Campus Networks

How To: Configure STP in a Customer Co-Location Site

by brcd-campus.expert on ‎02-02-2012 11:10 AM - edited on ‎04-09-2014 05:23 PM by pmadduru (2,311 Views)

BRCD-ENTERPRISE 2525

 

Contents

Introduction

Topic of Discussion

 

Introduction

There are many methods of providing redundant connectivity to customers in a Co-Location facility.  Dynamic Routing protocols such as BGP and OSPF can handle automated failover and redundancy.  Unfortunately, these protocols can be difficult for customers to configure and maintain.  Customer devices that support these protocols add an additional cost.

 

Redundant connectivity can also be achieved at Layer2.  This type of redundancy supports a wide variety of customer equipment and may be easier to setup and maintain.   This document explores redundant connectivity options between co-location facilities and their customers leveraging Layer-2 technologies available in the Brocade FastIron family. 

 

Topic of Discussion

Layer-2 Loop Prevention Technologies

 

 There are a number of Layer-2 loop detection and prevention technologies available in the Brocade FastIron family.  This first group of technologies based on the Spanning Tree Protocol (STP) are described below. 

  • Spanning Tree (802.1D):  The Spanning Tree technology detects and prevents network loops.  It provides failover and recovery within 30 seconds. 
  • Rapid Spanning Tree (802.1w):  The Rapid Spanning Tree technology is an enhancement to the 802.1D standard that provides sub-second failover when configured properly.  Rapid Spanning Tree (RSTP) is backwards-compatible with the 802.1D STP standard. 
  • Multiple Spanning Tree (802.1s):  The Multiple Spanning Tree technology is an enhancement to RSTP that allows many VLANs to be mapped to a fewer number of STP instances, allowing STP to scale to networks with hundreds or thousands of VLANs. 

 Brocade offers loop detection, an alternative to STP.  Ports or VLANs configured for loop detection send probes into the network.  A loop is detected when probes are copied and returned to the originating switch.  One or more ports will be placed in an error-disabled (errdisable) state when these loops are detected.   Brocade offers two modes of loop detection that are described below. 

 

  • Loop Detection (Strict):  Strict mode is configured at the interface level.  Probe packets are sent from  the interface, and if those probes are received back on the same interface, then that interface is placed in an errdisable state. 
  • Loop Detection (Loose):  Loose mode is configured at the VLAN level.  Probe packets are sent from all ports in the configured VLAN.  If any of those probes are received on any other interface in that VLAN, then both ports are placed in an errdisable state. 

 Ports in an errdisable state can be manually re-enabled by a network administrator, or automatically re-enabled after a specified interval.   If both STP and loop detect are configured on the same device, STP takes priority and operates first.    Enhancements to Spanning Tree   Brocade has developed additional configuration and management options to enhance and protect Spanning Tree that are described below. 

 

  • BPDU Guard:  When an STP Bridge Protocol Data Unit (BPDU) is received on a physical interface configured with BPDU Guard, the port is placed in an errdisable state.  This prevents customer equipment from participating and affecting the co-location facility's Spanning Tree. 
  • STP Protect:  When enabled on a physical interface, STP Protect transparently drops BPDUs without disabling the port. 
  • Root Guard:  Ports configured for Root Guard watch for lower-priority BPDUs from other devices.  If one of these “superior” BPDUs arrive at the interface, then this port is placed in an STP Inconsistent state.  When the lower-priority/superior BPDUs stop arriving at this interface, the port is automatically returned to normal operation.  This prevents customer equipment from becoming STP root on the co-location facility's network. 

 Customer Scenarios  

There are multiple ways to provide redundant connectivity leveraging these technologies.  There is not a single technology that is appropriate for all scenarios.  However, different combinations of these technologies can handle almost any customer configuration and provide compatibility with a wide variety of equipment, including firewalls, routers, switches, hubs, and load balancers/application delivery controllers.  Each configuration comes with unique capabilities, along with pros and cons. To provide full redundancy, the co-location facility provides two connections to the customer from two separate switches.  These connections are delivered by two physically separate switches or by a pair of switches in a stacked configuration.   These connections are connected to the customer equipment, either a single device with multiple ports (inverted triangle), or to multiple devices (square).  Both the inverted triangle and square topologies must create a network loop at layer2.  Brocade's loop prevention technologies manage these loops to provide redundancy to the co-location facility's customers.  Co-location STP, No Customer STP In a co-location STP setup, the co-location facility switches maintain the same configurations as Standard STP and Rapid Spanning Tree setup. The main difference is that the customer is instructed to completely disable STP on their side.  The Brocade FastIron switches still detect the loop and block traffic on the appropriate interface. 

 

 Example 1: Standard STP Configuration   

vlan 10 name Customer1 by port untagged ethe 1/1/10 ethe 2/1/10 router-interface ve 10 spanning-tree spanning-tree priority 4096 ! errdisable recovery cause all errdisable recovery interval 60 ! interface ethernet 1/1/10 port-name Customer1-Interface1 spanning-tree root-protect ! interface ethernet 2/1/10 port-name Customer1-Interface2 spanning-tree root-protect

 

  Example 2: Rapid Spanning Tree Configuration  

vlan 10 name Customer1 by port untagged ethe 1/1/10 ethe 2/1/10 router-interface ve 10 spanning-tree 802-1w spanning-tree 802-1w priority 4096 ! errdisable recovery cause all errdisable recovery interval 60 ! interface ethernet 1/1/10 port-name Customer1-Interface1 spanning-tree root-protect spanning-tree 802-1w admin-pt2pt-mac ! interface ethernet 2/1/10 port-name Customer1-Interface2 spanning-tree root-protect spanning-tree 802-1w admin-pt2pt-mac

 

  As mentioned above, each scenario comes with unique pros and cons. These pros and cons are listed below.  

Pros

  • Broadest compatibility, customer equipment doesn't need to support STP
  • Simple configuration (customers may need to disable STP if equipment is STP-enabled by default)
  • Automated Failover/Failback
  • Predictable STP topology provided by Root Guard

Cons

  • Failover can take up to 30 seconds
  • Root Guard generates many log messages (cosmetic)

  Since the customer equipment has STP disabled, BPDUs sent from one of the co-location facility interfaces will come back to the other/redundant interface on the co-location facility switch.  This triggers a Root Guard event and one of the ports on the co-location switch is placed in an STP inconsistent state.  After the pre-configured interval (30, 60, 120 seconds, etc.), the port is checked again for superior BPDUs.  If they are found, the same port will be placed in an STP inconsistent state again.  The co-location facility switch will send syslogs similar to the syslog shown below every interval.   STP: VLAN 10 Root-protect port 2/1/10, inconsistent (Received superior BPDU)STP: VLAN 10 Port 2/1/10 STP State -> BLOCKING (DOT1wTransition)STP: VLAN 10 Root-protect port 2/1/10, consistent (Timeout)STP: VLAN 10 Port 2/1/10 STP State -> LEARNING (DOT1wTransition)STP: VLAN 10 Root-protect port 2/1/10, inconsistent (Received superior BPDU)     

Contributors