Within a typical service provider environment I can see how broadcast and multicast storm control can be useful. I am confused regarding unicast storm control though.
Reading the Cisco docs online they give examples such as protecting against port flooding if the destination MAC of an incoming frame isn't in the CAM tables. This makes good sense to me. So does storm-control unicast only measure the pps rate (or bps rate) of frames that are for destinations not in the CAM tables, or all destinations that aren't a broadcast or multicast address (so just the total number of unicast frames)?
I'm worried that configuring such a feature could shut a port down that shouldn't be shut down simply because it has a high pps rate. An example of this is ports with voice services attached that have high frame rates but are low bpp rates of unicast frames.
Is this feature only measuring the frame/packet rate of unknown destination addresses or all unicast frames, what are the dangers here?
Best Answer
I have to confess that I mistakenly trusted the Nexus doc below which said only unknown unicast is rate-limited; however, that's definitely wrong for Cisco IOS. The reality is (at least on IOS platforms) that unicast storm control affects all unicast traffic; the Cisco Nexus doc I quoted said it only affected traffic that was unknown unicast. I will endeavor to test on Nexus at a later date.
In an effort to atone for my mistake, I built a quick screencast of what happens when I:
speedtest_cli.pyto start a unicast download from speedtest.netHit your refresh button to restart the screencast at the beginning
Bottom line
My Original quote from the Nexus docs, which I applied to the OP's Cisco 2960
Quoting the Nexus Storm Control Docs (emphasis mine):"You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unknown unicast traffic storm on physical interfaces. "
Storm control operates the same way across Cisco platforms; if the destination-mac-address is not in the CAM table, then then the switch must flood it out all ports in the Vlan (except the one it came in on). Suffient quantities of this kind of traffic would trigger your Unicast Storm Control thresholds.