[f-nsp] MLX broadcast storm protection

Tomasz Szewczyk tomeks at man.poznan.pl
Thu Apr 7 02:58:43 EDT 2011


Hi,

I would recommend "cpu protection" if you _must_ use L2 switching (VPLS) or just use VLLs or VLL-Local for point-to-point connection. There
is no MAC learning within VLL/VLL-local instance.

Check if "cpu protection" works on VLANs. Alternatively try loop detection on the interface.

Tomek

W dniu 2011-04-05 18:47, Mark Johnson pisze:
> Anyone out there know of a good way to protect against customer broadcast storms? We use a few MLX switches with customer ports on them.
> Occasionally, a customer will create a loop in their equipment which causes a storm all the way back to our MLXs. The line cards are
> pretty good at handling (CPU goes to 30-40%) but would like to know of a good way to protect our MLX.
>  
> Also, any have best security practices they apply on customer ports to help keep the core switching stable?
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5846 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20110407/bb70d6c6/attachment.p7s>


More information about the foundry-nsp mailing list