dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3264
share rss forum feed


Nsane_iceman
Premium
join:2001-02-26
North Richland Hills, TX
reply to TomS_

Re: [Config] Performance due to VLAN, incomplete STP, or loop backs?

said by TomS_:

omg you said synergy

Align those, then drill down and reach out.
Beware of someone throwing out a burning ITIL straw man...

Now I have a headache.
--
Avatar by: dandelion | Tell me, tell me what you're after. I just want to get there faster.


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to Nsane_iceman
said by Nsane_iceman:

said by Da Geek Kid:

switch 6 has one vlan and it's not considered a core, but rather L2 switch. Another Major issue that was mentioned is that the core switches 1 and 2 do not have the same IOS which will break the network if configured improperly... In this situation, since there are no routing protocols running on either switch, it should be ok. All I can say is, 100% pure amateur design "Foe-Sho!"

I've emailed Netech to see if they can send me the advipservices image for all the switches. Hopefully they can and not $160/hr for them to do it on all that lack it.

I just did a search and it seems they've rolled Advanced IP Services into the other two IP base and IP services.

Looks like it happened in 2009
»www.cisco.com/en/US/prod/collate ··· 635.html

So I would standardize on IP services

Based on some reading I'd get the 12.2(55)SE6 IP services IOS for all of them
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv


Nsane_iceman
Premium
join:2001-02-26
North Richland Hills, TX
reply to DarkLogix
said by DarkLogix:

do your PLC's not support full duplex?
I recall in working with some AB SLC500's (up to 505's) that I was able to get them to do 100mb FD as well as the controllogix ethernet boards, or are you just leaving PLC stuff to the PLC people which might not know anything about Half vs full.

IIRC the 501/502's had to have a serial to ethernet device added but the 504 and 505's had it built in

Thank you for the run down on the official switch roles. Fairly tiny network, this one is the largest of the four.

I'm not sure if they can do FD, don't really do much other than provide engineering with a port, but I'll be working with them more during our upcoming shutdown time to get them moved off VLAN20 and to VLAN50 (down to 18 addresses due to smartphones even with an 4-8 hour DHCP lease) where they should be, but due to the lack of ports, the previous folks just added un-managed switches and I guess picked VLAN20 interfaces due to DHCP.
--
Avatar by: dandelion | Tell me, tell me what you're after. I just want to get there faster.


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
Where I worked before I was involved with a scada deployment so I had to work with getting PLC's on the network, all of the ones we used were allen bradly

I also managed to get them to get a 3 year support contract with AB as they needed updates for RS logix and 3 year had a nice discount per year over 1 year

it was a good learning experience

anyway in your setup I'd look to see which switch has the most power (IE newest model and check for most ram) and let that do the work of being one of the ones that do your intervlan routing
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to Nsane_iceman
said by Nsane_iceman:

I really don't have a core switch.

THAT comment just sent a shudder of dread down my spine.

Thanks for posting up that diagram Nsane_iceman See Profile -- but it still boils down to a physical loop from
SW1 -> SW2 -> SW05 -> SW03 -> SW04 -> back to SW01, and a 2nd via SW1 -> SW02 -> SW07 -> back to SW01. If
you're doing static routes, then STP should be taking care of any loops. I hope SOMEONE -- either you or
at Netech -- is adept at tracking down the spanningtree root switch. Or at least based on the diagram, I'd
manually adjust SW01 to be the root

config t
spanning-tree vlan [vlan name / # here] priority 8192
^z
 

Just as a question, can you update the diagram to include the links to the ATT router you were mentioning before.
Just so we have a complete view of the network?

said by Nsane_iceman:

I've emailed Netech to see if they can send me the advipservices image for all the switches. Hopefully they can and not $160/hr for them to do it on all that lack it.

Question, who owns the hardware? And who owns the support contract? If Netech does on both scores, then hells yeah!
But if your company does, then I hope SOMEONE knows the CCO ID and has all the stuff properly tied to it.

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
said by HELLFIRE:

either you or
at Netech -- is adept at tracking down the spanningtree root switch

This is part of why I suggested a star topo

with a loop STP will kill one of the links to break the loop to avoid a L2 loop as that would kill the network

with a star topo it simplifies things and would make a real core
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv

markysharkey
Premium
join:2012-12-20
united kingd
Click for full size
There is sooooo much nonsense spouted about spanning tree because it is mis-understood. It is one of my favourite protocols.
It won't kill the network. It will shut down an interface (the interface with the highest port cost) that leads back to the root bridge from the switch with the highest priority (if set) or highest mac-address if priority is left at default, but traffic can still reach every switch, and therefore every host. As long as path cost and interface cost are left the same, the attached diagram shows how spanning doesn't break networks, it fixes them.
--
Binary is as easy as 01 10 11


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to DarkLogix
A star topology also introduces a SPOF, which the current network reasonably manages to avoid with its current configuration. Unless you duplicate it, and then you have even more loops than current.

