[AusNOG] Outage that costs Millions
Andrew Fort
afort at choqolat.org
Wed Jun 30 15:30:19 EST 2010
On Wed, Jun 30, 2010 at 3:20 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
> On Jun 30, 2010, at 9:47 AM, Lincoln Dale wrote:
>
>> its an edge feature. i.e. use it on edge ports that don't participate in STP. :)
>
> Examples are the host access edge, IDC uplinks to core/upstream, service switch access ports, and so forth.
>
> Additional layer-2 BCPs include loop guard & root guard & UDLD & spantree portfast, along with IP source guard, DHCP snooping (works for statically-addressed hosts, too), port security, pVLANs, PACLs, & VACLs. Anyone running an Ethernet infrastructure should bone up on these features and apply them in a situationally-appropriate manner.
>
Beyond this, there's the fundamental suck of transparent switching
when you're building wholesale ethernet services. Using PBB (or
better), QinQ, is essential for making an ethernet core possible, but
even so, the more of these protocols you add (UDLD comes to mind), the
less CPU headroom you have for your critical protocols (e.g., STP)
when a major MAC flush occurs, for example.
Disabling MAC learning on your smaller access edge boxes is a good way
to go (obviously you can only do this for PTP ethernet services), but
that makes jobs like mine (writing code for L2 auto-discovery) harder
:-). Bring on working LLDP everywhere, please!
--
Andrew Fort (afort at choqolat.org)
More information about the AusNOG
mailing list