Go Back   AnandTech Forums > Hardware and Technology > Networking

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 11-20-2012, 12:37 PM   #1
Mark R
Diamond Member
 
Mark R's Avatar
 
Join Date: Oct 1999
Posts: 8,276
Default Switch loop protection

We had a major (total) network outage at work recently - all mission critical systems down all day. Some server apps crashed, and some data needed recovery from backups. Link

A memo went round today after an investigation by IT. It turned out it was a switching loop - someone had connected a patch cable between 2 switch ports, causing a broadcast storm which killed the entire campus LAN.

The connection was accidental - there is a mobile trolley with several pieces of equipment on it - 2 which need LAN connections to upload their data to the servers. A worker had taken the trolley on rounds, and then brought it back to base, and went to connect the 2 devices to their LAN ports. Instead of the LAN cables, he picked up 2 ends of a long patch cable that someone had stowed on the trolley and connected it to the 2 wall jacks. Result: total implosion.

So, how can you protect against this? I've tried at home with a couple of old managed switches - and loops still kill them dead if they're on the same switch. Is newer gear more tolerant to this? What functionality should prospective purchasers be looking for?
Mark R is offline   Reply With Quote
Old 11-20-2012, 12:42 PM   #2
Fardringle
Diamond Member
 
Fardringle's Avatar
 
Join Date: Oct 2000
Posts: 7,401
Default

Most higher end switches have loop protection where they'll automatically shut down the 'offending' ports if they detect a loop or broadcast storm so that it doesn't affect the rest of the network. I'm surprised the work IT didn't have it enabled already..
__________________
"I did RC5, but I didn't flush." - Bill Clinton
"I invented distributed computing." - Al Gore
"I had a dream where every American would be free to run SETI@Home!" - Martin Luther King Jr.
"Greendale is a bodaciously small town, Lane... I can't even Find-A-Drug here!" - Charles De Mar (Better Off Dead)
"I did not have BOINC relations with that woman, Rosetta@Home!" - Bill Clinton
Fardringle is offline   Reply With Quote
Old 11-20-2012, 01:00 PM   #3
Nothinman
Elite Member
 
Nothinman's Avatar
 
Join Date: Sep 2001
Posts: 30,672
Default

Unless they disabled spanning tree to make the links come up faster, which is stupid for the above reason.
__________________
http://www.debian.org
Nothinman is offline   Reply With Quote
Old 11-20-2012, 03:29 PM   #4
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 26,019
Default

Heck, I've got spanning tree running on my three-router WDS setup even.
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
ATX is for poor people. And 'gamers.' - phucheneh
haswell is bulldozer... - aigomorla
"DON'T BUY INTEL, they will send secret signals down the internet, which
will considerably slow down your computer". - SOFTengCOMPelec
VirtualLarry is online now   Reply With Quote
Old 11-20-2012, 03:58 PM   #5
MtnMan
Golden Member
 
MtnMan's Avatar
 
Join Date: Jul 2004
Posts: 1,100
Default

Spanning Tree runs by default on just about every switch, even crappy Linksys devices.
__________________
"The most foolish mistake we could possibly make would be to allow the subject races to possess arms. History shows that all conquerors who have allowed their subject races to carry arms have prepared their own downfall by so doing."- Adolf Hitler
MtnMan is offline   Reply With Quote
Old 11-20-2012, 04:08 PM   #6
Mark R
Diamond Member
 
Mark R's Avatar
 
Join Date: Oct 1999
Posts: 8,276
Default

Does spanning tree work on loops on the same switch?

On my netgears, is I turn STP on, a loop on the same switch still causes chaos.
Mark R is offline   Reply With Quote
Old 11-20-2012, 04:36 PM   #7
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,788
Default

They should turn on BDPU guard even on ports that are portfast. That way the switch will kill the offending ports. While not full proof it normally covers 95% + of the issues.
imagoon is offline   Reply With Quote
Old 11-20-2012, 04:37 PM   #8
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,788
Default

Quote:
Originally Posted by Mark R View Post
Does spanning tree work on loops on the same switch?

On my netgears, is I turn STP on, a loop on the same switch still causes chaos.
I sure does on Cisco / Juniper / HP etc
imagoon is offline   Reply With Quote
Old 11-20-2012, 06:41 PM   #9
Gryz
Senior Member
 
Gryz's Avatar
 
Join Date: Aug 2010
Posts: 433
Default

Welcome to the wonderful world of Spanning Tree.

Everybody that has ever managed a network of reasonable size has these horror stories about STP. Everybody that has done support for a networking vendor has seen or heard first-hand stories about STP meltdowns.

I think it only takes one user in your organization that brings a cheap switch to the office that bridges, but does not do STP (properly), and your network can melt down. (E.g. it floods frames, but not BPDUs).

There are new technologies to attack this problem. No more STP meltdowns. And as a bonus, you can use multiple parallel links without creating loops.

TRILL - http://en.wikipedia.org/wiki/TRILL_%28computing%29
IEEE 802.1aq (aka Shortest Path Bridging) - http://en.wikipedia.org/wiki/IEEE_802.1aq

Two technologies that are very similar.
All switches talk a special new protocol, which resembles the IS-IS routing protocol.
This allows them to learn the topology of the network. And the location of all MAC addresses. Just like L1 routing with host-routes in IS-IS, but now at layer 2.

TRILL encapsulates frames between switches with a new header. This header has a TTL-field, which will suppress loops. IEEE802.1aq uses RPF (reverse path forwarding lookups) to drop looped packets. Cisco at the moment has its own flavor of TRILL, called FastPath. The future (and the market) will decide which of these 2 new protocols will win in the end.

As I am a big fan of the IS-IS routing protocol, I enjoy seeing the technology being used at layer-2. I'm curious to see how these protocols will develop.
Gryz is offline   Reply With Quote
Old 11-21-2012, 11:24 AM   #10
MtnMan
Golden Member
 
MtnMan's Avatar
 
Join Date: Jul 2004
Posts: 1,100
Default

Quote:
Originally Posted by Mark R View Post
Does spanning tree work on loops on the same switch?

On my netgears, is I turn STP on, a loop on the same switch still causes chaos.
Works on Cisco switches. The port# being the tie breaker.
__________________
"The most foolish mistake we could possibly make would be to allow the subject races to possess arms. History shows that all conquerors who have allowed their subject races to carry arms have prepared their own downfall by so doing."- Adolf Hitler
MtnMan is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:33 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.