Home > Storm Control

Storm Control

November 16th, 2019 Go to comments

Question 1

Explanation

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold.

Storm control uses one of these methods to measure traffic activity:
+ Bandwidth as a percentage of the total available bandwidth of the port that can be used by the broadcast, multicast, or unicast traffic
+ Traffic rate in packets per second at which broadcast, multicast, or unicast packets are received
+ Traffic rate in bits per second at which broadcast, multicast, or unicast packets are received

With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding. If the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. In general, the higher the level, the less effective the protection against broadcast storms.

The command “storm-control broadcast level 75 65” limits the broadcast traffic up to 75% of the bandwidth (75% is called the rising threshold). The port will start forwarding broadcast traffic again when it drops below 65% of the bandwidth (65% is called the falling threshold).

Note: If you don’t configure the falling threshold, it will use the same value of the rising threshold.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_25_fx/configuration/guide/2960scg/swtrafc.html#wp1063295

Question 2

Explanation

By using the “storm-control broadcast level [falling-threshold]” we can limit the broadcast traffic on the switch.

Question 3

Explanation

The command “storm-control action {shutdown | trap} ” specifies the action to be taken when a storm is detected. The default is to filter out the traffic and not to send traps.
+ Select the shutdown keyword to error-disable the port during a storm.
+ Select the trap keyword to generate an SNMP trap when a storm is detected.

Question 4

Question 5

Question 6

Question 7

Explanation

There are various reasons for the interface to go into errdisable. The reason can be:
+ Duplex mismatch
+ Port channel misconfiguration
+ BPDU guard violation
+ UniDirectional Link Detection (UDLD) condition
+ Late-collision detection
+ Link-flap detection
+ Security violation
+ Port Aggregation Protocol (PAgP) flap
+ Layer 2 Tunneling Protocol (L2TP) guard
+ DHCP snooping rate-limit
+ Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
+ Address Resolution Protocol (ARP) inspection
+ Inline power

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

 

More information about storm control:

Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold.

When a storm is detected, the interfaces configured with the shutdown action of the storm control command are brought down (err-disable state).

Question 8

Question 9

Explanation

The command “storm-control action {shutdown | trap} ” specifies the action to be taken when a storm is detected. The default is to filter out the traffic and not to send traps.
+ Select the shutdown keyword to error-disable the port during a storm.
+ Select the trap keyword to generate an SNMP trap when a storm is detected.

Question 10

Question 11

Explanation

In this question all “broadcast”, “unicast” and “muticast” storm seem to be correct but we choose “unicast” according to this paragraph:

“A traffic storm occurs when huge amount of broadcast, multicast, or unknown unicast packets flood the LAN, creating excessive traffic and degrading network performance”. Therefore “unicast” is the best answer here.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/asr_901/Configuration/Guide/b_asr901-scg/b_asr901-scg_chapter_0101001.pdf

Comments
  1. No comments yet.
  1. No trackbacks yet.