Packet storm protection – Allied Telesis AT-8800 Series Switch User Manual

Layer 2 Switching

69

Software Release 2.6.1
C613-02039-00 REV A

Packet Storm Protection

The packet storm protection feature allows the user to set limits on the
reception rate of broadcast, multicast and destination lookup failure packets.
The software allows separate limits to be set for each port, beyond which each
of the different packet types are discarded. The software also allows separate
limits to be set for each of the packet types. Which of these options can be
implemented depends on the model of switch hardware.

By default, packet storm protection is set to NONE, that is, disabled. It can be
enabled, and each of the limits can be set using the command:

SET SWITCH PORT=port-list [BCLIMIT={NONE|limit}]

[DLFLIMIT={NONE|limit}] [MCLIMIT={NONE|limit}]

Packet storm protection limits cannot be set for each individual port on the
switch, but can be set for each processing block of ports. The processing blocks
are sets of 8 ports (e.g. as many as are applicable of ports 1-8, 9-16, 17-24, 25-32,
33-40 and 41-48) and each uplink port is a further processing block. Therefore, a
24-port switch has five processing blocks and a 48-port switch has eight. The
two uplink ports are numbered sequentially after the last port, and therefore
are 25 and 26 for a 24-port switch, and 49 and 50 for a 48-port switch. Only one
limit can be set per processing block, and then applies to all three packet types.
Thus each of the packet types are either limited to this value, or unlimited
(NONE).

The BCLIMIT parameter specifies a limit on the rate of reception of broadcast
packets for the port(s). The value of this parameter represents a per second rate
of packet reception above which packets will be discarded, for broadcast
packets. If the value NONE or 0 is specified, then packet rate limiting for
broadcast packets is turned off. If any other value is specified, the reception of
broadcast packets will be limited to that number of packets per second. See the
note below for important information about packet rate limiting. The default
value for this parameter is NONE.

The DLFLIMIT parameter specifies a limit on the rate of reception of
destination lookup failure packets for the port. The value of this parameter
represents a per second rate of packet reception above which packets will be
discarded, for destination lookup failure packets. If the value NONE or 0 is
specified, then packet rate limiting for destination lookup failure packets is
turned off. If any other value is specified, the reception of destination lookup
failure packets will be limited to that number of packets per second. See the
note after the BCLIMIT parameter description for important information about
packet rate limiting. The default value for this parameter is NONE. If packet
storm protection limits are set on the switch, the PORT parameter must specify
complete processing blocks.

A destination lookup failure packet is one for which the switch hardware does not have
a record of the destination address of the packet, either Layer 2 or Layer 3 address. These
packets are passed to the CPU for further processing, so limiting the rate of reception of
these packets may be a desirable feature to improve system performance.

The MCLIMIT parameter specifies a limit on the rate of reception of multicast
packets for the port. The value of this parameter represents a per second rate of
packet reception above which packets will be discarded, for multicast packets.
If the value NONE or 0 is specified, then packet rate limiting for multicast
packets is turned off. If any other value is specified, the reception of multicast
packets will be limited to that number of packets per second. See the note after