[95075] in North American Network Operators' Group
How to protect a network (that's already running spt) from a customer's layer2 loop?
daemon@ATHENA.MIT.EDU (Gunther Stammwitz)
Mon Feb 26 18:01:32 2007
From: "Gunther Stammwitz" <gstammw@gmx.net>
To: <nanog@nanog.org>
Date: Thu, 22 Feb 2007 20:08:11 +0100
Errors-To: owner-nanog@merit.edu
Hello colleagues,
I'm using (rapid)spanning tree in order to protect my network from layer2
loops and in order to provide redundancy in my ring-structure.
This is fine so far but a big PROBLEM can occur if a customer is having a
layer2-loop within his part of the network.
Although the customer does only have one single uplink to my backbone and is
in his own vlan isolated from the other vlans on the network/ring the cpu on
my switches dramatically increases to 99% when the customer is having a
layer2-loop on his switch (and does not run spanning tree).
The same thing happens if spanning tree gets disabled on one of my switches.
What can I do against this situation? I know that many big network outages
can be traced back to layer2-problems but I had thought that spanning tree
would help in such a situation.
How can I protect my network from such kind of a situation?
Broadcast-storm-limits, mac-limits and so on won't help here, right. What's
next?!?
Thanks,
Gunther