• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

S5560X series switch's port is blocked by known unicast traffic after configuring storm control on an Ethernet interface

2020-08-11 Published
  • 0关注
  • 0收藏 1450浏览
周天 五段
粉丝:0人 关注:0人

Network Topology

Not involved

Problem Description

Customer missed during testing that storm control for Unicast is not working correctly. That is, he reacts to the entire unicast, and not to unknown-unicast, as he should.

Example port setup:

disp cur int gi 2/0/5
#
interface GigabitEthernet2/0/37
 port link-mode bridge
 description 40f850ac-221f-4c1f-8a36-6b51f565f292
 port access vlan 125
 storm-constrain broadcast kbps 10000 8000
 storm-constrain multicast kbps 10000 8000
 storm-constrain unicast kbps 10000 8000
 storm-constrain control block
 bpdu-drop any
 loopback-detection enable vlan 125
 dhcp snooping information enable
 dhcp snooping information circuit-id verbose format ascii
 dhcp snooping information remote-id normal format ascii
#
 

return

We generate known-unicast traffic - the port goes to the block:

disp storm-constrain interface GigabitEthernet2/0/37
 Abbreviation: BC - broadcast; MC - multicast; UC - unknown unicast;
               KNUC - known unicast; FW - forwarding
 Flow Statistic Interval: 10 (in seconds)
Port          Type Lower     Upper     Unit  Mode     Status   Trap Log StateChg
--------------------------------------------------------------------------------
GE2/0/37      BC   8000      10000     kbps  block    FW       on   on  0
GE2/0/37      MC   8000      10000     kbps  block    FW       on   on  0
GE2/0/37      UC   8000      10000     kbps  block    block    on   on  1


display version
H3C Comware Software, Version 7.1.070, Release 6315
Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.
H3C S5560X-54C-EI uptime is 0 weeks, 2 days, 13 hours, 56 minutes
Last reboot reason : Cold reboot

Boot image: flash:/s5560x_ei-cmw710-boot-r6315.bin
Boot image version: 7.1.070, Release 6315
  Compiled Mar 18 2020 11:00:00
System image: flash:/s5560x_ei-cmw710-system-r6315.bin
System image version: 7.1.070, Release 6315
  Compiled Mar 18 2020 11:00:00
Feature image(s) list:
  flash:/s5560x_ei-cmw710-freeradius-r6315.bin, version: 7.1.070
    Compiled Mar 18 2020 11:00:00
  flash:/s5560x-ei-cmw710-escan-r6315.bin, version: 7.1.070
    Compiled Mar 18 2020 11:00:00

Process Analysis

1. S5560X-54C-EI device in the field has set the storm control for the unknown unicast traffic under an Ethernet interface, which is configured as follows:

Flow Input Interface:

#

interface GigabitEthernet1/0/1

port link-mode bridge

description rvc2-msw01--ether8

port access vlan 20

storm-constrain unicast kbps 10000 8000

storm-constrain control block

#


Flow Out Interface:

#

interface GigabitEthernet1/0/2

port link-mode bridge

description rvc2-msw01--ether9

port access vlan 20

#


2. A description of the command is found in the command manual as follows:

storm-constrain

Use storm-constrain to enable storm control and set thresholds for broadcast, multicast, or unknown unicast packets on an Ethernet interface.

Use undo storm-constrain to disable storm control for broadcast, multicast, unknown unicast, or all types of traffic.

Syntax

storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } upperlimit lowerlimit

undo storm-constrain { all | broadcast | multicast | unicast }

Default

Traffic storm control is disabled.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

all: Disables storm control for all types of traffic: broadcast, multicast, and unknown unicast.

broadcast: Enables or disables broadcast storm control.

multicast: Enables or disables multicast storm control.

unicast: Enables or disables unknown unicast storm control.

pps: Sets storm control thresholds in pps.

kbps: Sets storm control thresholds in kbps.

ratio: Sets storm control thresholds as a percentage of the transmission capacity of the interface.

upperlimit: Sets the upper threshold, in pps, kbps, or percentage.

·           If you specify the pps keyword, the value range for the upperlimit argument is 0 to 1.4881 × the interface bandwidth.

·           If you specify the kbps keyword, the value range for the upperlimit argument is 0 to the interface bandwidth.

