Why does a broadcast storm occur when the secondary port of the master node is blocked

0

After an RRPP ring network is built, the master node and transit nodes work properly. The secondary port on the master node has been blocked. However, a broadcast storm still occurs when unknown unicast packets are sent to the RRPP ring network.

On some RRPP nodes, data VLANs are not added to the control VLAN instance, causing a failure to block data VLANs. Consequently, a broadcast storm occurs. The problem can be solved after the data VLANs are added to the control VLAN instance.

Other related questions:
Configuring traffic suppression and storm control on S series switches
For S series switches (except S1700 switches): Traffic suppression and storm control are two security technologies used to limit rates of broadcast, unknown multicast, and unknown unicast packets to prevent storms caused by these packets. Traffic suppression limits traffic rates using traffic rate thresholds, while storm control prevents traffic storms by shutting down interfaces. You can run the following commands to configure traffic suppression: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression cir 100 //Configure broadcast traffic suppression and set the CIR, that is the allowed rate at which broadcast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression 80 //Configure unknown multicast traffic suppression and limit the rate of unknown multicast packets to 80%. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression cir 100 //Configure unknown unicast traffic suppression and set the CIR, that is the allowed rate at which unknown unicast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] quit To block outgoing packets on an interface, run the following commands: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression block outbound //Block outgoing broadcast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression block outbound //Block outgoing unknown multicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression block outbound //Block outgoing unknown unicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] quit You can run the following commands to configure storm control: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] storm-control broadcast min-rate 1000 max-rate 2000 //Configure storm control on broadcast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control multicast min-rate 1000 max-rate 2000 //Configure storm control on unknown multicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control unicast min-rate 1000 max-rate 2000 //Configure storm control on unknown unicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control action block //Set the storm control action to block. [HUAWEI-GigabitEthernet1/0/0] storm-control enable log //Configure the device to record a log when detecting a storm. [HUAWEI-GigabitEthernet1/0/0] storm-control interval 90 //Set the interval for detecting storms. [HUAWEI-GigabitEthernet1/0/0] quit Note: If the storm control action on an interface is block, the interface restores the normal forwarding state when the traffic falls below the lower threshold. If the storm control action is shutdown, the interface cannot restore automatically and you need to run the undo shutdown command to restore it manually.

How to prevent broadcast storms on the AC
WLAN devices support traffic suppression and user isolation to prevent broadcast storms. Traffic suppression limits traffic rate to prevent broadcast storms caused by broadcast, multicast, or unknown unicast packets. User isolation isolates users to reduce users' broadcast packets and the risk of broadcast storms. Example for configuring traffic suppression [Huawei] interface gigabitethernet 0/0/1 [Huawei-GigabitEthernet0/0/1] broadcast-suppression packets 12600 //Set the rate limit in pps for broadcast packets. [Huawei-GigabitEthernet0/0/1] multicast-suppression packets 25200 //Set the rate limit in pps for multicast packets. [Huawei-GigabitEthernet0/0/1] unicast-suppression packets 12600 //Set the rate limit in pps for unknown unicast packets. [Huawei-GigabitEthernet0/0/1] quit Example for configuring user isolation For V200R005: [Huawei-wlan-view] service-set name test [Huawei-wlan-service-set-test] user-isolate //Set user isolation for service set test. [Huawei-wlan-service-set-test] quit [Huawei-wlan-view] quit For V200R006: # Configure user isolation for a traffic profile. system-view [Huawei] wlan [Huawei-wlan-view] traffic-profile name p1 //Create a traffic profile. [Huawei-wlan-traffic-prof-p1] user-isolate l2 //Configure Layer 2 user isolation. # Configure user isolation in an AP wired port profile. system-view [AC6605] wlan [AC6605-wlan-view] wired-port-profile name wired [AC6605-wlan-wired-port-prof-wired] mode endpoint [AC6605-wlan-wired-port-prof-wired] user-isolate l2 [AC6605-wlan-wired-port-prof-wired] quit [AC6605-wlan-view] ap-group name ap-group1 [AC6605-wlan-ap-group-ap-group1] wired-port-profile wired gigabitethernet 0

What causes packet loss on the port of S series switches
For S series switches (except the S1700), packets will be discarded if traffic is too heavy or burst traffic occurs.

Differences between background errored blocks and far-end background errored blocks
Differences between background block errors and far-end background block errors: Background errored blocks indicate errored blocks detected on the local optical board in signals received from the peer end. Far-end background errored blocks indicate errored blocks detected on the peer optical board in signals transmitted from the local end.

Checking the storm control configuration on an S series switch
For S series switches, you can run the display storm-control [ interface ] command in any view to check information about storm control on an interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top