[c-nsp] storm-control broadcast level (4948)
Saku Ytti
saku at ytti.fi
Thu Jan 22 15:42:56 EST 2015
On (2015-01-23 06:44 +1100), CiscoNSP List wrote:
Hey,
> Looking for some "real world" experience on what values to implement for storm-control on 4948's (Customer facing Ints, and switch(Customer/Carrier/Our own) facing Ints)...I realise every network has unique traffic patterns, so recommended values would vary dramatically....Ours is a service provider network, ports connect to customer switches/routers/firewalls/carriers, and we sell a mix of vrf+inet tails.
Storm-control lends itself well to data based decisions. You can turn it on
with ridiculous limits and gather observed pps rates, then add some margin and
implement.
If you don't have time to do this, set edge ports to 100pps and core-ports to
2kpps.
I often see these in the field with something like 80% and I wonder, what was
the rationale. WS-X6704-10GE can implement 0.34% as lowest rate, and it's too
high rate for the control-plane to handle.
> Also, any other Int templates you use to improve/mitigate customer "miss-configurations" would be greatly appreciated.
If service provided through port is L3, allow IPv4, ARP and IPV6 ethertypes
and drop rest. Remove DTP. Run port-fast default, bpdu-filter on portfast and
bpudguard (on L3 ports only, not towards say PE, which may transport L2).
Consider limiting amount of MAC addresses through port via port-security.
--
++ytti
More information about the cisco-nsp
mailing list