No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudEngine 16800, 12800, 8800, 6800, and 5800 Series Switches M-LAG Best Practices
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
STP Deployment Solutions for Loop Prevention

STP Deployment Solutions for Loop Prevention

On an M-LAG network, configure the Spanning Tree Protocol (STP) before network deployment to prevent loops caused by common faults. For details about the fault scenarios and deployment solutions, see Figure 2-2 and Table 2-2.

Figure 2-2 Key points of STP deployment solutions
Table 2-2 STP deployment solutions for loop prevention

No.

Fault Scenario

Deployment Solution

Command Reference

1

Multi-level M-LAG interconnection is deployed in dual-homed mode. When cables are incorrectly connected, packets passing through the peer-link form a loop.
  1. Deploy the Virtual Spanning Tree Protocol (V-STP) on the spine nodes, server leaf nodes, and DCI leaf nodes. (On small- and medium-scale networks, the convergence time is about 2s. In scenarios where short convergence time is required, disable STP on the M-LAG interfaces connecting the leaf and spine nodes.)
  2. Set the STP cost to 10000 for all unused physical interfaces on the devices to prevent service interfaces from being blocked when a loop occurs.
  1. stp mode rstp

    stp v-stp enable

  2. stp cost 10000

2

When a new device is added to an STP network, the device may dynamically preempt the STP root, causing STP network flapping.
  1. Configure the two spine nodes as STP roots and deploy root protection.
  2. Configure the same bridge MAC address for member devices in an M-LAG. The system MAC address of a member device can be used as the bridge MAC address. (You are advised to configure this on both spine and leaf nodes.)
  1. stp root primary

    stp root-protection

  2. stp bridge-address mac-address

3

When a spine or server leaf node is attacked by BPDUs, it clears MAC address entries of other devices. Frequent flapping increases the CPU load and causes a large number of instantaneous flood packets.

Enable TC BPDU attack defense on spine nodes, server leaf nodes, and DCI leaf nodes. This protects the devices from frequently deleting MAC address entries and ARP entries, avoiding over-burden.

stp tc-protection

4

Servers, firewalls, LBs, and routers do not support STP and do not need to participate in STP calculation. When the physical status of an interface changes, the convergence performance is poor because the peer device cannot send BPDU packets.

Configure the interfaces on the spine and server leaf nodes that are connected to firewalls, LBs, servers, routers, and other hardware security devices as STP edge interfaces and deploy BPDU attack defense.

stp edged-port enable

stp bpdu-protection

5

All interfaces on a switch are added to VLAN 1 by default. When a new device is added, a loop occurs between the added interfaces and the peer-link due to configuration or manual operations.

Configure the peer-link and all physical and logical links to reject packets from VLAN 1.

port vlan exclude 1

undo port trunk allow-pass vlan 1
Translation
简体中文
Download
Updated: 2023-01-17

Document ID: EDOC1000137639

Views: 109714

Downloads: 2402

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :