When the Ethernet interface of the Layer 2 device receives broadcast, multicast, or unknown unicast data, the received data will be flooded according to the basic working principle of the switch. To put it simply, the device will forward these packets to other Layer 2 Ethernet interfaces in the same VLAN. This may cause a broadcast storm, and in severe cases, will damage the device. The purpose of using traffic suppression and storm control technology is to prevent these three types of packets and avoid causing network security problems.
Traffic suppression limits broadcast, multicast, and unknown unicast reports as follows:
On the interface, according to the settings in the inbound or outbound direction, the device can suppress traffic by percentage, packet rate, and bit rate for multicast, broadcast, and unknown unicast data respectively. When the device receives data, it compares the packet rate with the configured threshold. When the configured threshold is exceeded, the device discards excess traffic. If it is in the outbound direction, the device will block three types of packets.
In the case of VLANs, the device supports traffic suppression at the bit rate for multicast, broadcast, and unknown unicast data, respectively. When the device receives data, it compares the packet rate with the configured threshold. When the traffic in the VLAN exceeds the configured threshold, the device discards the excess traffic.
How to configure traffic suppression?
For interface configuration, before configuring traffic suppression on an interface, you need to make the link protocol status of the interface Up.
Steps
1. Run the interface interface-type interface-number command to enter the interface
2. Configure traffic suppression
storm suppression broadcast | storm suppression multicast | storm suppression unknown-unicast | storm suppression unicast // storm suppression for broadcast, multicast, unknown unicast
3. Configuration parameters
percent-value | cir cir-value [gbps | mbps | kbps] [cbs cbs-value [bytes | mbytes | kbytes]] | packets packets-persecond // set traffic suppression parameters
4. Configure packet blocking
storm suppression broadcast | storm suppression multicast | storm suppression unknown-unicast} block outbound // Configure to block packets in the outbound direction of the interface.
For VLAN configuration, before configuring VLAN or BD traffic suppression, the link protocol status of the interfaces in the VLAN must be Up.
1. Run the vlan vlan-id or bridge-domain bd-id //enter VLAN or BD.
2. Execute the command {storm suppression broadcast | storm suppression multicast | storm
suppression unknown-unicast} cir cir-value [gbps | mbps | kbps] [cbs cbs-value [bytes |
mbytes | kbytes]] // Configure VLAN or BD traffic suppression.
