Campus Networks

How To: Configure STP to Provide Redundancy in Customer Environment with Standard STP Configuration

by brcd-campus.expert on ‎02-02-2012 02:14 PM - edited on ‎04-25-2014 10:50 AM by Community Manager (2,292 Views)

 

BRCD-ENTERPRISE 2532

 

Introduction

 

There are many methods of providing redundant connectivity to customers in a Co-Location facility.  Dynamic Routing protocols such as BGP and OSPF can handle automated failover and redundancy.  Unfortunately, these protocols can be difficult for customers to configure and maintain.  Customer devices that support these protocols add an additional cost.
 
Redundant connectivity can also be achieved at Layer2.  This type of redundancy supports a wide variety of customer equipment and may be easier to setup and maintain.
 
This document explores redundant connectivity options between co-location facilities and their customers leveraging Layer-2 technologies available in the Brocade FastIron family.
 
Topic of Discussion

 

Layer-2 Loop Prevention Technologies
 
There are a number of Layer-2 loop detection and prevention technologies available in the Brocade FastIron family.  This first group of technologies based on the Spanning Tree Protocol (STP) are described below.
 
  • Spanning Tree (802.1D):  The Spanning Tree technology detects and prevents network loops.  It provides failover and recovery within 30 seconds.
  • Rapid Spanning Tree (802.1w):  The Rapid Spanning Tree technology is an enhancement to the 802.1D standard that provides sub-second failover when configured properly.  Rapid Spanning Tree (RSTP) is backwards-compatible with the 802.1D STP standard.
  • Multiple Spanning Tree (802.1s):  The Multiple Spanning Tree technology is an enhancement to RSTP that allows many VLANs to be mapped to a fewer number of STP instances, allowing STP to scale to networks with hundreds or thousands of VLANs.
Brocade offers loop detection, an alternative to STP.  Ports or VLANs configured for loop detection send probes into the network.  A loop is detected when probes are copied and returned to the originating switch.  One or more ports will be placed in an error-disabled (errdisable) state when these loops are detected.
 
Brocade offers two modes of loop detection that are described below.
 
  • Loop Detection (Strict):  Strict mode is configured at the interface level.  Probe packets are sent from  the interface, and if those probes are received back on the same interface, then that interface is placed in an errdisable state.
  • Loop Detection (Loose):  Loose mode is configured at the VLAN level.  Probe packets are sent from all ports in the configured VLAN.  If any of those probes are received on any other interface in that VLAN, then both ports are placed in an errdisable state.
Ports in an errdisable state can be manually re-enabled by a network administrator, or automatically re-enabled after a specified interval.
 
If both STP and loop detect are configured on the same device, STP takes priority and operates first.
 
Enhancements to Spanning Tree
 
Brocade has developed additional configuration and management options to enhance and protect Spanning Tree that are described below.
 
  • BPDU Guard:  When an STP Bridge Protocol Data Unit (BPDU) is received on a physical interface configured with BPDU Guard, the port is placed in an errdisable state.  This prevents customer equipment from participating and affecting the co-location facility's Spanning Tree.
  • STP Protect:  When enabled on a physical interface, STP Protect transparently drops BPDUs without disabling the port.
  • Root Guard:  Ports configured for Root Guard watch for lower-priority BPDUs from other devices.  If one of these “superior” BPDUs arrive at the interface, then this port is placed in an STP Inconsistent state.  When the lower-priority/superior BPDUs stop arriving at this interface, the port is automatically returned to normal operation.  This prevents customer equipment from becoming STP root on the co-location facility's network.
Customer Scenarios
 
There are multiple ways to provide redundant connectivity leveraging these technologies.  There is not a single technology that is appropriate for all scenarios.  However, different combinations of these technologies can handle almost any customer configuration and provide compatibility with a wide variety of equipment, including firewalls, routers, switches, hubs, and load balancers/application delivery controllers.  Each configuration comes with unique capabilities, along with pros and cons.
 
To provide full redundancy, the co-location facility provides two connections to the customer from two separate switches.  These connections are delivered by two physically separate switches or by a pair of switches in a stacked configuration.
 
These connections are connected to the customer equipment, either a single device with multiple ports (inverted triangle), or to multiple devices (square).  Both the inverted triangle and square topologies must create a network loop at layer2.  Brocade's loop prevention technologies manage these loops to provide redundancy to the co-location facility's customers.
 
Standard Spanning Tree
 
The Standard Spanning Tree involves enabling Spanning Tree on both co-location and customer equipment.  Spanning Tree blocks one of the looped ports.  If there is a device or link failure, Spanning Tree transitions traffic to the alternate link.
 
The co-location facility should enable Spanning Tree in the customer-facing VLAN.  They should also modify the default Spanning Tree priority in that VLAN to 4096.  With these assumptions met, the Brocade FastIron equipment takes the Root role in the Spanning Tree topology.  As an additional precaution, Root Guard should be enabled on the customer-facing interfaces to guarantee that the co-location facility's switch retains the Root role regardless of customer network (mis)configurations.
 
With standard STP, failover is automated and can take up to 30 seconds.  When the failed device or link is repaired, there may be an additional traffic disruption of up to 30 seconds.
 
Example 1: Sample FCX Stack Configuration

vlan 10 name Customer1 by port untagged ethe 1/1/10 ethe 2/1/10 router-interface ve 10 spanning-tree spanning-tree priority 4096 ! errdisable recovery cause all errdisable recovery interval 60 ! interface ethernet 1/1/10 port-name Customer1-Interface1 spanning-tree root-protect ! interface ethernet 2/1/10 port-name Customer1-Interface2 spanning-tree root-protect

 
The pros and cons for this scenario are listed below.
 
Pros
  • Broad compatibility, since most network equipment support standard STP
  • Automated Failover/Failback
  • With Root Guard, STP topology is protected
Cons
  • Customer equipment participates in STP topology
  • Requires customers to understand and configure STP on their equipment
  • Failover can take up to 30 seconds