[c-nsp] backup with STP

[Andris Zarins]

Yes, in that case you must have per-customer STP instance, and customer
could do what he likes with that instance. It works, of course, but by
my opinion - it's definitely not the best practice to allow customer to
manipulate with something inside SP network, exception might be some
routing inside VRF, when SP can control what customer is doing.

Besides - per-customer STP instance can finally grow into MST-RSTP
hybrid :) (if there is MST inside SP network), that operates by MST
principles, but has per-VLAN STP instance.. I don't like that idea

Andris



-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de] 
Sent: Wednesday, September 28, 2005 4:15 PM
To: Andris Zarins
Cc: sthaug at nethelp.no; bambi at hughes.com.au; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] backup with STP

Hi,

On Wed, Sep 28, 2005 at 04:06:27PM +0300, Andris Zarins wrote:
> Second - completely agree with Aivars - don't run any kind of STP with
> devices NOT under your control. Interoperability is only one of
problems
> you might face, perhaps even not the most painful one. Imagine that
> under some conditions, customer starts telling your network, that his
> device is the root bridge, and if your network believes it, I guess
that
> might mean somewhat like 'dead end'... 

Well, of course you'll only run STP with the customer equipment for 
those VLANs that their stuff is on - so all they can do is hose their
own VLAN.

Running an open trunk with all internal VLANs toward customer equipment
is much more dangerous than just STP issues.

gert
-- 
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de