|
Related links:
https://docs.fortinet.com/document/fortiswitch/7.0.0/devices-managed-by-fortios/173291/configuring-s...
https://docs.fortinet.com/document/fortiswitch/7.0.1/administration-guide/13233/storm-control
To verify the storm-control:
1) Connect Port1 and Port2 with traffic generator and traffic capture respectively.
For Traffic generator, use Third-party applications. eg. Cola-soft.
For Traffic capture, port-mirror capture on the FortiSwitch as mentioned on the below link:
https://community.fortinet.com/t5/FortiSwitch/Technical-Tip-SPAN-Port-Mirroring/ta-p/189430
2) Port1 and Port2 should be configured in same VLAN.
3) Enable storm-control globally (or per port strom-control) with 100 packet/sec with Broadcast, multicast and unknown unicast.
To configure Storm-control globally for managed FortiSwitches:
# config switch-controller storm-control
set rate <rate>
set unknown-unicast {enable | disable}
set unknown-multicast {enable | disable}
set broadcast {enable | disable}
end
To configure Storm-control port based on the Managed FortiSwitches:
# config switch-controller storm-control-policy
edit <storm_control_policy_name>
set description <description_of_the_storm_control_policy>
set storm-control-mode override
set rate <1-10000000 or 0 to drop all packets>
set unknown-unicast {enable | disable}
set unknown-multicast {enable | disable}
set broadcast {enable | disable}
next
end
# config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit port5
set storm-control-policy <storm_control_policy_name>
next
end
4)Send broadcast (any packets with destination mac ffff.ffff.ffff) at 200 packet/sec to port1; then verify port2 receives broadcast packets at 100 packet/sec.
Note.
Traffic generation and capture has to be done as mentioned on 1).
5): Use '# diagnose switch physical-ports port-stats list 1' to check 'Rx Discards' count is incremented.
6) Also, enable HW counter on the RX port as shown below.
FSW# diagnose switch physical-ports hw-counter add rx 4 PDISC port2
Then check 'PDISC' counter is increasing after the storm happened.
FSW# diagnose switch physical-ports hw-counter show rx port2 ======execute this command 4-5 times
-------------------------------------------------------------------------------------
| Counter Statistics (port:port2)
-------------------------------------------------------------------------------------
|Type|Counter ID| Value | Trigger Flags Enabled
-------------------------------------------------------------------------------------
| Rx | 0| 3240862|RIPD4 RIPD6 RDISC RPORTD PDISC
| | | | RFILDR RDROP VLANDR
-------------------------------------------------------------------------------------
| Rx | 1| 0|IMBP
-------------------------------------------------------------------------------------
| Rx | 2| 0|RIMDR
-------------------------------------------------------------------------------------
| Rx | 4| 114457|PDISC <-----
-------------------------------------------------------------------------------------
==========================================
FSW # diagnose switch physical-ports hw-counter show rx port2
-------------------------------------------------------------------------------------
| Counter Statistics (port:port2)
-------------------------------------------------------------------------------------
|Type|Counter ID| Value | Trigger Flags Enabled
-------------------------------------------------------------------------------------
| Rx | 0| 3258276|RIPD4 RIPD6 RDISC RPORTD PDISC
| | | | RFILDR RDROP VLANDR
-------------------------------------------------------------------------------------
| Rx | 1| 0|IMBP
-------------------------------------------------------------------------------------
| Rx | 2| 0|RIMDR
-------------------------------------------------------------------------------------
| Rx | 4| 131871|PDISC <----- Increasing.
-------------------------------------------------------------------------------------
Disable debug after verifying the logs.
FSW# diagnose switch physical-ports hw-counter remove rx 4 PDISC port2
Points to be Noted:
Storm-control is implemented in hardware, so there are no logs to indicate traffic dropped by storm-control.
Packet size could impact storm-control too.
Besides the rate limit of packet per second configuration, the burst-size-level configuration deals with burst packets in storm-control.
So, the different traffic patterns (rate, packet size, burst) will impact the drop decision of storm-control in ASIC hardware.
|
