Ethernet Switches & Routers

Reply
New Contributor
Posts: 2
Registered: ‎02-17-2012

Typical braodcast storm

Hi,

We recently had a brioadcast storm caused by a loop between non-RSTP capable devices. As expected, as soon as the redundant path was removed, the network recovered within seconds.

I was wondering if there's a way to make a port auto shutdown if a bcast threshold is hit.I know other vendors like Nortel do this.

Here's the Brocade Edge Switch I'm using:

--------------------------

  Copyright (c) 1996-2010 Brocade Communications Systems, Inc.
    UNIT 1: compiled on Nov 10 2010 at 18:43:42 labeled as FGS07200a
                (2667168 bytes) from Primary FGS07200a.bin
        SW: Version 07.2.00aT7e1
  Boot-Monitor Image size = 416213, Version:05.0.00T7e5 (Fev2)
  HW: Stackable FLS648
==========================================================================
UNIT 1: SL 1: FLS-48G 48-port Management Module
         Serial  #: M8AN28F033
         P-ENGINE  0: type D804, rev 01
         P-ENGINE  1: type D804, rev 01
==========================================================================
  400 MHz Power PC processor 8248 (version 130/2014) 66 MHz bus
  512 KB boot flash memory
30720 KB code flash memory
  128 MB DRAM

--------------------------

Thanks

Frequent Contributor
Posts: 117
Registered: ‎07-26-2010

Re: Typical braodcast storm

Hi.

I am running broadcast limit at many of my customer.

You have to configure it on a per port basis on FastIron switches.

I do not know any way/command in Fastiron to auto-shutdown a port on a certain broadcast rate.

The lowest broadcast limit rate ir:

broadcast limit 65536 bytes

broadcast limit 65536 without bytes it would be packets/sec

This limitation is done in hardware and is not hitting the mgmt cpu!

Hope this helps,

Karl

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Typical braodcast storm

Hi martin,

When root guard is enabled on a port, it keeps the port in a designated role. If the port receives a superior STP Bridge Protocol Data Units (BPDU), it puts the port into a ROOT-INCONSISTANT state and triggers a log message and an SNMP trap. The ROOT-INCONSISTANT state is equivalent to the
BLOCKING state in 802.1D and to the DISCARDING state in 802.1W. No further traffic is forwarded on this port. This allows the bridge to prevent traffic from being forwarded on ports connected to rogue or misconfigured STP bridges.
FastIron(config)#interface ethernet 5/5
FastIron(config-if-e10000-5/5)spanning-tree root-protect
And you can use bdpuguard to place the port into a errordisbaled mode.as well.
I would recommend these, but if you realy want you can also rate-limet broardcast as well and or.
Thanks
Michael.
New Contributor
Posts: 2
Registered: ‎02-17-2012

Re: Typical braodcast storm

Thanks so far.

I will check those.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Typical braodcast storm

Extra info on BPDU guard

BPDU guard

In an STP environment, switches, end stations, and other Layer 2 devices use Bridge Protocol Data Units (BPDUs) to exchange information that STP will use to determine the best path for data flow.

The BPDU guard, an enhancement to STP, removes a node that reflects BPDUs back in the network. It enforces the STP domain borders and keeps the active topology predictable by not allowing any network devices behind a BPDU guard-enabled port to participate in STP.

In some instances, it is unnecessary for a connected device, such as an end station, to initiate or participate in an STP topology change. In this case, you can enable the STP BPDU guard feature on the Brocade port to which the end station is connected. STP BPDU guard shuts down the port and puts it into an errdisable state. This disables the connected device's ability to initiate or participate in an STP topology. A log message is then generated for a BPDU guard violation, and a CLI message is displayed to warn the network administrator of a severe invalid configuration. The BPDU guard feature provides a secure response to invalid configurations because the administrator must manually put the interface back in service if errdisable recovery is not enabled.

NOTE

BPDU guard is not supported on tagged ports. It can be configured on a tagged port, but the configuration will have no effect.

Enabling BPDU protection by port

You enable STP BPDU guard on individual interfaces. The feature is disabled by default.

To enable STP BPDU guard on a specific port, enter commands such as the following.

FastIron(config) interface ethe 2/1

FastIron(config-if-e1000-2/1)#stp-bpdu-guard

Or

FGS624P Switch(config) interface ethe 0/1/2

FGS624P Switch(config-if-e1000-0/1/2)#stp-bpdu-guard

Syntax: stp-bpdu-guard

The no parameter disables the BPDU guard on this interface.

You can also use the multiple interface command to enable this feature on multiple ports at once.

Thanks

Michael.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook