Country/Region

S5560X series switch's port is blocked by known unicast traffic after configuring storm control on an Ethernet interface

2020-08-11 20:18:03 Published
  • 0 Followed
  • 0Collected ,5214Browsed
Zhoutian

Network Topology

Not involved

Problem Description

Customer missed during testing that storm control for Unicast is not working correctly. That is, he reacts to the entire unicast, and not to unknown-unicast, as he should.

Example port setup:

disp cur int gi 2/0/5
#
interface GigabitEthernet2/0/37
 port link-mode bridge
 description 40f850ac-221f-4c1f-8a36-6b51f565f292
 port access vlan 125
 storm-constrain broadcast kbps 10000 8000
 storm-constrain multicast kbps 10000 8000
 storm-constrain unicast kbps 10000 8000
 storm-constrain control block
 bpdu-drop any
 loopback-detection enable vlan 125
 dhcp snooping information enable
 dhcp snooping information circuit-id verbose format ascii
 dhcp snooping information remote-id normal format ascii
# 

return

We generate known-unicast traffic - the port goes to the block:

disp storm-constrain interface GigabitEthernet2/0/37
 Abbreviation: BC - broadcast; MC - multicast; UC - unknown unicast;
               KNUC - known unicast; FW - forwarding
 Flow Statistic Interval: 10 (in seconds)
Port          Type Lower     Upper     Unit  Mode     Status   Trap Log StateChg
--------------------------------------------------------------------------------
GE2/0/37      BC   8000      10000     kbps  block    FW       on   on  0
GE2/0/37      MC   8000      10000     kbps  block    FW       on   on  0
GE2/0/37      UC   8000      10000     kbps  block    block    on   on  1


display version
H3C Comware Software, Version 7.1.070, Release 6315
Copyright (c) 2004-2020 New H3C Technologies Co., Ltd. All rights reserved.
H3C S5560X-54C-EI uptime is 0 weeks, 2 days, 13 hours, 56 minutes
Last reboot reason : Cold reboot

Boot image: flash:/s5560x_ei-cmw710-boot-r6315.bin
Boot image version: 7.1.070, Release 6315
  Compiled Mar 18 2020 11:00:00
System image: flash:/s5560x_ei-cmw710-system-r6315.bin
System image version: 7.1.070, Release 6315
  Compiled Mar 18 2020 11:00:00
Feature image(s) list:
  flash:/s5560x_ei-cmw710-freeradius-r6315.bin, version: 7.1.070
    Compiled Mar 18 2020 11:00:00
  flash:/s5560x-ei-cmw710-escan-r6315.bin, version: 7.1.070
    Compiled Mar 18 2020 11:00:00

Process Analysis

1. S5560X-54C-EI device in the field has set the storm control for the unknown unicast traffic under an Ethernet interface, which is configured as follows:

Flow Input Interface:

#

interface GigabitEthernet1/0/1

port link-mode bridge

description rvc2-msw01--ether8

port access vlan 20

storm-constrain unicast kbps 10000 8000

storm-constrain control block

#


Flow Out Interface:

#

interface GigabitEthernet1/0/2

port link-mode bridge

description rvc2-msw01--ether9

port access vlan 20

#


2. A description of the command is found in the command manual as follows:

storm-constrain

Use storm-constrain to enable storm control and set thresholds for broadcast, multicast, or unknown unicast packets on an Ethernet interface.

Use undo storm-constrain to disable storm control for broadcast, multicast, unknown unicast, or all types of traffic.

Syntax

storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } upperlimit lowerlimit

undo storm-constrain { all | broadcast | multicast | unicast }

Default

Traffic storm control is disabled.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

all: Disables storm control for all types of traffic: broadcast, multicast, and unknown unicast.

broadcast: Enables or disables broadcast storm control.

multicast: Enables or disables multicast storm control.

unicast: Enables or disables unknown unicast storm control.

pps: Sets storm control thresholds in pps.

kbps: Sets storm control thresholds in kbps.

ratio: Sets storm control thresholds as a percentage of the transmission capacity of the interface.

upperlimit: Sets the upper threshold, in pps, kbps, or percentage.

·           If you specify the pps keyword, the value range for the upperlimit argument is 0 to 1.4881 × the interface bandwidth.

