This article describes how to verify working of storm-control.
Solution
To verify the storm-control:
Step 1: Connect Port1 and Port2 with traffic generator and traffic capture respectively.
For Traffic generator, use Third-party applications. eg. Cola-soft.
For Traffic capture, port-mirror capture on the FortiSwitch
Step 2: Port1 and Port2 should be configured in same VLAN.
Step 3: Enable storm-control globally (or per port strom-control) with 100 packet/sec with Broadcast, multicast and unknown unicast.
To configure Storm-control globally for managed FortiSwitches:
# config switch-controller storm-control
set rate <rate>
set unknown-unicast {enable | disable}
set unknown-multicast {enable | disable}
set broadcast {enable | disable}
endTo configure Storm-control port based on the Managed FortiSwitches:
# config switch-controller storm-control-policy
edit <storm_control_policy_name>
set description <description_of_the_storm_control_policy>
set storm-control-mode override
set rate <1-10000000 or 0 to drop all packets>
set unknown-unicast {enable | disable}
set unknown-multicast {enable | disable}
set broadcast {enable | disable}
next
end
# config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit port5
set storm-control-policy <storm_control_policy_name>
next
endStep 4: Send broadcast (any packets with destination mac ffff.ffff.ffff) at 200 packet/sec to port1; then verify port2 receives broadcast packets at 100 packet/sec.
Note: Traffic generation and capture has to be done as mentioned on 1).
Step 5: Use # diagnose switch physical-ports port-stats list 1 to check Rx Discards count is incremented.
Step 6: Also, enable HW counter on the RX port as shown below.
FSW# diagnose switch physical-ports hw-counter add rx 4 PDISC port2Then check ‘PDISC’ counter is increasing after the storm happened.
FSW# diagnose switch physical-ports hw-counter show rx port2 ======execute this command 4-5 times
-------------------------------------------------------------------------------------
| Counter Statistics (port:port2)
-------------------------------------------------------------------------------------
|Type|Counter ID| Value | Trigger Flags Enabled
-------------------------------------------------------------------------------------
| Rx | 0| 3240862|RIPD4 RIPD6 RDISC RPORTD PDISC
| | | | RFILDR RDROP VLANDR
-------------------------------------------------------------------------------------
| Rx | 1| 0|IMBP
-------------------------------------------------------------------------------------
| Rx | 2| 0|RIMDR
-------------------------------------------------------------------------------------
| Rx | 4| 114457|PDISC <-----
-------------------------------------------------------------------------------------
==========================================
FSW # diagnose switch physical-ports hw-counter show rx port2
-------------------------------------------------------------------------------------
| Counter Statistics (port:port2)
-------------------------------------------------------------------------------------
|Type|Counter ID| Value | Trigger Flags Enabled
-------------------------------------------------------------------------------------
| Rx | 0| 3258276|RIPD4 RIPD6 RDISC RPORTD PDISC
| | | | RFILDR RDROP VLANDR
-------------------------------------------------------------------------------------
| Rx | 1| 0|IMBP
-------------------------------------------------------------------------------------
| Rx | 2| 0|RIMDR
-------------------------------------------------------------------------------------
| Rx | 4| 131871|PDISC <----- Increasing.
-------------------------------------------------------------------------------------Disable debug after verifying the logs.
FSW# diagnose switch physical-ports hw-counter remove rx 4 PDISC port2Points to be Noted: Storm-control is implemented in hardware, so there are no logs to indicate traffic dropped by storm-control.
Packet size could impact storm-control too.
Besides the rate limit of packet per second configuration, the burst-size-level configuration deals with burst packets in storm-control.
So, the different traffic patterns (rate, packet size, burst) will impact the drop decision of storm-control in ASIC hardware.