Header Only - DO NOT REMOVE - Extreme Networks

Storm control on EXOS


How do you control broadcast storms, multicast storms, etc. in the Extreme EXOS, in the Cisco world there is "storm-control", but I don't see anything in EXOS to handle this. I recently had a go around with the even Intel I217-LM NIC driver that sends IPv6 Multicast Listener Discovery Queries from Lenovo M93p desktops when in power save mode on driver ver 12.6.47.0, upgrading to ver 12.6.x fixed the issue, but obviously the network is wide open for such issues.

6 replies

Userlevel 3
On BlackDiamond 8800 and X8 series switches, SummitStack, and Summit family switches, you cancontrol ingress flooding of broadcast and multicast traffic and traffic for unknown destination MAC
addresses.
To control ingress flooding of broadcast and multicast traffic and traffic for unknown destination MAC
addresses, enter the command:

configure ports port_list rate-limit flood [broadcast | multicast | unknowndestmac][no-limit | pps]
Great, thanks for the info...have you had any success or lack there of when setting these limits? Meaning, have you had settings that caused issues and are now using ones that are a better compromise?
Userlevel 3
Nathan Grist wrote:

Great, thanks for the info...have you had any success or lack there of when setting these limits? Meaning, have you had settings that caused issues and are now using ones that are a better compromise?

3000 (pps) for multicast and 2500 (pps) for broadcast
Userlevel 2
We had the exact same issue happening us. The problem with the limit is that it's ingress and if you have not protected yourself everywhere you will have the egress flood anyway. Other than that it works very well.
Userlevel 6
This is a pretty simple thing to execute on all ports. I have seen customers use scripts or simply copy paste to add it to all the switches. Using NS with its scripting will allow you to play the script across the whole network.

Another aspect is that I would suggest using a queue on the uplinks at a minimum to put broadcast into a queue and limit the amount egressing the switch. You can do the same with other packet types if needed. Just use an ACL to look at all FFs and place it into a queue like qp3 and set a max % on the port.

I would recommend being careful though if you do not understand the amount of traffic or the types of packets used by applications on your network you can cause issues.

Hope this helps
On the note of egress flood protection, I see that EXOS has the "config ports x:x rate-limit egress ", can this be used effectively to account for the IPv6 multicast flood I described?

Reply