·           If you specify the kbps keyword, the value range for the upperlimit argument is 0 to the interface bandwidth.

·           If you specify the ratio keyword, the value range for the upperlimit argument is 0 to 100.

lowerlimit: Sets the lower threshold, in pps, kbps, or percentage.

·           If you specify the pps keyword, the value range for the lowerlimit argument is 0 to 1.4881 × the interface bandwidth.

·           If you specify the kbps keyword, the value range for the lowerlimit argument is 0 to the interface bandwidth.

·           If you specify the ratio keyword, the value range for the lowerlimit argument is 0 to 100.

Usage guidelines

After you configure storm control for a type of traffic, the device collects the statistics for the type of traffic at the interval configured by using the storm-constrain interval command. When the type of traffic exceeds its upper threshold, the interface takes an action configured by using the storm-constrain control command.

The storm-constrainbroadcast-suppressionmulticast-suppression, and unicast-suppression commands can suppress storms on an interface. The broadcast-suppressionmulticast-suppression, and unicast-suppression commands use the chip to physically suppress traffic. They have less influence on the device performance than the storm-constrain command, which uses software to suppress traffic.

For the traffic suppression result to be determined, do not configure both storm control and storm suppression for the same type of traffic.

When configuring this command, make sure upperlimit is greater than lowerlimit.


3. Streaming tests using known unicast traffic in the field show that known unicast traffic passing through the interface can also cause the interface to be blocked as follows:

(1) View the MAC table (34 learnt):


(2) Simulating known data streams:


(3) Check the interface traffic control information first, 1/0/1 port is not blocked:


(4) After simulating known unicast traffic influx test, the interface state is blocked:



After R&D confirmation, this problem is caused by a chip defect. The ACL of the chip can"t distinguish whether the message is known unicast or unknown unicast. Therefore, storm-constraint unicast can"t distinguish between known unicast and unknown unicast, and calculates all unicasts, resulting in known unicast triggering block.



Solution

It is recommended to use unicast-suppression. Unicast-suppression suppresses unknown unicast packets physically through the chip. Compared with storm constraint, it has little impact on device performance. This command only suppresses unknown unicast, and there is no problem with local testing.


unicast-suppression

Use unicast-suppression to enable unknown unicast storm suppression and set the unknown unicast storm suppression threshold.

Use undo unicast-suppression to disable unknown unicast storm suppression.

Syntax

unicast-suppression { ratio | pps max-pps | kbps max-kbps }

undo unicast-suppression

Default

Ethernet interfaces do not suppress unknown unicast traffic.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

ratio: Sets the unknown unicast suppression threshold as a percentage of the interface bandwidth. The value range for this argument (in percentage) is 0 to 100. A smaller value means that less unknown unicast traffic is allowed to pass through.

pps max-pps: Specifies the maximum number of unknown unicast packets that the interface can forward per second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface bandwidth.

kbps max-kbps: Specifies the maximum number of kilobits of unknown unicast traffic that the Ethernet interface can forward per second. The value range for this argument (in kbps) is 0 to the interface bandwidth.

Usage guidelines

The unknown unicast storm suppression feature limits the size of unknown unicast traffic to a threshold on an interface. When the unknown unicast traffic on the interface exceeds this threshold, the system discards packets until the unknown unicast traffic drops below this threshold.

Both the storm-constrain command and the unicast-suppression command can suppress unknown unicast storms on a port. The unicast-suppression command uses the chip to physically suppress unknown unicast traffic. It has less influence on the device performance than the storm-constrain command, which uses software to suppress unknown unicast traffic.

For the unknown unicast traffic suppression result to be determined, do not configure both the storm-constrain unicast command and the unicast-suppression command on an interface.

When you configure the suppression threshold in kbps, the actual suppression threshold might be different from the configured one as follows:

·           If the configured value is smaller than 64, the value of 64 takes effect.

·           If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of 64 that is greater than and closest to the configured value takes effect.

To determine the suppression threshold that takes effect, see the prompts on the switch.

Examples

# Set the unknown unicast storm suppression threshold to 10000 kbps on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] unicast-suppression kbps 10000

The actual value is 10048 on port GigabitEthernet1/0/1 currently.

The output shows that the value that takes effect is 10048 kbps (157 times of 64), because the chip only supports step 64.

Related commands

broadcast-suppression

multicast-suppression


Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted