[c-nsp] storm-control broadcast level (4948)
CiscoNSP List
cisconsp_list at hotmail.com
Thu Jan 22 18:44:46 EST 2015
Cheers - Much appreciated.
> Date: Thu, 22 Jan 2015 22:42:56 +0200
> From: saku at ytti.fi
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] storm-control broadcast level (4948)
>
> On (2015-01-23 06:44 +1100), CiscoNSP List wrote:
>
> Hey,
>
> > Looking for some "real world" experience on what values to implement for storm-control on 4948's (Customer facing Ints, and switch(Customer/Carrier/Our own) facing Ints)...I realise every network has unique traffic patterns, so recommended values would vary dramatically....Ours is a service provider network, ports connect to customer switches/routers/firewalls/carriers, and we sell a mix of vrf+inet tails.
>
> Storm-control lends itself well to data based decisions. You can turn it on
> with ridiculous limits and gather observed pps rates, then add some margin and
> implement.
> If you don't have time to do this, set edge ports to 100pps and core-ports to
> 2kpps.
>
> I often see these in the field with something like 80% and I wonder, what was
> the rationale. WS-X6704-10GE can implement 0.34% as lowest rate, and it's too
> high rate for the control-plane to handle.
>
> > Also, any other Int templates you use to improve/mitigate customer "miss-configurations" would be greatly appreciated.
>
> If service provided through port is L3, allow IPv4, ARP and IPV6 ethertypes
> and drop rest. Remove DTP. Run port-fast default, bpdu-filter on portfast and
> bpudguard (on L3 ports only, not towards say PE, which may transport L2).
> Consider limiting amount of MAC addresses through port via port-security.
>
> --
> ++ytti
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list