Traffic Storm Control

This chapter contains the following sections:

About Traffic Storm Control

A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use traffic storm control policies to prevent disruptions on Layer 2 ports by broadcast, unknown multicast, or unknown unicast traffic storms on physical interfaces.

By default, storm control is not enabled in the ACI fabric. ACI bridge domain (BD) Layer 2 unknown unicast flooding is enabled by default within the BD but can be disabled by an administrator. In that case, a storm control policy only applies to broadcast and unknown multicast traffic. If Layer 2 unknown unicast flooding is enabled in a BD, then a storm control policy applies to Layer 2 unknown unicast flooding in addition to broadcast and unknown multicast traffic.

Traffic storm control (also called traffic suppression) allows you to monitor the levels of incoming broadcast, multicast, and unknown unicast traffic over a one second interval. During this interval, the traffic level, which is expressed either as percentage of the total available bandwidth of the port or as the maximum packets per second allowed on the given port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends. An administrator can configure a monitoring policy to raise a fault when a storm control threshold is exceeded.

Configuring a Traffic Storm Control Policy Using the GUI

Procedure

Step 1

In the menu bar, click Fabric.

Step 2

In the submenu bar, click Access Policies.

Step 3

In the Navigation pane, expand Interface Policies.

Step 4

Expand Policies.

Step 5

Right-click Storm Control and choose Create Storm Control Interface Policy.

Step 6

In the Create Storm Control Interface Policy dialog box, enter a name for the policy in the Name field.

Step 7

In the Configure Storm Control field, click the radio button for either All Types or Unicast, Broadcast, Multicast.

Note 

Selecting the Unicast, Broadcast, Multicast radio button

allows you to configure Storm Control on each traffic type separately.
Step 8

In the Specify Policy In field, click the radio button for either Percentage or Packets Per Second.

Step 9

If you chose Percentage, perform the following steps:

  1. In the Rate field, enter a traffic rate percentage.

    Enter a number between 0 and 100 that specifies a percentage of the total available bandwidth of the port. When the ingress traffic reaches this level during a one second interval, traffic storm control drops traffic for the remainder of the interval. A value of 100 means no traffic storm control. A value of 0 suppresses all traffic.

  2. In the Max Burst Rate field, enter a burst traffic rate percentage.

    Enter a number between 0 and 100 that specifies a percentage of the total available bandwidth of the port. When the ingress traffic reaches this level, traffic storm control begins to drop traffic.

Step 10

If you chose Packets Per Second, perform the following steps:

  1. In the Rate field, enter a traffic rate in packets per second.

    During this interval, the traffic level, expressed as packets flowing per second through the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.

  2. In the Max Burst Rate field, enter a burst traffic rate in packets per second.

    During this interval, the traffic level, expressed as packets flowing per second through the port, is compared with the burst traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.

Step 11

Click Submit.

Step 12

Apply the storm control interface policy to an interface port.

  1. In the menu bar, click Fabric.

  2. In the submenu bar, click Access Policies.

  3. In the Navigation pane, expand Interface Policies.

  4. Expand Policy Groups.

  5. Select Leaf Policy Groups.

    Note 
    If your APIC version is earlier than 2.x, you select Policy Groups.

  6. Select the leaf access port policy group, the PC interface policy group, the VPC interface policy group, or the PC/VPC override policy group to which you want to apply the storm control policy.

  7. In the Work pane, click the drop down for Storm Control Interface Policy and select the created Traffic Storm Control Policy.

  8. Click Submit.

Configuring a Traffic Storm Control Policy Using the NX-OS Style CLI

Procedure

  Command or Action Purpose
Step 1

Enter the following commands to create a PPS policy:

Example:

(config)# template policy-group pg1
(config-pol-grp-if)# storm-control pps 10000 burst-rate 10000
Step 2

Enter the following commands to create a percent policy:

Example

(config)# template policy-group pg2
(config-pol-grp-if)# storm-control level 50 burst-rate 60

Configuring a Traffic Storm Control Policy Using the REST API

To configure a traffic storm control policy, create a stormctrl:IfPol object with the desired properties.

To create a policy named MyStormPolicy, send this HTTP POST message: 

POST https://192.0.20.123/api/mo/uni/infra/stormctrlifp-MyStormPolicy.json

In the body of the POST message, Include the following JSON payload structure to specify the policy by percentage of available bandwidth: 


{"stormctrlIfPol":
    {"attributes":
        {"dn":"uni/infra/stormctrlifp-MyStormPolicy",
        "name":"MyStormPolicy",
        "rate":"75",
        "burstRate":"85",
        "rn":"stormctrlifp-MyStormPolicy",
        "status":"created"
        },
        "children":[]
    }
}

In the body of the POST message, Include the following JSON payload structure to specify the policy by packets per second: 


{"stormctrlIfPol":
    {"attributes":
        {"dn":"uni/infra/stormctrlifp-MyStormPolicy",
        "name":"MyStormPolicy",
        "ratePps":"12000",
        "burstPps":"15000",
        "rn":"stormctrlifp-MyStormPolicy",
        "status":"created"
        },
        "children":[]
    }
}

Apply the traffic storm control interface policy to an interface port. 

POST http://192.0.20.123/api/node/mo/uni/infra/funcprof/accportgrp-InterfacePolicyGroup/rsstormctrlIfPol.json

In the body of the POST message, Include the following JSON payload structure to apply the policy to the interface policy group. 

{"infraRsStormctrlIfPol":{"attributes":{"tnStormctrlIfPolName":"testStormControl"},"children":[]}}