·           If you specify the ratio keyword, the value range for the upperlimit argument is 0 to 100.

lowerlimit: Sets the lower threshold, in pps, kbps, or percentage.

·           If you specify the pps keyword, the value range for the lowerlimit argument is 0 to 1.4881 × the interface bandwidth.

·           If you specify the kbps keyword, the value range for the lowerlimit argument is 0 to the interface bandwidth.

·           If you specify the ratio keyword, the value range for the lowerlimit argument is 0 to 100.

Usage guidelines

After you configure storm control for a type of traffic, the device collects the statistics for the type of traffic at the interval configured by using the storm-constrain interval command. When the type of traffic exceeds its upper threshold, the interface takes an action configured by using the storm-constrain control command.

The storm-constrainbroadcast-suppressionmulticast-suppression, and unicast-suppression commands can suppress storms on an interface. The broadcast-suppressionmulticast-suppression, and unicast-suppression commands use the chip to physically suppress traffic. They have less influence on the device performance than the storm-constrain command, which uses software to suppress traffic.

For the traffic suppression result to be determined, do not configure both storm control and storm suppression for the same type of traffic.

When configuring this command, make sure upperlimit is greater than lowerlimit.


3. Streaming tests using known unicast traffic in the field show that known unicast traffic passing through the interface can also cause the interface to be blocked as follows:

(1) View the MAC table (34 learnt):


(2) Simulating known data streams:


(3) Check the interface traffic control information first, 1/0/1 port is not blocked:


(4) After simulating known unicast traffic influx test, the interface state is blocked:



After R&D confirmation, this problem is caused by a chip defect. The ACL of the chip can"t distinguish whether the message is known unicast or unknown unicast. Therefore, storm-constraint unicast can"t distinguish between known unicast and unknown unicast, and calculates all unicasts, resulting in known unicast triggering block.



Solution

It is recommended to use unicast-suppression. Unicast-suppression suppresses unknown unicast packets physically through the chip. Compared with storm constraint, it has little impact on device performance. This command only suppresses unknown unicast, and there is no problem with local testing.


unicast-suppression

Use unicast-suppression to enable unknown unicast storm suppression and set the unknown unicast storm suppression threshold.

Use undo unicast-suppression to disable unknown unicast storm suppression.

Syntax

unicast-suppression { ratio | pps max-pps | kbps max-kbps }

undo unicast-suppression

Default

Ethernet interfaces do not suppress unknown unicast traffic.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

ratio: Sets the unknown unicast suppression threshold as a percentage of the interface bandwidth. The value range for this argument (in percentage) is 0 to 100. A smaller value means that less unknown unicast traffic is allowed to pass through.

pps max-pps: Specifies the maximum number of unknown unicast packets that the interface can forward per second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface bandwidth.

kbps max-kbps: Specifies the maximum number of kilobits of unknown unicast traffic that the Ethernet interface can forward per second. The value range for this argument (in kbps) is 0 to the interface bandwidth.

Usage guidelines

The unknown unicast storm suppression feature limits the size of unknown unicast traffic to a threshold on an interface. When the unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the unknown unicast traffic drops below this threshold.

Both the storm-constrain command and the unicast-suppression command can suppress unknown unicast storms on a port. The unicast-suppression command uses the chip to physically suppress unknown unicast traffic. It has less influence on the device performance than the storm-constrain command, which uses software to suppress unknown unicast traffic.

For the unknown unicast traffic suppression result to be determined, do not configure both the storm-constrain unicast command and the unicast-suppression command on an interface.

When you configure the suppression threshold in kbps, the actual suppression threshold might be different from the configured one as follows:

·           If the configured value is smaller than 64, the value of 64 takes effect.

·           If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of 64 that is greater than and closest to the configured value takes effect.

To determine the suppression threshold that takes effect, see the prompts on the switch.

Examples

# Set the unknown unicast storm suppression threshold to 10000 kbps on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] unicast-suppression kbps 10000

The actual value is 10048 on port GigabitEthernet1/0/1 currently.

The output shows that the value that takes effect is 10048 kbps (157 times of 64), because the chip only supports step 64.

Related commands

broadcast-suppression

multicast-suppression


该案例对您是否有帮助:

您的评价:1

若您有关于案例的建议,请反馈:

0 comments

No comments

Add Comments:

举报

×

侵犯我的权益 >
对根叔知了社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔知了社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作