Storm control on EXOS

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
How do you control broadcast storms, multicast storms, etc. in the Extreme EXOS, in the Cisco world there is "storm-control", but I don't see anything in EXOS to handle this.  I recently had a go around with the even Intel I217-LM NIC driver that sends IPv6 Multicast Listener Discovery Queries from Lenovo M93p desktops when in power save mode on driver ver 12.6.47.0, upgrading to ver 12.6.x fixed the issue, but obviously the network is wide open for such issues.
Photo of Nathan Grist

Nathan Grist

  • 288 Points 250 badge 2x thumb
  • frustrated

Posted 3 years ago

  • 0
  • 1
Photo of Mel78, CISSP, ECE

Mel78, CISSP, ECE

  • 1,044 Points 1k badge 2x thumb
On BlackDiamond 8800 and X8 series switches, SummitStack, and Summit family switches, you cancontrol ingress flooding of broadcast and multicast traffic and traffic for unknown destination MAC
addresses.
To control ingress flooding of broadcast and multicast traffic and traffic for unknown destination MAC
addresses, enter the command:

configure ports port_list rate-limit flood [broadcast | multicast | unknowndestmac][no-limit | pps]
Photo of Nathan Grist

Nathan Grist

  • 288 Points 250 badge 2x thumb
Great, thanks for the info...have you had any success or lack there of when setting these limits?  Meaning, have you had settings that caused issues and are now using ones that are a better compromise?
Photo of Mel78, CISSP, ECE

Mel78, CISSP, ECE

  • 1,014 Points 1k badge 2x thumb
3000 (pps) for multicast and 2500 (pps) for broadcast
Photo of andreas

andreas

  • 1,218 Points 1k badge 2x thumb
We had the exact same issue happening us.
The problem with the limit is that it's ingress and if you have not protected yourself everywhere you will have the egress flood anyway.

Other than that it works very well.
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
This is a pretty simple thing to execute on all ports.  I have seen customers use scripts or simply copy paste to add it to all the switches.  Using NS with its scripting will allow you to play the script across the whole network.

Another aspect is that I would suggest using a queue on the uplinks at a minimum to put broadcast into a queue and limit the amount egressing the switch.  You can do the same with other packet types if needed.  Just use an ACL to look at all FFs and place it into a queue like qp3 and set a max % on the port.

I would recommend being careful though if you do not understand the amount of traffic or the types of packets used by applications on your network you can cause issues.

Hope this helps
Photo of Nathan Grist

Nathan Grist

  • 288 Points 250 badge 2x thumb
On the note of egress flood protection, I see that EXOS has the "config ports x:x rate-limit egress <cir-rate>", can this be used effectively to account for the IPv6 multicast flood I described?