[c-nsp] Storm control?
Dale W. Carder
dwcarder at doit.wisc.edu
Tue Dec 5 10:33:50 EST 2006
On Dec 4, 2006, at 4:49 AM, Vincent De Keyzer wrote:
> I am looking for real life experiences with the storm-control
> feature. Does
> it really help? Did it save your network some time? What levels of
> broadcast
> / unicast / multicast would you recommend?
We use broadcast storm control on every interface. Edge ports,
core facing ports, anywhere.
The setting we currently run is 1Mbit threshold on 10Mbit ports
and 10Mbit/sec on 100/1000 ports. On 10G ports, 34Mbit/sec is as
low as you can go. We've been running these values for about 2 years.
If I had time, I would crank the levels much lower on the edge ports.
Out of approximately 75k+ edge ports, at least 1-2 ports per day will
have storm control kick in. Who knows why, it could be unmitigated
loops or a stupid application, but that much broadcast traffic is
never legitimate.
We have also seen broadcast storm control kick in between the access
layer and the distribution layer. This was mostly during times that
something bad happened paired with software error (such as a not quite
fully mature PVRSTP+ implementation, or etherchannel failing in new
and novel ways.) So, storm-control can bail you out of bad times by
squelching traffic AND by giving you some syslogs letting you know
where to look.
So, I guess in summary, if you have it turn it on. It can't hurt.
As you set up this feature, I recommend setting it as low as you can
get away with.
Multicast storm control in an entirely different topic, and you will
need to know exactly how you are using multicast in your environment.
Dale
----------------------------------
Dale W. Carder - Network Engineer
University of Wisconsin at Madison
http://net.doit.wisc.edu/~dwcarder
More information about the cisco-nsp
mailing list