cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5411
Views
0
Helpful
6
Replies

stormcontrol on FEX ports not supported ?

gnijs
Level 4
Level 4

It seems stormcontrol is not supported on a FEX port:

NEXUSB(config-if)# storm-control broadcast level 10

ERROR: storm control not supported for fex port/PC

NEXUSB(config-if)#

1) Will it ever be supported ? Seems to me like a usefull option, to cover a faulty nic for example (i once had a workstation that was booted from network and spit out 5000 DHCP requests/sec !)

2) It is more difficult to "catch" such a storm on the FEX uplink 10Gigabit ports. You need to put "stormcontrol broacast" nearly at level "0.1", which is still 100 Mbps :-)

3) Anytime - ever - maybe stormcontrol on N5K based on pps not % based ?

regards,

Geert

6 Replies 6

Marko Pribanic
Level 1
Level 1

Hello,

Dou you have any new info regarding this functionality, I am interested in this as well

Hi all, below is the reply from Cisco TAC. N2Ks are indeed useless at the moment cuz broadcast storms can melt the whole N7K infra with looping problem at the server access level at the N2Ks.

My name is --- and I am the engineer handling your service request. I have read your case notes and understand that you are asking if storm control on the FEX ports in on the roadmap. Right now we are trying to get storm control for the FEX into the next major release of code which is due out around Q2CY12, but this is not a guarantee as there could be reasons that it will get delayed or removed from the roadmap. TAC does not have the latest information. The best people to contact is your Cisco account team or Cisco partner who can put you in touch with the Product Manager or Technical Marketing Engineers for Nexus 5000 as they can answer your question. Let me know if this answers your question and if we are ok to close out this case. Have a good day.

To be efficient storm control ha to be enforced in hardware, if the ASICs have not been designed to do it, we're fucked, also should be the parent switch when a high level of brodcast is raised.

It's probably possible to enforce per-FEX port storm control of the parent switch level (a FEX port is a VN-tag based "virtual interface") but it may be difficult also.

I'll ask Cisco about this.

Hi all,

I have done some researching regarding this issue and it seems that we are hitting the bug CSCtu21510.

The bug toolkit for this bug says: „Software currently rejects storm-control command on FEX interfaces

with an error but lets users configure it on FEX fabric interfaces. While the

command is accepted it does not do what it is intended to do.“

So to me it seems that the storm control on the parent switch towards FEX will have no effect…

Great topic, however, the bug has got me worried. Indeed, we are scr**d if this is not supported. Imagine a server infected with a virus and sending broadcast discovery packets at full line rate......If i can't stop it on the N2K and not on the N5K also, how i am going to stop it ? Probably, "int x, shut". Lucky for me i only deployed 2 FEX modules. Why not connect a 4948E on the 10GE port of the 5K and have a full featured switch for it, with storm control and local switching.......

Hello all,

Some months ago, we have been facing a network down situation in a DC due to a customer bad cabling manipulation.

So we came quickly to this question => Why although configured, "storm-control" did not kick in ??

A TAC case has been raised and handled by an esclatation engineer. Please find an exctract about the exchanges =>  

"The way the feature is supposed to work on the N2K is that you configure it under the port on the N2K site towards the end user devices. The appropriate limits will then be enforced towards the N55K ports by the implementation of the feature. In regards to some extra documentation. The only docu that i can find at the moment about this issue is the bug id:

CSCtj01900    storm-control is not supported on Fabric ports . I have made it publicly visible and added a release note ot it"

The bug

================= CSCtj01900    storm-control is not supported on Fabric ports===================

Symptoms: Customers have configured storm control  values under fex fabric ports  on a Nexus 5010 / Nexus 5020 switch and  those configurations do not take effect.

For example: ---- output omitted-------

However the configuration of the storm-control parameters for the fex fabric ports does NOT take effect.

Workaround:  None, use other mechanisms to protect against a loop

==> Note: It is planned for a future release to have this feature implemented but it will only support N2K fex devices connected to N55XX switches. Nexus 5010 and Nexus 5020 will not be supported.

====================================================================

(In our particular case of L2 loop)  "The only means to work around this issue as far as i am concerned is to use other mechanisms to protect against a loop. I.e. bpdu-guard, to the best of my knowledge that is on by default on the N2k host ports. Loop-guard is another feature in the spanning tree area to protect against loops".

====================================

PS : We have been facing a similar issue with a server NIC which looped unexpectidly...

The question was then ' Why although configured 'loopback err-disable' did not kick-in :-)

Best regards.

Karim

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: