Security Configuration Guide, Cisco DCNM for LAN, Release 6.x
Configuring Traffic Storm Control
Downloads: This chapterpdf (PDF - 441.0KB) The complete bookPDF (PDF - 4.66MB) | The complete bookePub (ePub - 1.6MB) | Feedback

Configuring Traffic Storm Control

Configuring Traffic Storm Control

This chapter describes how to configure traffic storm control on the Cisco NX-OS device.

This chapter includes the following sections:

Information About Traffic Storm Control

A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.

Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 10-millisecond interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.

This table shows the broadcast traffic patterns on a Layer 2 interface over a given interval. In this example, traffic storm control occurs between times T1 and T2 and between T4 and T5. During those intervals, the amount of broadcast traffic exceeded the configured threshold.

Figure 1. Broadcast Suppression



The traffic storm control threshold numbers and the time interval allow the traffic storm control algorithm to work with different levels of granularity. A higher threshold allows more packets to pass through.

Traffic storm control on the Cisco NX-OS device is implemented in the hardware. The traffic storm control circuitry monitors packets that pass from a Layer 2 interface to the switching bus. Using the Individual/Group bit in the packet destination address, the circuitry determines if the packet is unicast or broadcast, tracks the current count of packets within the 10-millisecond interval, and filters out subsequent packets when a threshold is reached.

Traffic storm control uses a bandwidth-based method to measure traffic. You set the percentage of total available bandwidth that the controlled traffic can use. Because packets do not arrive at uniform intervals, the 10-millisecond interval can affect the behavior of traffic storm control.

The following are examples of traffic storm control behavior:

  • If you enable broadcast traffic storm control, and broadcast traffic exceeds the level within the 10-millisecond interval, traffic storm control drops all broadcast traffic until the end of the interval.
  • If you enable broadcast and multicast traffic storm control, and the combined broadcast and multicast traffic exceeds the level within the 10-millisecond interval, traffic storm control drops all broadcast and multicast traffic until the end of the interval.
  • If you enable broadcast and multicast traffic storm control, and broadcast traffic exceeds the level within the 10-millisecond interval, traffic storm control drops all broadcast and multicast traffic until the end of the interval.
  • If you enable broadcast and multicast traffic storm control, and multicast traffic exceeds the level within the 10-millisecond interval, traffic storm control drops all broadcast and multicast traffic until the end of the interval.

By default, the Cisco NX-OS software takes no corrective action when the traffic exceeds the configured level. However, you can configure an Embedded Event Management (EEM) action to error-disable an interface if the traffic does not subside (drop below the threshold) within a certain time period. For information on configuring EEM, see the Cisco Nexus 7000 Series NX-OS System Management Command Reference.

Licensing Requirements for Traffic Storm Control

The following table shows the licensing requirements for this feature:

Product

License Requirement

Cisco DCNM

Traffic storm control requires a LAN Enterprise license. For an explanation of the Cisco DCNM licensing scheme and how to obtain and apply licenses, see the Cisco DCNM Installation and Licensing Guide, Release 5.x.

Cisco NX-OS

Traffic storm control requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For an explanation of the Cisco NX-OS licensing scheme for your platform, see the licensing guide for your platform.

Platform Support for Traffic Storm Control

The following platforms support this feature but may implement it differently. For platform-specific information, including guidelines and limitations, system defaults, and configuration limits, see the corresponding documentation.

Platform Documentation
Cisco Nexus 3000 Series Switches Cisco Nexus 3000 Series Switches Documentation
Cisco Nexus 4000 Series Switches Cisco Nexus 4000 Series Switches Documentation
Cisco Nexus 5000 Series Switches Cisco Nexus 5000 Series Switches Documentation
Cisco Nexus 7000 Series Switches Cisco Nexus 7000 Series Switches Documentation

Configuring Traffic Storm Control

You can set the percentage of total available bandwidth that the controlled traffic can use.


