Re: [AFMUG] Switch Storm Control

Tue, 17 Apr 2018 05:29:41 -0700 

Exactly what I was thinking.
Is it a global setting for the switch or an ingress limit per port? If you can limit it per port then something like 5pps should be plenty. They only need to ARP their default gateway and send a DHCP discover...anything else is surplus garbage. But If it's a global limit then someone sending garbage could prevent everybody else's ARP from working. 


I may not be thinking clearly but doesn't port isolation address the 
risk of broadcast storms? You allow one path from the customer's access 
port to the uplink port.  Any broadcast traffic is received only at the 
router port which will only respond to the ones that matter and ignore 
the rest.



I recognize there are reasons to not like PPPoE, but PPPoE is another 
way to address it.  You configure the switch to discard anything from an 
access port that is not PPPoE.




------ Original Message ------
From: "Forrest Christian (List Account)" <[email protected]>
To: "af" <[email protected]>
Sent: 4/17/2018 3:01:18 AM
Subject: Re: [AFMUG] Switch Storm Control


I don't have a good answer for you.... but....  I really wish more 
devices would permit filtering such that the only broadcasts/multicasts 
permitted on customer facing segments were ARP and possibly DCHP if 
that's applicable to you.



If you can exempt arp and dhcp from this, then the correct value is 
likely as low as you can set it.



If you can't exempt arp and dhcp, you need to think about the 
ramifications where a low level broadcast storm saturates the setting 
you have set and prevents arp and dhcp from working....



On Mon, Apr 16, 2018 at 3:49 PM, Sterling Jacobson 
<[email protected]> wrote:

What are you guys using as a 'standard' for packets per second storm 
control on your switches/devices?


I can limit broadcast, multicast and unknown unicast type packets

Is 100pps too low?


Would this be based on say a /24 network arping and DHCP request type 
traffic?




--
Forrest Christian CEO, PacketFlux Technologies, Inc.
Tel: 406-449-3345 | Address: 3577 Countryside Road, Helena, MT 59602

[email protected] | http://www.packetflux.com 
<http://www.packetflux.com/>
<http://www.linkedin.com/in/fwchristian>  
<http://facebook.com/packetflux>  <http://twitter.com/@packetflux>






















					Reply via email to