[c-nsp] Broadcast storm Cisco Solution

[Nick Hilliard]

On 26/07/2012 17:07, Rich Trinkle wrote:
> Thanks Nick.  I did some research on storm control.  If I set this up
> for broadcast and this happens again, all broadcast traffic stops on
> this port thus affecting all my subs.  Here is a quick breakdown:
> 
> Cisco 7206 - I have a vlan set up on a sub interface with a dhcp pool in
> it.  This Vlan is then trunked out to a 3750.
> Cisco 3750 - From here it gets trunked out 3 different gig ports to
> Ethernet uplink cards (Tellabs AFC equipment) in different geographical
> locals and then gets dumped to shelves, adsl cards and then to sub.
> 
> The AFC equipment does not have the capability of controlling or
> monitoring for this type of excessive traffic.  In the event of a storm,
> or ddos attack, I'd like to be able to just isolate that mac or ip
> that's causing it and not affect any of the other subs on that dhcp
> network.

Hi Rich,

you need to be able to handle storms as close as possible to the source of
the storm.  In your case, as you can't handle it on the tellabs boxes,
you're going to need to configure it on the 3750 interfaces facing them.
However, this is going to cause you problems because if you have a storm
event on a single customer and storm control stop it from being a problem
for other ports, it has the potential to interfere with your other
customers on that port - who are also going to be issuing you with periodic
dhcp requests,

I'd view it as a pretty serious failing on the part of the Tellabs AFC kit
if they couldn't handle broadcast storm control.  If you're running L2 to
the customer, you need adequate L2 protection in order to keep your network
running properly.  The absolute minimum features you need here would inlude
mac address counting, broadcast / multicast storm control and dhcp
snooping.  If your kit doesn't handle this, you have problems. :-(

Nick