Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Targeted Broadcast

Learn about targeted broadcast and how to configure targeted broadcast.

Targeted broadcast helps in remote administration tasks such as backups and wake-on LAN (WOL) on a LAN interface, and supports virtual routing and forwarding (VRF) instances. The below topic discuss the process and functioning of targeted broadcast, its configuration details, and the status of the broadcast on various platforms.

Overview

Targeted broadcast is a process of flooding a target subnet with L3 broadcast IP packets originating from a different subnet. The intent of targeted broadcast is to flood the target subnet with the broadcast packets on a LAN interface without broadcasting to the entire network.

IP directed broadcast is a technique where a broadcast packet is sent to a specific remote subnet, and then broadcast within that subnet. You can use IP directed broadcast to facilitate remote network management by sending broadcast packets to hosts on a specified subnet without broadcasting to the entire network. IP directed broadcast packets are broadcast on only the target subnet. The rest of the network treats IP directed broadcast packets as unicast packets and forwards them accordingly.

Targeted broadcast is configured with various options on the egress interface of the router or switch, and the IP packets are broadcast only on the LAN (egress) interface. Targeted broadcast helps you implement remote administration tasks, such as backups and wake-on LAN (WOL) on a LAN interface, and supports VRF instances.

Regular L3 broadcast IP packets originating from a subnet are broadcast within the same subnet. When these IP packets reach a different subnet, the packets are forwarded to the Routing Engine (to be forwarded to other applications). Hence, remote administration tasks such as backups cannot be performed on a particular subnet through another subnet. As a workaround, you can enable targeted broadcast to forward broadcast packets that originate from a different subnet.

L3 broadcast IP packets have a destination IP address that is a valid broadcast address for the target subnet. These IP packets traverse the network in the same way as unicast IP packets until the packets reach the destination subnet, as follows:

  1. In the destination subnet, if the receiving router has targeted broadcast enabled on the egress interface, the IP packets are forwarded to an egress interface and the Routing Engine or to an egress interface only.
  2. The IP packets are then translated into broadcast IP packets, which flood the target subnet only through the LAN interface, and all hosts on the target subnet receive the IP packets. The packets are discarded If no LAN interface exists.
  3. The final step in the sequence depends on targeted broadcast:
    • If targeted broadcast is not enabled on the receiving router, the IP packets are treated as regular Layer 3 broadcast IP packets and are forwarded to the Routing Engine.
    • If targeted broadcast is enabled without any options, the IP packets are forwarded to the Routing Engine.

You can configure targeted broadcast to forward the IP packets only to an egress interface. The forwarding is helpful when the router is flooded with packets to process, or to both an egress interface and the Routing Engine.

Any firewall filter that is configured on the Routing Engine lo0 cannot be applied to IP packets that are forwarded to the Routing Engine as a result of a targeted broadcast. The reason is broadcast packets are forwarded as flood next-hop traffic and not as local next-hop traffic. You can apply a firewall filter only to local next-hop routes for traffic directed toward the Routing Engine.

Targeted Broadcast Overview

Targeted broadcast packets have a destination IP address that is a valid broadcast address for the subnet that is the target of the directed broadcast (the target subnet). The intent of a targeted broadcast is to flood the target subnet with the broadcast packets without broadcasting to the entire network. Targeted broadcast packets cannot originate from the target subnet.

When you send a targeted broadcast packet, as it travels to the target subnet, the network forwards it in the same way as it forwards a unicast packet. When the packet reaches a switch that is directly connected to the target subnet, the switch checks to see whether targeted broadcast is enabled on the interface that is directly connected to the target subnet:

  • If targeted broadcast is enabled on that interface, the switch broadcasts the packet on that subnet by rewriting the destination IP address as the configured broadcast IP address for the subnet. The switch converts the packet to a link-layer broadcast packet that every host on the network processes.

  • If targeted broadcast is disabled on the interface that is directly connected to the target subnet, the switch drops the packet.

Targeted Broadcast Implementation

You configure targeted broadcast on a per-subnet basis by enabling targeted broadcast on the L3 interface of the subnet’s VLAN. When the switch that is connected to that subnet receives a packet that has the subnet’s broadcast IP address as the destination address, the switch broadcasts the packet to all hosts on the subnet.

By default, targeted broadcast is disabled.

When to Enable Targeted Broadcast

Targeted broadcast is disabled by default. Enable targeted broadcast when you want to perform remote management or administration services such as backups or WOL tasks on hosts in a subnet that does not have a direct connection to the Internet.

Enabling targeted broadcast on a subnet affects only the hosts within that subnet. Only packets received on the subnet’s L3 interface that have the subnet’s broadcast IP address as the destination address is flooded on the subnet.

When Not to Enable Targeted Broadcast

Typically, you do not enable targeted broadcast on subnets that have direct connections to the Internet. Disabling targeted broadcast on a subnet’s L3 interface affects only that subnet. If you disable targeted broadcast on a subnet and a packet that has the broadcast IP address of that subnet arrives at the switch, the switch drops the broadcast packet.

If a subnet has a direct connection to the Internet, enabling targeted broadcast on it increases the network’s susceptibility to DoS attacks.

A malicious attacker can spoof a source IP address to deceive a network into identifying the attacker as legitimate. The attacker can then send targeted broadcasts with ICMP echo (ping) packets. When the hosts on the network with targeted broadcast enabled receive the ICMP echo packets, the hosts send replies to the victim that has the spoofed source IP address. The replies create a flood of ping replies in a DoS attack that can overwhelm the spoofed source address known as a smurf attack. Another common DoS attack on exposed networks with targeted broadcast enabled is a fraggle attack. The attack is similar to a smurf attack except that the malicious packet is a UDP echo packet instead of an ICMP echo packet.

