Some protocols utilize broadcast to perform their functionalities. Examples of such protocols include the address resolution protocol (ARP) and dynamic host configuration protocol (DHCP). Broadcast traffic is sent to all hosts within a broadcast domain. Accordingly, a broadcast packet usually consumes much more resources than a unicast packet. Previous researches have pointed out that broadcast traffic causes issues like scalability and security. For example, in a network with about a few thousand hosts, studies have shown that a host can receive a thousand ARP request per second. The amount of broadcast traffic roughly increases linearly with the number of hosts. Thus, when the host number becomes large, the ARP traffic becomes prohibitively high.
These issues also exist in virtual networks, such as virtual layer 2 networks based on VXLAN or NVGRE. These protocols use headers higher than layer 3 to encapsulate packets and can cross layer 3 boundaries, so a virtual network can be created across multiple subnets. A broadcast packet in such a virtual network needs to be sent to all nodes located in different subnets, using layer 3 multicast protocols (e.g., PIM) or unicasts to all hosts.
When the layer 3 multicast is used, the routers need to maintain the state of a multicast group for each virtual network. When the number of multicast groups is large (e.g. VXLAN supports 216 virtual networks), the routers' workload could be very high. A mitigating approach is to share a multicast group among multiple virtual networks, but this approach leads to receipts of unrelated packets and therefore deteriorates performance. Besides, many customers are reluctant to enable multicast in their physical network.
If the unicast approach is used, a host needs to send one copy of a broadcast packet to each host that the virtual network spans, or each VM in a virtual network. For a large virtual layer 2 network, this will consume a lot of resources, including computation resources at the source entity and bandwidth resources at the physical network.
Besides, both multicast and unicast approaches consume not only network resources within a subnet, but also routers among subnets. Accordingly, compared with attacks on a physical layer 2 network, a successful DoS (Denial of Service) attack that floods ARP packets to a virtual layer 2 network can have a large impact.