Cisco Storm Control

What is a traffic storm?
Traffic storm is an excessive amount of packets being received on a physical interface, resulting in degraded performance. These could be either unicast, multicast or broadcast packets. A traffic is usually caused by a wrong network configuration or Denial-of-Service attack.

What is traffic storm control and how does it work?
Traffic storm control is a security feature that allows an administrator to prevent the traffic storm from affecting the performance of a port by either reducing the traffic on that port or by forcing it to shutdown.

Storm control allows you to configure a threshold, either as a percentage of total bandwidth of interface or packets per second, which when exceeded would cause the interface to drop packets. This threshold can be configured individually for unicast, multicast and broadcast traffic.

Ingress traffic on an interface is monitored over a 1 second interval, and if traffic during this interval exceeds the maximum configured threshold, ingress traffic is blocked till the end of the 1 second interval.

Storm control actions
In addition to blocking/dropping traffic, a port enabled with storm control can be configured to take these two actions when the configured threshold is breached:
Shutdown – Storm control puts the port into an error-disabled state. The port can be manually re-enabled or automatically if errdisable recovery is configured
Trap – Storm control sends an SNMP trap

How is it different from Traffic Policing?
Traffic policing drops the traffic that is in excess of the configured maximum level without any time limitation. Storm control however only drops traffic till the end of the 1 second interval.

Storm control configuration
Storm control is disabled by default. Once enabled, the default action of storm control is to block traffic. In addition to configuring on individual ports, storm control can also be configured on EtherChannels.

Configuration as percentage of bandwidth

Switch(config)# interface FastEthernet 1/0/34
Switch(config-if)# storm-control unicast level 1.0
Switch(config-if)# storm-control multicast level 0.1
Switch(config-if)# storm-control broadcast level 0.1
Switch(config-if)# storm-control action shutdown
Switch(config-if)# exit

While configuring as percentage of bandwidth, a value of 100 means no storm-control while a value of 0.0 would suppress all traffic.

Cisco Storm Control

Configuration as bits per second(bps) or packets per second(pps)

Switch(config)# interface FastEthernet 1/0/34
Switch(config-if)# storm-control unicast level bps 1m 800k
Switch(config-if)# storm-control multicast level bps 500k 100k
Switch(config-if)# storm-control broadcast level bps 500k 100k
Switch(config-if)# storm-control action shutdown
Switch(config-if)# exit

Cisco Storm Control

Cisco Storm Control

Configuring SNMP Trap action for Storm Control

Switch(config)# interface FastEthernet 1/0/34
Switch(config-if)# storm-control action trap
Switch(config-if)# exit
Switch(config)# snmp-server enable traps storm-control trap-rate 0

The SNMP trap-rate indicates the maximum number of traps sent per minute. A value of 0 means every trap is sent without any limitation.

Verification

Cisco Storm Control

Add a Comment

Your email address will not be published. Required fields are marked *