A broadcast domain is the portion of a network sharing the same layer 2 segment.Broadcast messages from hosts are sent to every port in their broadcast domain,thus hosts inside a broadcast domain can reach each other directly. For examplehosts can use ARP or NDP to locate neighbors within a broadcast domain andcommunicate directly at layer 2 without involving an intermediate gatewayrouter.
In a network with a single switch without VLANs, the broadcast domain is thatentire switch. In a network with multiple interconnected switches without theuse of VLANs, the broadcast domain includes all of those switches. When usingVLANs, each VLAN is typically its own broadcast domain. The exact size of thebroadcast domain in that case varies depending on how many access ports are inthe VLAN, along with interconnected switches (trunked, stacked, etc).
Some switches also support special modes which segment a broadcast domain intomultiple smaller isolated broadcast domains. This is sometimes called “PrivateVLANs”, and they are typically used for security purposes. In these modes,hosts can only directly communicate between a specific set of ports, commonlylimited to the host and the gateway for the segment, even if they are a part ofa subnet with many other hosts. This is similar in concept to wireless AP clientisolation.
Since broadcast messages are sent to every port in the broadcast domain, largebroadcast domains should be avoided as they are “noisy” and do not scale well.Depending on the type of broadcast messages, some switches can optimize thisbehavior but it’s best to plan for the worst case. For example in a network withthousands of ports on a single broadcast domain, thousands of hostscommunicating among each other generate large amounts of broadcast traffic whichis copied everywhere in the broadcast domain. The best practice is to keep eachsegment as small as possible, where feasible, to prevent switches and hosts fromhaving to process large amounts of unnecessary broadcast traffic.
A single broadcast domain can contain more than one IPv4 or IPv6 subnet,however, that is generally not considered good network design. Though it appearson the surface that multiple subnets in the same broadcast domain are separate,there is no true isolation or security between them. IP subnets should besegregated into different broadcast domains via the use of separate switches orVLANs. The exception to this is running both IPv4 and IPv6 networks within asingle broadcast domain. This is called dual stack and it is a common and usefultechnique using both IPv4 and IPv6 connectivity for hosts.
Broadcast domains can be combined by bridging twonetwork interfaces together. In this scenario care must be taken to avoid switchloops where a switch ends up with a connection back to itself, creating aninfinite traffic loop (Bridging and Layer 2 Loops). Another reason to avoid bridgingis that by combining broadcast domains, both networks and the bridge betweenthem must carry broadcast traffic for every network on the bridge. The increasedload, especially for larger networks, can be significant, especially ifbroadcast domains are being bridged using a VPN. There are also proxies forcertain protocols which do not combine broadcast domains but yield the same neteffect, such as a DHCP relay which relays DHCP requests into a broadcast domainon another interface.
