Storm Control
Storm Control
1. Function Overview
This product provides a storm control function as a countermeasure against L2 loops and DoS attacks.
Broadcasts, multicasts, and unicast (dlf) frames that are addressed to an unknown host are monitored for each LAN port, and frames that exceed a preset threshold value are discarded.
This prevents such frames from taking up bandwidth on the LAN port.
2. Definition of Terms Used
Broadcast Storm/Multicast Storm
This means a situation where frames addressed for broadcast or multicast are continuously forwarded.
In this situation, the switch floods all ports except for the reception port with the broadcast or multicast.
When this is received by another switch, all ports except for the reception port are flooded in the same way.
When this continues, it can lead to the following symptoms.
-
Bandwidth is taken up by the broadcast frames/multicast frames
-
The switch’s CPU load increases, making normal operations difficult
-
Devices connected to the switch become unable to communicate
Unicast Storm
This means a situation where frames addressed to an unknown unicast destination (dlf: Destination Lookup Failure) are continuously forwarded.
When the MAC address of the receiving device has not been registered in the ARP table, all ports on the switch except for the reception port are flooded.
This leads to the same symptoms occurring as with a broadcast storm or multicast storm.
3. Function Details
The operating specifications for storm control are shown below.
-
The storm control function can be enabled for LAN ports.
The setting is disabled for all ports by default. -
Storm control on this product can be specified as a tolerance percentage for the bandwidth of the LAN ports that receive broadcast frames, multicast frames, and frames addressed to an unknown unicast destination.
(Control can be made in two decimal points. Specifying 100% is the same as disabling the storm function.)
The bandwidth tolerance is common for all frames, and the user can select the applicable frames.
This setting is made using the storm-control command. -
When frames exceeding the permitted bandwidth are received, the excessive frames are discarded.
-
Use the show storm-control command to check the storm control information set for the LAN port.
4. Related Commands
Related commands are indicated below.
For command details, refer to the command reference.
Operations | Operating commands |
---|---|
Set storm control |
storm-control |
Show storm control reception upper limit |
show storm-control |
5. Examples of Command Execution
In this example, the receivable L2 broadcast packets for LAN port 1 are restricted to a port bandwidth of 30%.
Yamaha(config)#interface port1.1 Yamaha(config-if)#storm-control broadcast level 30 (1) Yamaha(config-if)#end Yamaha# Yamaha#show storm-control Port BcastLevel McastLevel UcastLevel port1.1 30.00% 100.00% 100.00% port1.2 100.00% 100.00% 100.00% port1.3 100.00% 100.00% 100.00% port1.4 100.00% 100.00% 100.00% port1.5 100.00% 100.00% 100.00% port1.6 100.00% 100.00% 100.00% port1.7 100.00% 100.00% 100.00% port1.8 100.00% 100.00% 100.00% port1.9 100.00% 100.00% 100.00% port1.10 100.00% 100.00% 100.00%
1 | Limit broadcast to 30% of bandwidth |
6. Points of Caution
None