Packets per second limit on Nexus interface

psmidcnss · ‎05-20-2013

Good morning,

I'd like to limit the packets per second on some Nexus interfaces, but I don't understand how to accomplish this task.

On Catalyst switches I used the command:

storm-control unicast level pps xxx

but the Nexus command seems to work on bandwidth-based logic only. Can anyone help me?

Best regards

Marco Canova

Steve Fuller · ‎05-20-2013

Hi,

I've not it documented in the storm-control command reference or configuration guides, but from testing I've undertaken with the Nexus 7000, the unicast storm control operates completely differently.

As you mention, in the Catalyst switch the unicast limit you set will effectively police the unicast traffic to some packet per second or percentage bandwidth level. By contrast, on the Nexus 7000 the unicast storm-control only limits flooded unicast i.e., unicast traffic to a destination MAC address not in the switch CAM table.

I actually think the Nexus unicast storm-control is a much better solution as I never saw a good reason to limit unicast traffic on a GE/10GE interface to some really low value.

Can you explain a little more about what you're trying to achieve and what you're trying to limit?

Regards

psmidcnss · ‎05-20-2013

Hi Steve,

thank you for your answer. I'd like to limit the pps in order to preserve my firewalls interfaces: we saw that if the traffic is greater than 25.000/30.000 pps the firewall starts to suffer. Its buffer interfaces start to discard packets.

The average pps are 3.000/5.000 so a limit to 20000 would make sense.

How can I obtain this rate limit onour Nexus 5548?

Best regards

Marco Caova