L2 Broadcast/multicast limits on ethernet ports

Thanx Arien

Yes that’s the command we will be doing.

The basic purpose is to stop the cpu’s to shoot up to 70 + % utilistaion and to crash/reboot as we experienced the same.

What numbers you are using for 10/100/1000 ports.



We use it global for all ports.

#sh run | i limit
broadcast limit 500
multicast limit 10000
unknown-unicast limit 1000

The numbers are based on tests we did on the IronCore hardware. We too wanted to limit CPU utilisation. Connected switches remained usable while the address learning rate was not affected.

But again it are egress limits. Multicast, broadcast and unknown unicast frames hit the CPU before they are dropped or forwarded.

Kind regards, Arien