Re: Storm control in 3550 and 3560 switches from Anantha Subramanian Natarajan on 2009-09-14 (Ccielab archives 09/2009)

From: Anantha Subramanian Natarajan <anantha.natarajan_at_gravitant.com>
Date: Mon, 14 Sep 2009 09:29:36 -0500

Hi Scott,

Thank you very much for the descriptive explanation/history.This is
actually a recap for me after I have heard your audio series soo many times
but somehow I understood that even unicast(In that case,As I understood,I
would assume the I/ G bit would be 0 right,where for multicast/broadcast
would be 1) is dropped after the multicast threshold is reached in
3550.Kindly correct me if I am wrong in that.If thats true, is it true even
in 3560 switches.

Thank you Scott

Regards
Anantha Subramanian Natarajan

On Mon, Sep 14, 2009 at 8:56 AM, Scott Morris <smorris_at_ine.com> wrote:

> Other way around. Broadcasts are a SUBSET of multicasts.
>
> At layer2, a multicast is defined by the I/G bit. The least significant
> bit of the most significant byte of a MAC.
>
> For example, all IP multicast at layer2 begins with 01-00-5E-xx-xx-xx.
> 01 is the most significant byte (left-most). In binary it's 0000 0001.
> The 1 is the least-significant bit (right-most) of this byte. That's
> the I/G bit. A 1 value indicates a GROUP address while a 0 value
> indicates an INDIVIDUAL address (the I and the G).
>
> A broadcast at layer2 is FF-FF-FF-FF-FF-FF. Or in binary, 1111 1111 in
> the most significant byte. Being all-ones, it's a very specific notation.
>
> Not all multicasts can be called broadcasts. But all broadcasts can
> also be called multicasts (group addresses).
>
> So if you have a storm control threshold of 10% for multicast, but 20%
> for broadcast... Once you hit your 10% mutlicast mark, your broadcasts
> will get throttled as well since they are part of that same group.
>
> It's all about perspective (and a little history). ;)
>
> HTH,
>
>
>
>
> *Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,
>
> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>
> JNCI-M, JNCI-ER
>
> evil_at_ine.com
>
>
> Internetwork Expert, Inc.
>
> http://www.InternetworkExpert.com <http://www.internetworkexpert.com/>
>
> Toll Free: 877-224-8987
>
> Outside US: 775-826-4344
>
>
> Knowledge is power.
>
> Power corrupts.
>
> Study hard and be Eeeeviiiil......
>
>
>
>
>
> Anantha Subramanian Natarajan wrote:
> > Hi Darby,
> >
> > Thank you very much for the descriptive explanation on the topic.Not
> sure
> > I understood the below caveat
> >
> > "If you enable broadcast and multicast traffic storm control, and
> broadcast
> > traffic exceeds the level within a 1-second traffic storm control
> interval,
> > traffic storm control drops all broadcast and multicast traffic until the
> > end of the traffic storm control interval. "
> >
> > Is that mean that,if the broadcast traffic exceeds the threshold level,it
> > will also drop multicast traffic,when the multicast didn't eceed the
> > threshold defined on the later 2 interface ??/..Is it true for both 3550
> and
> > 3560 switches ?
> >
> > Thank you
> >
> > Regards
> > Anantha Subramanian Natarajan
> >
> >
> >
> >
> > On Mon, Sep 14, 2009 at 5:05 AM, Darby Weaver <darby.weaver_at_gmail.com
> >wrote:
> >
> >
> >> Some caveats you may to take note of on Storm-Control:
> >>
> >> All Layer 2 Broadcasts are Multicasts.
> >>
> >> All Layer 2 Multicasts are *not* Broadcasts.
> >>
> >> Traffic storm control monitors the level of each traffic type for which
> you
> >> enable traffic storm control in 1-second traffic storm control
> intervals.
> >> Within an interval, when the ingress traffic for which traffic storm
> >>
> > control
> >
> >> is enabled reaches the traffic storm control level that is configured on
> >>
> > the
> >
> >> port, traffic storm control drops the traffic until the traffic storm
> >> control interval ends.
> >>
> >> The following are examples of traffic storm control behavior:
> >>
> >> If you enable broadcast traffic storm control, and broadcast traffic
> >> exceeds the level within a 1-second traffic storm control interval,
> traffic
> >> storm control drops all broadcast traffic until the end of the traffic
> >>
> > storm
> >
> >> control interval.
> >>
> >> If you enable broadcast and multicast traffic storm control, and the
> >> combined broadcast and multicast traffic exceeds the level within a
> >>
> > 1-second
> >
> >> traffic storm control interval, traffic storm control drops all
> broadcast
> >> and multicast traffic until the end of the traffic storm control
> interval.
> >>
> >> If you enable broadcast and multicast traffic storm control, and
> >> broadcast traffic exceeds the level within a 1-second traffic storm
> control
> >> interval, traffic storm control drops all broadcast and multicast
> traffic
> >> until the end of the traffic storm control interval.
> >>
> >> If you enable broadcast and multicast traffic storm control, and
> >> multicast traffic exceeds the level within a 1-second traffic storm
> control
> >> interval, traffic storm control drops all broadcast and multicast
> traffic
> >> until the end of the traffic storm control interval.
> >>
> >> 1) One very important remark everybody seems to miss, is that
> storm-control
> >> only works on INBOUND packets. It does not prevent a port from being
> >> overwhelmed with broadcasts from the core or other access switches.
> >>
> >> 2) Watch out with stormcontrol on trunk ports! Includes any allowed or
> >> non-allowed Vlan
> >>
> >> 3) The storm-control "drop filter" action will block on all VLANS.
> >>
> >> Finally:
> >>
> >> Storm control is supported only on physical interfaces; it is not
> supported
> >> on EtherChannel port-channels or physical interfaces that are members of
> >> port channels even though the command is available in the CLI. If a
> >>
> > physical
> >
> >> interface with storm control configured joins an EtherChannel, the storm
> >> control configuration for the physical interface is removed from the
> >>
> > running
> >
> >> configuration.
> >>
> >>
> >>
> >>
> >>
> >> On Sun, Sep 13, 2009 at 8:01 PM, Anantha Subramanian Natarajan <
> >> anantha.natarajan_at_gravitant.com> wrote:
> >>
> >>
> >>> Hi All,
> >>>
> >>> My understanding on ,Multicast storm control on 3550 switch is as
> below
> >>>
> >>> "When the rate of multicast frames increased more than the specified
> >>> rate
> >>> on the Multicast storm-control configuration,it will block all
> multicast
> >>> frames exceeded and also even all unicast/broadcast traffic is dropped
> >>> until
> >>> the multicast rate on the port is decreased than the threshold
> >>> defined.Exceptions would be BPDU's and CDP frames".
> >>>
> >>> Is my above understanding right ?.If so ,my questions is
> >>>
> >>> Does the above statement is also true for 3560 switches.For some
> reason.I
> >>> couldn't find a reference on the 3560 config guide,unless I missed it.
> >>>
> >>> Thank you for the assistance.
> >>>
> >>> Regards
> >>> Anantha Subramanian Natarajan
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >> --
> >> Darby Weaver
> >> Network Engineer
> >>
> >> 407-802-7394
> >> darbyweaver_at_yahoo.com
> >>
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 14 2009 - 09:29:36 ART

This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART