Lessons Learned:
Loop Guard and UDLD
Prevents Unidirectional links –
Note: Technical Only loop Guard is a Spanning-tree feature.
With Fiber Optic links there can be a case where the send
channel from one end of the link is working but the receive channel is not.
With optical interfaces there are two fiber strands. One for send – one for
receive. There can be a case where one of the pairs breaks. This can create a
problem in Spanning-tree, where we can send packets but are able to receive
packets.
This would mean that the maximum age would expire on the
interface, this could cause two switches to have their ports elected as the
designated port at the same time.
Example: If you have three switches connected together in a
full mesh. Switch one will be the root so it will have designated ports
pointing downward toward switches two and switch three. Switch one and two
would then have their Root ports pointing upstream towards switch one. Switch
two and three are connected together – this means the link between SW2 and SW3
– one port will be a Designated port and one will be blocking. On the blocking
port –by default – we’re not sending BPDU’s but we’re listening for BPDU’s.
The link between SW2 and 3 has a fiber link – in the link we
have a send channel and a receive channel that make up the pair. If for some reason the send channel on the
link goes down, The blocking side of the link can still send but cannot
receive. The blocking port will be receiving BPPU and will be waiting for eth
MaxAge to expire ( just like the dead interval in OSPF). After the default 20 seconds the blocking
link will start to forward and it will become a designated port. In this case
both sides of the link will be forwarding so there will be multiple designated
ports on the same segment. Which is a violation of the STP protocol. STP cannot detect this because it’s a Layer 1
issues.
The solution is to create a layer 1 keep alive –
Both STP loop guard and UDLD create this keep alive.
UDLD – can be enabled on interfaces that are not running
STP. The loop guard feature in inherit
to STP and must be configured on an L2 interface only.
Note: Loop guard
can prevent against failures in the STP process itself – Basically if the STP
feature has a code bug or cashes, Loop guard can figure that out and compensate
where UDLD cannot.
Note: Loop Guard cannot prevent against mis-wiring where
UDLD can. Ex: The transmit is plugged into the receive port.
For these reasons – it’s recommended to run both at the same
time. The difference is that Loop Guard will use the BPDU’s that are already
there. UDLD uses a different keep-alive
depending on either aggressive or normal mode.
Config:
UDLD – on the interface – configure UDLD 9 or UDLD
aggressive)
Loop guard:
Global config
#spanning-tree loopguard default
Or under the interface:
#spanning-tree guard loop
You would configure Loop guard or UDLD on both sides of the
links. Can be used on Copper but if meant for Fiber links.
For loop guard you
can configure it on a single interface but you would normally want to do it on both
sides of the link
No comments:
Post a Comment