HPE Community
Aruba & ProVision-based
1754334 Members
3177 Online
108813 Solutions
New Discussion

Loop Protect and Trunk Groups or Uplinks

 
SOLVED
Go to solution
dmesser-hhs
Frequent Advisor

‎06-11-2013 06:48 AM

‎06-11-2013 06:48 AM

Loop Protect and Trunk Groups or Uplinks

I think I am going to implement Loop Protect on my 8212,5412,1910 switches as opposed to using MSTP.  MSTP looks like it could break some things that are already setup.  Since I inherited this HP network and am not that familiar with MSTP I think I am just going to enable loop protect on all ports all switches.  Are there any problems with that idea?  If MSTP were as simple as enable I would go that route but I have read that spanning tree can cause nightmares.  I don't have an overly complicated network.  We just use trunked ports to each of our IDF closets and trunked ports to our SAN and Virtual Environment.

 

Questions:  what would happen if I went to all switches and did spanning-tree enable? Can it be that simple? Will this work and provide protection against loops? I have read the chapter on MSTP and with all the instances, areas..CPU considerations, ETC  it all seems complicated... I don't have redundant paths (except for the trunk groups) between the core and all the edge switches.

 

Or should I just simply enable loop protect ... if so do I enable loop protect on my uplink and trunked ports? 

0 Kudos
6 REPLIES 6
paulgear
Esteemed Contributor

‎06-11-2013 03:29 PM

‎06-11-2013 03:29 PM

Re: Loop Protect and Trunk Groups or Uplinks

Hi dmesser-hhs,

 

Spanning Tree Protocol doesn't cause problems; loops cause problems.  STP is a way of dealing with loops.  If you don't have STP enabled already and your network is working correctly, then you don't have any loops.  So loop protect will not gain you anything.

 

It's not as simple as just enabling spanning tree.  You need to plan your topology, then set your switch priorities so that the planned topology is achieved.  To achieve protection against loops (due to users plugging switches into each other), the preferred approach would be to set up STP correctly, then enable BPDU guard and loop protect on all edge ports.

 

Definitely don't use loop protect on uplinks and trunks; it is designed for edge ports.

Regards,
Paul
Vince_Whirlwind
Trusted Contributor

‎06-11-2013 06:17 PM

‎06-11-2013 06:17 PM

Re: Loop Protect and Trunk Groups or Uplinks

Agreed. STP prevents problems, it doesn't cause them. If somebody thinks STP is causing them a problem, their problem is a problem of design.

 

Document your existing topology by identifying every active port and what it connects to. Draw a diagram.

 

Now, from that diagram, identify a subset of your existing topology that consists of a loop-free topology that optimally supports your traffic flows.

From your loop-free diagram, identify the switch that will be STP Root. Alter its STP priority down to, say, 1.

Identify your second optimal Root and give it a priority of 2.

Now, go through on paper how your spanning tree topology will establish, starting with the root. (refer to the rules of STP to make sure you get it right). Identify each switch's uplinks and ensure that on paper they all enable or block as required. Consider using port priority if you need to.

 

Now, on your live network, enable MSTP globally, configure all switches with the same region name.

Get on each switch and view spanning-tree to confirm that interfaces are all blocked as per your preparation.

 

paulgear
Esteemed Contributor

‎06-11-2013 06:28 PM

‎06-11-2013 06:28 PM

Re: Loop Protect and Trunk Groups or Uplinks

Based on what dmesser-hhs explained of his topology, i suspect MSTP is overkill, and RSTP would be perfectly adequate and a lot simpler. If you already have a physical topology which allows use of LACP trunks, LACP + RSTP + QoS makes a lot more sense than MSTP.
Regards,
Paul
0 Kudos
dmesser-hhs
Frequent Advisor

‎06-12-2013 05:59 AM

‎06-12-2013 05:59 AM

Re: Loop Protect and Trunk Groups or Uplinks

Thanks guys for the help.

 

So I do not have any loops at the moment and all of my edge switches connect back to my core in a star type topology.  Some of the more important edge switches have dual links which I'm using and LACP trunk group for.  I have second "routed" site that connectes via Metro E (MPLS) 

 

I just want to protect against someone plugging in a looped unmanaged switch, or an IP phone back into an edge port and I figured loop protect would accomplish this quickly.  What is the down side of just enabling this on all of my edge ports?

 

Why would spanning tree be the perfered method to protect against accidental loop creation on edge ports?

 

I have attached a screen shot of my network topo.

 

0 Kudos
paulgear
Esteemed Contributor

‎06-12-2013 02:57 PM

‎06-12-2013 02:57 PM

Solution

Re: Loop Protect and Trunk Groups or Uplinks

Hi dmesser-hhs,

In a network that size, you are putting your services at risk if you do not set up Spanning Tree carefully. Your 8212s at the core should be set up as the root of the tree by setting their priority to zero, your distribution switches (like MOB-MDF-5406, BJH-DataCtr-82.., and Schedule-704-3.. if i'm reading your diagram correctly) should be set as next highest priority (somewhere in the 1-4 range), and edge switches may be left at the default (8). You need to do this to eliminate pauses while the network reconverges when a switch elsewhere in the network loses power or is rebooted.

Loop protect should also be used on your edge ports in case you have users plugging in unmanaged switches, or looping data outlets into each other with cables. And if you're going to configure STP anyway, you should configure your edge ports with BPDU guard. This gives you two different means of detecting these events, which is a good thing, IMO.
Regards,
Paul
Vince_Whirlwind
Trusted Contributor

‎06-12-2013 05:31 PM

‎06-12-2013 05:31 PM

Re: Loop Protect and Trunk Groups or Uplinks

You seem reluctant to embrace STP. Don't be!

 

If one of your LACP inter-switch trunks goes awry (human error in patching for example), you could end up with a serious problem. Setting up STP in your environment is very simple, as per Paul, because you have a nice star topology. So for a tiny bit of effort, you do mitigate an important risk.

 

My experience of a hospital environment is a frequent issue of people patching one wall port to another (go figure). Paul's advice is right on the mark for your environment.

The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.