Saturday, 6 September 2025

Cisco ACI, Storm Control : Drop and Shutdown

 In Cisco ACIStorm Control is a feature used to mitigate traffic storms caused by excessive broadcast, multicast, or unknown unicast traffic. It can be configured with two types of actions: Drop and Shutdown.


⚙️ Storm Control Actions in Cisco ACI

1. Drop (Default Action)

  • When traffic exceeds the configured threshold (either in packets per second or percentage of bandwidth), the excess traffic is dropped.
  • The port remains up and operational.
  • This is a non-disruptive method to suppress storm traffic.
  • Suitable for most environments where you want to limit traffic without affecting port availability 

2. Shutdown

  • When traffic exceeds the threshold:
    • Traffic is dropped for a soaking interval (default: 3 seconds).
    • If the storm persists, the port is administratively shut down at the end of the interval.
  • You can configure the soaking interval between 3 to 10 seconds.
  • This action is more aggressive and is used when dropping traffic alone is insufficient to protect the network 

🔍 Behavioral Differences

Feature

Drop

Shutdown

Traffic Handling

Drops excess traffic

Drops traffic, then shuts down port

Port Status

Remains up

Goes down if storm persists

Faults/Traps

Can raise SNMP traps

Interface traps raised; storm traps may be unreliable

1

Use Case

Mild suppression

Severe storm mitigation


🛠️ Configuration Notes

  • Storm Control is configured via Access Policies in ACI:
    • Fabric > Access Policies > Interface > Storm Control
  • You can apply it to:
    • Physical interfaces
    • Port channels
  • Monitoring policies can be added to raise alerts when thresholds are exceeded