Skip to Content

Solved: How do I verify working of storm-control?

By: Author Alex Lim

Posted on Last updated:

Home > Solved: How do I verify working of storm-control?

This article describes how to verify working of storm-control.

Solution

To verify the storm-control:

Step 1: Connect Port1 and Port2 with traffic generator and traffic capture respectively.

For Traffic generator, use Third-party applications. eg. Cola-soft.

For Traffic capture, port-mirror capture on the FortiSwitch

Step 2: Port1 and Port2 should be configured in same VLAN.

Step 3: Enable storm-control globally (or per port strom-control) with 100 packet/sec with Broadcast, multicast and unknown unicast.

To configure Storm-control globally for managed FortiSwitches:

# config switch-controller storm-control
set rate <rate>
set unknown-unicast {enable | disable}
set unknown-multicast {enable | disable}
set broadcast {enable | disable}
end

To configure Storm-control port based on the Managed FortiSwitches:

# config switch-controller storm-control-policy
edit <storm_control_policy_name>
set description <description_of_the_storm_control_policy>
set storm-control-mode override
set rate <1-10000000 or 0 to drop all packets>
set unknown-unicast {enable | disable}
set unknown-multicast {enable | disable}
set broadcast {enable | disable}
next
end
# config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit port5
set storm-control-policy <storm_control_policy_name>
next
end

Step 4: Send broadcast (any packets with destination mac ffff.ffff.ffff) at 200 packet/sec to port1; then verify port2 receives broadcast packets at 100 packet/sec.

Note: Traffic generation and capture has to be done as mentioned on 1).

Step 5: Use # diagnose switch physical-ports port-stats list 1 to check Rx Discards count is incremented.

Step 6: Also, enable HW counter on the RX port as shown below.

FSW# diagnose switch physical-ports hw-counter add rx 4 PDISC port2

Then check ‘PDISC’ counter is increasing after the storm happened.

FSW# diagnose switch physical-ports hw-counter show rx port2 ======execute this command 4-5 times
-------------------------------------------------------------------------------------
| Counter Statistics (port:port2)
-------------------------------------------------------------------------------------
|Type|Counter ID| Value | Trigger Flags Enabled
-------------------------------------------------------------------------------------
| Rx | 0| 3240862|RIPD4 RIPD6 RDISC RPORTD PDISC
| | | | RFILDR RDROP VLANDR
-------------------------------------------------------------------------------------
| Rx | 1| 0|IMBP
-------------------------------------------------------------------------------------
| Rx | 2| 0|RIMDR
-------------------------------------------------------------------------------------
| Rx | 4| 114457|PDISC <-----
-------------------------------------------------------------------------------------

==========================================

FSW # diagnose switch physical-ports hw-counter show rx port2
-------------------------------------------------------------------------------------
| Counter Statistics (port:port2)
-------------------------------------------------------------------------------------
|Type|Counter ID| Value | Trigger Flags Enabled
-------------------------------------------------------------------------------------
| Rx | 0| 3258276|RIPD4 RIPD6 RDISC RPORTD PDISC
| | | | RFILDR RDROP VLANDR
-------------------------------------------------------------------------------------
| Rx | 1| 0|IMBP
-------------------------------------------------------------------------------------
| Rx | 2| 0|RIMDR
-------------------------------------------------------------------------------------
| Rx | 4| 131871|PDISC <----- Increasing.
-------------------------------------------------------------------------------------

Disable debug after verifying the logs.

FSW# diagnose switch physical-ports hw-counter remove rx 4 PDISC port2

Points to be Noted: Storm-control is implemented in hardware, so there are no logs to indicate traffic dropped by storm-control.

Packet size could impact storm-control too.

Besides the rate limit of packet per second configuration, the burst-size-level configuration deals with burst packets in storm-control.

So, the different traffic patterns (rate, packet size, burst) will impact the drop decision of storm-control in ASIC hardware.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.