[c-nsp] Storm-Control on server switch uplinks.
Lincoln Dale
ltd at cisco.com
Wed Aug 25 21:58:24 EDT 2010
On 24/08/2010, at 8:59 PM, Saku Ytti wrote:
> First CSCO box to support policing unknown unicast is EARL7.5 but it is
> per chassis instead of per port. I'm not sure if any Cisco can support
> per port unknown unicast policing, but if Nexus7k/EARL8 doesn't do it,
> I'm betting there isn't any box which does it.
generally speaking, cisco-nsp is not really the forum where we talk about internal details of internal implementation details of packet/frame forwarding within silicon, but...
N7K M1 (EARL8) I/O modules do not currently do unknown unicast policing (UUFB aka unknown unicast flood blocking) at this point in time in any shipping release of NX-OS.
do we plan to enable it? yes.
can we do it per port? yes
will we do so? yes.
> It is one of the two big WTFs I have with Cisco switches, the 2nd is
> inability to limit port MAC count without also employing port-security,
> which murders convergency budget.
historically, enabling port security resulted in L2 (MAC) learning in h/w being disabled on many platforms, which would make MAC learning behave like many other vendors' switches that don't do h/w L2 learning.
speaking for N7K M1 (EARL8) I/O modules, we can and still do h/w L2 learning with Port Security enabled on a port provided you use the "protect" port security method as outlined in <http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter16.html#con_1210940>.
cheers,
lincoln.
More information about the cisco-nsp
mailing list