OcNOS SP : Quality of Service Guide : Quality of Service Configuration : Rate Limiting BUM Traffic
Rate Limiting BUM Traffic
To prevent the CPU from getting flooded with Broadcast, Unknown Unicast, and Multicast (BUM) traffic, rate limiting can be applied at the ingress interface. This configuration is called “storm control” and is independent of the QoS feature, and can be configured directly on the interface in the ingress direction.
Configure per Port Rate Limiting for BUM Traffic on Physical Interface
BUM rate limiting can be configured on the interface via following command:
storm-control (broadcast|multicast|dlf) (level LEVEL | <0-4294967294> (kbps|mbps|gbps)) (burst-size <1-33292>|)
The broadcast option is for broadcast traffic, multicast option is for multicast traffic and dlf (Destination Lookup Failure) option is for unknown unicast traffic.
There are two ways to configure the rate limiting information. One is in percentage and the other is in absolute values. Use the level option to configure in percentage format where the link speed is used for rate calculation. Percentage value can be configured with up to four fractional digits in order to support kbps level rate limiting on 100 gbps ports, and the Absolute configuration option uses the input rate in kbps, mbps, or gbps.
Burst-size is an optional parameter, if storm control is not configured with burst-size, default value is calculated as 5ms of configured rate to limit the traffic.
An example of BUM rate limiting is shown below:
(config)#interface xe1
(config-if)#switchport
(config-if)#storm-control dlf 2 mbps
(config-if)#exit
In the configuration above, unknown unicast traffic received on xe1 will be rate limited to 2 mbps. Burst-size is calculated as 10 Kbps.
Note: Packets marked with color red are dropped by default by Qumran devices. This default behavior can be modified with global command to disable red packet drop. However, traffic policing and storm control will not work if red packet drop is disabled.
Note: Burst-range in Qumran: 1-33292 Kbps.
Note: Storm discard notification is sent in case of packet discards but not based on configuration.
Storm Detection Time
Rate-limit setting should take place immediately after detecting storm. With existing burst size, rate limit is happening after few seconds, if burst size should be changed to a lower value so that rate-limiting happens immediately on the switch. Also, user have a provision to change burst size through CLI.
An example of BUM rate limiting with Burst-size configuration is shown below:
(config)#interface xe1
(config-if)#switchport
(config-if)#storm-control broadcast 600 kbps burst-size 15
(config-if)#exit
In the configuration above, broadcast traffic received on xe1 will be rate limited to 600 kbps and Burst-size is configured as 15 Kbps. If traffic sent is 700 kbps. Time taken to detect the storm should be 0.15 Seconds.
Displaying BUM rate limit information
Use the following command to verify BUM rate limit configuration:
show storm-control (INTERFACE-NAME|)
Note: Discard counters for BUM rate limiting is not supported on Qumran.
#show storm-control
*The hardware applicable value is displayed
Port BcastLevel(burst) McastLevel(burst) DlfLevel(burst)
xe1 600.000 kbps(15 Kbps) 100.0000%(0 Kbps) 2.000 mbps(10 Kbps)
Configure per Port Rate Limiting for BUM Traffic on Sub interface
BUM rate limiting can be configured on the sub interface through following command:
The l2-bc option is for broadcast traffic l2-mc option is for multicast traffic and l2-unknown option is for unknown
unicast traffic.
To configure the rate limiting information, the Absolute configuration option uses the input rate in kbps, mbps, or gbps.
An example of BUM rate limiting:
(config)# class-map type qos match-all c1
(config-cmap-qos)# match traffic-type l2-mc
(config-cmap-qos)#exit
(config)#policy-map type qos p1
(config-pmap-qos)# class type qos c4
(config-pmap-c-qos)# police cir 100 kbps
(config-pmap-c-qos)# exit
(config-pmap-qos)#exit
(config)#class-map type qos match-all c2
(config-cmap-qos)# match traffic-type l2-bc
(config-pmap-c-qos)# exit
(config-cmap-qos)#exit
(config)#policy-map type qos p1
(config-pmap-qos)#class type qos c5
(config-pmap-c-qos)# police cir 100 kbps
(config-pmap-c-qos)# exit
(config-pmap-qos)#exit
(config)# class-map type qos match-all c3
(config-cmap-qos)# match traffic-type l2-unknown
(config-cmap-qos)#exit
(config)#policy-map type qos p1
(config-pmap-qos)#class type qos c3
(config-pmap-c-qos)# police cir 100 kbps
(config-pmap-c-qos)# exit
(config-pmap-qos)#exit
(config)#interface xe1.200 switchport
(config-if)#service-policy type qos input p1
(config-if)#exit
In the configuration above, unknown unicast, Broadcast and multicast traffic received on xe1 will be rate limited to 100 mbps and total BUM is rate limited to 300mbps.
Note: Packets marked with color red are dropped by default by Qumran devices. This default behavior can be modified with global command to disable red packet drop. However, traffic policing and storm control will notwork if red packet drop is disabled.
Displaying BUM Rate Limit Information in the Interface Counters
Use the following command to verify BUM rate limit configuration:
Sending unknown, multicast and board cast traffic with rate 200mbps each and is rate limited to 100mbps, total of
300mbps.
Note: Discard counters for BUM rate limiting is not supported on Qumran.
#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
xe2 0.00 5 302.00 37162
xe1 606.45 75806 0.00 0
xe1.200 600.45 49010 0.00 0