Unknown Unicast Flooding Protection

Some switches ship with a mechanism that can protect an entire VLAN from unicast flooding's negative effects. This mechanism is known as unicast flood protection. As already shown, when no entry corresponds to a frame's destination MAC address in the incoming VLAN, the frame is sent to all forwarding ports within the respective VLAN, which causes flooding. Limited flooding is part of the normal switching process, but continuous flooding causes adverse performance effects on the network.

The unicast flood protection feature can send an alert when a user-defined rate limit has been exceeded. It can also filter the traffic or shut down the port generating the floods when it detects unknown unicast floods exceeding a certain threshold. Example 2-14 shows a typical configuration taken from a Cisco Catalyst 6500 switch.

Example 2-14 Configuring and Monitoring Unicast Flood Protection it detects unknown unicast floods exceeding a certain threshold. Example 2-14 shows a typical configuration taken from a Cisco Catalyst 6500 switch.

Example 2-14 Configuring and Monitoring Unicast Flood Protection

Router(config)# mac-address-table unicast-flood limit 3 vlan

100 filter 5

Router # show mac-address-table unicast-flood

Unicast Flood Protection status: enabled

Configuration:

vlan Kfps action timeout

+ + +

100 3 filter 5

Mac filters:

No. vlan source mac addr. installed on

time left (mm:ss)

-i- -i- -i-

-i-

You can interpret the configuration as follows:

• The limit keyword specifies the unicast floods on a per source MAC address and per VLAN basis; valid values are from 1 to 4000 floods per second (fps).

• The filter keyword specifies how long to filter unicast flood traffic; valid values are from 1 to 34,560 minutes.

The alert (or shutdown) keyword (not shown here) configures the system to send an alert message when the number of unicast floods exceeds the flood rate limit. Another option consists in using the shutdown keyword to instruct the system to shut down the ingress port generating the floods when frames of unicast floods exceed the flood rate.

Was this article helpful?

+1 0

Post a comment