What is the difference between traffic suppression and storm control

12

Traffic suppression aims at controlling traffic rate within an acceptable range by limiting the incoming and outgoing traffic on interfaces. When the rate of incoming broadcast, multicast, or unknown unicast packets exceeds the threshold, the switch discards the packets exceeding the threshold and only allows the packets within the threshold. Take traffic suppression for unknown unicast packets for example. The traffic suppression threshold of unknown unicast packets is 100 pps. That is, the switch allows only 100 packets to pass within one second, and discards the excess packets. If traffic suppression is configured for broadcast, multicast, or unknown unicast packets in the outbound direction, the switch blocks all packets of this type. That is, the interface does not forward packets of this type.

Storm control aims at controlling broadcast storms. The switch only controls incoming traffic on interfaces. If the average rate of unknown unicast packets within the storm control interval is higher than the upper threshold, the switch blocks packets on the interface or shuts down the interface according to the configured penalty action. If the interface has been blocked, when the rate of packets received by the interface falls below the lower threshold, the switch unblocks the interface. If the interface has been shut down, you must manually run the undo shutdown command to enable the interface. Take storm control for unknown unicast packets for example. The upper threshold of storm control for unknown unicast packets is 100 pps, the lower threshold is 20 pps, and storm control interval is 5 seconds. If the interface receives more than 500 (100 x 5) packets within 5 seconds, the switch shuts down the interface. The interface can receive packets when its status recovers to Up. Alternatively, the switch blocks all unknown unicast packets on the interface until the next 5 seconds expire. When the number of packets received by the interface falls below 100 (20 x 5), the switch starts to forward the unknown unicast packets on the interface.

For the incoming packets of the same type on an interface, only either of the traffic suppression or storm control can be configured.

Other related questions:
Differences between traffic suppression and storm control on S series switches
For S series switches, the differences between traffic suppression and storm control are as follows: Traffic suppression aims at controlling traffic rates within an acceptable range to limit incoming and outgoing traffic on interfaces. If the rate of incoming broadcast, multicast, or unknown unicast packets on an interface exceeds the threshold, a switch discards the packets exceeding the threshold and only allows the packets within the threshold to pass through. Take traffic suppression of unknown unicast packets for example. Assume that the traffic suppression threshold of unknown unicast packets is 100 pps. That is, the switch allows only 100 packets to pass through within one second, and discards the excess packets. Within the next second, the switch also allows only 100 packets to pass through. If the rate of outgoing broadcast, multicast, or unknown unicast packets on an interface exceeds the threshold, the switch blocks all packets of this type. That is, the interface does not forward packets of this type. Storm control aims at preventing broadcast storms. A switch with storm control configured only controls incoming traffic on interfaces. If the average rate of unknown unicast packets received by an interface of a switch within the storm control interval is higher than the specified upper threshold, the switch blocks packets on the interface or shuts down the interface according to the configured penalty action. If the interface has been blocked, when the rate of packets received by the interface falls below the lower threshold, the switch unblocks the interface. If the interface has been shut down, you need to run the undo shutdown command to enable the interface. Take storm control on unknown unicast packets for example. Assume that the upper threshold for storm control on unknown unicast packets is 100 pps, the lower threshold is 20 pps, and the storm control detection interval is 5 seconds. If the interface receives more than 500 (100 x 5) packets within 5 seconds, the switch shuts down the interface. The interface can receive packets only after its status recovers to Up. Alternatively, the switch blocks all unknown unicast packets on the interface until the 5 seconds expire. When the number of packets received by the interface falls below 100 (20 x 5), the switch allows the interface to receive unknown unicast packets. For the incoming packets of the same type on an interface, only traffic suppression or storm control can be configured.

