[e-nsp] LoopDetect on x650
Tom Hill
tom at ninjabadger.net
Mon Jul 13 05:08:57 EDT 2015
On 24/06/13 15:27, Marcin Kuczera wrote:
> At the moment I use on external ports limits:
> Broadcast Rate: 500 packets-per-second
> Multicast Rate: 2000 packets-per-second
> Unknown Dest Mac Rate: 2000 packets-per-second
Something I discovered through pain and suffering, was that (at least in
the X440) these rate-limiters are measured in the ASIC at a
per-millisecond rate, relative to your configured per-second rate.
So in the example example, frames would be dropped over 5ppms, 200ppms &
200pmms respectfully.
Hit me hard where we have a lot of CARP-enabled VLANs on a switchport
connected to an openbsd firewall. With a configured rate-limit of
5000pps for multicast, we hit problems with ~25 VLANs (v4 & v6 are
separate multicast MACs).
I thought this might be useful knowledge given the discussion has looped
back to rate-limits again. But maybe you all knew already! :)
--
Tom
More information about the extreme-nsp
mailing list