- New and Changed Information
- Index
- Preface
- Overview
- Configuring AAA
- Configuring RADIUS
- Configuring TACACS+
- Configuring User Accounts and RBAC
- Configuring 802.1X
- Configuring IP ACLs
- Configuring MAC ACLs
- Configuring VLAN ACLs
- Configuring Port Security
- Configuring DHCP Snooping
- Configuring Dynamic ARP Inspection
- Configuring Source Guard
- Configuring Keychain Management
- Configuring Traffic Storm Control
- Information About Traffic Storm Control
- Virtualization Support For Traffic Storm Control
- Licensing Requirements for Traffic Storm Control
- Guidelines and Limitations
- Configuring Traffic Storm Control
- Displaying Traffic Storm Control Statistics
- Field Descriptions for Traffic Storm Control
- Additional References
- Feature History for Traffic Storm Control
Configuring Traffic Storm Control
This chapter describes how to configure traffic storm control on the NX-OS device.
This chapter includes the following sections:
•Information About Traffic Storm Control
•Virtualization Support For Traffic Storm Control
•Licensing Requirements for Traffic Storm Control
•Configuring Traffic Storm Control
•Field Descriptions for Traffic Storm Control
•Field Descriptions for Traffic Storm Control
•Feature History for Traffic Storm Control
Information About Traffic Storm Control
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.
Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 1-second interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.
Figure 15-1 shows the broadcast traffic patterns on a Layer 2 interface over a given interval. In this example, traffic storm control occurs between times T1 and T2 and between T4 and T5. During those intervals, the amount of broadcast traffic exceeded the configured threshold.
Figure 15-1 Broadcast Suppression
The traffic storm control threshold numbers and the time interval allow the traffic storm control algorithm to work with different levels of granularity. A higher threshold allows more packets to pass through.
Traffic storm control on the Cisco NX-OS device is implemented in the hardware. The traffic storm control circuitry monitors packets that pass from a Layer 2 interface to the switching bus. Using the Individual/Group bit in the packet destination address, the circuitry determines if the packet is unicast or broadcast, tracks the current count of packets within the 1-second interval, and filters out subsequent packets when a threshold is reached.
Traffic storm control uses a bandwidth-based method to measure traffic. You set the percentage of total available bandwidth that the controlled traffic can use. Because packets do not arrive at uniform intervals, the 1-second interval can affect the behavior of traffic storm control.
The following are examples of traffic storm control behavior:
•If you enable broadcast traffic storm control, and broadcast traffic exceeds the level within the 1-second interval, traffic storm control drops all broadcast traffic until the end of the interval.
•If you enable broadcast and multicast traffic storm control, and the combined broadcast and multicast traffic exceeds the level within the 1-second interval, traffic storm control drops all broadcast and multicast traffic until the end of the interval.
•If you enable broadcast and multicast traffic storm control, and broadcast traffic exceeds the level within the 1-second interval, traffic storm control drops all broadcast and multicast traffic until the end of the interval.
•If you enable broadcast and multicast traffic storm control, and multicast traffic exceeds the level within the 1-second interval, traffic storm control drops all broadcast and multicast traffic until the end of the interval.
By default, the NX-OS software takes no corrective action when the traffic exceeds the configured level. However, you can configure an Embedded Event Management (EEM) action to error-disable an interface if the traffic does not subside (drop below threshold) within a certain time period. For information on configuring EEM, see the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 4.1.
Virtualization Support For Traffic Storm Control
Traffic storm control configuration and operation are local to the virtual device context (VDC).
For more information on VDCs, see the Cisco DCNM Virtual Device Context Configuration Guide, Release 4.1.
Licensing Requirements for Traffic Storm Control
The following table shows the licensing requirements for this feature:
Guidelines and Limitations
When configuring the traffic storm control level, note the following guidelines and limitations:
•You can configure traffic storm control on a port-channel interface.
•Do not configure traffic storm control on interfaces that are members of a port-channel interface. Configuring traffic storm control on interfaces that are configured as members of a port channel puts the ports into a suspended state.
•Specify the level as a percentage of the total interface bandwidth:
–The level can be from 0 to 100.
–The optional fraction of a level can be from 0 to 99.
–100 percent means no traffic storm control.
–0.0 percent suppresses all traffic.
Because of hardware limitations and the method by which packets of different sizes are counted, the level percentage is an approximation. Depending on the sizes of the frames that make up the incoming traffic, the actual enforced level might differ from the configured level by several percentage points.
Figure 15-2 shows the Traffic Storm Control content pane.
Figure 15-2 Traffic Storm Control Content Pane
Configuring Traffic Storm Control
You can set the percentage of total available bandwidth that the controlled traffic can use.
Note Traffic storm control uses a 1-second interval that can affect the behavior of traffic storm control.
DETAILED STEPS
To enable traffic storm control on an interface, follow these steps:
Step 1 From the Feature Selector pane, choose Switching > Layer 2 Security > Traffic Storm Control.
Step 2 Double-click on the device to display the list of interface types.
Step 3 Double-click the Physical Interfaces to display the physical slots or double-click the Port-Channel interfaces to display the port-channel interfaces.
Step 4 (Optional) Double-click the slot to display the physical interfaces.
Step 5 Click the interface.
Step 6 From the Details pane, click the Interface Configuration tab.
Step 7 Click the desired traffic type check boxes.
Tip To apply traffic storm control for broadcast, multicast, and unicast traffic types, check the All check box.
Step 8 In the Threshold field, enter a traffic suppression level percentage.
Step 9 From the menu bar, click File > Deploy to apply your changes to the device.
Displaying Traffic Storm Control Statistics
You can display the statistics the NX-OS device maintains for traffic storm control activity.
DETAILED STEPS
To display traffic storm control statistics for an interface, follow these steps:
Step 1 From the Feature Selector pane, choose Switching > Layer 2 Security > Traffic Storm Control.
Step 2 Double-click on the device to display the list of interface types.
Step 3 Double-click the Physical Interfaces to display the physical slots or double-click the Port-Channel interfaces to display the port-channel interfaces.
Step 4 Double-click the slot to display the physical interfaces.
Step 5 Click the interface.
Step 6 From the Details pane, click the Statistics tab to display traffic storm control statistics for the interface.
Field Descriptions for Traffic Storm Control
This section includes the following topics:
•Switching: Traffic Storm Control: Summary Pane
•Switching: Traffic Storm Control: device: interface type: interface: Interface Configuration Tab
Switching: Traffic Storm Control: Summary Pane
Switching: Traffic Storm Control: device: interface type: interface: Interface Configuration Tab
Additional References
For additional information related to implementing traffic storm control, see the following sections:
Related Documents
|
|
---|---|
NX-OS Licensing |
|
DCNM Licensing |
Cisco DCNM Fundamentals Configuration Guide, Release 4.1 |
Feature History for Traffic Storm Control
Table 15-3 lists the release history for this feature.
|
|
|
---|---|---|
Traffic storm control |
4.0(1) |
This feature was introduced. |