• December 04, 2020, 09:16:42 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Correct SLPP config for square cluster  (Read 8521 times)

0 Members and 1 Guest are viewing this topic.

Offline Johan Witters

  • Sr. Member
  • ****
  • Posts: 252
    • BKM Networks
Correct SLPP config for square cluster
« on: February 10, 2012, 04:39:11 AM »
I've read a lot about SLPP in the Nortel/Avaya docs and on this forum, but I still haven't figured out the correct configuration for a square cluster network. The problem is partially caused by me finding 3 Navaya documents about SLPP all indicating different configurations (8000 advanced configuration and troubleshooting course student lab guide, switch clustering best practices and switch clustering using SMLT)

The reason for my question is that I have an installation with a square cluster with SLPP on the core links and RSTP on the links to the edge, including BPDU-filtering and rate limiting. The customer linked a Netgear switch to one of the edge switches, but did not enable rstp on that switch. Afterwards they made a loop on that Netgear...

At the moment of the loop the 2 clusters got separated from each other because SLPP blocked the links between the clusters. Because SLPP is not enabled on the ISTs, the clusters themselves were unharmed.
SLPP was configured as per the guides: threshold 5 on primary link, 50 on the secondary link..

Avaya helpdesk recommended to reset the counters and try again, otherwise to disable SLPP on the secondary link...

I'm thinking of changing thresholds to 5 (primary) and 200 (secondary), but I'm hoping someone could provide with some "from the field" tips about this instead of testing lab settings..


Thanks in advance,

Johan
Kind regards,

Johan Witters

Network Engineer
BKM NV


Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: Correct SLPP config for square cluster
« Reply #1 on: February 10, 2012, 10:17:47 AM »
I'm not quite following your description but let's talk about the Netgear.

The edge switch should have blocked the port using STP (STP,RSTP,MSTP), or if the Netgear is a switch it should have blocked the port with BPDU filtering enabled.  The loop would eventually return the same BPDU to the edge switch and it should have shutdown the port. The problem should not have moved passed that point.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Jon Hurtt

  • Sr. Member
  • ****
  • Posts: 142
Re: Correct SLPP config for square cluster
« Reply #2 on: February 10, 2012, 12:58:38 PM »
See if this will shed some light on SLPP for Square/Full Mesh SMLT. Note the Edge switch has 802.3ad LAG for its uplinks.

Offline Johan Witters

  • Sr. Member
  • ****
  • Posts: 252
    • BKM Networks
Re: Correct SLPP config for square cluster
« Reply #3 on: February 13, 2012, 10:33:44 AM »
Hi Michael,

The netgear is indeed a switch... BPDU-filtering eventually disables the port, but by that time the SMLT links between the 2 clusters are already blocked..

Jon,

The example you describe is for RSMLT square, I have a simple layer2 square with VRRP. But I looked into the config guide and I saw the correct configuration for this kind of cluster would be to disable SLPP on the "secundary" SMLT link between the clusters...

I'll give it a try in the weekend and hope nothing burns down...


Thx
Kind regards,

Johan Witters

Network Engineer
BKM NV

Offline Dominik

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1564
    • Networkautobahn
Re: Correct SLPP config for square cluster
« Reply #4 on: February 14, 2012, 10:30:39 AM »
Hi Johann,

in my expierence the treshould of 5 on the primary link is much to aggressive.
I would try to use a value of 50 on the primary and 200 on the secondary link.
The links between the 2 Switchcluster should use a higher treshould e.g. 100 primary and 300 on the secondry, so that always the connection to one of the edge switches goes down first, when you have a loop on one of these.

With SW 5.5 for the ERS4000 switch famaly and SW 6.2.3 for the ERS5000 Avaya will introduced the new SLPP guard feature, wich would also be a soltion for your problem.
SLPP Guard will shut down a port where SLPP packets are received. You get a log entry and a trap for that event. It will only helps you if you have a loop across 2 edge switches, if the Loop is located on only one device you still need STP to prevent that.

