Storm Control
This scenario shows how to configure a bridge interface and enable offloading to perform storm-control in the hardware switch.
Test Storm-Control For Broadcast Traffic
Description
In this scenario, the storm-control feature is configured to rate-limit broadcast traffic.
Scenario
Step 1: Set the following configuration in DUT1 :
set interfaces ethernet eth3 address 192.168.1.2/24 set interfaces ethernet eth3 traffic policy link-in LOGGER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOGGER rule 1 selector ACL set traffic selector ACL rule 1 destination address 192.168.1.255
Step 2: Set the following configuration in DUT0 :
set interfaces bridge br0 address 192.168.1.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group storm-control 1 protocol broadcast set interfaces ethernet eth0p0 bridge-group storm-control 1 rate 0.25 set interfaces ethernet eth0p1 bridge-group bridge br0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.1.1 from DUT1:
admin@DUT1$ ping 192.168.1.1 count 1 size 56 timeout 1Show output
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=482 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 481.525/481.525/481.525/0.000 ms
Note
Generate 2 Mbps of broadcast traffic and measure how much is actually received at the destination.
Step 4: Run command traffic selector show at DUT1 and expect this output:
Show output
Selector ACL (Policy LOGGER -- ifc eth3 -- hook link-in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 67 70 67402 67616 ----------------------------------------------------- Total 67 70 67402 67616
Test Storm-Control For Unicast Traffic
Description
In this scenario, the storm-control feature is configured to rate-limit unicast traffic.
Scenario
Step 1: Set the following configuration in DUT1 :
set interfaces ethernet eth3 address 192.168.1.2/24 set interfaces ethernet eth3 traffic policy link-in LOGGER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOGGER rule 1 selector ACL set traffic selector ACL rule 1 destination address 192.168.1.2
Step 2: Set the following configuration in DUT0 :
set interfaces bridge br0 address 192.168.1.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group storm-control 1 protocol unicast set interfaces ethernet eth0p0 bridge-group storm-control 1 rate 0.25 set interfaces ethernet eth0p1 bridge-group bridge br0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.1.1 from DUT1:
admin@DUT1$ ping 192.168.1.1 count 1 size 56 timeout 1Show output
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.512 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.512/0.512/0.512/0.000 ms
Note
Generate 2 Mbps of unicast traffic and measure how much is actually received at the destination.
Step 4: Run command traffic selector show at DUT1 and expect this output:
Show output
Selector ACL (Policy LOGGER -- ifc eth3 -- hook link-in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 68 69 67486 67532 ----------------------------------------------------- Total 68 69 67486 67532
Test Storm-Control For TCP Traffic
Description
In this scenario, the storm-control feature is configured to rate-limit TCP traffic.
Scenario
Step 1: Set the following configuration in DUT1 :
set interfaces ethernet eth3 address 192.168.1.2/24 set interfaces ethernet eth3 traffic policy link-in LOGGER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOGGER rule 1 selector ACL set traffic selector ACL rule 1 protocol tcp
Step 2: Set the following configuration in DUT0 :
set interfaces bridge br0 address 192.168.1.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group storm-control 1 protocol tcp_data set interfaces ethernet eth0p0 bridge-group storm-control 1 rate 0.25 set interfaces ethernet eth0p1 bridge-group bridge br0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.1.1 from DUT1:
admin@DUT1$ ping 192.168.1.1 count 1 size 56 timeout 1Show output
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=449 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 449.041/449.041/449.041/0.000 ms
Note
Generate 2 Mbps of TCP traffic and measure how much is actually received at the destination.
Step 4: Run command traffic selector show at DUT1 and expect this output:
Show output
Selector ACL (Policy LOGGER -- ifc eth3 -- hook link-in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 67 70 68206 68420 ----------------------------------------------------- Total 67 70 68206 68420
Test Storm-Control For UDP Traffic
Description
In this scenario, the storm-control feature is configured to rate-limit UDP traffic.
