increases the network’s susceptibility to denial-of-service (DoS) attacks.

For example, a malicious attacker can spoof a source IP address (use a source IP address that is not the actual source of the transmission to deceive a network into identifying the attacker as a legitimate source) and send IP directed broadcasts containing Internet Control Message Protocol (ICMP) echo (ping) packets. When the hosts on the network with IP directed broadcast enabled receive the ICMP echo packets, they all send replies to the victim that has the spoofed source IP address. This creates a flood of ping replies in a DoS attack that can overwhelm the spoofed source address; this is known as a smurf attack. Another common DoS attack on exposed networks with IP directed broadcast enabled is a fraggle attack, which is similar to a smurf attack except that the malicious packet is a User Datagram Protocol (UDP) echo packet instead of an ICMP echo packet.

Configuring Targeted Broadcast

The following sections explain how to configure targeted broadcast on an egress interface and its options:

Configuring Targeted Broadcast and Its Options

You can configure targeted broadcast on an egress interface with different options. You can either allow the IP packets destined for a Layer 3 broadcast address to be forwarded on the egress interface and to send a copy of the IP packets to the Routing Engine or you can allow the IP packets to be forwarded on the egress interface only. Note that the packets are broadcast only if the egress interface is a LAN interface.

To configure targeted broadcast and its options:

  1. Configure the physical interface.
  2. Configure the logical unit number at the [edit interfaces interface-name hierarchy level.
  3. Configure the protocol family as inet at the [edit interfaces interface-name unit interface-unit-number hierarchy level.
  4. Configure targeted broadcast at the [edit interfaces interface-name unit interface-unit-number family inet hierarchy level
  5. Specify one of the following options as per requirement:
    • To allow IP packets destined for a Layer 3 broadcast address to be forwarded on the egress interface and to send a copy of the IP packets to the Routing Engine.

    • To allow IP packets to be forwarded on the egress interface only.

Note:

Targeted broadcast does not work when the targeted broadcast option forward-and-send-to-re and the traffic sampling option sampling are configured on the same egress interface of an M320 router, a T640 router, or an MX960 router. To overcome this scenario, you must either disable one of the these options or enable the sampling option with the targeted broadcast option forward-only on the egress interface. For information about traffic sampling, see Configuring Traffic Sampling.

Display Targeted Broadcast Configuration Options

The following topics display targeted broadcast configuration with its various options:

Forward IP Packets On the Egress Interface and To the Routing Engine

Purpose

Display the configuration when targeted broadcast is configured on the egress interface to forward the IP packets on the egress interface and to send a copy of the IP packets to the Routing Engine.

Action

To display the configuration run the show command at the [edit interfaces interface-name unit interface-unit-number family inet] where the interface name is ge-2/0/0, the unit value is set to 0, the protocol family is set to inet.

Forward IP Packets On the Egress Interface Only

Purpose

Display the configuration when targeted broadcast is configured on the egress interface to forward the IP packets on the egress interface only.

Action

To display the configuration run the show command at the [edit interfaces interface-name unit interface-unit-number family inet] where the interface name is ge-2/0/0, the unit value is set to 0, the protocol family is set to inet.

Example: Configuring IP Directed Broadcast on a Switch

IP directed broadcast provides a method of sending broadcast packets to hosts on a specified subnet without broadcasting those packets to hosts on the entire network.

This example shows how to enable a subnet to receive IP directed broadcast packets so you can perform backups and other network management tasks remotely:

Requirements

This example uses the following software and hardware components:

  • Junos OS Release 9.4 or later for EX Series switches or Junos OS Release 15.1X53-D10 for QFX10000 switches.

  • One PC

  • One EX Series switch or QFX10000 switch

Before you configure IP directed broadcast for a subnet:

Overview and Topology

You might want to perform remote administration tasks such as backups and wake-on-LAN (WOL) application tasks to manage groups of clients on a subnet. One way to do this is to send IP directed broadcast packets targeted at the hosts in a particular target subnet.

The network forwards IP directed broadcast packets as if they were unicast packets. When the IP directed broadcast packet is received by a VLAN that is enabled for targeted-broadcast, the switch broadcasts the packet to all the hosts in its subnet.

In this topology (see Figure 1), a host is connected to an interface on a switch to manage the clients in subnet 10.1.2.1/24. When the switch receives a packet with the broadcast IP address of the target subnet as its destination address, it forwards the packet to the subnet’s Layer 3 interface and broadcasts it to all the hosts within the subnet.

Figure 1: Topology for IP Directed BroadcastTopology for IP Directed Broadcast

Topology

Table 1 shows the settings of the components in this example.

Table 1: Components of the IP Directed Broadcast Topology
Property Settings

Ingress VLAN name

v0

Ingress VLAN IP address

10.1.1.1/24

Egress VLAN name

v1

Egress VLAN IP address

10.1.2.1/24

Interfaces in VLAN v0

ge-0/0/3.0

Interfaces in VLAN v1

ge-0/0/0.0 and ge-0/0/1.0

Configuring IP Directed Broadcast for non-ELS Switches

To configure IP directed broadcast on a subnet to enable remote management of its hosts:

Procedure

CLI Quick Configuration

To quickly configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24, copy the following commands and paste them into the switch’s terminal window:

Step-by-Step Procedure

To configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24:

  1. Add logical interface ge-0/0/0.0 to VLAN v1:

  2. Add logical interface ge-0/0/1.0 to VLAN v1:

  3. Configure the IP address for the egress VLAN, v1:

  4. Add logical interface ge-0/0/3.0 to VLAN v0:

  5. Configure the IP address for the ingress VLAN:

  6. To route traffic between the ingress and egress VLANs, associate a Layer 3 interface with each VLAN:

  7. Enable the Layer 3 interface for the egress VLAN to receive IP directed broadcasts:

Results

Check the results:

Configuring IP Directed Broadcast for Switches with ELS Support

To configure IP directed broadcast on a subnet to enable remote management of its hosts:

Procedure

CLI Quick Configuration

To quickly configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24, copy the following commands and paste them into the switch’s terminal window:

Step-by-Step Procedure

To configure the switch to accept IP directed broadcasts targeted at subnet 10.1.2.1/24:

  1. Add logical interface ge-0/0/0.0 to VLAN v1:

  2. Add logical interface ge-0/0/1.0 to VLAN v1:

  3. Configure the IP address for the egress VLAN, v1:

  4. Add logical interface ge-0/0/3.0 to VLAN v0:

  5. Configure the IP address for the ingress VLAN:

  6. To route traffic between the ingress and egress VLANs, associate a Layer 3 interface with each VLAN:

  7. Enable the Layer 3 interface for the egress VLAN to receive IP directed broadcasts:

Results

Check the results:

Verifying IP Directed Broadcast Status

Purpose

Verify that IP directed broadcast is enabled and is working on the subnet.

Action

Use the show vlans extensive command to verify that IP directed broadcast is enabled and working on the subnet as shown in Example: Configuring IP Directed Broadcast on a Switch.