Not involved
Customer missed during testing that storm control for Unicast is not working correctly. That is, he reacts to the entire unicast, and not to unknown-unicast, as he should.
Example port setup:
#
interface GigabitEthernet2/0/37
port link-mode bridge
description 40f850ac-221f-4c1f-8a36-6b51f565f292
port access vlan 125
storm-constrain broadcast kbps 10000 8000
storm-constrain multicast kbps 10000 8000
storm-constrain unicast kbps 10000 8000
storm-constrain control block
bpdu-drop any
loopback-detection enable vlan 125
dhcp snooping information enable
dhcp snooping information circuit-id verbose format ascii
dhcp snooping information remote-id normal format ascii
#
return
We generate known-unicast traffic - the port goes to the block:
Abbreviation: BC - broadcast; MC - multicast; UC - unknown unicast;
KNUC - known unicast; FW - forwarding
Flow Statistic Interval: 10 (in seconds)
Port Type Lower Upper Unit Mode Status Trap Log StateChg
--------------------------------------------------------------------------------
GE2/0/37 BC 8000 10000 kbps block FW on on 0
GE2/0/37 MC 8000 10000 kbps block FW on on 0
GE2/0/37 UC 8000 10000 kbps block block on on 1
1. S5560X-54C-EI device in the field has set the storm control for the unknown unicast traffic under an Ethernet interface, which is configured as follows:
Flow Input Interface:
#
interface GigabitEthernet1/0/1
port link-mode bridge
description rvc2-msw01--ether8
port access vlan 20
storm-constrain unicast kbps 10000 8000
storm-constrain control block
#
Flow Out Interface:
#
interface GigabitEthernet1/0/2
port link-mode bridge
description rvc2-msw01--ether9
port access vlan 20
#
2. A description of the command is found in the command manual as follows:
Use storm-constrain to enable storm control and set
thresholds for broadcast, multicast, or unknown unicast packets on an Ethernet
interface.
Use undo
storm-constrain to
disable storm control for broadcast, multicast, unknown unicast, or all types
of traffic.
Syntax
storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } upperlimit lowerlimit
undo storm-constrain { all | broadcast | multicast | unicast }
Default
Traffic storm
control is disabled.
Views
Layer 2
Ethernet interface view
Predefined user roles
network-admin
Parameters
all: Disables storm control for all types of traffic: broadcast, multicast,
and unknown unicast.
broadcast: Enables or disables broadcast storm control.
multicast: Enables or disables multicast storm control.
unicast: Enables or disables unknown unicast storm control.
pps: Sets storm control thresholds in pps.
kbps: Sets storm control thresholds in kbps.
ratio: Sets storm control thresholds as a percentage of the transmission
capacity of the interface.
upperlimit: Sets the upper threshold, in pps, kbps, or percentage.
· If you specify the pps keyword, the value range for
the upperlimit argument is 0 to 1.4881 × the interface bandwidth.
· If you specify the kbps keyword, the value range for
the upperlimit argument is 0 to the interface bandwidth.
· If you specify the ratio keyword, the value range for
the upperlimit argument is 0 to 100.
lowerlimit: Sets the lower threshold, in pps, kbps, or percentage.
· If you specify the pps keyword, the value range for
the lowerlimit argument is 0 to 1.4881 × the interface bandwidth.
· If you specify the kbps keyword, the value range for
the lowerlimit argument is 0 to the interface bandwidth.
· If you specify the ratio keyword, the value range for
the lowerlimit argument is 0 to 100.
Usage guidelines
After you
configure storm control for a type of traffic, the device collects the statistics
for the type of traffic at the interval configured by using the storm-constrain
interval command.
When the type of traffic exceeds its upper threshold, the interface takes an
action configured by using the storm-constrain control command.
The storm-constrain, broadcast-suppression, multicast-suppression, and unicast-suppression commands can suppress storms on
an interface. The broadcast-suppression, multicast-suppression, and unicast-suppression commands use the chip to
physically suppress traffic. They have less influence on the device performance
than the storm-constrain command, which uses software to
suppress traffic.
For the
traffic suppression result to be determined, do not configure both storm
control and storm suppression for the same type of traffic.
When
configuring this command, make sure upperlimit is greater than lowerlimit.
3. Streaming tests using known unicast traffic in the field show that known unicast traffic passing through the interface can also cause the interface to be blocked as follows:
(1) View the MAC table (34 learnt):
(2) Simulating known data streams:
(3) Check the interface traffic control information first, 1/0/1 port is not blocked:
(4) After simulating known unicast traffic influx test, the interface state is blocked:
After R&D confirmation, this problem is caused by a chip defect. The ACL of the chip can"t distinguish whether the message is known unicast or unknown unicast. Therefore, storm-constraint unicast can"t distinguish between known unicast and unknown unicast, and calculates all unicasts, resulting in known unicast triggering block.
It is recommended to use unicast-suppression. Unicast-suppression suppresses unknown unicast packets physically through the chip. Compared with storm constraint, it has little impact on device performance. This command only suppresses unknown unicast, and there is no problem with local testing.
unicast-suppression
Use unicast-suppression to enable unknown unicast storm suppression and set the unknown unicast storm suppression threshold.
Use undo unicast-suppression to disable unknown unicast storm suppression.
Syntax
unicast-suppression { ratio | pps max-pps | kbps max-kbps }
undo unicast-suppression
Default
Ethernet interfaces do not suppress unknown unicast traffic.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
ratio: Sets the unknown unicast suppression threshold as a percentage of the interface bandwidth. The value range for this argument (in percentage) is 0 to 100. A smaller value means that less unknown unicast traffic is allowed to pass through.
pps max-pps: Specifies the maximum number of unknown unicast packets that the interface can forward per second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface bandwidth.
kbps max-kbps: Specifies the maximum number of kilobits of unknown unicast traffic that the Ethernet interface can forward per second. The value range for this argument (in kbps) is 0 to the interface bandwidth.
Usage guidelines
The unknown unicast storm suppression feature limits the size of unknown unicast traffic to a threshold on an interface. When the unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the unknown unicast traffic drops below this threshold.
Both the storm-constrain command and the unicast-suppression command can suppress unknown unicast storms on a port. The unicast-suppression command uses the chip to physically suppress unknown unicast traffic. It has less influence on the device performance than the storm-constrain command, which uses software to suppress unknown unicast traffic.
For the unknown unicast traffic suppression result to be determined, do not configure both the storm-constrain unicast command and the unicast-suppression command on an interface.
When you configure the suppression threshold in kbps, the actual suppression threshold might be different from the configured one as follows:
· If the configured value is smaller than 64, the value of 64 takes effect.
· If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of 64 that is greater than and closest to the configured value takes effect.
To determine the suppression threshold that takes effect, see the prompts on the switch.
Examples
# Set the unknown unicast storm suppression threshold to 10000 kbps on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] unicast-suppression kbps 10000
The actual value is 10048 on port GigabitEthernet1/0/1 currently.
The output shows that the value that takes effect is 10048 kbps (157 times of 64), because the chip only supports step 64.
Related commands
broadcast-suppression
multicast-suppression
No comments
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作