 | This article includes alist of references,related reading, orexternal links,but its sources remain unclear because it lacksinline citations. Please helpimprove this article byintroducing more precise citations.(January 2022) (Learn how and when to remove this message) |
Abroadcast domain is a logical division of acomputer network, in which allnodes can reach each other bybroadcast at thedata link layer. A broadcast domain can be within the sameLAN segment or it can be bridged to other LAN segments.
In terms of current popular technologies, any computer connected to the sameEthernet repeater orswitch is a member of the same broadcast domain. Further, any computer connected to the same set of interconnected switches or repeaters is a member of the same broadcast domain.Routers and othernetwork-layer devices form boundaries between broadcast domains.
The notion of a broadcast domain can be compared with acollision domain, which would be all nodes on the same set of inter-connected repeaters and divided by switches andnetwork bridges. Collision domains are generally smaller than and contained within broadcast domains. While some data-link-layer devices are able to divide the collision domains, broadcast domains are only divided by network-layer devices such as routers orlayer-3 switches. SeparatingVLANs divides broadcast domains as well.
The distinction between broadcast and collision domains comes about because simpleEthernet and similar systems use ashared medium for communication. In simple Ethernet (without switches orbridges),data frames are transmitted to all other nodes on a network. Each receiving node checks the destination address of each frame and simply ignores any frame not addressed to its ownMAC address or thebroadcast address.
Switches act as buffers, receiving and analyzing the frames from each connected network segment. Frames destined for nodes connected to the originating segment are not forwarded by the switch. Frames destined for a specific node on a different segment are sent only to that segment. Only broadcast frames are forwarded to all other segments. This reduces unnecessary traffic and collisions.
In such a switched network, transmitted frames may not be received by all other reachable nodes. Nominally, only broadcast frames will be received by all other nodes. Collisions are localized to the physical-layer network segment they occur on. Thus, the broadcast domain is the entire inter-connectedlayer-2 network, and the segments connected to each switch or bridge port are each a collision domain. To clarify; repeaters do not divide collision domains but switches do. This means that since switches have become commonplace, collision domains are isolated to the specific segment between the switch port and the connected node. Full-duplex segments, or links, don't form a collision domain as there is a dedicated channel between each transmitter and receiver, eliminating the possibility of collisions.
With a sufficiently sophisticated switch, it is possible to create a network in which a broadcast domain is strictly controlled. One implementation of this concept is aprivate VLAN. Another implementation is possible withLinux andiptables. One analogy is that by creating multiple VLANs, the number of broadcast domains increases, but the size of each broadcast domain decreases. This is because aVLAN defines a broadcast domain.
This is achieved by designating one or moreprovider nodes, either by MAC address or switch port. Broadcast frames are allowed to originate from these sources and are sent to all other nodes. Broadcast frames from all other sources are directed only to the provider nodes. Traffic from other sources not destined to the provider nodes (peer-to-peer traffic) is blocked.
The result is a network based on a nominally shared transmission system; like Ethernet, but in whichclient nodes cannot communicate with each other, only with the provider. Allowing direct data link layer communication between client nodes exposes the network to various security attacks, such asARP spoofing.