[j-nsp] R: R: EX4550: storm-control on commit

Valentini, Lucio Lucio.Valentini at siag.it
Mon Jan 30 02:50:02 EST 2017 

Hi again,

I would check the configuration of the etherchannel on both sides, maybe spanning tree is disabled on the customer side or misconfigured; 

If the behavior is not consistent, that could be due to the traffic on the link ? 

This is my configuration for an etherchannel 10 G.

set interfaces xe-0/1/0 ether-options 802.3ad ae0 <---------- no other configuration is set for xe-0/1/0 and xe-1/1/0
set interfaces xe-1/1/0 ether-options 802.3ad ae0
set interfaces ae0 description xxx
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options link-speed 10g
set interfaces ae0 aggregated-ether-options lacp passive  <--------------- it´s active on the other side!
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members xxxxxx

set protocols oam ethernet link-fault-management interface ae0.0 pdu-interval 800
set protocols oam ethernet link-fault-management interface ae0.0 pdu-threshold 10
set protocols oam ethernet link-fault-management interface ae0.0 negotiation-options allow-remote-loopback
set protocols lldp interface ae0.0

if you set the level to 1, it means the storm control is active when the traffic exceeds 1% of 10 G, which is 100Mbps, but othe aggregate it would be 200 Mbps, easy enough to exceed. 
See this for example:
https://www.juniper.net/documentation/en_US/junos15.1/topics/concept/rate-limiting-storm-control-understanding.html

I hope this helps
Cheers

Lucio
-----Messaggio originale-----
Da: Jeff Meyers [mailto:Jeff.Meyers at gmx.net] 
Inviato: venerdì 27 gennaio 2017 22:27
A: Valentini, Lucio <Lucio.Valentini at siag.it>; juniper-nsp at puck.nether.net
Oggetto: Re: [j-nsp] R: EX4550: storm-control on commit

Hi,


> I also have 2 x EX4550 in VC with storm-control enabled, but it never 
> happens to me to get that message on commit;
>
> I have this configuration for storm-control:
>
> set ethernet-switching-options storm-control interface all
>
> I am wondering what is your configuration for the ae2.0 interface:
> can you check that ? which physical interfaces are on ae2 ? what are 
> their configurations? Maybe there is a loop somewhere in between 
> those.

we have this one:

interface all {
     level 1;
}


ae2 is actually a LACP channel containing 2x 10GE to a customer. 
Generally yes there might be a potential loop behind. The curious part is however that this message mostly appears on commits and not necessarily also without a commit. This is not limited to our EX4550 VC but can also be seen on some EX3300 ToR switches. Typically all with storm-control level 1-5 configured.

> Also, can you check your log messages ? if you do a "help syslog 
> ESWD_ST_CTL_ERROR_IN_EFFECT" it tells you:

Yes, that happens every once in a while. Although I cannot guarantee this is not loop-caused, the impact to our network caused by loops is was typically clearly visible by disappearing ARP entries on the routers and/or jumping MACs (at least until we set storm-control low enough which is even < 1% so we use the bandwidth option here).


Best,
Jeff

More information about the juniper-nsp mailing list