From Router Security Requirements Guide
Part of SRG-NET-000193-RTR-000002
Associated with: CCI-001095
A traffic storm occurs when packets flood a VPLS bridge, creating excessive traffic and degrading network performance. Traffic storm control prevents VPLS bridge disruption by suppressing traffic when the number of packets reaches configured threshold levels. Traffic storm control monitors incoming traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any one-second interval.
Review the router configuration to verify that storm control is enabled on CE-facing interfaces deploying VPLS. If storm control is not enabled at a minimum for broadcast traffic, this is a finding. Note: The threshold level can be from 0 to 100 percent of the link's bandwidth, where "0" suppresses all traffic. Most FastEthernet switching modules do not support multicast and unicast traffic storm control.
Configure storm control for each VPLS bridge domain. Base the suppression threshold on expected traffic rates plus some additional capacity. For example, if the peak broadcast traffic that is acceptable for a port is 10 percent, a threshold of 15 percent might be appropriate.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer