• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Switch loop protection

M

Mark R

Diamond Member
We had a major (total) network outage at work recently - all mission critical systems down all day. Some server apps crashed, and some data needed recovery from backups. Link

A memo went round today after an investigation by IT. It turned out it was a switching loop - someone had connected a patch cable between 2 switch ports, causing a broadcast storm which killed the entire campus LAN.

The connection was accidental - there is a mobile trolley with several pieces of equipment on it - 2 which need LAN connections to upload their data to the servers. A worker had taken the trolley on rounds, and then brought it back to base, and went to connect the 2 devices to their LAN ports. Instead of the LAN cables, he picked up 2 ends of a long patch cable that someone had stowed on the trolley and connected it to the 2 wall jacks. Result: total implosion.

So, how can you protect against this? I've tried at home with a couple of old managed switches - and loops still kill them dead if they're on the same switch. Is newer gear more tolerant to this? What functionality should prospective purchasers be looking for?
 
Most higher end switches have loop protection where they'll automatically shut down the 'offending' ports if they detect a loop or broadcast storm so that it doesn't affect the rest of the network. I'm surprised the work IT didn't have it enabled already..
 
Unless they disabled spanning tree to make the links come up faster, which is stupid for the above reason.
 
Does spanning tree work on loops on the same switch?

On my netgears, is I turn STP on, a loop on the same switch still causes chaos.
 
They should turn on BDPU guard even on ports that are portfast. That way the switch will kill the offending ports. While not full proof it normally covers 95% + of the issues.
 
Welcome to the wonderful world of Spanning Tree.

Everybody that has ever managed a network of reasonable size has these horror stories about STP. Everybody that has done support for a networking vendor has seen or heard first-hand stories about STP meltdowns.

I think it only takes one user in your organization that brings a cheap switch to the office that bridges, but does not do STP (properly), and your network can melt down. (E.g. it floods frames, but not BPDUs).

There are new technologies to attack this problem. No more STP meltdowns. And as a bonus, you can use multiple parallel links without creating loops.

TRILL - http://en.wikipedia.org/wiki/TRILL_%28computing%29
IEEE 802.1aq (aka Shortest Path Bridging) - http://en.wikipedia.org/wiki/IEEE_802.1aq

Two technologies that are very similar.
All switches talk a special new protocol, which resembles the IS-IS routing protocol.
This allows them to learn the topology of the network. And the location of all MAC addresses. Just like L1 routing with host-routes in IS-IS, but now at layer 2.

TRILL encapsulates frames between switches with a new header. This header has a TTL-field, which will suppress loops. IEEE802.1aq uses RPF (reverse path forwarding lookups) to drop looped packets. Cisco at the moment has its own flavor of TRILL, called FastPath. The future (and the market) will decide which of these 2 new protocols will win in the end.

As I am a big fan of the IS-IS routing protocol, I enjoy seeing the technology being used at layer-2. I'm curious to see how these protocols will develop.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top