Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
2
Helpful
0
Replies

Storm-Control with Cisco ACI

mabushei
Cisco Employee
Cisco Employee

‎01-31-2024 08:06 PM - edited ‎01-31-2024 08:14 PM

traffic storms can be generated from any device due to manufacturing or loop, which is hard to figure sometimes. however we can mitigate that by implementing the appropriate features.

it is recommended that we enable storm-control on outer facing ACI-Fabric interfaces. By default, storm-control is not enabled to the ACI-Fabric.

Create storm control policy.

Check below link for more details regard configuring storm control.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L2_config/b_Cisco_APIC_Layer_2_Configuration_Guide/b_Cisco_APIC_Layer_2_Configuration_Guide_chapter_01010.html

 

However, enabling storm control will only make sure that traffic above the limit will be stopped. To overcome that, we need to monitor these policies.

 

Create a monitor policy.

Here is an example to create a monitor policy for storm control.

Fabric -> Access Policies -> Policies -> Monitoring

  • Under “stats collection policies” create AggrIf monitoring object “aggregated interface”
  • Edit and select storms features for stats type.

mabushei_0-1706760162871.png

 

 

  • Add a stats policy as below.

mabushei_1-1706760162878.png

  • Create a stats threshold policy, we can select that what kind of alert we want Critical, Major, Minor. for more details regard this policy please refer to the below document

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L3_config/b_Cisco_APIC_Layer_3_Configuration_Guide/b_Cisco_APIC_Layer_3_Configuration_Guide_chapter_011000.html

mabushei_2-1706760162888.png

  • Apply this policy to the interfaces policy groups.

mabushei_3-1706760162892.png

with this config, the monitoring policy will be applied. and the system will generate alerts when traffic exceeds the specified threshold.


commands to check the storm:

Show interface command shows the storm suppression as well.

 

 

leaf102# show interface port-channel 1
port-channel1 is up (out-of-service)
.
.
.
  RX
    0 unicast packets  0 multicast packets  0 broadcast packets
    0 input packets  0 bytes
    0 jumbo packets  0 storm suppression bytes

 

 

- Execute below commands on concerned Leaf switches

vsh -c 'show interface counters storm-control'

vsh -c 'show system internal eltm info storm-ctrl all'

- Check the events/faults history

to clarify there isn't a specific tool designed to directly identify storms within the ACI framework. However, ACI has the capability to control such traffic through the implementation of appropriate features.
By

  • configuring settings
  • analyzing outputs
  • reviewing logs
  • inspecting drops and traffic on suspected nodes/interfaces
  • and understanding the network topology.

 

Labels:
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License