On Sat, Jul 07, 2001 at 11:50:11PM +0200, Gert Doering wrote:
> Is it just me, or is it really time to completely do away with STP?
>
> - STP has no protection against malicious insertion of BPDU packets from
> evildoers
Yes it does - or at least Cisco do, BPDU Guard stops this. (Although it's not
available on all platforms)
> - STP has no concept to get decent "routing" of packets in the face of
> multiple switches connected over a mesh or a ring structure - packets
> always have to travel over the "root path", even if there might be a
> direct connection between two switches which just happens to be in STP
> block instate.
>
> The main suggestion that has come up in the part is a kind of "L2 SPF"
> protocol, where the switches would do with MAC addresses what OSPF does
> with IP addresses (+networks) - flood them around, calculate Dijstra, send
> packets over the shortest path to their target.
L2 packets have no TTL - SPF is useless as you need to guarantee a loop-free
path to avoid network meltdown. DUAL (As used by EIGRP) would work, but that
algorithm is more complex. Also, I'm sure you can probably find a situation
in which DUAL gives loops - irritating in L3 networks, a total disaster in
L2 networks.
Good L2 design is the key to avaoiding STP problems - "Cisco LAN Switching"
has a couple of very good chapters on this.
-- Ryan O'Connell - <ryan@complicity.co.uk> - http://www.complicity.co.ukI'm not losing my mind, no I'm not changing my lines, I'm just learning new things with the passage of time
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:44 EDT