[c-nsp] QoS for broadcast storms (was 6500 & broadcast-storm control)
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 21 09:09:41 EDT 2009
Phil Mayers wrote:
>> storm-control works just fine. But unfortunately for WS-X6704-10GE minimum
>> amount of 0.34% which is too much for the box to handle without starting to
>> flap BGP/LDP/IS-IS etc.
>
> Well, these are 6748-SFP, which I see can go down much lower, though it
> talks about "100 meg" ports (on an -SFP linecard!)
>
> Can the mls qos be used to rate-limit this on ingress? I doubt it; IIRC
> the ingress policing is limited to CoS only.
Hmm. I don't seem to be able to match on MAC address, but I can match on IP:
object-group ip address BROADCAST
host-info 10.2.11.255
host-info 10.2.15.255
host-info 10.2.19.255
...
host-info 255.255.255.255
ip access-list extended BROADCAST
permit ip any addrgroup BROADCAST
class-map match-all BROADCAST
match access-group name BROADCAST
policy-map EDGE
class BROADCAST
police 128k 4096 conform transmit exceed drop violate drop
int GiX/Y
service-policy input EDGE
...which seems to work. I guess the problem there is, it does nothing to
ensure that STP makes it down to / back from the edge switch.
More information about the cisco-nsp
mailing list