[c-nsp] recommendations for ARP CoPP
Gert Doering
gert at greenie.muc.de
Tue Jan 10 17:27:58 EST 2006
Hi,
On Thu, Jan 05, 2006 at 02:04:30PM -0500, Matt Buford wrote:
> >How do "you other Sup720 users" out there handle ARP and CoPP?
>
> I approach the problem from another angle, and enable broadcast storm
> control on customer ports. Each customer is individually limited, that way
> one person flooding doesn't drop everyone else in the rate limit too.
Yes, this is a good suggestion. (In our other datacenter, using 5500s,
we have broadcast storm control setup already - but that was years
ago, and I forgot all about it :) ).
OTOH, as far as I can see, broadcast storm control will at least
permit 1% of the port's bandwidth - so on a 100 Mbit port, I'll get
1 Mbit of (ARP) broadcasts, and on a GigE port, I'll get 10 Mbit...
Looking at it from yet another angle: what's the amount of ARP traffic
(or other "generic broadcasts") that a Sup720 could handle "quite
comfortably", without interfering with other functions? 1 Mbit? 5 Mbit?
>From experience with other platforms, I'm *very* conservative regarding
packets directed at the box itself.
> I'm using almost exclusively 6500 switches, and the 6248 10/100 cards
> support this, however the 6148 10/100/1000 cards do not. :(
Fun stuff...
> Of course, not all ARPs are broadcast - but the looped ones you're seeing
> likely are.
Definitely. The slave switch that they came in via (2948G) was completely
overwhelmed by the amount of broadcasts...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list