On Sep 20, 2011, at 10:18 PM, David Farmer wrote:
> However, you still run spanning-tree to catch mistakes, they will happen and spanning tree will keep them from melting the network. When the network is built and is functioning as designed, spanning-tree has nothing to converge, the network has a loop free topology. In this design, spanning-tree is only there to ensure the network is actually built and actually functioning as designed.
I'd somewhat agree here, *but*, there are alternatives to spanning-tree in the IX network - like storm control, limiting to 1 mac addr per port, putting naughty ports in the penalty box (err-disable/shutdown), etc.
As an additional comment to my previous e-mail, I don't see issues with spanning-tree as a safety net, but then the proper steps need to be taken on the participant L2 devices to limit the interaction between the STP domains. If we have (I'm assuming) a participant Brocade l2 device acting as the STP root for the IX network, that's an issue that needs to get resolved (ie: bpdufilter towards participant ports, etc). This is an IP exchange, so we really should only be seeing unicast/mcast IP traffic, not layer2 protocols and/or broadcast traffic (save for ARP/ND packets).
AMS-IX has some very good guidelines about how to get your layer2 devices to be quiet, located here: http://www.ams-ix.net/config-guide/
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
|