[c-nsp] Loop guard and Bridge Assurance

Lincoln Dale ltd at cisco.com
Thu Nov 26 21:58:43 EST 2009


On 27/11/2009, at 8:14 AM, samuel vuillaume wrote:

> Can someone see a benefit of bridge assurance instead of using loop guard? I
> understand what BA does, but i can't see any benefits over loop guard.

there are a few scenarios where LoopGuard would not be effective at detecting loops and/or unidirectional links.
 - can only be enabled on root & alternate ports.  it CANNOT run on 'designated ports'.
 - ineffective at detecting a port that has been unidirectional since link-up.

Bridge Assurance (BA) is effective at mitigating those remaining scenarios that LoopGuard could not.

BA works because it turns STP into operating more like a routing protocol where BPDUs now go both ways on a given link verifying device health/awareness / lack of braindeadness.
i.e. it turns STP from traditional "fail open" behavior to "fail closed".

compare figure 1 to figure 3 in
  <http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_4.2_chapter7.html#con_1285149>
and it should be clear.


cheers,

lincoln.


More information about the cisco-nsp mailing list