Scenario
Step 1: Set the following configuration in DUT1 :
set interfaces ethernet eth3 address 192.168.1.2/24 set interfaces ethernet eth3 traffic policy link-in LOGGER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOGGER rule 1 selector ACL set traffic selector ACL rule 1 protocol udp
Step 2: Set the following configuration in DUT0 :
set interfaces bridge br0 address 192.168.1.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group storm-control 1 protocol udp set interfaces ethernet eth0p0 bridge-group storm-control 1 rate 0.25 set interfaces ethernet eth0p1 bridge-group bridge br0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.1.1 from DUT1:
admin@DUT1$ ping 192.168.1.1 count 1 size 56 timeout 1Show output
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=447 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 447.001/447.001/447.001/0.000 ms
Note
Generate 2 Mbps of UDP traffic and measure how much is actually received at the destination.
Step 4: Run command traffic selector show at DUT1 and expect this output:
Show output
Selector ACL (Policy LOGGER -- ifc eth3 -- hook link-in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 67 70 67402 67616 ----------------------------------------------------- Total 67 70 67402 67616
Test Storm-Control For ICMP Traffic
Description
In this scenario, the storm-control feature is configured to rate-limit ICMP traffic.
Scenario
Step 1: Set the following configuration in DUT1 :
set interfaces ethernet eth3 address 192.168.1.2/24 set interfaces ethernet eth3 traffic policy link-in LOGGER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOGGER rule 1 selector ACL set traffic selector ACL rule 1 protocol icmp
Step 2: Set the following configuration in DUT0 :
set interfaces bridge br0 address 192.168.1.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group storm-control 1 protocol other set interfaces ethernet eth0p0 bridge-group storm-control 1 rate 0.25 set interfaces ethernet eth0p1 bridge-group bridge br0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.1.1 from DUT1:
admin@DUT1$ ping 192.168.1.1 count 1 size 56 timeout 1Show output
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=467 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 466.546/466.546/466.546/0.000 ms
Note
Generate 2 Mbps of ICMP traffic and measure how much is actually received at the destination.
Step 4: Run command traffic selector show at DUT1 and expect this output:
Show output
Selector ACL (Policy LOGGER -- ifc eth3 -- hook link-in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 69 70 67570 67616 ----------------------------------------------------- Total 69 70 67570 67616
Test Storm-Control For Combined Traffic
Description
In this scenario, the storm-control feature is configured to rate-limit multiple kinds of traffic.
Scenario
Step 1: Set the following configuration in DUT1 :
set interfaces ethernet eth3 address 192.168.1.2/24 set interfaces ethernet eth3 traffic policy link-in LOGGER set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy LOGGER rule 1 selector ACL set traffic selector ACL rule 1 protocol udp set traffic selector ACL rule 2 protocol icmp
Step 2: Set the following configuration in DUT0 :
set interfaces bridge br0 address 192.168.1.1/24 set interfaces bridge br0 hardware-offload eth0 set interfaces ethernet eth0p0 bridge-group bridge br0 set interfaces ethernet eth0p0 bridge-group storm-control 1 protocol udp set interfaces ethernet eth0p0 bridge-group storm-control 1 rate 0.25 set interfaces ethernet eth0p0 bridge-group storm-control 2 protocol other set interfaces ethernet eth0p0 bridge-group storm-control 2 rate 0.25 set interfaces ethernet eth0p1 bridge-group bridge br0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.1.1 from DUT1:
admin@DUT1$ ping 192.168.1.1 count 1 size 56 timeout 1Show output
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=459 ms --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 458.636/458.636/458.636/0.000 ms
Note
Generate 2 Mbps of UDP or ICMP traffic and measure how much is actually received at the destination.
Step 4: Run command traffic selector show at DUT1 and expect this output:
Show output
Selector ACL (Policy LOGGER -- ifc eth3 -- hook link-in prio very-high -- rule 1) ----------------------------------------------------- rule pkts match pkts eval bytes match bytes eval ----------------------------------------------------- 1 67 70 67402 67616 2 2 3 168 214 ----------------------------------------------------- Total 69 70 67570 67616