But we still have the issue of not knowing the distance between fibre access points, and the physical topology of the fibre, to even know whether implementing a star topology is even possible.


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
said by TomS_:

to even know whether implementing a star topology is even possible.

it could require a new switch but it'd be possible

and while yes a star could add a SPOF, that could be resolved with a dual star setup

get two of the SFP only switch I mentioned then have 2 links from each switch to the MDF, one link to Core1 and one to Core2

then have vlan interfaces on both and sort out the link to the firewall

and I think we can be sure that while new fiber might be needed to reach the max distance of fiber isn't going to come into play.
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to markysharkey
Who said kill the network? I said it'll kill a link (an unneeded link)
yes it'll disable a link and if you haven't set priority then the root bridge might not be the ideal root.

I'm not a fan of relying on STP for redundancy because in the time it takes for it to re-enable a port you can have users start complaining, where as a star topo with etherchannel wouldn't even be noticed by anyone when a cable or interface bites the dust.
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv

markysharkey
Premium
join:2012-12-20
united kingd
My bad. I mis-read the post.
As for convergence time, anyone who doesn't enable RSTP as a matter of course isn't doing right. And host ports should be set to portfast too so convergence should not be an issue for users. It'll take longer to open Word than for an RSTP network to converge.
--
Binary is as easy as 01 10 11


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
reply to DarkLogix
said by DarkLogix:

I'm not a fan of relying on STP for redundancy because in the time it takes for it to re-enable a port you can have users start complaining,

i'm willing to best most users wouldn't notice more than a blip if you're doing it right.

»en.wikipedia.org/wiki/Spanning_T ··· peration

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


Da Geek Kid

join:2003-10-11
::1
kudos:1
reply to HELLFIRE
Um, wrong Hellfire STP with 8192 is no root. I'd select one either switch one or two, which ever is connected directly to the Roooter out and make that 0. And then the other to 4096.


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to tubbynet
said by tubbynet:

said by DarkLogix:

I'm not a fan of relying on STP for redundancy because in the time it takes for it to re-enable a port you can have users start complaining,

i'm willing to best most users wouldn't notice more than a blip if you're doing it right.

»en.wikipedia.org/wiki/Spanning_T ··· peration

q.

Been there done that, users get outlook login prompts and start complaining
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv

markysharkey
Premium
join:2012-12-20
united kingd
reply to Da Geek Kid
STP Root Bridge can be any value between 0 and 61440 as long as it is the lowest value of the switches. The default is 32768 which, if all switches match then the device with the lowest MAC address will be the Root Bridge.
You can set 8192 on a single switch and leave the rest alone which makes that switch the Root Bridge. It also allows you some future proofing so that if you ever need to change the Root Bridge, all you have to do is add or change another switch with a lower priority then switch it on. Setting priority 0 makes life a little more complicated. Not much, but a little.
And of course you can choose a priority for each switch so that if you lose the Root Bridge, you *know* which switch will assume that role. In a multi switch multi VLAN topology with multiple redundant full mesh topology (with or without Etherchannel) you can have more than one Root Bridge on the system so that in the event of failure the vast majority of the L2 environment stays active. This is one of my favourite lab scenarios to show the capability of Spanning Tree when it is understood and utilised to it's full advantage.
--
Binary is as easy as 01 10 11

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to Da Geek Kid
said by Da Geek Kid:

Um, wrong Hellfire STP with 8192 is no root. I'd select one either switch one or two, which ever is connected directly to the Roooter out and make that 0. And then the other to 4096.

I'd have to doublecheck my old xxNA labs for this, but I seem to recall that the whole "teach you STP" lab
was to put a switch in, config the priority lower than the rest, so it'd get elected STP root... cuz there's
no way in heck to change the switch MAC... or at least that wasn't the point of the xxNA lab.

That's what I was basing that config on... I could be wrong...

Regards


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
reply to markysharkey
Selecting 8192 will not be a root when I activate device on the network with the root bridge value of 0. 0 guarantees the fact that no other device can be root. Setting value as 0 is no different then 4096 or 8192, if you would know that the numbers go up by 4096.

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to Nsane_iceman
...question, anyone work with other managed switches -- Force10, Extreme, Juniper, HP, etc -- and able to advise a) if they have a similar
feature to adjust the spanning-tree priority, and b) do they do it the same way as Cisco, ie. in increments of 4096?

...I've always wondered.

Regards


Da Geek Kid

join:2003-10-11
::1
kudos:1
They all support dot1s and dot1D. you can enable MST(P) which does give you priority, etc and all support 0+ I have tested this with Cisco, Juniper and Nortel.

markysharkey
Premium
join:2012-12-20
united kingd
reply to Da Geek Kid
Setting root guard on the trunk interfaces would prevent a 0 priority switch from becoming the root bridge.
I'm guessing most of us assume (ouch) that our switch cabinets are secure enough that a rogue switch would not be able to be placed on the network or that we are sufficiently in command of our networks that we know a switch cannot be deployed without it going across our desks. But there is no 100% guarantee that setting priority 0 will definitely produce a root bridge, and that's before other good practices like shutting down unused ports and/or putting unused ports in to static access mode then joining them to a dead VLAN.
--
Binary is as easy as 01 10 11


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
following your methodology to the dot and doing everything would render the protocol useless as seen on many networks that not even STP is running... OUCH!

