ACI Fabric Traffic Storm Control
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use traffic storm control policies to prevent disruptions on Layer 2 ports by broadcast, unknown multicast, or unknown unicast traffic storms on physical interfaces.
By default, storm control is not enabled in the ACI fabric. ACI bridge domain Layer 2 unknown unicast flooding is disabled by default within the BD but can be enabled by an administrator. If disabled (default), the storm control policy applies only to broadcast and unknown multicast traffic. If Layer 2 unknown unicast flooding is enabled in a BD, then the storm control policy applies to Layer 2 unknown unicast flooding in addition to broadcast and unknown multicast traffic.
Traffic storm control (also called traffic suppression) enables you to monitor the levels of incoming broadcast, multicast, and unknown unicast traffic over a one-second interval. During this interval, the traffic level, which is expressed either as percentage of the total available bandwidth of the port or as the maximum packets per second allowed on the given port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends. An administrator can configure a monitoring policy to raise a fault when a storm control threshold is exceeded.
ACI Fabric Traffic Load Balance
The ACI fabric provides several load-balancing options for balancing the traffic among the available uplink. Static hash load balancing is the traditional load-balancing mechanism used used in networks where each flow is allocated to an uplink based on a hash of its 5-tuple. This load balancing spreads the flows across the available links in a fairly even fashion. Usually, with a large number of flows, the even distribution of flows results in an even distribution of bandwidth as well. However, if a few flows are much larger than the rest, static load balancing might lead to suboptimal results.
ACI fabric dynamic load balancing (DLB) adjusts the traffic allocations according to congestion levels. It measures the congestion across the available paths and places the flows on the least congested paths, which results in an optimal or near optimal placement of the data.
DLB can be configured to place traffic on the available uplinks using the granularity of flows or flowlets. Flowlets are bursts of packets from a flow that are separated by suitably large gaps in time.
The ACI fabric adjusts traffic when the number of available links changes due to a link going offline or coming online. The fabric redistributes the traffic across the new set of links.
In all modes of load balancing, static or dynamic, the traffic is sent only on those uplinks or paths that meet the criteria for equal-cost multipath (ECMP); these paths are equal and the lowest cost from a routing perspective.
ACI Fabric Loop Detection
The ACI fabric provides global default loop detection policies that can detect loops in Layer 2 network segments that are connected to ACI access ports. These global policies are disabled by default, but the port level policies are enabled by default. Enabling the global policies means they are enabled on all access ports, virtual ports, and virtual port channels unless they are disabled at the individual port level.
The ACI fabric does not participate in the Spanning Tree Protocol. Instead, it implements the Mis-Cabling Protocol (MCP) to detect loops. MCP works in a complementary manner with STP that is running on external Layer 2 networks and handles bridge protocol data unit (BPDU) packets that access ports receive.
A fabric administrator provides a key that MCP uses to identify which MCP packets are initiated by the ACI fabric. The administrator can choose how the MCP policies identify loops and how to act on the loops: use syslog only or disable the port.
Although endpoint moves such as VM moves are normal, they can be symptomatic of loops if the frequency is high and the interval between moves is brief. An administrator can choose how to act on move detection loops.
Also, an error disabled recovery policy can enable ports that loop detection and BPDU policies disabled after an interval that the administrator can configure.
The MCP runs in native VLAN mode where the MCP BPDUs sent are not VLAN tagged, by default. The MCP can detect loops due to mis-cabling if the packets sent in native VLAN are received by the fabric, but if there is a loop in non-native VLANs in EPG VLANs, it is not detected. The APIC now supports sending MCP BPDUs in all VLANs in the EPGs configured; therefore, any loops in those VLANs are detected. A new MCP configuration mode allows you to configure MCP to operate in a mode where MCP PDUs are sent in all EPG VLANs that a physical port belongs to by adding an 802.1Q header with each of the EPG VLAN IDs to the PDUs transmitted.