Interesting thought.
------ Original Message ------
From: "Carl Peterson" <cpeter...@portnetworks.com>
To: af@afmug.com
Sent: 4/17/2018 5:23:39 PM
Subject: Re: [AFMUG] Switch Storm Control
If you are doing fiber with active ethernet, why not just run QinQ with
a CVLAN for each port and an SVLAN back to wherever?
On Tue, Apr 17, 2018 at 4:40 PM, Dave <dmilho...@wletc.com> wrote:
OMG!
what a broadcast nightmare :)
On 04/17/2018 11:49 AM, Sterling Jacobson wrote:
Well, I’m using 48 port or more switches attached to each other, so I
need something to limit it.
The switches typically limit ingress per port, so a low limiter
should only affect the devices behind that port if one of the devices
storm out.
I do have DHCP snooping, but that doesn’t necessarily block other
types of bad traffic like that.
One thing I have to be careful of is to not broadly limit the uplink
ports as well.
From: Af <af-boun...@afmug.com> <mailto:af-boun...@afmug.com>On
Behalf Of Adam Moffett
Sent: Tuesday, April 17, 2018 6:29 AM
To:af@afmug.com
Subject: Re: [AFMUG] Switch Storm Control
Exactly what I was thinking.
Is it a global setting for the switch or an ingress limit per port?
If you can limit it per port then something like 5pps should be
plenty. They only need to ARP their default gateway and send a DHCP
discover...anything else is surplus garbage. But If it's a global
limit then someone sending garbage could prevent everybody else's ARP
from working.
I may not be thinking clearly but doesn't port isolation address the
risk of broadcast storms? You allow one path from the customer's
access port to the uplink port. Any broadcast traffic is received
only at the router port which will only respond to the ones that
matter and ignore the rest.
I recognize there are reasons to not like PPPoE, but PPPoE is another
way to address it. You configure the switch to discard anything from
an access port that is not PPPoE.
------ Original Message ------
From: "Forrest Christian (List Account)" <li...@packetflux.com>
To: "af" <af@afmug.com>
Sent: 4/17/2018 3:01:18 AM
Subject: Re: [AFMUG] Switch Storm Control
I don't have a good answer for you.... but.... I really wish more
devices would permit filtering such that the only
broadcasts/multicasts permitted on customer facing segments were ARP
and possibly DCHP if that's applicable to you.
If you can exempt arp and dhcp from this, then the correct value is
likely as low as you can set it.
If you can't exempt arp and dhcp, you need to think about the
ramifications where a low level broadcast storm saturates the
setting you have set and prevents arp and dhcp from working....
On Mon, Apr 16, 2018 at 3:49 PM, Sterling Jacobson
<sterl...@avative.net> wrote:
What are you guys using as a 'standard' for packets per second
storm control on your switches/devices?
I can limit broadcast, multicast and unknown unicast type packets
Is 100pps too low?
Would this be based on say a /24 network arping and DHCP request
type traffic?
--
Forrest Christian CEO, PacketFlux Technologies, Inc.
Tel: 406-449-3345 | Address: 3577 Countryside Road, Helena, MT 59602
forre...@imach.com | http://www.packetflux.com
<http://www.linkedin.com/in/fwchristian>
<http://facebook.com/packetflux> <http://twitter.com/@packetflux>
--
--
Carl Peterson
PORT NETWORKS
401 E Pratt St, Ste 2553
Baltimore, MD 21202
(410) 637-3707
