Discussion:
[j-nsp] EX4550: storm-control on commit
Jeff Meyers
2017-01-26 10:56:22 UTC
Permalink
Hello everybody,

we are having a kind of strange haviour here. It's not really an issue
but at least a curiousity. On a couple of EX4550 in VC we have
storm-control enabled. This works fine so far. But on every commit, we
see a "storm-control in effect" message in our logs:

Jan 26 11:50:45 cs0 eswd[1298]: ESWD_ST_CTL_ERROR_IN_EFFECT: ae2.0:
storm control in effect on the port
Jan 26 11:51:47 cs0 eswd[1298]: ESWD_ST_CTL_ERROR_IN_EFFECT: ae2.0:
storm control in effect on the port


I wonder where this comes from. I doubt that this is real since most
commits only contain a vlan configuration change for some ports but no
major adjustments. Maybe someone can bring some light in this.


Thanks!
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Valentini, Lucio
2017-01-27 13:09:47 UTC
Permalink
Hi there,

I also have 2 x EX4550 in VC with storm-control enabled, but it never happens to me to get that message on commit;

I have this configuration for storm-control:

set ethernet-switching-options storm-control interface all

I am wondering what is your configuration for the ae2.0 interface: can you check that ? which physical interfaces are on ae2 ? what are their configurations? Maybe there is a loop somewhere in between those.

Also, can you check your log messages ? if you do a "help syslog ESWD_ST_CTL_ERROR_IN_EFFECT" it tells you:

Name: ESWD_ST_CTL_ERROR_IN_EFFECT
Message: <interface-name>: storm control in effect on the port
Help: Storm control error in effect an interface
Description: This condition occurs when storm control error condition is
detected.
Type: Error: An error occurred
Severity: alert
Facility: LOG_DAEMON

So I think it can´t be overlooked.

I hope this helps you

Cheers

Lucio

-----Messaggio originale-----
Da: juniper-nsp [mailto:juniper-nsp-***@puck.nether.net] Per conto di Jeff Meyers
Inviato: giovedì 26 gennaio 2017 11:56
A: juniper-***@puck.nether.net
Oggetto: [j-nsp] EX4550: storm-control on commit

Hello everybody,

we are having a kind of strange haviour here. It's not really an issue but at least a curiousity. On a couple of EX4550 in VC we have storm-control enabled. This works fine so far. But on every commit, we see a "storm-control in effect" message in our logs:

Jan 26 11:50:45 cs0 eswd[1298]: ESWD_ST_CTL_ERROR_IN_EFFECT: ae2.0:
storm control in effect on the port
Jan 26 11:51:47 cs0 eswd[1298]: ESWD_ST_CTL_ERROR_IN_EFFECT: ae2.0:
storm control in effect on the port


I wonder where this comes from. I doubt that this is real since most commits only contain a vlan configuration change for some ports but no major adjustments. Maybe someone can bring some light in this.


Thanks!
Jeff Meyers
2017-01-27 21:27:03 UTC
Permalink
Hi,
Post by Valentini, Lucio
I also have 2 x EX4550 in VC with storm-control enabled, but it never
happens to me to get that message on commit;
set ethernet-switching-options storm-control interface all
can you check that ? which physical interfaces are on ae2 ? what are
their configurations? Maybe there is a loop somewhere in between
those.
we have this one:

interface all {
level 1;
}


ae2 is actually a LACP channel containing 2x 10GE to a customer.
Generally yes there might be a potential loop behind. The curious part
is however that this message mostly appears on commits and not
necessarily also without a commit. This is not limited to our EX4550 VC
but can also be seen on some EX3300 ToR switches. Typically all with
storm-control level 1-5 configured.
Post by Valentini, Lucio
Also, can you check your log messages ? if you do a "help syslog
Yes, that happens every once in a while. Although I cannot guarantee
this is not loop-caused, the impact to our network caused by loops is
was typically clearly visible by disappearing ARP entries on the routers
and/or jumping MACs (at least until we set storm-control low enough
which is even < 1% so we use the bandwidth option here).


Best,
Jeff
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Valentini, Lucio
2017-01-30 07:50:02 UTC
Permalink
Hi again,

I would check the configuration of the etherchannel on both sides, maybe spanning tree is disabled on the customer side or misconfigured;

If the behavior is not consistent, that could be due to the traffic on the link ?

This is my configuration for an etherchannel 10 G.

set interfaces xe-0/1/0 ether-options 802.3ad ae0 <---------- no other configuration is set for xe-0/1/0 and xe-1/1/0
set interfaces xe-1/1/0 ether-options 802.3ad ae0
set interfaces ae0 description xxx
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options link-speed 10g
set interfaces ae0 aggregated-ether-options lacp passive <--------------- it´s active on the other side!
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members xxxxxx

set protocols oam ethernet link-fault-management interface ae0.0 pdu-interval 800
set protocols oam ethernet link-fault-management interface ae0.0 pdu-threshold 10
set protocols oam ethernet link-fault-management interface ae0.0 negotiation-options allow-remote-loopback
set protocols lldp interface ae0.0

if you set the level to 1, it means the storm control is active when the traffic exceeds 1% of 10 G, which is 100Mbps, but othe aggregate it would be 200 Mbps, easy enough to exceed.
See this for example:
https://www.juniper.net/documentation/en_US/junos15.1/topics/concept/rate-limiting-storm-control-understanding.html

I hope this helps
Cheers

Lucio
-----Messaggio originale-----
Da: Jeff Meyers [mailto:***@gmx.net]
Inviato: venerdì 27 gennaio 2017 22:27
A: Valentini, Lucio <***@siag.it>; juniper-***@puck.nether.net
Oggetto: Re: [j-nsp] R: EX4550: storm-control on commit

Hi,
Post by Valentini, Lucio
I also have 2 x EX4550 in VC with storm-control enabled, but it never
happens to me to get that message on commit;
set ethernet-switching-options storm-control interface all
can you check that ? which physical interfaces are on ae2 ? what are
their configurations? Maybe there is a loop somewhere in between
those.
we have this one:

interface all {
level 1;
}


ae2 is actually a LACP channel containing 2x 10GE to a customer.
Generally yes there might be a potential loop behind. The curious part is however that this message mostly appears on commits and not necessarily also without a commit. This is not limited to our EX4550 VC but can also be seen on some EX3300 ToR switches. Typically all with storm-control level 1-5 configured.
Post by Valentini, Lucio
Also, can you check your log messages ? if you do a "help syslog
Yes, that happens every once in a while. Although I cannot guarantee this is not loop-caused, the impact to our network caused by loops is was typically clearly visible by disappearing ARP entries on the routers and/or jumping MACs (at least until we set storm-control low enough which is even < 1% so we use the bandwidth option here).


Best,
Jeff
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Loading...