Note


Traffic storm control uses a 10-millisecond interval that can affect the behavior of traffic storm control.


Procedure
    Step 1   From the Feature Selector pane, choose Switching > Layer 2 Security > Traffic Storm Control.
    Step 2   Double-click on the device to display the list of interface types.
    Step 3   Double-click the Physical Interfaces to display the physical slots or double-click the Port-Channel interfaces to display the port-channel interfaces.
    Step 4   (Optional)Double-click the slot to display the physical interfaces.
    Step 5   Click the interface.
    Step 6   From the Details pane, click the Interface Configuration tab.
    Step 7   Click the desired traffic type check boxes.
    Tip   

    To apply traffic storm control for broadcast, multicast, and unicast traffic types, check the All check box.

    Step 8   In the Threshold field, enter a traffic suppression level percentage.
    Step 9   From the menu bar, click File > Deploy to apply your changes to the device.

    Displaying Traffic Storm Control Statistics

    You can display the statistics the Cisco NX-OS device maintains for traffic storm control activity.

    Procedure
      Step 1   From the Feature Selector pane, choose Switching > Layer 2 Security > Traffic Storm Control.
      Step 2   Double-click on the device to display the list of interface types.
      Step 3   Double-click the Physical Interfaces to display the physical slots or double-click the Port-Channel interfaces to display the port-channel interfaces.
      Step 4   Double-click the slot to display the physical interfaces.
      Step 5   Click the interface.
      Step 6   From the Details pane, click the Statistics tab to display traffic storm control statistics for the interface.

      Field Descriptions for Traffic Storm Control

      This section includes the field descriptions for the traffic storm control feature in Cisco DCNM.

      Switching: Traffic Storm Control: Summary Pane

      Table 1 Switching: Traffic Storm Control: Summary Pane

      Element

      Description

      Interface

      Interface ID.

      Unicast Control

      Check box to enable or disable unicast traffic control.

      Multicast Control

      Check box to enable or disable multicast traffic control.

      Broadcast Control

      Check box to enable or disable broadcast traffic control.

      All

      Check box to enable or disable unicast, multicast, and broadcast traffic control.

      Bandwidth(bps)

      Interface bandwidth in bits per second.

      Threshold

      Traffic-storm control threshold percentage for the selected traffic. The default is 100 percent.

      Switching: Traffic Storm Control: device: interface type: interface: Interface Configuration Tab

      Table 2  Switching: Traffic Storm Control: device: interface type: interface: Interface Configuration Tab

      Element

      Description

      Interface

      Interface ID.

      Description

      Interface description.

      Threshold

      Traffic-storm control threshold percentage for the selected traffic. The default is 100 percent.

      Bandwidth(bps)

      Interface bandwidth in bits per second.

      All

      Check box to enable or disable unicast, multicast, and broadcast traffic control.

      Unicast Control

      Check box to enable or disable unicast traffic control.

      Multicast Control

      Check box to enable or disable multicast traffic control.

      Broadcast Control

      Check box to enable or disable broadcast traffic control.

      Additional References for Traffic Storm Control

      This section includes additional information related to implementing traffic storm control.

      Related Documents

      Related Topic

      Document Title

      Cisco NX-OS Licensing

      Cisco NX-OS Licensing Guide

      Cisco DCNM Licensing

      Cisco DCNM Installation and Licensing Guide, Release 5.x

      Feature History for Traffic Storm Control

      This table lists the release history for this feature.

      Table 3  Feature History for Traffic Storm Control

      Feature Name

      Releases

      Feature Information

      Traffic storm control

      5.2(1)

      Added support for the Cisco Nexus 3000 Series Switches.

      Traffic storm control

      5.1(1)

      No change from Release 5.0.

      Traffic storm control

      5.0(2)

      No change from Release 4.2.

      Traffic storm control

      4.2(1)

      No change from Release 4.1.