Master traffic suppression and storm control to take your business to the next level

1. Traffic Suppression

1. Overview

Problems in the network:

• Normally, when a Layer 2 Ethernet interface of a device receives broadcast, unknown multicast, or unknown unicast packets, it forwards these packets to other Layer 2 Ethernet interfaces in the same VLAN, causing traffic flooding and degrading the forwarding performance of the device.
• When an Ethernet interface of a device receives known multicast or known unicast packets, if the traffic of a certain type of packet is too large, it may cause an impact on the device and affect the normal processing of other services.

Available solutions:

Traffic suppression can be configured by limiting the rates of broadcast, unknown multicast, unknown unicast, known multicast, and known unicast packets. This prevents traffic flooding caused by broadcast, unknown multicast, and unknown unicast packets and blocks large traffic impacts caused by known multicast and known unicast packets.

2. Traffic suppression working principle

In the inbound direction of the interface, the device supports traffic suppression by percentage, packet rate, and bit rate for broadcast, unknown multicast, unknown unicast, known multicast, and known unicast messages. The device monitors the rates of various messages under the interface and compares them with the configured thresholds. When the inbound traffic exceeds the configured threshold, the device discards the excess traffic.

In VLAN view, the device supports traffic suppression based on the bit rate of broadcast messages. The device monitors the rate of broadcast messages in the same VLAN and compares it with the configured threshold. When the traffic in the VLAN exceeds the configured threshold, the device discards the excess traffic.

Traffic suppression can also limit the rate of ICMP messages by configuring thresholds to prevent a large number of ICMP messages from being sent to the CPU for processing, which would cause other service functions to fail.

3. Application of traffic suppression

Traffic suppression takes different restrictive measures on different types of messages to achieve the purpose of limiting the message sending rate. The specific implementation can be divided into the following three situations:

• In the inbound direction of the switch interface, such as the inbound direction of GE0/0/1 of SW1 in the figure below, the traffic suppression function can be used to limit the sending rate of any message.
• In the outbound direction of the switch interface, such as the outbound direction of GE0/0/1 of SW1 in the figure below, the traffic suppression function can block broadcast, unknown multicast, and unknown unicast packets.
• In the VLAN view of the switch, limit the broadcast messages within the VLAN by configuring traffic suppression within the VLAN.

4. Traffic suppression configuration command introduction

(Optional) Configure the traffic suppression mode:

 [Huawei] suppression mode { by-packets | by-bits }

By default, the default suppression mode is packets. In bits mode, the granularity of traffic suppression is smaller and the suppression is more precise.

Configure traffic suppression:

 [Huawei-GigabitEthernet0/0/1] { broadcast-suppression | multicast-suppression | unicast-suppression} { percent-value | cir cir-value [ cbs cbs-value ] | packets packets-per-second }

When traffic suppression is configured on an interface, the suppression mode must be consistent with the global traffic suppression mode.

Configure to block packets in the outbound direction of the interface:

 [Huawei-GigabitEthernet0/0/1] { broadcast-suppression | multicast-suppression | unicast-suppression } block outbound

Configure the broadcast suppression rate of the VLAN:

 [Huawei-vlan2] broadcast-suppression threshold-value

display flow-suppression interface interface-type interface-number to check the traffic suppression configuration information.

5. Traffic suppression configuration example

Configuration requirements:

• Configure traffic suppression in the GE0/0/1 interface view to limit the ability of the Layer 2 network to forward broadcast, unknown multicast, and unknown unicast packets.
• Configure broadcast traffic suppression by percentage. The percentage value is 60%.
• Configure unknown multicast traffic suppression by percentage. The percentage value is 70%.
• Configure unknown unicast traffic suppression by percentage. The percentage value is 80%.

The Switch configuration is as follows:

 [Switch]suppression mode by-packets [Switch-GigabitEthernet0/0/1] unicast-suppression 80 [Switch-GigabitEthernet0/0/1] multicast-suppression 70 [Switch-GigabitEthernet0/0/1] broadcast-suppression 60

Configuration verification:

 [Switch]dis flow-suppression interface GigabitEthernet 0/0/1 storm type rate mode set rate value ------------------------------------------------------------------------------- unknown-unicast percent percent: 80% multicast percent percent: 70% broadcast percent percent: 60% -------------------------------------------------------------------------------

2. Storm Control

1. Storm Control Overview

• Problems in the network: Under normal circumstances, when a Layer 2 Ethernet interface of a device receives a broadcast, unknown multicast, or unknown unicast message, it forwards these messages to other Layer 2 Ethernet interfaces in the same VLAN. If a loop exists in the network, a broadcast storm will occur, which will seriously reduce the forwarding performance of the device.
• Available solutions: Storm control can block the traffic of broadcast, unknown multicast, and unknown unicast packets by blocking packets or closing ports.

