[c-nsp] STP on ASR9k

Gert Doering gert at greenie.muc.de
Sat Apr 18 15:57:39 EDT 2020 

Hi,

On Sat, Apr 18, 2020 at 08:34:57PM +0100, adamv0025 at netconsultings.com wrote:
> > We really like Arista.  Yes, they can not do everything Cisco can, but the
> stuff
> > that they *do* has been really rock-solid for us (and the "oh, that does
> not
> > work" bits are not as surprising as with Cisco... ran into "no, you cannot
> have
> > STP for a VLAN with mixed tagged untagged ports on IOS XR" yesterday,
> > much to my dismay).
>
> They actually do have STP on XR? Why?

I'd say because their EVPN stuff wasn't finished yet :-)


> Yes ASR9k was meant as L2 switch initially, but then they changed their mind
> and turned it into a router, i.e. LAG. MC-LAG, BUM rate limiters and
> split-horizon groups in bridge-domains I'd consider as the right tools (or
> REP if pushed hard), but STP? I guess you found yourself between a rock and
> a hard place in your design.

Small POP, two ASR9001 for routed connectivity, redundant paths to
two switches that have 1GE customer connections.  Customer has two
firewalls, that speak their sort of cluster redundancy protocol
("VRRP-ish", with a virtual MAC that moves around).

Customers are not to be trusted, so STP on the customer ports is a must.

Switch hardware / SFP+ can break, so the switches can lose their
interconnect - in which case, split brain, unless you do bridge-domain
"ring" through the two ASRs.  And then you have a ring, and want STP
to break flooding.

(But indeed, for that topology, split-horizon groups might actually 
be a better answer.  Need to revisit our deployments to see if I
can generalize our tooling to avoid STP in simple topologies like
this one... in other places, we've managed to totally go away from
STP already except as "protect customer ports against short-circuiting",
doing everything with MLAGs on the Aristas.  MC-LAG on the ASR9001
eats too many ports...)

Thanks for giving me something to think about :-)

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20200418/4f99aca6/attachment.sig>

More information about the cisco-nsp mailing list