[c-nsp] Unicast storms

Vincent De Keyzer vincent at autempspourmoi.be
Tue Jul 3 08:43:26 EDT 2007 

Brian,

I don't think this is the way "unicast storm-control" is supposed to work.

Of course the traffic on the LAN is bursty, but that's just fine; what I
think Cisco tried to address with this feature is the unicast flood due to
unknown destination MAC address.

Foundry has similar (equivalent?) features, and they are less ambiguously
named: "broadcast limit", "multicast limit" and "unknown-unicast limit".

Now this is all only guesswork, since I have never seen this feature clearly
explained on CCO...

Vincent

> -----Original Message-----
> From: Brian Turnbow [mailto:b.turnbow at twt.it]
> Sent: lundi 2 juillet 2007 18:46
> To: Vincent De Keyzer; Francois Ropert; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Unicast storms
> 
> It would be all unicast traffic measured in 1 second intervals , not just
> unknown destinations, so you might want to try setting up a rate limit
> with permit actions to see if you are having bursts of traffic.
> 
> Brian
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Vincent De Keyzer
> Sent: lunedì 2 luglio 2007 18.01
> To: 'Francois Ropert'; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Unicast storms
> 
> > > I have configured _unicast_ storm-control on our LAN recently, and it
> > > keeps kicking in all of the time (something like 50 times per hour).
> > >
> > > The configured treshhold is quite high (10% - that's 100 Mbps on GigE
> > > ports!...).
> > >
> > > I believe there is something wrong - where do I start troubleshooting
> > > this?
> > >
> > Read the rxload% and input in show interface command to see if are you
> > really under the 10% assuming you haven't snmp nor netflow.
> 
> Well,
> 
> I have snmp, but this is not my understanding of unicast storm: as far as
> I
> understand, unicast storm is defined as traffic with an unknown
> destination
> MAC address.
> 
> I don't think you can see this with 'sh int' or SNMP, can you?
> 
> Vincent
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list