What it is
A broadcast domain is an area of audibility: if someone shouts over L2
(sends a frame to the special MAC FF:FF:FF:FF:FF:FF = broadcast), who hears it?
Every device in the same broadcast domain must hear a broadcast frame. This is required by protocols that do not yet know their peers by name:
- arp - "who has this IP?" (the question goes out as a broadcast)
- [[ipv4-addressing|DHCP]] - "is there a DHCP server here?" (the client shouts)
- mDNS - "who on the network goes by airprint.local?"
Who extends it, who stops it
| Device | What it does with broadcast |
|---|---|
| Hub | Blindly repeats to all ports, extending the broadcast domain |
| Switch | Floods broadcast to all ports except the incoming one, extending it |
| Router | Stops broadcast (it operates at L3) |
| Firewall | Usually stops it too, but can pass it selectively |
The practical rule: two devices connected through a switch share one broadcast domain. Connected through a router, they are in different broadcast domains.
Why to limit it
Broadcast is overhead: every broadcast frame is processed by all hosts in the domain, even those that do not care. With many devices, broadcast traffic starts to choke the network. This is called a broadcast storm.
In production, the network is cut into small broadcast domains with VLANs (virtual L2 networks, see ethernet-frame) or physical routers. A typical size is /24 (up to 254 hosts) or /22 (up to 1022) for office networks.
Broadcast address vs. broadcast MAC
Do not confuse L2 broadcast (FF:FF:FF:FF:FF:FF in the Ethernet header)
with L3 broadcast (192.168.1.255 for the subnet 192.168.1.0/24, the
last address in the range). They often travel together (DHCP DISCOVER uses both),
but they belong to different layers.
IPv6 has no broadcast at all. It was replaced by multicast.
See who is in the domain
# arp scanner: broadcasts ARP across the subnet; whoever replies is in the domain
sudo arp-scan -l
# or:
ip neigh # current ARP cache = known neighbors