Configure Targeted Broadcast

Configure Targeted Broadcast

You can configure targeted broadcast on an egress interface with different options.

Either of these configurations is acceptable:

  • You can allow the IP broadcast packets destined for a Layer 3 address to be forwarded through the egress interface and to send a copy of the IP broadcast packets to the Routing Engine.

  • You can allow the IP broadcast packets to be forwarded through the egress interface only.

Note that the packets are broadcast only if the egress interface is a LAN interface.

To configure targeted broadcast and its options:

  1. Configure the interface.

    or

  2. Configure the logical unit number at the [edit interfaces interface-name hierarchy level.
  3. Configure the protocol family as inet at the [edit interfaces interface-name unit interface-unit-number hierarchy level.
  4. Configure targeted broadcast at the [edit interfaces interface-name unit interface-unit-number family inet hierarchy level.
  5. Forward IP broadcast packets to a Layer 3 address:
    1. through the egress interface and send a copy of the same packets to the Routing Engine.

      or

    2. through the egress interface only.

Display Targeted Broadcast Configuration Options

The following example topics display targeted broadcast configuration options:

Forward IP Broadcast Packets on the Egress Interface and to the Routing Engine

Purpose

Display the configuration when targeted broadcast is configured on the egress interface to forward the IP broadcast packets on the egress interface and to send a copy of the same packets to the Routing Engine.

Action

To display the configuration, run the show command at the [edit interfaces interface-name unit interface-unit-number family inet] where the interface name is ge-2/0/0, the unit value is set to 0, and the protocol family is set to inet.

To display the configuration for irb, run the show command at the [edit interfaces irb unit interface-unit-number family inet].

Forward IP Broadcast Packets on the Egress Interface Only

Purpose

Display the configuration when targeted broadcast is configured on the egress interface to forward the IP broadcast packets on the egress interface only.

Action

To display the configuration, run the show command at the [edit interfaces interface-name unit interface-unit-number family inet] where the interface name is ge-2/0/0, the unit value is set to 0, and the protocol family is set to inet.

To display the configuration, run the show command at the [edit interfaces irb unit interface-unit-number family inet].

Configure Targeted Broadcast (CLI Procedure)

Before you begin to configure targeted broadcast:

We recommend that you do not enable targeted broadcast on subnets that have a direct connection to the Internet because of increased exposure to DoS attacks.

This task uses Junos OS for EX Series switches that does not support the ELS configuration style. For ELS details, see Using the Enhanced Layer 2 Software CLI.

You can use targeted broadcast on an EX Series Switches switch to facilitate remote network management by sending broadcast packets to hosts on a specified subnet without broadcasting to the entire network. Targeted broadcast packets are broadcast on only the target subnet. The rest of the network treats targeted broadcast packets as unicast packets and forwards the packets accordingly.

To enable targeted broadcast for a specified subnet:

  1. Add the target subnet’s logical interfaces to the VLAN:
  2. Configure the L3 interface on the VLAN that is the target of the targeted broadcast packets:
  3. Associate an L3 interface with the VLAN:
  4. Enable the L3 interface for the VLAN to receive targeted broadcasts:

Example: Configure Targeted Broadcast on a Switch

Targeted broadcast provides a method of sending broadcast packets to hosts on a specified subnet without broadcasting those packets to hosts on the entire network.

This example shows how to enable a subnet to receive targeted broadcast packets so you can perform backups and other network management tasks remotely:

Requirements

This example uses the following software and hardware components:

  • Junos OS Release 9.4 or later for EX Series switches or Junos OS Release 15.1X53-D10 for QFX10000 switches.

  • One PC

  • One EX Series switch or QFX10000 switch

Before you configure targeted broadcast for a subnet:

Overview and Topology

You might want to perform remote administration tasks such as backups and WOL application tasks to manage groups of clients on a subnet. One way to do the administration tasks is to send targeted broadcast packets targeted at the hosts in a particular target subnet.

The network forwards targeted broadcast packets as if the packets were unicast packets. When the targeted broadcast packet is received by a, VLAN that is enabled for targeted-broadcast, the switch broadcasts the packet to all the hosts in its subnet.

In this topology (see Figure 1), a host is connected to an interface on a switch to manage the clients in subnet 10.1.2.1/24. When the switch receives a packet with the broadcast IP address of the target subnet as its destination address, it forwards the packet to the subnet’s Layer 3 interface and broadcasts it to all the hosts within the subnet.

Figure 1: Topology for Targeted Broadcast Network diagram showing a Management PC connected to an EX Series Switch via interface ge-0/0/3.0. The Ingress VLAN has IP 10.1.1.1/24. The Egress VLAN, with IP 10.1.2.1/24, connects via interfaces ge-0/0/0.0 and ge-0/0/1.0.

Topology

Table 1 shows the settings of the components in this example.

Table 1: Components of the Targeted Broadcast Topology
Property Settings

Ingress VLAN name

v0

Ingress VLAN IP address

10.1.1.1/24

Egress VLAN name

v1

Egress VLAN IP address

10.1.2.1/24

Interfaces in VLAN v0

ge-0/0/3.0

Interfaces in VLAN v1

ge-0/0/0.0 and ge-0/0/1.0

Verify Targeted Broadcast Status

Purpose

Verify that targeted directed broadcast is enabled and is working on the subnet.

Action

Use the show vlans extensive command to verify that targeted broadcast is enabled and working on the subnet.

See Also

Verify Targeted Broadcast Status

Purpose

Verify that targeted directed broadcast is enabled and is working on the subnet.

Action

Use the show vlans extensive command to verify that targeted broadcast is enabled and working on the subnet.