Loop Protection in MLAG Desgin with non-exos edge

  • 0
  • 1
  • Question
  • Updated 11 months ago
  • Answered
Hello,

I'm looking for a solution to realise loop protection in MLAG design with non exos edge-switches.

- a dedicated STP-domain per edge-switch is a option when only 1 switch is in a location.
- How can I realise a comprehensive loop-protection between 2 edge-switches in a location, which are both connected via MLAG?

I've 2 use-cases...
- edge-switches are HP Procurve
- edge-switches are EOS Devices

Can somebody give me a bit input?
Photo of Peter

Peter

  • 958 Points 500 badge 2x thumb

Posted 11 months ago

  • 0
  • 1
Photo of Carsten Buchenau

Carsten Buchenau

  • 942 Points 500 badge 2x thumb
Hmmm... not sure how exactly all involved switches are connected with each other.

Can you maybe add a network diagram here, should the connections between the involved switches and where you have configured LAGs and MLAG?
Photo of Peter

Peter

  • 958 Points 500 badge 2x thumb


On MLAG devices and lag-ports on edge-switches STP must be disabled...thats fact...

How can I prevet a loop between edge 2 & 3?
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,254 Points 10k badge 2x thumb
I'd use STP on each edge switch's edge ports (so not facing back towards the MLAG peers), with edge-safeguard and BPDU-restrict or whatever the equivalent is on your edge switches.

The key is that we want the edge switches to transmit BPDUs out the edge ports and block whenever they receive a BPDU on an edge port. This way, if Edge2 gets looped in to Edge3, they will see each other's BPDUs and block the ports.
Photo of Carsten Buchenau

Carsten Buchenau

  • 942 Points 500 badge 2x thumb
If all Edge switches are EXOS, you can enable ELRP on them (all ports but the uplinks).
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-ELRP-to-disable-ports/?q=...

In your case, with HP and EOS switches, you'll have to go with Spanning Tree. Protect your edge ports and enable it on the LACP-enable uplinks. With no STP configured at all on your Cores, they will simply forward the BPDUs as they see it as normal Multicast traffic. Even through the MLAG links. See also here: https://community.extremenetworks.com/extreme/topics/stp-on-mlag-ports
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 12,774 Points 10k badge 2x thumb
Only use STP on edge port with an STP edge mode. You don't want TCN all over your network as soon as an edge port goes Up or Down.
Photo of Peter

Peter

  • 926 Points 500 badge 2x thumb
hmm... enabling  stp on lacp uplinks would cause, that bpdu's would flood on all ports on mlag-peers ...thats not what I want...

enabling with spanguard etc on edge ports I will test; that could solve my problem with interrupts during mlag-upgrade, because there is no more STP (and so topo change) in core-connections.