[c-nsp] risks of assigning redundant paths on data link layer to end-customer
Martin T
m4rtntns at gmail.com
Mon Nov 21 23:55:38 EST 2011
Lets assume there is a following setup:
http://img844.imageshack.us/img844/9133/stp.png
ISP manages "R1", "C3550-24-A", "C-355-24-B" and "C2950-24-A".
"Customer-SW" is fully under customer control. As you can see, there
are two paths to "Customer-SW". What are the risks with such setups in
general? I'm able to name two disadvantages:
1) in case customer configures (accidentally) "spanning-tree
bpdufilter enable" on his ports Fa0/23 - 24 there will be L2 loop
which causes very high PPS and CPU load in ISP devices
2) in case customer switch is a STP root(it's easy to become root
switch by changing priority when "root guard" on ISP side is not
configured) and customer VLAN is through many ISP switches,
non-optimal paths for traffic can take place
Are there some other possibilities for L2 loop? Or anyone seen a
hub/switch which handles 802.1d/802.1w BPDU's somewhat abnormally and
might create a L2 loop(under certain circumstances)? Any other
disadvantages which might arise with setups like this?
regards,
martin
More information about the cisco-nsp
mailing list