Tuesday, 19 May 2009

Storm Control


Storm-control
is a very useful command for all switch-ports which allows you to set limits for Broadcast and Multicast traffic. When those limits are exceeded, traffic of that type is blocked on the interface until the storm has passed.

The configuration for the storm control level as a percentage of the link size is:
storm-control {broadcast|multicast} level {level} [level-low]


You can also set the action to take, either to filter the traffic or just to send an SNMP trap. The default action is to filter traffic and not send a trap.
storm-control action {shutdown|trap}


There are a couple of reasons why you may encounter large amounts of multicast or broadcast traffic on a LAN:
  1. There are lots of Multicast/Broadcast applications
  2. There is a bridging loop
  3. A device is malfunctioning and spamming the network


Some traffic monitoring is needed to check how much multicast/broadcast is normal on the network before configuring storm-control. You should also allow a reasonable amount of contingency so that ports don't start getting blocked if the CEO decides to multicast his video diary out to the company!

So why is it useful?

The major advantage to storm control is in the situation of a bridging loop. Typically it will be broadcast and multicast traffic that takes the network down as it gets perpetually forwarded.

With storm control the damage is limited, hopefully enough to allow LAN access to continue with reduced performance. It may not keep the users happy but it should allow you to remotely troubleshoot the network.

Without it you may be looking at a major outage lasting days while you walk around the site with a laptop trying to find the source of the failure.


Warning

Be careful setting the level-low (falling threshold) value. If this is set too low then you may find that storm-control blocks a port and never unblocks it. The following config looks innocent enough:
storm-control multicast level 20.00 0.00

It tells storm control to block the port if multicast traffic exceeds 20% of the total link size which seems perfectly reasonable.

The second option tells storm control to un-block the port when multicast traffic falls below 0% of the link size. Depending on your network this may never happen so the port will remain permanently blocked until someone runs shut/no shut on it.

No comments:

Post a Comment