2. How Storm Control Works

Storm control can be used to prevent broadcast, unknown multicast, and unknown unicast messages from generating broadcast storms. During the storm control detection interval, the average packet rate of the three types of messages received by the device monitoring interface is compared with the configured maximum threshold. When the message rate is greater than the configured maximum threshold, storm control will block messages or close the interface according to the configured action.

The main difference between flow suppression and storm control is that the storm control function can issue penalty actions (block and shutdown) to the port, while the flow suppression function only limits the port traffic.

3. Application of Storm Control

The advantage of storm control over traffic suppression is that it can monitor the average packet rates of broadcast packets, unknown multicast packets, and unknown unicast packets on the interface at the same time, and take penalty actions such as blocking related packets or shutting down the physical interface based on the threshold.

In this example, the Switch serves as the connection point between the Layer 2 network and the router. If you need to limit user broadcast, unknown multicast, and unknown unicast packets forwarded by the Layer 2 network, you can configure storm control on GE0/0/1 of the Switch to achieve this.

4. Introduction to Storm Control Configuration Commands

Configure the interface to control the storm of packets:

 [Huawei-GigabitEthernet0/0/1] storm-control { broadcast | multicast | unicast } min-rate min-rate-value max-rate max-rate-value

 [Huawei-GigabitEthernet0/0/1] storm-control { broadcast | multicast | unicast } min-rate min-rate-value max-rate max-rate-value

Perform storm control on broadcast, unknown multicast, or unknown unicast packets on an interface.

Configure the storm control action:

 [Huawei-GigabitEthernet0/0/1] storm-control action { block | error-down }

Configure the detection interval for storm control:

 [Huawei-GigabitEthernet0/0/1] storm-control interval interval-value

Configure to enable automatic recovery of the interface status:

 [Huawei-GigabitEthernet0/0/1] error-down auto-recovery cause storm-control interval interval-value

Enable the function of automatically restoring the interface status to Up, and set the delay time for the interface to automatically restore to Up.

(Optional) Configure traffic suppression and storm control whitelist:

 [Huawei] storm-control whitelist protocol { arp-request | bpdu | dhcp | igmp | ospf }*

5. Storm control configuration example

• Configuration requirements: The switch needs to be configured to prevent broadcast storms caused by broadcast, unknown multicast, and unknown unicast packets forwarded on the Layer 2 network.
• Configuration roadmap: Configure storm control on interface GE0/0/1 to limit the occurrence of broadcast storms on the Layer 2 network.

The Switch configuration is as follows:

 [Switch] storm-control whitelist protocol arp-request [Switch] interface gigabitethernet0/0/1 [Switch-GigabitEthernet0/0/1] storm-control broadcast min-rate 1000 max-rate 2000 [Switch-GigabitEthernet0/0/1] storm-control multicast min-rate 1000 max-rate 2000 [Switch-GigabitEthernet0/0/1] storm-control unicast min-rate 1000 max-rate 2000 [Switch-GigabitEthernet0/0/1] storm-control interval 90 [Switch-GigabitEthernet0/0/1] storm-control action block [Switch-GigabitEthernet0/0/1] storm-control enable trap #使能风暴控制上报告警

Configuration verification Run the display storm-control interface command to view the storm control configuration on the GE0/0/1 interface:

 [Switch]display storm-control interface GigabitEthernet 0/0/1 PortName Type Rate Mode Action Punish- Trap Log Int Last- (Min/Max) Status Punish-Time ---------------------------------------------------------------------------------------------------------- GE0/0/1 Multicast 1000 Pps Block Normal On Off 90 /2000 GE0/0/1 Broadcast 1000 Pps Block Normal On Off 90 /2000 GE0/0/1 Unicast 1000 Pps Block Normal On Off 90 /2000