Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

storm-control / Nexus 1000v

STUART KENDRICK
Level 1
Level 1

‎01-27-2011 07:23 AM

I have enabled storm-control at my access layer (C4K), and I'm happy with the results -- every few weeks, someone creates a loop using a mini-switch, storm-control shuts down their port before they can take out that floor.

interface GigabitEthernet2/1

storm-control broadcast level 1.00

storm-control action shutdown

storm-control action trap

Now I'd like to extend this protection to my data centers (C6K).


But my data centers contain VMWare installations.  And I'm imagining that a single misbehaving VM, plus storm-control, could shut down an entire VMWare cluster in the following way:

-Pathological VM Guest starts emitting lots of broadcasts.  The upstream C6K notices and shuts down the port feeding the VMWare Host.

-The fancy HA software in VMWare automatically migrates the Guest to another VMWare Host and reincarnates it there.  The pathology picks up again, the Guest emits lots of broadcasts, the upstream C6K notices and shuts down the port.

-Our clusters vary from two VM Hosts to ten ... but I imagine that in either case, in a matter of seconds, a pathological Guest plus storm-control on the C6K could shut down all ports leading to all VM Hosts.

Sounds like a bad idea to me.

So, then I was thinking, what if we bought Nexus 1000v for the VMWare Hosts and implemented "storm-control broadcast level 1.00" on the resulting virtual ports plus, say "storm-control broadcast level 5.00" on the upstream C6K.  Would this 'do the right thing'?  i.e. if a patholgoical Guest start spewing broadcasts, would the Nexus 1000v shutdown the virtual port *before* the C6K noticed?  [I suspect that this would be a bit of a crap shoot, as to which switch would notice the storm first, given the relatively coarse time granularity of this feature]

And then, would the 'shutdown' state of this virtual port "follow" the pathological Guest, as it tried to reincarnate on each of the other VMWare Hosts?

I think I would want both behaviors in order to acquire the effect I'm wanting, i.e. hardening transport in the data center against broadcast pathology.

Anyone doing this?  Any 'design guides' available describing this?

--sk

Stuart Kendrick

Fred Hutchinson Cancer Research Center

Seattle, WA USA

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic