Storm control on egress

Hello,

I’ve got an issue with two switches connecting:

Sw1
  |
Sw2

Sw1 is a Juniper equipment, Sw2 is a CRS317.
On the Juniper, there’s a broadcast storm control set to 3000 (kbps). From their documentation:

Configure the storm control level as the bandwidth in kilobits per second of the available bandwidth used by the combined broadcast, multicast, and unknown unicast traffic streams.

I’ve had a few scenarios where I got storm controlled and the port was shutdown. The question is: how can I limit the outgoing bandwidth of combined broadcast, multicast and unknown unicast traffic streams to under 3 Mbps on the CRS317 in order to avoid getting storm controlled?

I have already tried to use a rule like:

 /interface/ethernet/switch/rule> print
Flags: X - disabled, I - invalid; D - dynamic 
 0   switch=switch1 ports=<Servers>
      dst-mac-address=FF:FF:FF:FF:FF:FF/FF:FF:FF:FF:FF:FF vlan-id=3 copy-to-cpu=no 
      redirect-to-cpu=no mirror=no rate=1500.0kbps

Still, this doesn’t seem to cut it. I’ve also tried to use storm control on the port connected to Sw1, but since the storm control can only be set in percentage, and the link speed is 1Gbps, 1% of the 1Gbps still means more than the Sw1 limit (3Mbps).
Anyone any idea?

Thank you!

Probably doable using hw offloaded qos.

https://help.mikrotik.com/docs/spaces/ROS/pages/189497483/Quality+of+Service

Possibly special handlers already exist for multicast (and??) broadcast.

Otherwise you can perhaps use switch rules to map the packets you want restricted to a specific traffic class.
Which has the 3M limit on it.

Hello and thank you for your reply.

Unfortunately, I don’t understand how I could use the QoS. I went through the doc but I don’t get how I could mark the broadcast packets to a specific queue…?
Also, I just read that bridge filters might work. Any clue on that? The thing is, testing this is quite complicated, because if I go over the 3Mbps, Sw1 cuts me off for an hour…

Thank you!