Brian, you have found the document that I never found.
So it seems that I assumed "unicast storm-control" achieves what only UUFB actually does. Apologies, Vincent > It will vary a bit between switches > But here is how it is described by cisco. > > Storm control (or traffic suppression) monitors packets passing from an > interface to the switching bus and determines if the packet is unicast, > multicast, or broadcast. The switch counts the number of packets of a > specified type received within the 1-second time interval and compares the > measurement with a predefined suppression-level threshold. > > Storm control uses one of these methods to measure traffic activity: > > *Bandwidth as a percentage of the total available bandwidth of the port > that can be used by the broadcast, multicast, or unicast traffic > > *Traffic rate in packets per second at which broadcast, multicast, or > unicast packets are received (Cisco IOS Release 12.1(22)EA1 or later) > > With either method, the port blocks traffic when the rising threshold is > reached. The port remains blocked until the traffic rate drops below the > falling threshold (if one is specified) and then resumes normal > forwarding. If the falling suppression level is not specified, the switch > blocks all traffic until the traffic rate drops below the rising > suppression level. In general, the higher the level, the less effective > the protection against broadcast storms. > > Unicast flooding does not worry about known or unknown macs, just the > amount of traffic. > > There is Unknown Unicast Flood Blocking or UUFB available on some > platforms to block the flooding of unknown unicast traffic. > > Regards > Brian > > > -----Original Message----- > From: Vincent De Keyzer [mailto:[EMAIL PROTECTED] > Sent: martedì 3 luglio 2007 14.43 > To: Brian Turnbow; [email protected] > Subject: RE: [c-nsp] Unicast storms > > Brian, > > I don't think this is the way "unicast storm-control" is supposed to work. > > Of course the traffic on the LAN is bursty, but that's just fine; what I > think Cisco tried to address with this feature is the unicast flood due to > unknown destination MAC address. > > Foundry has similar (equivalent?) features, and they are less ambiguously > named: "broadcast limit", "multicast limit" and "unknown-unicast limit". > > Now this is all only guesswork, since I have never seen this feature > clearly > explained on CCO... > > Vincent > > > -----Original Message----- > > From: Brian Turnbow [mailto:[EMAIL PROTECTED] > > Sent: lundi 2 juillet 2007 18:46 > > To: Vincent De Keyzer; Francois Ropert; [email protected] > > Subject: RE: [c-nsp] Unicast storms > > > > It would be all unicast traffic measured in 1 second intervals , not > just > > unknown destinations, so you might want to try setting up a rate limit > > with permit actions to see if you are having bursts of traffic. > > > > Brian > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > > [EMAIL PROTECTED] On Behalf Of Vincent De Keyzer > > Sent: lunedì 2 luglio 2007 18.01 > > To: 'Francois Ropert'; [email protected] > > Subject: Re: [c-nsp] Unicast storms > > > > > > I have configured _unicast_ storm-control on our LAN recently, and > it > > > > keeps kicking in all of the time (something like 50 times per hour). > > > > > > > > The configured treshhold is quite high (10% - that's 100 Mbps on > GigE > > > > ports!...). > > > > > > > > I believe there is something wrong - where do I start > troubleshooting > > > > this? > > > > > > > Read the rxload% and input in show interface command to see if are you > > > really under the 10% assuming you haven't snmp nor netflow. > > > > Well, > > > > I have snmp, but this is not my understanding of unicast storm: as far > as > > I > > understand, unicast storm is defined as traffic with an unknown > > destination > > MAC address. > > > > I don't think you can see this with 'sh int' or SNMP, can you? > > > > Vincent > > > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