Configuring traffic suppression and storm control on S series switches
For S series switches (except S1700 switches): Traffic suppression and storm control are two security technologies used to limit rates of broadcast, unknown multicast, and unknown unicast packets to prevent storms caused by these packets. Traffic suppression limits traffic rates using traffic rate thresholds, while storm control prevents traffic storms by shutting down interfaces. You can run the following commands to configure traffic suppression: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression cir 100 //Configure broadcast traffic suppression and set the CIR, that is the allowed rate at which broadcast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression 80 //Configure unknown multicast traffic suppression and limit the rate of unknown multicast packets to 80%. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression cir 100 //Configure unknown unicast traffic suppression and set the CIR, that is the allowed rate at which unknown unicast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] quit To block outgoing packets on an interface, run the following commands: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression block outbound //Block outgoing broadcast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression block outbound //Block outgoing unknown multicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression block outbound //Block outgoing unknown unicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] quit You can run the following commands to configure storm control: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] storm-control broadcast min-rate 1000 max-rate 2000 //Configure storm control on broadcast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control multicast min-rate 1000 max-rate 2000 //Configure storm control on unknown multicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control unicast min-rate 1000 max-rate 2000 //Configure storm control on unknown unicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control action block //Set the storm control action to block. [HUAWEI-GigabitEthernet1/0/0] storm-control enable log //Configure the device to record a log when detecting a storm. [HUAWEI-GigabitEthernet1/0/0] storm-control interval 90 //Set the interval for detecting storms. [HUAWEI-GigabitEthernet1/0/0] quit Note: If the storm control action on an interface is block, the interface restores the normal forwarding state when the traffic falls below the lower threshold. If the storm control action is shutdown, the interface cannot restore automatically and you need to run the undo shutdown command to restore it manually.

Why is the actual suppression value different from the configured traffic suppression value
The traffic suppression supported by AR series routers is a type of granularity-based suppression. -The AR1200 series use the committed information rate (CIR) mode. If the traffic suppression value is between 64 kbit/s and 1000 kbit/s, the granularity is 64 kbit/s. For example, if the traffic suppression value is set to 65 kbit/s, the effective traffic suppression value is 64 kbit/s. If the traffic suppression value is set to 200 kbit/s, the effective traffic suppression value is 128 kbit/s, and so on. If the traffic suppression value is between 1000 kbit/s and 100,000 kbit/s, the granularity is 1000 kbit/s. For example, if the traffic suppression value is set to 1001 kbit/s, the effective traffic suppression value is 1000 kbit/s. If the traffic suppression value is set to 2999 kbit/s, the effective traffic suppression value is 2000 kbit/s, and so on. -The AR2200 , AR3200 and AR3600 series use the packet mode. The granularity is 125 packets per second (pps). If the traffic suppression value is set to 10 pps, the effective traffic suppression value is 0 pps. If the traffic suppression value is set to 126 pps, the effective traffic suppression value is 125 pps, and so on. Therefore, if the traffic suppression value is not set to a multiple of the granularity, the actual suppression value is different from the traffic suppression value that is set. Within a specified granularity range, all suppression values are correct.

Why is the configured storm suppression inconsistent with the actual suppression result
The traffic suppression supported by an AR is implemented based on granularity: The AR1200 series routers adopt the CIR method. (1) In the range from 64 to 1000, the granularity is 64 kbit/s. If the traffic suppression value is set to 65 kbit/s, the rate 64 kbit/s takes effect. If the traffic suppression value is set to 200 kbit/s, the rate 128 kbit/s takes effect. (2) In the range from 1000 to 100000, the granularity is 1000 kbit/s. If the traffic suppression value is set to 1001 kbit/s, the rate 1000 kbit/s takes effect. If the traffic suppression value is set to 2999 kbit/s, the rate 2000 kbit/s takes effect. The AR2200 series, AR3200 series, and AR3600 series routers adopt the packet method, and the granularity is 125 pps. For example, if the traffic suppression value is set to 10, the throughput 0 pps takes effect. If the traffic suppression value is set to 126 pps, the throughput 125 pps takes effect. When the configured traffic suppression value is not an integral multiple of a granularity, actual suppression result is inconsistent with the configuration. The suppression function is proper provided that the actual suppression rate is within the granularity range.

Differences between suppress-time and report-suppress on an S series switch
For S series switches, suppress-time and report-suppress are irrelevant. The suppress-time parameter specifies the period during which the switch forwards only one Report/Leave message of the same multicast group after receiving a Query message. The report-suppress parameter is used to terminate Report messages from users and respond to the Query packets from routers.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top