Switch loop protection

[Mark R]

We had a major (total) network outage at work recently - all mission critical systems down all day. Some server apps crashed, and some data needed recovery from backups. Link

A memo went round today after an investigation by IT. It turned out it was a switching loop - someone had connected a patch cable between 2 switch ports, causing a broadcast storm which killed the entire campus LAN.

The connection was accidental - there is a mobile trolley with several pieces of equipment on it - 2 which need LAN connections to upload their data to the servers. A worker had taken the trolley on rounds, and then brought it back to base, and went to connect the 2 devices to their LAN ports. Instead of the LAN cables, he picked up 2 ends of a long patch cable that someone had stowed on the trolley and connected it to the 2 wall jacks. Result: total implosion.

So, how can you protect against this? I've tried at home with a couple of old managed switches - and loops still kill them dead if they're on the same switch. Is newer gear more tolerant to this? What functionality should prospective purchasers be looking for?

 

[Fardringle]

Most higher end switches have loop protection where they'll automatically shut down the 'offending' ports if they detect a loop or broadcast storm so that it doesn't affect the rest of the network. I'm surprised the work IT didn't have it enabled already..

 

[Nothinman]

Unless they disabled spanning tree to make the links come up faster, which is stupid for the above reason.

 

[VirtualLarry]

Heck, I've got spanning tree running on my three-router WDS setup even.

 

[MtnMan]

Spanning Tree runs by default on just about every switch, even crappy Linksys devices.

 

[Mark R]

Does spanning tree work on loops on the same switch?

On my netgears, is I turn STP on, a loop on the same switch still causes chaos.

 

[imagoon]

They should turn on BDPU guard even on ports that are portfast. That way the switch will kill the offending ports. While not full proof it normally covers 95% + of the issues.

 

[imagoon]

Does spanning tree work on loops on the same switch?

On my netgears, is I turn STP on, a loop on the same switch still causes chaos.

I sure does on Cisco / Juniper / HP etc

 

[Gryz]

Welcome to the wonderful world of Spanning Tree.

Everybody that has ever managed a network of reasonable size has these horror stories about STP. Everybody that has done support for a networking vendor has seen or heard first-hand stories about STP meltdowns.

I think it only takes one user in your organization that brings a cheap switch to the office that bridges, but does not do STP (properly), and your network can melt down. (E.g. it floods frames, but not BPDUs).

There are new technologies to attack this problem. No more STP meltdowns. And as a bonus, you can use multiple parallel links without creating loops.

TRILL - http://en.wikipedia.org/wiki/TRILL_%28computing%29
IEEE 802.1aq (aka Shortest Path Bridging) - http://en.wikipedia.org/wiki/IEEE_802.1aq

Two technologies that are very similar.
All switches talk a special new protocol, which resembles the IS-IS routing protocol.
This allows them to learn the topology of the network. And the location of all MAC addresses. Just like L1 routing with host-routes in IS-IS, but now at layer 2.

TRILL encapsulates frames between switches with a new header. This header has a TTL-field, which will suppress loops. IEEE802.1aq uses RPF (reverse path forwarding lookups) to drop looped packets. Cisco at the moment has its own flavor of TRILL, called FastPath. The future (and the market) will decide which of these 2 new protocols will win in the end.

As I am a big fan of the IS-IS routing protocol, I enjoy seeing the technology being used at layer-2. I'm curious to see how these protocols will develop.

 

[MtnMan]

Does spanning tree work on loops on the same switch?

On my netgears, is I turn STP on, a loop on the same switch still causes chaos.

Works on Cisco switches. The port# being the tie breaker.