Configuring Storm Control on Interfaces
Starting with Contrail Networking Release 1908, you can configure storm control on the access interfaces of a datacenter fabric managed by Contrail Networking. Storm control feature is supported in both greenfield and brownfield deployments with enterprise style configuration.
When Is a Traffic Storm Generated?
A traffic storm is generated when messages are broadcast on a network and each message prompts a receiving node to respond by broadcasting its own copy of the messages on the network. This, in turn, prompts further replications, creating a snowball effect. The network is suddenly flooded with packets, creating unnecessary traffic that leads to poor network performance or even a complete loss of network service. Storm control enables the switch to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets when a specified traffic level—called the storm control level—is exceeded, thus preventing packets from proliferating and degrading the LAN. As an alternative to having the switch drop packets, you can configure it to shut down interfaces or temporarily disable interfaces when the storm control level is exceeded.
How Do You Recognize a Traffic Storm?
To recognize a storm, you must be able to identify when traffic has reached an abnormal level. Suspect a storm when operations begin timing out and network response times slow down. Users might be unable to access expected services. Monitor the percentage of broadcast and unknown unicast traffic in the network when it is operating normally. This data can then be used as a benchmark to determine when traffic levels are too high. You can then configure storm control to set the level at which you want to drop broadcast and unknown unicast traffic.
How Can You Use Storm Control Profiles to Manage a Traffic Storm?
You can configure storm control on devices after Contrail Command is set up and all devices discovered. You attach storm control profile to a port profile and then apply the port profile to interfaces or virtual port groups. A port profile functions like a container that can support multiple port-related configurations, and allows you to apply those configuration by attaching them to the port profile. You can then apply the port profile on an interface or a virtual port group. In Contrail Networking Release 1908, you can attach only storm control profiles to port profiles.
You can define one storm control profile per port profile and one port profile per interface or virtual port group.
Storm control profile feature is supported only on QFX5000 and QFX10000 series devices.
Configuring Storm Control Profiles
To enable storm control on an interface, you must first create a storm control profile, and then attach it to a port profile. You can then apply the port profile to an interface or a virtual port group (VPG). You can create port profiles and storm control profiles from the Overlay > Port Profiles page.
To create storm control profiles:
- Click Overlay > Port Profiles.
You must first create a storm control profile and then attach it to the port profile. You can attach the storm control profile to existing port profile or attach to a new port profile while creating it.
- Click Overlay > Port Profiles > Storm Control Profile > Create.
You must specify a storm control profile name and the threshold bandwidth percentage, after which the specified action is performed on the interface.
Bandwidth Level— Enter the maximum value (in percentage) in the range 0–100. If the bandwidth utilized by broadcast, unknown unicast, or multicast (BUM) traffic exceeds this value, the action (default drop or configured Interface shutdown) specified in the storm control profile is applied on the interface. The default bandwidth level is 20%.
Actions—Specify the action to be performed on the interface when the bandwidth utilization exceeds the specified bandwidth level. The default action is to drop the packets. For example, if you set a value 20% for the Bandwidth Level field, and specify an action Interface Shutdown, the interface shuts down when bandwidth utilization exceeds 20%.
Recovery timeout—Specify a value in the range of 10–3600 for recovery timeout in seconds, after which the shut down interface needs to be brought up again. The default recovery timeout value is 600 seconds.
Traffic Types to Exclude—Select the traffic types to be excluded from the storm control profile. By default, storm control is applied to all traffic types.
The multicast options No multicast, No registered multicast, and No unregistered multicast are mutually exclusive. That is, you can specify only one of these multicast options at a time.
- Click Create.
- Click Overlay > Port Profiles > Create.
You must specify a port profile name and select a storm control profile from the profiles created in step 3. You can attach only one storm control profile per port profile.
If you want to delete a storm control profile, you must first remove it from the port profile. To delete a port profile, you must first detach the port profile from the VPG or the instance.
Starting with Contrail Networking Release 2008, additional port attributes are available for port profile objects including MTU, admin state, LACP, flow control, BPDU loop protection, and QoS (CoS) untrust interface. Table 1 provides detailed information on each attribute.
Table 1: Port Profile Attributes
Sets maximum transmission unit in bytes.
Outlines interface description.
Changes the admin state of the interface.
Enables Link Aggregation Control Protocol (LACP).
LACP Type—Active or Passive
Active—Initiate transmission of packets.
Passive—LACP packets are not exchanged with passive mode.
LACP Interval—Slow or Fast
Slow—Receives packets every 30 seconds.
Fast—Receives packets every second.
Enables flow control. Controlling the flow by pausing and restarting prevents buffers on the nodes from overflowing and dropping frames.
BPDU Loop Protection
Increases the efficiency of STP, RSTP, and MSTP by preventing ports from moving into a forwarding state that would result in a loop opening up in the network.
QoS (CoS) Untrust Interface
Applies classifier based on 1P bits to all ethernet-switching ports.
Port profile objects enable users to customize configuration for devices and interfaces.
- After you create a port profile, you can assign it to
interfaces or virtual port groups as shown in Figure 4.
Click Overlay > Virtual Port Group > Create