[c-nsp] risks of assigning redundant paths on data link layer to end-customer

Peter Rathlev peter at rathlev.dk
Tue Nov 22 04:11:17 EST 2011


(Hit "send" too early, sorry! Second paragraph was missing.)

On Tue, 2011-11-22 at 06:55 +0200, Martin T wrote:
> Lets assume there is a following setup:
> 
> http://img844.imageshack.us/img844/9133/stp.png
> 
> ISP manages "R1", "C3550-24-A", "C-355-24-B" and "C2950-24-A".
> "Customer-SW" is fully under customer control. As you can see, there
> are two paths to "Customer-SW". What are the risks with such setups in
> general?

You mention loops, which is probably one of the worst risks. Besides
this there's the fact that a L2 networks spans many more devices. With
L3 interconnect you would only put the two devices closest to the
customer at risk. This might of course adversely affect other things,
but only things connected to these two devices. The L2 network streches
through all the shown devices. Other things than loops can cause
problems, e.g. broadcasts or STP control traffic.

To mitigate these things you should aggressively police broadcast and
maybe multicast traffic. You should also implement CoPP (or similar) on
any devices with a L3 connection to the specific VLAN.

That the root is placed with the customer is IMHO no big problem. They
might have reasons to place it somewhere special, and since only one of
the two paths from the CPE to R1 would be active at any time (because of
STP) it doesn't really matter where the root is from your point of view.

-- 
Peter




More information about the cisco-nsp mailing list