Traffic suppression module of S series switch

25

S series switches support the configuration of traffic suppression on the interface. Flow suppression contains three modes:
Packet flow rate suppression
Bit rate of flow suppression
Percentage flow suppression
Note: the cassette switch, only partial morphological support by bit rate traffic control.

Other related questions:
Traffic suppression modes for S series switches
Traffic suppression can be configured on interfaces of S series switches. Traffic suppression has the following modes: By number of packets per second (pps) By number of bits per second (bit/s) By bandwidth percentage Note: Only some S series fixed switch models support traffic suppression by number of bits per second (bit/s).

Configuring traffic suppression and storm control on S series switches
For S series switches (except S1700 switches): Traffic suppression and storm control are two security technologies used to limit rates of broadcast, unknown multicast, and unknown unicast packets to prevent storms caused by these packets. Traffic suppression limits traffic rates using traffic rate thresholds, while storm control prevents traffic storms by shutting down interfaces. You can run the following commands to configure traffic suppression: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression cir 100 //Configure broadcast traffic suppression and set the CIR, that is the allowed rate at which broadcast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression 80 //Configure unknown multicast traffic suppression and limit the rate of unknown multicast packets to 80%. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression cir 100 //Configure unknown unicast traffic suppression and set the CIR, that is the allowed rate at which unknown unicast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] quit To block outgoing packets on an interface, run the following commands: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression block outbound //Block outgoing broadcast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression block outbound //Block outgoing unknown multicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression block outbound //Block outgoing unknown unicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] quit You can run the following commands to configure storm control: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] storm-control broadcast min-rate 1000 max-rate 2000 //Configure storm control on broadcast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control multicast min-rate 1000 max-rate 2000 //Configure storm control on unknown multicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control unicast min-rate 1000 max-rate 2000 //Configure storm control on unknown unicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control action block //Set the storm control action to block. [HUAWEI-GigabitEthernet1/0/0] storm-control enable log //Configure the device to record a log when detecting a storm. [HUAWEI-GigabitEthernet1/0/0] storm-control interval 90 //Set the interval for detecting storms. [HUAWEI-GigabitEthernet1/0/0] quit Note: If the storm control action on an interface is block, the interface restores the normal forwarding state when the traffic falls below the lower threshold. If the storm control action is shutdown, the interface cannot restore automatically and you need to run the undo shutdown command to restore it manually.

Differences between traffic suppression and storm control on S series switches
For S series switches, the differences between traffic suppression and storm control are as follows: Traffic suppression aims at controlling traffic rates within an acceptable range to limit incoming and outgoing traffic on interfaces. If the rate of incoming broadcast, multicast, or unknown unicast packets on an interface exceeds the threshold, a switch discards the packets exceeding the threshold and only allows the packets within the threshold to pass through. Take traffic suppression of unknown unicast packets for example. Assume that the traffic suppression threshold of unknown unicast packets is 100 pps. That is, the switch allows only 100 packets to pass through within one second, and discards the excess packets. Within the next second, the switch also allows only 100 packets to pass through. If the rate of outgoing broadcast, multicast, or unknown unicast packets on an interface exceeds the threshold, the switch blocks all packets of this type. That is, the interface does not forward packets of this type. Storm control aims at preventing broadcast storms. A switch with storm control configured only controls incoming traffic on interfaces. If the average rate of unknown unicast packets received by an interface of a switch within the storm control interval is higher than the specified upper threshold, the switch blocks packets on the interface or shuts down the interface according to the configured penalty action. If the interface has been blocked, when the rate of packets received by the interface falls below the lower threshold, the switch unblocks the interface. If the interface has been shut down, you need to run the undo shutdown command to enable the interface. Take storm control on unknown unicast packets for example. Assume that the upper threshold for storm control on unknown unicast packets is 100 pps, the lower threshold is 20 pps, and the storm control detection interval is 5 seconds. If the interface receives more than 500 (100 x 5) packets within 5 seconds, the switch shuts down the interface. The interface can receive packets only after its status recovers to Up. Alternatively, the switch blocks all unknown unicast packets on the interface until the 5 seconds expire. When the number of packets received by the interface falls below 100 (20 x 5), the switch allows the interface to receive unknown unicast packets. For the incoming packets of the same type on an interface, only traffic suppression or storm control can be configured.

Differences between suppress-time and report-suppress on an S series switch
For S series switches, suppress-time and report-suppress are irrelevant. The suppress-time parameter specifies the period during which the switch forwards only one Report/Leave message of the same multicast group after receiving a Query message. The report-suppress parameter is used to terminate Report messages from users and respond to the Query packets from routers.

Functions of suppress-time on S series switches
For an S series switch, to protect an upstream Layer 3 device from attacks and reduce the loads on the Layer 3 device, a Layer 2 device can suppress repeated IGMP Report and IGMP Leave messages sent from users in a VLAN. The message suppression mechanism is as follows: - After receiving and forwarding an IGMP Report/Leave message, the Layer 2 device does not forward repeated MLD Report messages to the router port within the suppression time. - If the Layer 2 device receives an IGMP General Query message or Multicast-Address-Specific message within the suppression time, it does not suppress the first IGMP Report message sent in response to the General Query message. In addition, the Layer 2 device resets the suppression timer when receiving the first IGMP Report message. suppress-time is used to set the suppression time of Report/Leave messages. By default, the suppression time for IGMP Report/Leave messages is 10s. If the suppression time is set to 0, Report/Leave messages are not discarded. The suppression function applies only to IGMPv1 and IGMPv2 Report/Leave messages and is invalid for IGMPv3 Report/Leave messages.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top