Cisco ASR 9000 Series Aggregation Services Router System Security Command Reference, Release 4.3.x
Traffic Storm Control Commands
Downloads: This chapterpdf (PDF - 1.26MB) The complete bookPDF (PDF - 3.78MB) | Feedback

Traffic Storm Control Commands

Traffic Storm Control Commands

This module describes the Cisco IOS XR software commands used to configure traffic storm control under Virtual Private LAN Service (VPLS) bridge domains.

For detailed information about traffic storm control concepts, configuration tasks, and examples, see the Implementing Traffic Storm Control module in the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide.

storm-control

To enable traffic storm control on an access circuit (AC) or access pseudowire (PW) under a VPLS bridge, use the storm-control command in l2vpn bridge group bridge-domain access circuit configuration mode or l2vpn bridge group bridge-domain pseudowire configuration mode. To disable traffic storm control, use the no form of this command.

storm-control { broadcast | multicast | unknown-unicast } pps pps value

no storm-control { broadcast | multicast | unknown-unicast } pps pps value

Syntax Description

broadcast

Configures traffic storm control for broadcast traffic.

multicast

Configures traffic storm control for multicast traffic.

unknown-unicast

Configures traffic storm control for unknown unicast traffic.

  • Traffic storm control does not apply to bridge protocol data unit (BPDU) packets. All BPDU packets are processed as if traffic storm control is not configured.
  • Traffic storm control does not apply to internal communication and control packets, route updates, SNMP management traffic, Telnet sessions, or any other packets addressed to the router.

pps pps value

Configures the packets-per-second (pps) storm control threshold for the specified traffic type. Valid values range from 1 to 160000.

Command Default

Traffic storm control is disabled by default.

Command Modes

l2vpn bridge group bridge-domain access circuit configuration

l2vpn bridge group bridge-domain pseudowire configuration

Command History

Release

Modification

Release 3.7.2

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Traffic storm control provides Layer 2 port security under a VPLS bridge by preventing excess traffic from disrupting the bridge. Traffic storm control can be enabled on ACs and PWs under a VPLS bridge. Traffic storm control monitors incoming traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any 1-second interval.

For each AC and PW port, you can enable traffic storm control for three types of traffic: broadcast, multicast, and unknown unicast.

The thresholds are configured at a packet-per-second (pps) rate. When the number of packets of the specified traffic type reaches the configured threshold level, the port drops additional packets of that traffic type arriving at that port for the remainder of the 1-second interval. At the beginning of a new 1-second interval, traffic of the specified type is allowed to pass on the port.

The 1-second interval is set in the hardware and is not configurable. Use the pps keyword to configure the maximum number of packets allowed during each 1-second interval.

Drop counters maintain a cumulative count of the number of packets dropped because the threshold was reached.

Use the show l2vpn bridge-domain command to view all configured traffic storm control thresholds under a bridge and to view the current value of the storm control drop counters.

Task ID

Task ID

Operations

l2vpn

read, write

Examples

The following example enables two traffic storm control thresholds on a pseudowire:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 1.1.1.1 pw-id 100
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# storm-control broadcast pps 4500
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# storm-control multicast pps 500
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end