Extreme Networks

eyeV · ‎05-23-2014

Hi everybody. I have trouble again...

I'd like to create an OpenFlow rule which sends the syslog message when broadcast rate reaches 1000 pps in some VLANs. I've applied this rule to VLAN and disabled all ports on the switch. But I see those syslog messages... What's wrong with rule?

entry BCAST-PKT {
if {
ethernet-destination-address ff:ff:ff:ff:ff:ff;
}
then {
count bcast-pkt;
}
}
entry BCAST_flood {
if {
delta bcast-pkt > 1000;
hysteresis 100;
period 1 ;
}
then {
syslog "Too many broadcast frames in VLAN $VlanName... Rule $ruleName exceeds limit $ruleThreshold" WARN 120;
}
else {
syslog "Broadcast frames in VLAN $VlanName falls bellow rate." WARN;
}
}
Slot-1: Too many broadcast frames in VLAN v20... Rule BCAST_flood exceeds limit 1000.000000
Slot-1: Too many broadcast frames in VLAN v11... Rule BCAST_flood exceeds limit 1000.000000
Slot-1: Too many broadcast frames in VLAN v22... Rule BCAST_flood exceeds limit 1000.000000
Slot-1: Too many broadcast frames in VLAN v31... Rule BCAST_flood exceeds limit 1000.000000

Slot-1: Broadcast frames in VLAN v20 falls bellow rate.
Slot-1: Broadcast frames in VLAN v11 falls bellow rate.
Slot-1: Broadcast frames in VLAN v22 falls bellow rate. Slot-1: Broadcast frames in VLAN v31 falls bellow rate.

eyeV · ‎05-24-2014

It seems I was a bit obvious. I haven't seen any log messages too when all ports are disabled. Maybe I didn't quite understand the Concepts Guide, because...

I have simple config. Vlan 21 added untagged to port 1:1 and tagged to port 1:25. Port 1:25 is active.

I have the same policy file, but I've deleted "hysteresis 100" statement.

show policy "block-in-abonvlan"
Policies at Policy Server:
Policy: block-in-abonvlan
entry BCAST-PKT {
if match all {
ethernet-destination-address ff:ff:ff:ff:ff:ff ;
}
then {
count bcast-pkt ;
}
}
entry BCAST_flood {
if match all {
delta bcast-pkt > 1000 ;
period 1 ;
}
then {
syslog "Too many broadcast frames in VLAN $VlanName... Rule $ruleName exceeds limit $ruleThreshold" WARN 120 ;
}
else {
syslog "Broadcast frames in VLAN $VlanName falls bellow rate." WARN ;
}
}
Number of clients bound to policy: 1
Client: acl bound once

show access-list
Vlan Name Port Policy Name Dir Rules Dyn Rules
===================================================================
v21 * block-in-abonvlan ingress 1 0

show ports 1:25 vlan statistics no-refresh
Port Vlan Rx Frames Rx Byte Tx Frame Tx Byte
Count Count Count Count
================================================================================
xCore v21 112 14289 0 0
================================================================================

05/24/2014 12:17:29.79 Slot-1: Too many broadcast frames in VLAN v21... Rule BCAST_flood exceeds limit 1000.000000
05/24/2014 12:17:30.81 Slot-1: Broadcast frames in VLAN v21 falls bellow rate.

show ports 1:25 vlan statistics no-refresh
Port Vlan Rx Frames Rx Byte Tx Frame Tx Byte
Count Count Count Count
================================================================================
xCore v21 200 25287 0 0
================================================================================

show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
block-in-abonvlan v21 * ingress
bcast-pkt 1096

05/24/2014 12:32:59.66 Slot-1: Too many broadcast frames in VLAN v21... Rule BCAST_flood exceeds limit 1000.000000
05/24/2014 12:33:00.69 Slot-1: Broadcast frames in VLAN v21 falls bellow rate.

show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
block-in-abonvlan v21 * ingress
bcast-pkt 1150

If I have not misunderstood the Concepts Guide my policy should trigger when broadcasts frames in VLAN 21 will increase by 1000 per second. Is it right?

I'm sorry about my English. It's not my native language. I always make a lot of mistakes actualy.

Sumit_Tokle · ‎05-23-2014

I haven't seen any log in my test switch as shown below,

B3U36.13 # show policy test
Policies at Policy Server:
Policy: test
entry BCAST-PKT {
if match all {
ethernet-destination-address ff:ff:ff:ff:ff:ff ;
}
then {
count bcast-pkt ;
}
}
entry BCAST_flood {
if match all {
delta bcast-pkt > 1000 ;
hysteresis 100 ;
period 1 ;
}
then {
syslog "Too many broadcast frames in VLAN $VlanName... Rule $ruleName exceeds limit $ruleThreshold" WARN 120 ;
}
else {
syslog "Broadcast frames in VLAN $VlanName falls bellow rate." WARN ;
}
}
Number of clients bound to policy: 1
Client: acl bound once

* B3U36.14 #

B3U36.14 # show log
No log messages were displayed.
* B3U36.15 #

B3U36.15 # show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
test Default * ingress
bcast-pkt 0

* B3U36.16 #

Did you apply the policy on port or on VLAN?
DId you see the ACL counters are keeps on increasing?
If there are less number of ports in vlan then try to apply the policy per port basis and try to narrow down the issue.

Sumit_Tokle · ‎05-23-2014

* B3U36.6 # show access-listVlan Name Port Policy Name Dir Rules Dyn Rules
===================================================================
Default * test ingress 1 0

* B3U36.7 #

I have applied the policy on vlan too.

eyeV · ‎05-23-2014

Thank you. This is really weird.

Did you apply the policy on port or on VLAN?

I applied this policy on some VLAN.

DId you see the ACL counters are keeps on increasing?

No, the ACL counters doesn't increase.

If there are less number of ports in vlan then try to apply the policy per port basis and try to narrow down the issue.

Ok. I'll try to apply this policy on ports and add matching condition vlan-id.

Extreme Networks

Clear flow "delta" action

Clear flow "delta" action