34 Rockwell Automation Publication 1783-UM003G-EN-P - December 2012
Chapter 2 Switch Software Features
Storm Control
Storm control prevents traffic on a LAN from being disrupted by a broadcast,
multicast, or unicast storm on one of the physical interfaces. A LAN storm occurs
when packets flood the LAN, creating excessive traffic and degrading network
performance. Errors in the protocol-stack implementation, mistakes in network
configurations, or users issuing a denial-of-service attack can cause a storm.
Storm control (or traffic suppression) monitors packets passing from an interface
to the switching bus and determines if the packet is unicast, multicast, or
broadcast. The switch counts the number of packets of a specified type received
within the 1-second time interval and compares the measurement with a
predefined suppression-level threshold.
Storm control uses one of these methods to measure traffic activity:
• Bandwidth as a percentage of the total available bandwidth of the port that
can be used by the broadcast, multicast, or unicast traffic.
• Traffic rate in packets per second at which broadcast, multicast, or unicast
packets are received.
• Traffic rate in bits per second at which broadcast, multicast, or unicast
packets are received.
With each method, the port blocks traffic when the rising threshold is reached.
The port remains blocked until the traffic rate drops below the falling threshold
and then resumes normal forwarding. In general, the higher the level, the less
effective the protection against broadcast storms.
The graph shows broadcast traffic patterns on an interface over a given period of
time. The example can also be applied to multicast and unicast traffic. In this
example, the broadcast traffic being forwarded exceeded the configured threshold
between time intervals T1 and T2 and between T4 and T5. When the amount of
specified traffic exceeds the threshold, all traffic of that kind is dropped for the
next time period. Therefore, broadcast traffic is blocked during the intervals
following T2 and T5. At the next time interval (for example, T3), if broadcast
traffic does not exceed the threshold, it is again forwarded.
When the storm control threshold for multicast traffic is
reached, all multicast traffic except network management
traffic, such as bridge protocol data unit (BDPU) and Cisco
Discovery Protocol (CDP) frames, are blocked.