Sunday, February 16, 2014

Advanced STP: Loop Guard and UDLD


Lessons Learned:

Loop Guard and UDLD

Prevents Unidirectional links –

Note: Technical Only loop Guard is a Spanning-tree feature.

With Fiber Optic links there can be a case where the send channel from one end of the link is working but the receive channel is not. With optical interfaces there are two fiber strands. One for send – one for receive. There can be a case where one of the pairs breaks. This can create a problem in Spanning-tree, where we can send packets but are able to receive packets.

This would mean that the maximum age would expire on the interface, this could cause two switches to have their ports elected as the designated port at the same time. 

Example: If you have three switches connected together in a full mesh. Switch one will be the root so it will have designated ports pointing downward toward switches two and switch three. Switch one and two would then have their Root ports pointing upstream towards switch one. Switch two and three are connected together – this means the link between SW2 and SW3 – one port will be a Designated port and one will be blocking. On the blocking port –by default – we’re not sending BPDU’s but we’re listening for BPDU’s.

The link between SW2 and 3 has a fiber link – in the link we have a send channel and a receive channel that make up the pair.  If for some reason the send channel on the link goes down, The blocking side of the link can still send but cannot receive. The blocking port will be receiving BPPU and will be waiting for eth MaxAge to expire ( just like the dead interval in OSPF).  After the default 20 seconds the blocking link will start to forward and it will become a designated port. In this case both sides of the link will be forwarding so there will be multiple designated ports on the same segment. Which is a violation of the STP protocol.  STP cannot detect this because it’s a Layer 1 issues.

The solution is to create a layer 1 keep alive –

Both STP loop guard and UDLD create this keep alive. 

UDLD – can be enabled on interfaces that are not running STP.  The loop guard feature in inherit to STP and must be configured on an L2 interface only.


Note: Loop guard can prevent against failures in the STP process itself – Basically if the STP feature has a code bug or cashes, Loop guard can figure that out and compensate where UDLD cannot.

Note: Loop Guard cannot prevent against mis-wiring where UDLD can. Ex: The transmit is plugged into the receive port.

For these reasons – it’s recommended to run both at the same time. The difference is that Loop Guard will use the BPDU’s that are already there.  UDLD uses a different keep-alive depending on either aggressive or normal mode.


 
Config:

UDLD – on the interface – configure UDLD 9 or UDLD aggressive)


Loop guard:

Global config

#spanning-tree loopguard default

Or under the interface:

#spanning-tree guard loop

You would configure Loop guard or UDLD on both sides of the links. Can be used on Copper but if meant for Fiber links.

For loop  guard you can configure it on a single interface but you would normally want to do it on both sides of the link

 

No comments:

Post a Comment