[c-nsp] EoMPLS or VPLS loop prevention/storm control
Arie Vayner (avayner)
avayner at cisco.com
Wed Feb 9 13:45:11 EST 2011
Schilling,
You should be most likely looking at reducing these wide L2 domains, but
regardless of the L2 domain size, you should still deploy access layer
countermeasures to avoid loop creation and the effects of a potential
loop.
VPLS or any other transport would not help you if some user loops the
cable back, or connects a rouge hub/switch. VPLS just makes sure there
are no loops in the VPLS core - you can still get loops through the
other layers.
I would suggest reading these documents (I am including the docs for
3750, but it is quite generally supported across the switching
portfolio):
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e
/software/release/12.2_55_se/configuration/guide/swstpopt.html
(Features to look at include: BPDU Guard, Root Guard, Loop Guard)
Also:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e
/software/release/12.2_55_se/configuration/guide/swtrafc.html#wp1063295
(Features to look at include: Storm Control, Port Security (to limit
number of MACs per port))
Not directly related to loop prevention, but a good practice on campus
access layer:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e
/software/release/12.2_55_se/configuration/guide/swdhcp82.html
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e
/software/release/12.2_55_se/configuration/guide/swdynarp.html
For even more advanced protection:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750e_3560e
/software/release/12.2_55_se/configuration/guide/sw8021x.html
Arie
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of schilling
Sent: Wednesday, February 09, 2011 17:12
To: cisco-nsp
Subject: [c-nsp] EoMPLS or VPLS loop prevention/storm control
Hi All,
We right now have several bridged campus wide VLAN. It happens several
times a year where a loop in one of the VLAN will cause our backbone
to be unavailable. Now we are thinking to better architect the design.
If we migrate to some platform like ASR9K and use EoMPLS or VPLS, what
will happen if we have a loop in one of the VLAN? The simple loop is
to have a dump switch, connected two ports of it together.
Thanks,
Schilling
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list