redundant connections at data-link layer

m4rtinm4rtin Member Posts: 170
I'll have a following setup:

stp.png

"Customer switch" is connected to two switches("C2950-B" and "C2950-C") for redundancy purpose(in case either "C2950-B" or "C2950-C" fails, the connection to "Customer switch" is present). Both Fa0/1 in "C2950-B" and Fa0/1 in "C2950-C" are access ports. Idea would be that STP in "Customer switch" will block either port Fa0/1 or Fa0/2 an thus there would be only one path on data link layer. As I understand, I should filter BPDU's from customer switch, but anything else? How to ensure that such redundant solution wouldn't cause any problems? icon_rolleyes.gif

Comments

  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    Dislaimer: I am not a high-level network guy. I'm a high-level systems guy who occasionally implements redundant switching.

    In my experience, despite STP/RSTP/MSTP being a "standard", vendor implementations differ and compatibility is not guaranteed. That said, STP usually "just works", and RSTP and MSTP are not terribly difficult to implement. Given Cisco equipment only, it should work without significant configuration, to my knowledge. It will probably work just fine if customer switch is any enterprise-grade switch with good STP support, e.g. NetVanta, Procurve, Catalyst.

    As someone who does design and implement high-availability solutions frequently, I'm not sure I see the point in the design. You can have 2950-B or 2950-C fail, but the failure of C2950-A or C1841 will result in a complete network outage. Introducing two more switches to the environment is simply an excessive solution for port redundancy on 2950-A. You would actually make the design more reliable by connecting the customer switch to C2950-A twice, as you are now removing four ports on two switches as potential points of failure.

    Alternatively, connect C2950-B and C2950-C to C1841 (provided it has multiple available interfaces, which it may well not) would be the most reliable implementation as you can have any switch or port fail with minimal impact. Only complete failure of C1841 would produce significant downtime in this design.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • m4rtinm4rtin Member Posts: 170
    ptilsen wrote: »
    Dislaimer: I am not a high-level network guy. I'm a high-level systems guy who occasionally implements redundant switching.

    In my experience, despite STP/RSTP/MSTP being a "standard", vendor implementations differ and compatibility is not guaranteed. That said, STP usually "just works", and RSTP and MSTP are not terribly difficult to implement. Given Cisco equipment only, it should work without significant configuration, to my knowledge. It will probably work just fine if customer switch is any enterprise-grade switch with good STP support, e.g. NetVanta, Procurve, Catalyst.

    As someone who does design and implement high-availability solutions frequently, I'm not sure I see the point in the design. You can have 2950-B or 2950-C fail, but the failure of C2950-A or C1841 will result in a complete network outage. Introducing two more switches to the environment is simply an excessive solution for port redundancy on 2950-A. You would actually make the design more reliable by connecting the customer switch to C2950-A twice, as you are now removing four ports on two switches as potential points of failure.

    Alternatively, connect C2950-B and C2950-C to C1841 (provided it has multiple available interfaces, which it may well not) would be the most reliable implementation as you can have any switch or port fail with minimal impact. Only complete failure of C1841 would produce significant downtime in this design.

    Sorry, I didn't mention that "C2950-B" and "C2950-C" are in another building than"C1841" and "C2950-A". I guess the only thing I need to ensure is that "Customer switch" should not become STP root icon_rolleyes.gif
  • JDK0806JDK0806 Registered Users Posts: 1 ■□□□□□□□□□
    I wouldn't filter BPDUs, as you want the customer switch to participate in STP for redundancy purposes. Use Root Guard on the connected ports and the switch won't be able to become the root bridge.
  • jamesp1983jamesp1983 Member Posts: 2,475 ■■■■□□□□□□
    Uplinkfast at the access layer switch will ensure that it won't become the root, nor be a preferred transit path...

    http://www.sgtccie.com/blog/2009/04/the-effects-of-uplinkfast/
    "Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
  • ipSpaceipSpace Member Posts: 147
    Hello,

    BPDU filter is not what you need here.

    Just enable STP protocol(or RPVSTP) and that will take care of the redundancy and that is all. Also select the Root Bridge the Cisco 2950-A switch.
    STP will take care of the rest.

    My Network & Security Blog with a focus on Fortigate. New post on how to create a fortigate ssl vpn.
Sign In or Register to comment.