[41024] in Resnet-Forum
Re: Controling broadcast/multicast storms
daemon@ATHENA.MIT.EDU (Chuck Anderson)
Wed Feb 10 14:50:18 2016
Mail-Followup-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20160210195003.GI11635@angus.ind.wpi.edu>
Date: Wed, 10 Feb 2016 14:50:03 -0500
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Chuck Anderson <cra@WPI.EDU>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <CAEPWjzsFX-Pvp2FPNW=U11Zvi=NA9xrm1=Fd6weGNQ8Py+gtLA@mail.gmail.com>
Agreed--you must leave STP enabled on access switch ports, even if you
eliminate STP from our distribution and/or core layers. Then enable
BPDU Guard (shutdown ports when a BPDU is received) and MAC Limit
(shutdown ports when more than e.g. 16 MAC addresses are learned) on
access ports. Storm control is good as a backup measure, but we've
rarely had to rely on that with the other two features turned on.
Simple loops are stopped almost immediately when a BPDU from one
switch port enters another port. For user devices that block BPDUs,
the MAC Limit kicks in and shuts down the port pretty quickly when the
17th MAC address being looped is sent into the port.
On Wed, Feb 10, 2016 at 02:33:38PM -0500, Doughty, Marc wrote:
> Wow. It's been a while since I've seen that happen. If it was truly a
> 'storm' then you might not have Spanning Tree enabled, which prevents loops
> from forming. While Spanning Tree used to get a bad rap back in the day,
> it's really important to have it on. I'd rather have a limited outage
> caused by Spanning Tree clamping-down on a loop than have a broadcast storm.
>
>
> - Marc Doughty
> "If you aren't sure who is the give-way vessel, you are the give-way
> vessel."
>
> On Tue, Feb 9, 2016 at 9:29 PM, Joseph M. Karam <jkaram@princeton.edu>
> wrote:
>
> > Hi All,
> >
> >
> >
> > In the past year we have been hit with a multicast storm and a broadcast
> > storm that took out large portions of our network. We are looking at
> > options to limiting the damage of one of these storms caused by a
> > misbehaving client.
> >
> >
> >
> > 1. Has anyone implemented storm controls on their building switch
> > ports and/or their core ports?
> >
> > 2. Are there any issues to be aware of with devices having problems
> > with these controls in place?
> >
> > 3. Are there best practices on what thresholds to put in place
> > (either based on percentage of bandwidth or packets/second)?
> >
> >
> >
> > Any recommendations would be appreciated. Thank you,
> >
> >
> >
> > Joe Karam
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
