Filter
Top Products
Protecting the network
Create A Secure Network With Allied Telesis Managed Layer 3 Switches 4
Service providers need to prevent storms from disrupting services to customers. AlliedWare
offers the following options for mitigating storms:
z limiting broadcasts and multicasts on a port (“Bandwidth limiting” on page 4)
z detecting a storm and disabling that port or VLAN (“Using QoS policy-based storm
protection” on page 5)
Bandwidth limiting
ARP packets are the most frequent trigger for broadcast
storms. One ARP packet is flooded around and around a
network, crowding out all other traffic.
You can use a simple Quality of Service (QoS) configuration
to match ARP packets and make sure that when a broadcast
storm occurs, the effect is minimised.
Configuration
To limit the bandwidth for ARPs:
1. Create a classifier to match ARP packets.
2. Create a QoS framework of policy, traffic class, and flow group. In the traffic class settings,
specify the maximum bandwidth for ARP traffic.
3. Apply the policy—and therefore the bandwidth limit—to one or more ports.
Example
The following configuration limits ARP packets to
1
00kbps on port 48.
create classifier=1 protocol=0806 ethformat=ethii-untagged
create qos policy=1
create qos trafficclass=1 maxbandwidth=100
create qos flowgroup=1
add qos policy=1 trafficclass=1
add qos trafficclass=1 flowgroup=1
add qos flowgroup=1 classifier=1
set qos port=48 policy=1
Products
All switches listed on page 2
Software Versions
All
port
48
port
48
misconfigured
customer switch
misconfigured
customer switch
flood of ARPs
flood of ARPs
flood of ARPs
flood of ARPs
ISP switch
ISP switch
When ISP switch has
no bandwidth control:
When ISP switch has
bandwidth limiting:
secure-switch-bandwidth.eps