[c-nsp] Storm-Control on server switch uplinks.

Jon Lewis jlewis at lewis.org
Wed Aug 25 10:37:31 EDT 2010 

On Wed, 25 Aug 2010, Peter Rathlev wrote:

> On Wed, 2010-08-25 at 08:22 +0200, Jens S Andersen wrote:
>> I just found out I can't set different levels for broadcast and multicast
>> storm control
>
> Cisco hints at this in the documentation, e.g. for the "storm-control
> broadcast level" command:
>
> "Enables broadcast traffic storm control on the interface, configures
> the traffic storm control level, and applies the traffic storm control
> level to all traffic storm control modes enabled on the interface. "

Even clearer than that:

"Each port has a single traffic storm control level that is used for all 
types of traffic (broadcast, multicast, and unicast).

Traffic storm control monitors the level of each traffic type for which 
you enable traffic storm control in 1-second traffic storm control 
intervals."

So it seems there's one storm-control threshold per interface, and you 
decide which types of traffic (unicast/broadcast/multicast) have that 
threshold applied.

It then gets a little murky:

"Traffic storm control on the Catalyst 6500 series switches is implemented 
in hardware. The traffic storm control circuitry monitors packets passing 
from a LAN interface to the switching bus. Using the Individual/Group bit 
in the packet destination address, the traffic storm control circuitry 
determines if the packet is unicast or broadcast, keeps track of the 
current count of packets within the 1-second interval, and when a 
threshold is reached, filters out subsequent packets.

Because hardware traffic storm control uses a bandwidth-based method to 
measure traffic, the most significant implementation factor is setting the 
percentage of total available bandwidth that can be used by controlled 
traffic. Because packets do not arrive at uniform intervals, the 1-second 
interval during which controlled traffic activity is measured can affect 
the behavior of traffic storm control."

Here, they first say storm control keeps track of the "count of packets" 
which implies to me "number of packets" or PPS, but then they say it's 
bandwidth based.  I think I'd actually prefer if it were simply based on 
PPS or if configuring it as PPS was at least an option.  We had a recent 
event in which a few VMs started sending an excessive rate of both 
broadcast and multicast.  The traffic was arriving on 1gig interfaces on a 
pair of 6509s, and at a traffic rate of about 55mbit/s, we were seeing 78k 
PPS, and the 6509s were not amused.  This got me looking at storm-control 
again.  We'd experimented with it years ago, but never fully implemented 
it.

One thing I'm curious about...if I have an interface with storm-control 
configured, and that interface is the source for a monitor session, during 
a traffic storm, will I see the dropped packets on the monitor session 
destination?

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list