[c-nsp] UDLD enabling port prematurely?

Saku Ytti saku at ytti.fi
Thu Jul 17 06:07:41 EDT 2014


On (2014-07-17 11:38 +0200), Peter Rathlev wrote:

> This is because UDLD errdisable recovery has been enabled. You can
> 
> I'm not aware of a more elegant solution to your problem, but I'm
> interested in hearing about one.

Is UDLD useful? Shouldn't ethernet autonego handle unidirectional links
natively via down-side asserting RFI, which should make up-side go down?

UDLD is control-plane, uses BPDU, which means false-positives would occur if
BPDU are limited or control-plane is congested.
If you run UDLD, you are not 'allowed' to protect your control-plane from L2
PDU, exposing yourself to an attack vector.

I guess if it's ethernet link over some radio or something, where autenego
isn't end-to-end, it might plausibly be useful, but generally?

-- 
  ++ytti


More information about the cisco-nsp mailing list