nanog mailing list archives

Re: Auto MDI/MDI-X + conference rooms + bored == loop

From: Chuck Anderson <cra () WPI EDU>
Date: Fri, 26 Mar 2010 19:48:32 -0400

On Fri, Mar 26, 2010 at 06:56:15PM -0400, Anton Kapela wrote:

In general, I avoid the potential for layer2 loops to any 
user-accesible layer2 ports in a manner that many edge network and 
broadband providers may find familiar -- vlan per user, tail, port, 
etc. -- aggregated in a hierarchical manner within the building, 
metro area, or city.


If you have 2 network jacks next to each other in a conference room, 
do they each get configured as a separate "user"?  What happens if a 
user connects them together?  What happens if a user plugs a desktop 
switch into one of them, then connects two ports on *that* switch 
together?

avoiding the preconditions necessary for loops/etc to pose a problem 
to the agg/border/etc of a network. Don't worry about users' being


Would this work in a collapsed L2/L3 core (no agg, no L3 at edge)?

After the access ports are setup and trunking per-port layer2 frames 
up to the l3 edge (could be 3550, 650x, mwr-1941, etc), we have 
pages of things like:


When doing 1:1 VLAN:Port mapping, can you do more than 4096 
VLANs/ports?  Or are you doing QinQ?

A few words on this config: in what you see above, a user simply 
cannot introduce enough traffic to the network (unicast) to matter 
(i.e. perhaps they create an unknown unicast dest flood..), and will 
be shut down if they spew enough bcast/mcast frames (thresholds set 
appropriate given your expected end-user profiles). Further, only 
the first 10 mac addresses can ride this bus (sorry, no LAN parties 
without prior approval), mitigating concerns for CAM or vlan table 
exhaustion. Lastly, no funky l3/4 acl's are required to prevent 
users handing out DHCP addresses, leaking RA's, or fronting ARP as 
your routers MAC address to their vlan-sharin' neighbors--simply 
because they don't get to send layer2 frames to anyone but the 
upstream routers control plane.


Cool, but I'm not sure this will work in my non-Cisco campus 
environment with 10,000 edge ports.

Thanks.

Current thread:

RE: Auto MDI/MDI-X + conference rooms + bored == loop, (continued)
- RE: Auto MDI/MDI-X + conference rooms + bored == loop Matthew Huff (Mar 26)
  - Re: Auto MDI/MDI-X + conference rooms + bored == loop James Hess (Mar 26)
    - Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 26)
    - Re: Auto MDI/MDI-X + conference rooms + bored == loop James Hess (Mar 26)
    - Re: Auto MDI/MDI-X + conference rooms + bored == loop Owen DeLong (Mar 27)
    - Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 27)
  - Re: Auto MDI/MDI-X + conference rooms + bored == loop Steven King (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Owen DeLong (Mar 26)
  - Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Anton Kapela (Mar 26)
  - Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 26)
    - Re: Auto MDI/MDI-X + conference rooms + bored == loop Anton Kapela (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Mark Foster (Mar 26)
  - Re: Auto MDI/MDI-X + conference rooms + bored == loop Owen DeLong (Mar 26)
    - Re: Auto MDI/MDI-X + conference rooms + bored == loop Mark Foster (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop John Kristoff (Mar 29)
- RE: Auto MDI/MDI-X + conference rooms + bored == loop William Mullaney (Mar 30)
  - RE: Auto MDI/MDI-X + conference rooms + bored == loop Trey Valenta (Mar 30)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Michael Sokolov (Mar 26)