Storm control on a QFX VCF

15 12 2017

There don’t seem to be many operational commands in Junos to tell you what’s going on with regard to Storm Control.   Here’s all I could find – let me know if you know of more:

In the lab, I configured this storm control profile:

{master:1}
user@VCF> show configuration forwarding-options
storm-control-profiles TAT-StormControl {
     all {
         bandwidth-level 1000;
     }
     action-shutdown;
}

This was then configured on ae2, which is a trunk interface towards the Ixia tester:

{master:1}
user@VCF> show configuration interfaces ae2 unit 0
 family ethernet-switching {
     interface-mode trunk;
     storm-control TAT-StormControl;
 }

 

Unfortunately there’s no ‘show forwarding-options storm-control’ type command to see what interfaces have storm control configured.   I can’t find any other command that shows this info either.

So I generate 3Mbps of traffic to ff:ff:ff:ff:ff:ff from my Ixia into the VCF and the port goes disabled immediately according to the logs:

Dec 15 12:57:23 VCF l2ald[3261]: L2ALD_ST_CTL_IN_EFFECT: ae2.0: storm control in effect on the port
Dec 15 12:57:23 VCF l2ald[3261]: L2ALD_ST_CTL_DISABLED: ae2.0: storm control disabled port
Dec 15 12:57:23 VCF l2cpd[1814]: Root bridge in routing-instance 'default' changed from 4096:b0:a8:6e:0a:bd:41 to 32768:dc:38:e1:5f:c4:02
Dec 15 12:57:23 VCF mib2d[3271]: SNMP_TRAP_LINK_DOWN: ifIndex 526, ifAdminStatus up(1), ifOperStatus down(2), ifName ae2

Use the following command to verify – look for the SCTL flag:

{master:1}
user@VCF> show ethernet-switching interface ae2

Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
 LH - MAC limit hit, DN - interface down,
 SCTL - shutdown by Storm-control,
 MMAS - Mac-move action shutdown, AS - Autostate-exclude enabled)

Logical    Vlan    TAG   MAC     STP        Logical         Tagging
interface  members       limit   state      interface flags
 ae2.0                   294912             DN,SCTL         tagged
           VL2007 2007   294912  Discarding                 tagged
            VL549  549   294912  Discarding                 tagged

 

Clear the state once the problem has gone away using this command:

{master:1}
user@VCF> clear ethernet-switching recovery-timeout interface ae2

{master:1}
user@VCF> Dec 15 12:57:42 VCF /kernel: pointchange for flag 00000008 not supported on IFD ae2
Dec 15 12:57:42 VCF l2ald[3261]: L2ALD_ST_CTL_ENABLED: ae2.0: storm control enabled port
Dec 15 12:57:44 VCF l2cpd[1814]: Root bridge in routing-instance 'default' changed from 32768:dc:38:e1:5f:c4:02 to 4096:b0:a8:6e:0a:bd:41
Dec 15 12:57:44 VCF l2cpd[1814]: ROOT_PORT: for Instance 0 in routing-instance default Interface ae2.0
Dec 15 12:57:44 VCF l2cpd[1814]: TOPO_CH: for Instance 0 in routing-instance default generated on port ae2.0
Dec 15 12:57:45 VCF l2cpd[1814]: TOPO_CH: for Instance 0 in routing-instance default received on port ae2.0




{master:1}
user@VCF> show ethernet-switching interface ae2

Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
 LH - MAC limit hit, DN - interface down,
 SCTL - shutdown by Storm-control,
 MMAS - Mac-move action shutdown, AS - Autostate-exclude enabled)

Logical    Vlan    TAG   MAC      STP      Logical           Tagging
interface  members       limit   state     interface flags
  ae2.0                  294912            DN,SCTL           tagged
           VL2007 2007   294912 Discarding                   tagged
            VL549  549   294912 Discarding                   tagged

 

Unfortunately if you don’t have ‘action-shutdown’ configured, you get even less information.  I removed the action from the port – now we see 3Mbps traffic coming in on ae3 and the interface stays in forwarding.  The only message you get is a Syslog message:

 

{master:1}

imtech@pla-sw0-24c>

*** messages ***

Dec 15 13:23:41  pla-sw0-24c l2ald[3261]: L2ALD_ST_CTL_IN_EFFECT: ae2.0: storm control in effect on the port

imtech@pla-sw0-24c> show ethernet-switching interface ae2

Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop, LH - MAC limit hit, DN - interface down,SCTL - shutdown by Storm-control, MMAS - Mac-move action shutdown, AS - Autostate-exclude enabled)

Logical    Vlan      TAG    MAC     STP     Logica     Tagging
interface  members         limit    state   Interface  flags

ae2.0                     294912                       tagged
           VL2007   2007  294912    Forwarding         tagged
           VL549     549  294912    Forwarding         tagged

However when you look at other switch ports you can see the broadcast traffic is emerging at the storm-control-enforced rate of 1Mbps:

 

user@VCF> show interfaces xe-2/0/0
Physical interface: xe-2/0/0, Enabled, Physical link is Up
 Interface index: 758, SNMP ifIndex: 515
 Description: [ TO SRX CLUSTER NODE0, 0/0/9 ]
 Link-level type: Ethernet, MTU: 1514, MRU: 0, Speed: 10Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
 Flow control: Disabled, Media type: Fiber
 Device flags : Present Running
 Interface flags: SNMP-Traps Internal: 0x4000
 Link flags : None
 CoS queues : 12 supported, 12 maximum usable queues
 Current address: 64:64:9b:58:b0:03, Hardware address: 64:64:9b:58:b0:03
 Last flapped : 2017-12-14 15:21:48 UTC (22:12:04 ago)
 Input rate : 856 bps (1 pps)
 Output rate : 961080 bps (235 pps)


Overall it is a bit of a shame there’s not more in the way of operational mode commands to enable you to see what is going on.  It would also be good if you could be told which VLAN had the storm in it – although in many loop situations the packets circulating might just end up being garbage, so maybe the VLAN ID might not be identifiable.

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s




%d bloggers like this: