Storm Control

Storm control

As you probably know, there is a big concern as administrator, when the number of broadcast and multicast start to overwhelm your network. These storm, that could be accidentally or maliciously caused, can overwhelm your host with multicast and broadcast as well, flowed by the switch.

A Storm Control is a Cisco switch feature that can detect broadcast, unicast and multicast traffic storm on a switch port and respond by putting the port into Error Disable state and/or sending SNMP trap

These traffic storm can be measure by:

1.       Bits per second
2.       Packets per second
3.       Bandwidth percentage

Storm control was designed to stop that overwhelming flooding before our host are flooded with so much traffic till it cannot handle it no more. It’s enable on per port basics..

Now imagine that we have a denial of service attack , where our switches are flooded with unicast, multicast or broadcast  frames, but also our switch need to be protected  for spanning-tree protocol failure .With that broadcast storm, storm control can help stepping in and blocking the port and breaking that layer two topological loop.

Let’s see with this example..

If more that 40% of my bandwidth is consume by broadcast traffic , that is going to make my storm control to kick in. as you could see in my previous and next graphic.

We were using bandwidth percentage in this command, which can also be configure using packets per second.

Now we are going to explain this graphic:

In interval T0, inbound traffic is accepted as its rate never exceeds the rising threshold. In T1, the rising threshold is exceeded, and the switch makes a note to block incoming traffic for the next interval. In T2, traffic is blocked, but the switch continues to monitor the incoming rate. Although the rate has fallen below the rising threshold, it still exceeds the falling threshold, so the switch will continue to block traffic for the next interval.

During T3, (yellow area) traffic stays below the falling interval, so the switch removes the blocking for T4. Although traffic in T4 exceeds the falling threshold again, traffic will not be blocked for the next interval as the rising threshold hasn't been exceeded.

Maybe you want to set a different level at witch Storm Control should cease the action .The line  storm-control level 40 30 means Storm Control will take action  when broadcast are taking over 40% of available bandwidth  and will stop that action   when the levels of broadcast drops  below 30% of that  available bandwidth

 If we set it up in shutdown state we would be putting that port in errdisable state or to send a SNMP trap..and we can do both as well. 

We see here  three things:

1. The setting for broadcast and multicast 
2. We set the threshold for multicast of 60, 000 PPS (packets per second )
3. The results  of rising and falling threshold of storm control: 40% and 30%

 This lab was successful!If you like it please share and comment!