Your Argument of 0 is just the same as any random number for STP. IFTT proves a flexibility as you can pick whatever you desire. one thing is FACT no number can be lower than 0, period.


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
reply to HELLFIRE
Well personally I just plan the network to not use STP and where redundant links are wanted do etherchannel as it offers both redundancy and higher bandwidth, as well as non-dropping failover.

I've seen STP cause interruptions, and I don't like it when a dozen or so users come and complain about some super brief hiccup (apps like outlook and popup issues that cause this with even a hiccup so short that you'd think it didn't happen.)

so while I do relay on STP for block L2 loops caused by Layer8 I would never depend on it for planned redundant links.
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to Nsane_iceman
@ Da Geek Kid See Profile
...what I should have asked for question a) was :

a) "what's the juniper / nortel / et al command syntax equivalent of 'spanning-tree vlan [vlan name] priority'" ?

@ DarkLogix See Profile
"route where you can, switch if you have to," is the mantra I pretty much hear... tho IIRC with Nexus REALLY
changes that calculus with that with VPC, etc.

...again, kinda hijacking OP's thread, but seriously OP your physical topology needs a revamp / redesign.

Regards


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
On nortel:
spanning-tree stp 1 priority 9000

UGH!! TOOK ME A WHILE TO TYPE THE ABOVE! I hope it was worth it to you... detest those nortels

On JunOS:
under protocol mstp
set bridge-priority 8500

you can set any of them as 0, but generally my experience show a Cat 4500 is a good fit for a root bridge 0 just as Ex 8200 or a Cat6500. Generally a Chassis based solution in a large network.

Hey hellfire did you say LISP??? LOL


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to HELLFIRE
said by HELLFIRE:

your physical topology needs a revamp / redesign

Whats wrong with it?


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric
Yeah I agree with Hellfire on that... It does need to have a core/root/distro where most devices connect to.
The design is not redundant and even the redundant connections are not properly connected. The pic does not show where the outbound router is connected, etc, etc, etc... List is long really.


Nsane_iceman
Premium
join:2001-02-26
North Richland Hills, TX
reply to HELLFIRE
said by HELLFIRE:

@ Da Geek Kid See Profile
...what I should have asked for question a) was :

a) "what's the juniper / nortel / et al command syntax equivalent of 'spanning-tree vlan [vlan name] priority'" ?

@ DarkLogix See Profile
"route where you can, switch if you have to," is the mantra I pretty much hear... tho IIRC with Nexus REALLY
changes that calculus with that with VPC, etc.

...again, kinda hijacking OP's thread, but seriously OP your physical topology needs a revamp / redesign.

Regards

It's all good, has been a good read so far.

I'm pretty sure we are stuck with the topo that we have. Four main switches (1, 2, 6, and most servers on 7) in the server room. 1, 2, 6 have GLC-SX-MM cards and LC fiber going to 3, 4, and 5. We are adding another 24 port with 3 to get rid of two or three unmanaged switches and have the right device on the right VLAN.

At least Netech provided the requested IOS after a few emails as to why...
--
Avatar by: dandelion | Tell me, tell me what you're after. I just want to get there faster.

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to Nsane_iceman
@ Da Geek Kid See Profile
Thanks for that... my apologies for your Carpal Tunnel Syndrome to type that out

@ TomS_ See Profile
Have you seen the last topo diagram posted? If not, may want to take a look at it one page back.
Let's just say I'm not exactly getting the warm fuzzies from it...

said by Nsane_iceman:

I'm pretty sure we are stuck with the topo that we have.

Get Netech cracking on figuring out STP, if they're supposed to be the Subject Matter Experts. Or if you can,
go through all switches and post the output of "show spanning-tree summ" and "show spanning-tree root"

Regards


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

2 edits
said by HELLFIRE:

Have you seen the last topo diagram posted?

Yeah Ive seen it. Its basically two rings with a common segment between switches 1 and 2.

I dont particularly see whats wrong with it, its not unlike any other multiple ring topology that you might find.

edit:

My former employer operated several broadband aggregation networks that connected 10's of DSLAMs in a series of rings. Each ring was terminated on a switch in two POPs where the BRAS's were located. The topology was essentially the same as the one depicted by the OP, only on a much larger scale.

For each network were talking 50+ DSLAMs in rings consisting of 5-10 DSLAMS each, and serving tens of thousands of users.

Theres nothing wrong with a topology like this. Configured properly of course.

HELLFIRE
Premium
join:2009-11-25
kudos:19
said by TomS_:

Theres nothing wrong with a topology like this. Configured properly of course.

Fair enough... let's see if OP can get the output requested. If _THAT_ checks out, then I'm handidly out of ideas.

Regards