1.1.c (i) Unicast flooding
One of the main causes is asymmetric routing. This is covered in 1.1.c(iii). Useful document here: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html
The primary impact of this is that all hosts connected in that VLAN receive the traffic. Suppose two 10gig servers are communicating, and asymmetric routing is taking place; If there is a 100mbps host on the same switch, it is going to receive ALL traffic from the server, effectively saturating the link.
STP TCN’s (topology change notifications) causes forwarding tables to age out quicker than their normal timers. If there is a flapping link causing STP reconvergence, this can cause excessive unicast flooding. Configuring port-fast on all edge interfaces limits TCN’s.
CAM Overflow is another cause. It is unlikely to “naturally” occur in modern switches, as there is usually sufficient memory to facilitate the needs of most networks. However, CAM overflow attacks can be caused maliciously. When the MAC address table grows so large that it exceeds the size of the Content Addressable Memory, then no new MAC addresses can be learned, which causes unicast flooding. This can be protected against using port-security.
Selected ports can be blocked from unicast flooding using switchport block unicast. This may be desirable in highly secured networks and where PVLANs are used.
1.1.c (ii) Out of order packets
Time sensitive UDP applications do not buffer packets for very long, so they do not cope very well with reordering packets.
Excessive packet reordering in TCP can cause the receiver to send duplicate ACK’s to trigger fast retransmit. This causes excessive overhead in both CPU and bandwidth, as well as causing the sender to reduce its window size. The receiver also has to buffer and reorder packets; this takes time, memory and CPU cycles.
1.1.c (iii) Asymmetric routing
Asymmetric routing is when the return traffic takes a different path through the network than the forward path. This can cause issues with NAT and firewalls among other things. If one link is highly saturated, or higher delay (one Ethernet, one sat link for example), then asymmetric routing can cause major problems with delay and jitter. It also causes unicast flooding, as described above.
1.1.c (iv) Impact of micro burst
Small periods of time where traffic load is exceptionally high. Can cause buffer queues to fill and overflow, causing tail drop and packet loss. Causes overrun / no buffer drops. Can be compensated for by traffic shaping. Can be difficult to diagnose, as the 1 minute utilisation of the link could be fairly low.