Friday, July 27, 2012
loop guard, root guard, bdpu filter, bpdu guard and UDLD
The loopguard- It is used to detect the loss of bpdu from a designated port to an alternate or root port. So suppose there are three switches a, b, c and A is root bridge connecting B through Fibre media and one receiving link for B goes down. The BPDU sent by A is heard by B but no otherwise. Hence, there is a situation of loop gone undetected by the Topology.
Hence loop-guard in this case will prevent the loop by putting the port in loop-inconsistent state. This is self remedial after some span of time once the bpdus are heard back again.
The loop guard is per-port and per-vlan basis. So when there is a case of trunk only for that specific vlan will the port go in loop inconsistent and no the whole trunk port.
Loop guard on ether-channel considers whole port-channel & will put the channel is loop-inconsistent should the bpdu are not received.
***************************************************************
Root Guard- It is used to put the port in root-inconsistent state when a bpdu of superior nature is heard via that port. This puts the port in listening phase which is then shifted to forwarding phase. Root Guard will not allow the port to become root port or in short it will not listen any good bpdu from this port which posses the capability to become root bridge.
***************************************************************
Bpdu filter- Suppose, port fast is enabled globally with cmd spanning-tree portfast default, then all the access ports are given the status of port fast dynamically. Now, if a bpdu is received on any of the port fast enabled port the port loses the port fast featured state and starts acting like a normal port which then takes 50 sec if reset to forward traffic.
In such case we may want to enable bpdu filter globally for all port fast ports. This will then stop the transmission of bdpus across the ports irrespective of passage of traffic. Isn't it a wonderful idea?
But imagine if someone connects one more link to that switch,say switch A and B already had a link and now there is one more link and switch A had port fast+ bpdu filter so switch A and B are now in tactical loop but because of bpdu filter they can't exchange the bpdu hence no detection of loop is possible. So, in this case bpdu filter is a mayhem. BPDU Filter is per port basis.
Remember, if the port with bpdu filter enabled receives any bpdu it loses the portfase status and bpdu filtering cease to work. In such case the port starts entertaining STP.
*************************************************************
Bpdu guard- It is used to put the port in err-disable state should the port receive any bpdu. Given the belief that the configured port is a port fast and only a host must connect it and not a bridge this port should have bpdu guard enabled on it. Once in err-dsabled you may either reset it manually or use err-disbable timeout feature.
*************************************************************
UDLD: It is a failure of bdpu transmission caused by failure of copper/fibre medium. So suppose Switch A, B, C are connected to each other in a circle via fibre media where one link of it is used to transmit and other to receive. If transmitting link fails and receiving still works the loop will take place. To prevent such possibility the administrator can use UDLD feature. This feature when enabled on port, used a udld signaling mechanism where udld peer send each other at 01:00:0C:CC:CC:CC and expect a reply over the receiving link. If this is not heard the port is put into err-dsable state
You may refer for more explanation:
http://blog.ine.com/2008/07/05/udld-modes-of-operation/
Hence loop-guard in this case will prevent the loop by putting the port in loop-inconsistent state. This is self remedial after some span of time once the bpdus are heard back again.
The loop guard is per-port and per-vlan basis. So when there is a case of trunk only for that specific vlan will the port go in loop inconsistent and no the whole trunk port.
Loop guard on ether-channel considers whole port-channel & will put the channel is loop-inconsistent should the bpdu are not received.
***************************************************************
Root Guard- It is used to put the port in root-inconsistent state when a bpdu of superior nature is heard via that port. This puts the port in listening phase which is then shifted to forwarding phase. Root Guard will not allow the port to become root port or in short it will not listen any good bpdu from this port which posses the capability to become root bridge.
***************************************************************
Bpdu filter- Suppose, port fast is enabled globally with cmd spanning-tree portfast default, then all the access ports are given the status of port fast dynamically. Now, if a bpdu is received on any of the port fast enabled port the port loses the port fast featured state and starts acting like a normal port which then takes 50 sec if reset to forward traffic.
In such case we may want to enable bpdu filter globally for all port fast ports. This will then stop the transmission of bdpus across the ports irrespective of passage of traffic. Isn't it a wonderful idea?
But imagine if someone connects one more link to that switch,say switch A and B already had a link and now there is one more link and switch A had port fast+ bpdu filter so switch A and B are now in tactical loop but because of bpdu filter they can't exchange the bpdu hence no detection of loop is possible. So, in this case bpdu filter is a mayhem. BPDU Filter is per port basis.
Remember, if the port with bpdu filter enabled receives any bpdu it loses the portfase status and bpdu filtering cease to work. In such case the port starts entertaining STP.
*************************************************************
Bpdu guard- It is used to put the port in err-disable state should the port receive any bpdu. Given the belief that the configured port is a port fast and only a host must connect it and not a bridge this port should have bpdu guard enabled on it. Once in err-dsabled you may either reset it manually or use err-disbable timeout feature.
*************************************************************
UDLD: It is a failure of bdpu transmission caused by failure of copper/fibre medium. So suppose Switch A, B, C are connected to each other in a circle via fibre media where one link of it is used to transmit and other to receive. If transmitting link fails and receiving still works the loop will take place. To prevent such possibility the administrator can use UDLD feature. This feature when enabled on port, used a udld signaling mechanism where udld peer send each other at 01:00:0C:CC:CC:CC and expect a reply over the receiving link. If this is not heard the port is put into err-dsable state
You may refer for more explanation:
http://blog.ine.com/2008/07/05/udld-modes-of-operation/
Subscribe to:
Posts (Atom)