[c-nsp] recommendations for ARP CoPP
Matt Buford
matt at overloaded.net
Thu Jan 5 14:04:30 EST 2006
> Now, I'm wondering what a "best practice" for ARP rate-limiting on the
> Sup720 is.
>
> The goal is:
>
> - whatever the customers do, the box has to stay up -- so anything that
> causes CPU saturation and subsequent routing protocol keepalive issues
> is "bad". Which is why we have CoPP in the first place (and it works
> very well - thank you, Cisco folks! - no CPU issues of any kind here)
>
> - but an ARP storm on one VLAN interface should not - if possible at
> all - starve out ARP requests on *other* VLANs.
>
> is there any way to achieve this?
>
> How do "you other Sup720 users" out there handle ARP and CoPP?
I approach the problem from another angle, and enable broadcast storm
control on customer ports. Each customer is individually limited, that way
one person flooding doesn't drop everyone else in the rate limit too.
I'm using almost exclusively 6500 switches, and the 6248 10/100 cards
support this, however the 6148 10/100/1000 cards do not. :(
Of course, not all ARPs are broadcast - but the looped ones you're seeing
likely are.
More information about the cisco-nsp
mailing list