Configuring Traffic Storm Control

This topic describes how to configure the Traffic Storm Control feature on a Cisco ASR 1000 Series Aggregated Services Router.

Understanding Traffic Storm Control

A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. The Traffic Storm Control feature prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces.

On a Cisco ASR 1000 Series Aggregated Services Router, you can configure a bits per second policer committed information rate (CIR) on a service instance for broadcast, multicast, or unknown unicast traffic. The Hardware Assistant Policer Engine ensures that the rate does not exceed the configured policer rate. When the traffic exceeds the configured rate, packets are dropped to control the traffic.


Note

Traffic storm control is disabled by default.

Prerequisites for Configuring Traffic Storm Control

Ensure that you configure separate storm control policers for each of the broadcast, multicast, and unknown unicast traffic types. Traffic types that do not have a configured policer will not be traffic controlled. For example, multicast traffic will not be traffic controlled if you do not configure a storm control policer for it.

Configuring Traffic Storm Control

Perform the following steps to configure traffic storm control:

SUMMARY STEPS

  1. interface {{type slot/port} | {port-channel number}}
  2. no ip address
  3. negotiation auto
  4. service instance id ethernet
  5. encapsulation dot1q vlan-id
  6. storm-control {{unicast | broadcast | multicast } cir cir-value}
  7. bridge-domain bridge-id
  8. end

DETAILED STEPS

  Command or Action Purpose
Step 1

interface {{type slot/port} | {port-channel number}}

Example:

Router(config)# interface GigabitEthernet 0/0/0

Selects an interface to configure.

Step 2

no ip address

Example:

Router(config-if)# no ip address

Disables IP address processing.

Step 3

negotiation auto

Example:

Router(config-if)# negotiation auto

Enables advertisement of speed, duplex mode, and flow control on a Gigabit Ethernet interface.

Step 4

service instance id ethernet

Example:

Router(config-if)# service instance 1 ethernet

Configures an Ethernet service instance on an interface and enters the Ethernet service configuration mode.

Step 5

encapsulation dot1q vlan-id

Example:

Router(config-if-srv)# encapsulation dot1q 1-4094

Defines the matching criteria to be used in order to map ingress dot1q frames on an interface with the appropriate service instance.

Step 6

storm-control {{unicast | broadcast | multicast } cir cir-value}

Example:

Router(config-if-srv)# storm-control unicast cir 8000
Router(config-if-srv)# storm-control broadcast cir 1500000
Router(config-if-srv)# storm-control multicast cir 980000000

Sets the storm control rate for unicast, broadcast, or multicast.

Step 7

bridge-domain bridge-id

Example:

Router(config-if-srv)# bridge-domain 1

Binds the service instance to a bridge domain instance where bridge-id is the identifier.

Step 8

end

Exits the configuration mode.

Examples

Example: Examples

The following example shows how to configure storm control rates for unicast, broadcast, and multicast traffic: 

Router(config)# interface GigabitEthernet0/0/0
Router(config-if)# no ip address
Router(config-if)# negotiation auto
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 1-4094
Router(config-if-srv)# storm-control unicast cir 8000
Router(config-if-srv)# storm-control broadcast cir 1500000
Router(config-if-srv)# storm-control multicast cir 980000000
Router(config-if-srv)# bridge-domain 1

Use the show ethernet service instance id 1 interface GigabitEthernet 0/0/0 stats command to view the storm control statistics. 

Router# show ethernet service instance id 1 interface GigabitEthernet0/0/0 stats

Port maximum number of service instances: 8000
Service Instance 1, Interface GigabitEthernet0/0/0
   Pkts In   Bytes In   Pkts Out  Bytes Out
         0          0          0          0

StormControl Discard Pkts:
   Broadcast   Multicast   Unknown Unicast
        0          0          0

Use the show platform software ethernet fp active efp id 1 interface GigabitEthernet0/0/0 command to view the Ethernet Flow Point (EFP) information in slot 1 of a Cisco ASR 1000 Series Aggregation Services Router. 

Router# show platform software ethernet fp active efp id 1 interface GigabitEthernet0/0/0

Forwarding Manager Ethernet Flow Points

EFP: ID: 1, DPIDB: 0x1020010, Data Type: static
     Interface: 8 (GigabitEthernet0/0/0)
     QFPIDX: 21
     QFPifname: GigabitEthernet0/0/0.EFP1
  State: AdminDown, Priority: 10
  First tag encap: dot1q, vlan-type: 0x8100
        vlan list: 1-4094
  DOT1AD Port Type: UNI
  Storm ctrl u_cir: 8000, m_cir: 980000000, b_cir: 1500000
  Bridge-domain: 1, Split-Horizon: None
    MAC-limit: 65536

Example: Configuring a Traffic Storm Control CIR

Example: Configuring a Traffic Storm Control CIR

Use the storm-control {broadcast|unicast|multicast [cos <value>] cir <value> command to configure the traffic storm control CIR for a Class of Service (CoS) and an address type. If you do not specify the CoS, but specify a CIR value, the default value for all the CoSs that are not specified will be an aggregate of the specified CIR. For example, in the following configuration, CIR 20000 will be the default CIR value for CoS 0,3,4,5, and 6 for the broadcast MAC address: 



Router(config)# interface gig 2/0
Router(config)# service instance 100 ethernet
Router(config-if)# storm-control broadcast cir 20000
Router(config-if)# storm-control broadcast cos 1 cir 10000
Router(config-if)# storm-control broadcast cos 2 cir 15000
Router(config-if)# storm-control broadcast cos 7 cir 15000

Note

Ensure that you configure the default CIR first before configuring the per CoS CIR. If the default CIR is not configured, the cos keyword will be disabled from the CLI. Before deleting the default CIR, ensure that you remove all per-CoS CIRs for the same address type.