To setup SLPP guard use these commands:
default slpp-guard ethertype  >> ethertype must be set globally
slpp-guard ethertype <0x1-0xffff> >> you can also change the ethertype if you like to a different value

slpp-guard [port] enable timeout [seconds delay until the switch reanbles the port]

Good Luck
Itīs always the networks fault!
networkautobahn.com

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: Correct SLPP config for square cluster
« Reply #5 on: February 14, 2012, 06:07:55 PM »
The netgear is indeed a switch... BPDU-filtering eventually disables the port, but by that time the SMLT links between the 2 clusters are already blocked..

I've found BPDU filtering to be near instantaneous for me... the second the switch sees a STP BPDU frame it will shutdown the port. I'm wondering if you have your timers set to aggressive (as mentioned above) and your not giving the other features a chance to remedy the problem.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Johan Witters

  • Sr. Member
  • ****
  • Posts: 252
    • BKM Networks
Re: Correct SLPP config for square cluster
« Reply #6 on: February 27, 2012, 04:19:08 AM »
Hello guys,

thanks for all the info...

I reconfigured SLPP in the core and enabled SLPP Guard on the edges. Failure testing indicated all links with loops etc got blocked by either SLPP guard or BPDU filtering...

Problem solved and customer happy :)
Kind regards,

Johan Witters

Network Engineer
BKM NV

Offline mixthoor

  • Full Member
  • ***
  • Posts: 53
Re: Correct SLPP config for square cluster
« Reply #7 on: August 09, 2016, 06:00:32 AM »
I have the equal problem on my network. I want to active the SLPP-Guard on Egde switches . Should I activate the SLPP-Guard on UPLINK MLT (connection to SMLT Cluster: VPS 7024 with SLT) or on all Access Ports (Edge Ports, connection to hosts, VoIP Phones, other mini unmanaged switches)?

I saw the docu:
- https://downloads.avaya.com/css/P8/documents/100134063
- https://support.avaya.com/ext/index?page=content&id=ADMN112512&group=UG_ENTITLED_CUSTOMER
- https://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiO67q1iLTOAhWB7RQKHXgCBM0QFggcMAA&url=https%3A%2F%2Fdownloads.avaya.com%2Fcss%2FP8%2Fdocuments%2F100181081&usg=AFQjCNFhYH6zkxeHNJx-vIkgrZFPzKlbbw&sig2=xWJunpy4vMhpQm0j64x6BA&bvm=bv.129389765,d.d24

with the quotes:
Quote
In some networks due to moves, adds or changes, it could be possible to create a loop within the customers networks by connecting an edge port back to a port of the switch cluster. When operational, SLPP-guard will immediately administratively disable a port when a SLPP packet is received on a port and generate a local log message, syslog message (if the syslog server(s) are configured) and SNMP traps (if SNMP trap receivers are configured).
- Source: VSP 9000 VSP 4000: Best Practices for Enabling SLPP On Core Ports In Square or Mesh Topology and SLPP Guard On Edge Switches

Quote
Starting with release 10.4 for the VSP 7000, SLPP-Guard can be enabled on MLT/LACP links
- Source: Switch Clustering Best Practices, NN48500-584, Page 50

So I understand, that on Edge Switches I need to configure SLPP-GUARD only on edge ports, not uplink ports. Right?
ACE-Fx I #00531

Offline CptnBlues63

  • Sr. Member
  • ****
  • Posts: 100
Re: Correct SLPP config for square cluster
« Reply #8 on: August 16, 2016, 12:46:22 PM »
So I understand, that on Edge Switches I need to configure SLPP-GUARD only on edge ports, not uplink ports. Right?

That's my understanding as well.

We have SLPP-Guard and BPDU-filtering enabled on all access ports and not on trunk (MLT) ports on all edge switches.  We also have SLPP enabled on our core switches.

In my own testing, plugging a looped 8 port (stupid) switch into a 5520 port protected by SLPP-Guard and BPDU-filtering caused the port itself on the 5520 to shut down. 

A week or so back someone from our facilities department accidentally plugged a looped 8 port switch into a redundant cluster of 5632's that didn't have SLPP-Guard and BPDU-filtering enabled on the access ports (oops, missed that pair......lol..........it's fixed now!)  and it caused the uplink (SMLT) ports to the cores to shut off at the core end (SLPP took care of that).