Storm Control

Storm Control provides Layer 2 port security under a Virtual Private LAN Services (VPLS) bridge by preventing excess traffic from disrupting the bridge. This module describes how to configure traffic storm control.

Storm Control

A traffic storm occurs when packets flood a VPLS bridge, creating excessive traffic and degrading network performance. Storm control prevents VPLS bridge disruption by suppressing traffic when the number of packets reaches configured threshold levels. You can configure separate threshold levels for different types of traffic on an access circuit (AC) under a VPLS bridge.

Storm control monitors incoming traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any 1-second interval. The 1-second interval is set in the hardware and is not configurable. On Cisco NCS 5000 Series Router, the monitoring interval is always one second. The number of packets allowed to pass during this interval is configurable, per port, per traffic type. During this interval, it compares the traffic level with the storm control level that the customer configures. When the incoming traffic reaches the storm control level configured on the bridge port, storm control drops traffic until the end of storm control interval. At the beginning of a new interval, traffic of the specified type is allowed to pass on the port. The thresholds are configured using a packets-per-second (pps) and kilobit-per-second (kbps) rate.

Storm control has little impact on router performance. Packets passing through ports are counted regardless of whether the feature is enabled. Additional counting occurs only for the drop counters, which monitor dropped packets. Storm control counts the number of packets dropped per port. The drop counters are cumulative for all traffic types.

Supported Traffic Types for Storm Control

On each VPLS bridge port, you can configure up to three storm control thresholds—one for each of the supported traffic types. If you do not configure a threshold for a traffic type, then storm control is not enabled on that port or interface for that traffic type.

The supported traffic types are:

  • Broadcast traffic—Packets with a packet destination MAC address equal to FFFF.FFFF.FFFF.

  • Multicast traffic—Packets with a packet destination MAC address not equal to the broadcast address, but with the multicast bit set to 1. The multicast bit is bit 0 of the most significant byte of the MAC address.

  • Unknown unicast traffic—Packets with a packet destination MAC address not yet learned.

Storm Control Thresholds

Storm control thresholds are configured at a packet-per-second and kilobit-per-second rate. A threshold is the number of packets of the specified traffic type that can pass on a port during a 1-second interval. Valid values for storm control thresholds are integers from 1 to 160000. Only kbps rate is supported by hardware. However, pps is supported; pps rate is converted to kbps. The pps rate is calculated as 1 pps = 8 kbps.

Restrictions for Storm Control

  • Storm control parameters must be configured only at the interface or AC level under the bridge domain. Configuration under the bridge domain outside of the AC is not supported.

  • Storm control rates are programmed in the hardware at the physical port level and not at the subinterface level. Hence, the storm control rates configured on a subinterface is applied to all the subinterfaces on the given physical port. Different storm control rates cannot be configured for different subinterfaces on the same physical port.

  • Storm control is not supported for forwarding pseudowires (VFI PWs).

  • No alarms are generated when packets are dropped.

  • Only kbps rate is supported by hardware. Though the pps configuration is allowed, it is converted to kbps. The pps rate is calculated as 1 pps = 8 kbps.

Configure Storm Control

The storm control feature is disabled by default. It must be explicitly enabled on each port or bridge-domain for each traffic type. The thresholds are configured using a packets-per-second (pps) or kilobit-per-second (kbps) rate. Perform this task to configure storm control on an access circuit (AC).

Configuration Example 


RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet0/1/0/0.100
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# storm-control broadcast kbps 4500
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit

Running Configuration 


configure
 l2vpn
  bridge group csco
   bridge-domain abc
    interface GigabitEthernet0/1/0/0.100
     storm-control broadcast kbps 4500
   !

Related Topics

Associated Commands

  • storm-control

Associated Commands

  • storm-control