[c-nsp] Storm-Control on server switch uplinks.

Wed Aug 25 11:30:23 EDT 2010

On Wed, Aug 25, 2010 at 10:37 AM, Jon Lewis <jlewis at lewis.org> wrote:
>
> Even clearer than that:
>
> "Each port has a single traffic storm control level that is used for all
> types of traffic (broadcast, multicast, and unicast).
>
> Traffic storm control monitors the level of each traffic type for which you
> enable traffic storm control in 1-second traffic storm control intervals."
>
> So it seems there's one storm-control threshold per interface, and you
> decide which types of traffic (unicast/broadcast/multicast) have that
> threshold applied.
>
> It then gets a little murky:
>
> "Traffic storm control on the Catalyst 6500 series switches is implemented
> in hardware. The traffic storm control circuitry monitors packets passing
> from a LAN interface to the switching bus. Using the Individual/Group bit in
> the packet destination address, the traffic storm control circuitry
> determines if the packet is unicast or broadcast, keeps track of the current
> count of packets within the 1-second interval, and when a threshold is
> reached, filters out subsequent packets.
>
> Because hardware traffic storm control uses a bandwidth-based method to
> measure traffic, the most significant implementation factor is setting the
> percentage of total available bandwidth that can be used by controlled
> traffic. Because packets do not arrive at uniform intervals, the 1-second
> interval during which controlled traffic activity is measured can affect the
> behavior of traffic storm control."
>
> Here, they first say storm control keeps track of the "count of packets"
> which implies to me "number of packets" or PPS, but then they say it's
> bandwidth based.  I think I'd actually prefer if it were simply based on PPS
> or if configuring it as PPS was at least an option.  We had a recent event
> in which a few VMs started sending an excessive rate of both broadcast and
> multicast.  The traffic was arriving on 1gig interfaces on a pair of 6509s,
> and at a traffic rate of about 55mbit/s, we were seeing 78k PPS, and the
> 6509s were not amused.  This got me looking at storm-control again.  We'd
> experimented with it years ago, but never fully implemented it.

I'm glad it's not just me that thinks this way. Looking at other
vendors, most seem to imitate Cisco and do percentage based, which is
almost pointless. pps would make this a useful protection.

Interestingly NX-OS allows a decimal point:

"storm-control {broadcast | multicast | unicast} level percentage[.fraction]"

Wonder what the "technical" reason is for not allowing this to be
configured with pps as well.

-- 
Tim:>