thank tankll !
docs i've found (large campus best practices, this helpfull forum...) were not very perfectly clear about that.
Ok now, what i've done if it could help :
1/ rate-limit all ports on 8600 core switch. R-RS modules so we must talk in kbps : broadcast/multicast : 600 kbps .
Large Campus Technical Solution guide :
ERS 8600 (R-series, RS-series modules)
Broadcast / multicast bandwidth limiting
Allowed rate is in kbps
Recommendation
3 times normal kbpsBut what traffic they talk (just broadcast
...)
2/ every 5mns nedi (
http://www.nedi.ch/), a wonderfull open tool, scan the core switch with snmp (it takes only 10s) and write it all in mysql tables. New version include a field in interfaces table : dinbrc which is inbroadcast interface difference between 2 scan. So a little sql request piped with a mail tell me when too many broadcast are coming from an interface.
3/ i've tested with a tool called packeth to simulate a storm :
* inbound bcast from interface test (interface 8/43) --> 600 000 bcast/s
* all the others interfaces --> outbound bcast never exceed 900 bcast/s
* 3mns later i received an email tell me interface 8/43 is involved with a broadcast storm.
