Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1830
Views
0
Helpful
2
Replies

SCP Triggers Unicast storm controll

pieterj
Level 1
Level 1

‎05-01-2012 08:12 PM - edited ‎03-07-2019 06:26 AM

Just wondering if anyone has encountered this problem before.

I have tested this on a 2950, 2960 and 3560 and they all seem to react the same

When we have devices connected to ports with Unicast storm controll enabled traffic passes without any problems. as soon as we start a SCP file transfer it triggers unicast storm controll. All other forms of file transfer works fine.

Here is the sw version info from the 2960 I just tested it on

Switch Ports Model              SW Version            SW Image                

------ ----- -----              ----------            ----------              

*    1 24    WS-C2960G-24TC-L   12.2(58)SE2           C2960-LANBASEK9-M

I have confirmed that both devices mac addresses are visible and valid in the mac address table.

May  2 14:30:14.262 NZST: %STORM_CONTROL-3-FILTERED: A Unicast storm detected on Gi0/21. A packet filter action has been applied on the interface.

May  2 14:30:27.348 NZST: %STORM_CONTROL-3-FILTERED: A Unicast storm detected on Gi0/21. A packet filter action has been applied on the interface.

May  2 14:33:55.746 NZST: %STORM_CONTROL-3-FILTERED: A Unicast storm detected on Gi0/21. A packet filter action has been applied on the interface.

interface GigabitEthernet0/21

switchport trunk allowed vlan 2128

switchport mode trunk

storm-control broadcast level 5.00

storm-control multicast level 5.00

storm-control unicast level 10.00

sw12-srv.alb#sho storm-control unicast

Interface  Filter State   Upper        Lower        Current

---------  -------------  -----------  -----------  ----------

Gi0/21     Forwarding       10.00%       10.00%        9.96%  

Labels:
0 Helpful
2 Replies 2

Andrew Cink
Level 1
Level 1

‎05-01-2012 11:01 PM

Are you sure it's not just utilization is hitting the target level? Maybe because SCP is encrypted, the overhead is pushing the utilization higher than the other copying methods?

Try checking the utilization, try increasing the storm-control amount to see if it still happens at 15% or 20%?

Andy

0 Helpful

pieterj
Level 1
Level 1
In response to Andrew Cink

‎05-02-2012 12:22 PM

@Andrew

It seems that the switch sees all SCP traffic as a unicast flood even though the source and destination mac addresses are known to the switch.

If I copy a file using FTP transfer I can transfer between server and client as fast as the network will allow and "sho storm-control unicast " shows the unicast storm level to be 0%. As soon as I change over to SCP it registers all the SCP traffic as unicast flood.

I want to enable flood protection on the network as that sometimes does get triggered for valid reasons, but if I do it, it will break other things like when our systems guys have to vmotion a host across the network.

Also some of customers will be using SCP to copy files and I do not want to impact legitimate traffic. My concern is that I have now identified this as a problem so who knows what other protocols will also trigger Unicast storm control.

Looks like I will have to log a tac case on this, was just wondering if anyone else came across this.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card