Design Review Template - NETS

More documents

Recommendations

Info

Hierarchical (MultiLayer) Network Design • In desirable mode DTP packets transfer the VTP domain name, which must match for a negotiated trunk to come up, plus trunk configuration and admin status. • Messages are sent every 1s during negotiation, and every 30s after that. • Be careful that it is understood modes (on, nonegotiate, off) explicitly specify in which state the port will end up. A bad configuration can lead to a dangerous inconsistent state where one side is trunking and the other is not. A port in on, auto, or desirable sends DTP frames periodically. If a port in auto or desirable mode doesn't see a DTP packet in 5min it will be set to non-trunk. AS recommends an explicit trunk configuration of ‘Desirable-Desirable’. In this mode, network operators can trust syslog and command line status messages that a port is up and trunking, unlike the mode ‘on’ that can make a port appear up even though the neighbor is mis-configured. With the consistency of using the same configuration at both ends of the trunk, the ambiguous and default setting ‘auto’ can be avoided. set trunk desirable Importantly, also set 'trunk off' on all non-trunk ports. This helps eliminate wasted negotiation time when bringing host ports up (in conjunction with ‘port channel mode off’ and PortFast enabled - set port host). Set trunk off all By default, Trunking ports will propagate information about all VLANs, but AS recommends limiting that to the VLANs defined on the wiring closet switches. This practice has many advantages, most importantly, is the ability to isolate issues, broadcasts, and loops to one wiring closet instead of the entire network. Spanning Tree Protocol (STP) Spanning tree maintains a loop free layer two environment in redundant switched and bridged networks. Without STP, frames would loop and/or multiply indefinitely causing a network meltdown as all devices in the broadcast domain are interrupted by high traffic. As an initial observation, all Catalyst switches have STP enabled by default. AS recommends leaving the feature enabled for these reasons: • When there is a loop (induced by mis-patching/bad cable, etc.), STP will prevent detrimental effects to the network, potentially made much worse with multicast and broadcast data. • Protection against channel breaking down. • Most of networks are configured with STP and hence gets maximum exposure. More exposure generally equates to more stable code. • Protection against dual attached NICs misbehaving (or routing enabled on servers). • Many protocols are closely related to STP in the code (such as PAgP, IGMP snooping, trunking etc.) - running without it may lead to undesirable results. During a reported network disruption, TAC and DE will most likely suggest that non-usage of STP will be at the centre of the fault if at all conceivable. NCAR Design Review and Recommendations v1.0 18
Hierarchical (MultiLayer) Network Design set spantree enable all ! default PortFast PortFast is used to bypass normal spanning-tree operation on access-ports to speed up connectivity between end-stations and the services they need to connect to after link initialization. AS recommend STP PortFast be set on for all enabled host ports. Must be diligent to catch all ports!!! AS recommends using the “host” macro to configure PortFast on Access ports: Set port host ! macro for the following commands set spantree portfast enable set trunk off set channel mode off Note that PortFast doesn’t mean that we do not run spanning-tree at all on those ports: BPDUs are still sent, received and processed. It must also be understood that PortFast will not work on trunks since these ports are typically not access-ports. This may cause confusion on access-ports running ISL or dot1q connected to multi-homed trunking capable end-stations. PortFast BPDU-Guard provides a method for preventing loops by moving a non-trunking port into an ErrDisable state when a BPDU is received on that port. Under “normal” conditions we should never receive a BPDU packet on an access-port configured for PortFast, so if we for some reason should see a BPDU coming in, it indicates an invalid hence dangerous configuration and the action we take upon this is to shut down the access-port. When the BPDU Guard feature is enabled on the switch spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning-tree blocking state set spantree portfast bpdu-guard enable UplinkFast UplinkFast is a solution for Access Layer switches to move it’s blocking link almost instantaneously to forwarding if there is a direct link failure to the root switch. Access Layer switches using UplinkFast forward their CAM table over the new root port, preventing unknown unicasts to flood. UplinkFast feature uses uplink group, which consists of the root port and all the ports that provide an alternate connection to the root bridge (blocking redundant links). If the root port fails (primary uplink failure), a port from the uplink group is selected to immediately replace it. Uplinkfast feature is only useful when there is a redundant blocking link. Uplinkfast and the following Cross stack uplinkfast feature are not necessary if a design with no layer 2 loops is implemented NCAR Design Review and Recommendations v1.0 19
Page 1 and 2: Cisco Systems Advanced Services Nat
Page 3 and 4: Contents Contents 3 Document Contro
Page 5 and 6: About The Document Document Purpose
Page 7 and 8: About The Document and Foothills. A
Page 9 and 10: Short Term Design Enhancements Foot
Page 11 and 12: Hierarchical (MultiLayer) Network D
Page 17: Hierarchical (MultiLayer) Network D
Page 23: Corporate Headquarters Cisco System

Design Review Template - NETS

Create successful ePaper yourself

Delete template?

Save as template?