[c-nsp] Storm control?

Saku Ytti saku+cisco-nsp at ytti.fi
Mon Dec 4 08:31:55 EST 2006


On (2006-12-04 11:49 +0100), Vincent De Keyzer wrote:

> I am looking for real life experiences with the storm-control feature. Does
> it really help? Did it save your network some time? What levels of broadcast
> / unicast / multicast would you recommend?

I can't recall having any benefit yet from multicast storm-control, but
better safe than sorry.
broadcast storm-control is essential in each and every L2 port you have,
since ethernet networks in any non-trivial network have to be build in a
way that they are broken by design[0].
unicast storm-control can be nice indication of infected machine,
before you make the firewall kneel over due to pps and everyone has 
to suffer (yes, has happened in real-life)

[0] of course all non-core links need to be configured explicitly
as edge ports, and of course you want to run BPDUGuard on all
edge ports. However, if you connect boxes that you don't
admin to your L2, the far-side admin might not know how not to
send you BPDU's (or she might want to configure network like you do,
and run BPDUGuard on her side), in these cases you have to use BPDUFilter,
which means one way of detecting L2 loops is gone and risk of getting L2
loop increases, storm-control will curb it, before your network dies.

-- 
  ++ytti


More information about the cisco-nsp mailing list