[c-nsp] VPLS and BPDUs tunneling

Andrey Elperin mizzy at colocall.net
Thu Nov 22 04:19:33 EST 2007 

On Thu, Nov 15, 2007 at 03:16:14PM +0100, Enno Rey wrote:

 Hi,

 Thanks for a link to interesting material.

> >  will/may grow severely and there will be problem with network
> >  stability. Or maybe there are some other reasons for considering
> >  BPDUs tunneling harmful ?
> what about "unexpected network behaviour"? ;-)
> Tunneling STP BPDUs means there will only one STP root (per VLAN in most cases) in your VPLS structure (be a "full one", be one part of a hierarchical one).
> Depending on your topology this might induce (at a first glance) "strange frame forwarding paths", including "local site traffic" going through a "remote site STP root".

 Yes, I thought about "unexpected network behaviour" but as for me it depends on
 topology :)

 Actually when I'm talking about passing BPDUs I'm considering the following
 "a bit strange" topology :

                     Site B                          Site D
     +------+     +---------+                     +---------+     +------+
 S   | 3750 |-----| 7609 #1 |-  +-------------+  -| 7609 #3 |-----| 3750 |   S
 I   +------+     +---------+ \ |             | / +---------+     +------+   I
 T      |                      \| MPLS Cloud  |/                      |      T
 E      |            Site C    /|             |\     Site E           |      E
     +------+     +---------+ / +-------------+ \ +---------+     +------+   
 A   | 3750 |-----| 7609 #2 |-                   -| 7609 #4 +-----| 3750 |   F
     +------+     +---------+                     +---------+     +------+
        |                                                             |
        |                                                             |
        |                                                             |
     +------+                                                     +------+
     |  CE  |                                                     |  CE  |
     +------+                                                     +------+
    Customer #1                                                  Customer #1

 
 Imaginary customer have two non-redundant connections to SP infrastructure - at 
 sites A and F. And customer wants layer2 transport between sites A and F
 (actually customer can connect more than at two sites and want VPLS service
 then).

 SP access switches on site A has connections to two different PEs on two
 different sites (site B and site C). Site B and site C actually located in
 two different cities (actually this small access sites were designed a lot of years ago
 with demand to provide layer3 connections only and for layer3 it still works fine,
 but now there is need to provide some layer2 services on this sites). The
 are the same connection scheme for site F.

 To provide quality service for customer it's will be fine to realize some
 protection scheme inside SP infrastructure :) SP has only layer2 connectivity between
 sites A and B, C. So of course the first thing what a lot of people will think about 
 is [M,R]STP. But because pair of PEs actually located on different sites it's a bit
 hard to make sites A, B and C an isolated STP domain. So there is a big temptation to
 simply enable BPDUs tunneling between sites A and F (of course only for some
 VLANs) and solve problem this way.

 So it looks like with this topology we mustn't have any unexpected network
 behaviour (there is no customer local-switched traffic), but we _may_
 have some problems with network stability. In case of only two sites 
 [M,R]STP convergence time must be ok, but what will be if some customer
 will connect on >10 (>20, >30 :) sites ? I can imagine that at some
 point convergence time _may_ increase badly.

 Thats why I'm asking about someone's expirience with BPDUs tunneling. I
 understand that topolgy which mentioned above is quite uncommon, but who knows :)

 Any comments and suggestions are greatly appreciated. Thanks in advance.

> Thinking of other types of PDUs (like VTP) you may even encounter far worse things like a remote site's VTP server (with high rev number) overwriting remote sites' ones.
> 
> For some discussion of this stuff see
> http://www.ernw.de/content/e7/e181/e972/erey_security_ethernet_services_ger.pdf
> 
> thanks,
> 
> Enno
> 
> 
> 
> 
> 
> 
> > 
> >  Anyway maybe some of you have expirience with BPDUs tunneling
> >  via VPLS ? Can your share your impressions about network 
> >  stability then ?
> > 
> >  Actually the main question for me now sounds like "can BPDUs 
> >  tunneling impcat network stability and is it depends on network
> >  size (number of POPs) ?". Your comments will be very much appreciated :)
> > 
> >  Thanks in advance.
> > 
> > -- 
> > Andrey Elperin
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> -- 
> Enno Rey
> 
> ERNW GmbH - Breslauer Str. 28 - 69124 Heidelberg - www.ernw.de
> Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
> PGP FP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1
> 
> Handelsregister Heidelberg: HRB 7135
> Geschaeftsfuehrer: Roland Fiege, Enno Rey
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Andrey Elperin
Internet Data Center "ColoCALL"

More information about the cisco-nsp mailing list