cancel
Showing results for 
Search instead for 
Did you mean: 

ExOS rate-limit flood- broadcast Flood Rate Exceeded

ExOS rate-limit flood- broadcast Flood Rate Exceeded

Alexandr_Viktor
New Contributor

Hi everyone.

I have some problem with control broadcast in my network.
If i set broadcast flood rate in something like 30000, i saw that Flood Rate Exceeded counter increases, but in Rx Pkt Bcast i saw maximum 50-100 packets per second.
MCast & UnkCast rate set to no-limit
sc1 # show ports 7 rate-limit flood port-number
Port Rate-Limit Discard Monitor Sat Feb 18 15:21:43 201777
Port Link Rx Pkt Rx Byte Rx Pkt Rx Pkt Flood Rate
State Count Count Bcast Mcast Exceeded
================================================================================
7 A 10532496 1630959311 10531169 1406 10531364
Can you tel me what packet drop switch?

Also i fond this page https://extremeportal.force.com/ExtrArticleDetail?an=000083176, but i can't understand what it is the magic number: 15.625

TU for your answer? sory for my englishh=)

7 REPLIES 7

EtherMAN
Contributor III
Let me see if I can ease the minds about how and when we use port/hardware based broadcast flood protection. Our use is edge customer facing interfaces... We set it to 200 pps on all of these. Do we get a few hits and alarms about this... Yep and we have trained our NOC on how to look at the stats on that port to determine if the customer has a loop or something going on inside their LAN or network. this does not affect their ability to use the network or services. This does not disable their port but sure the heck will slow down a local broadcast storm from coming back into our one gig switches and saturating a one gig uplink port. It generates a nice snmp trap for the NOC to respond to. The first time you let one of your edge customers know they have a small or big loop going on in their LAN you will be a hero to them... Just remember this is a broadcast packets being sent to every port in the same broadcast domain. If you drop a few packets because of this configuration as a rule it does not effect the services. If you have a loop going on in an adjacent network that is being sent to you because you are part of their layer 2 broadcast domain believe me they will want you to let them know so it can be dealt with and shut down. We have thousands of interfaces with broadcast packets being limited for years and have yet to have any issues with our services and clients.

Stephane_Grosj1
Extreme Employee
Hi,

Indeed, a x670V is on the 16.x train release, no way to upgrade to 21/22.x.

Drop of packet is certainly bad in that case. The rate-limit command does that (explicitly drop), but the issue here is that it doesn't happen precisely when expected. I understand the need to rate-limit such traffic above a given threshold, as this is certainly a loop going on, or an attack. Considering the behavior of this command, which is not anymore really per second, I'd encourage you to create meters. They would do the job as expected.

Alexandr_Viktor
New Contributor
So if I correctly understand - drop of this packet its no so bad? I don't think so. Set rate-limit for 60000 broadcast its bad idea to, so how i can calculate rate limit for 200 broadcast pps without Flood Rate increment

-cannot upgrade to 21.1+ -- our vendor give us this this firmavare:
* sc1 # show switch
System Type: X670V-48x
Primary ver: 16.1.3.6 patch1-9

Stephane_Grosj1
Extreme Employee
Hi,

this behavior is supposed to be fixed with 21.1 and above. If you cannot upgrade to 21.1+, it would be better to use meters instead of the cli rate-limit flood command.
GTM-P2G8KFN