Auto MDI/MDI-X + conference rooms + bored == loop
Chuck Anderson
cra at WPI.EDU
Fri Mar 26 23:48:32 UTC 2010
On Fri, Mar 26, 2010 at 06:56:15PM -0400, Anton Kapela wrote:
> In general, I avoid the potential for layer2 loops to any
> user-accesible layer2 ports in a manner that many edge network and
> broadband providers may find familiar -- vlan per user, tail, port,
> etc. -- aggregated in a hierarchical manner within the building,
> metro area, or city.
If you have 2 network jacks next to each other in a conference room,
do they each get configured as a separate "user"? What happens if a
user connects them together? What happens if a user plugs a desktop
switch into one of them, then connects two ports on *that* switch
together?
> avoiding the preconditions necessary for loops/etc to pose a problem
> to the agg/border/etc of a network. Don't worry about users' being
Would this work in a collapsed L2/L3 core (no agg, no L3 at edge)?
> After the access ports are setup and trunking per-port layer2 frames
> up to the l3 edge (could be 3550, 650x, mwr-1941, etc), we have
> pages of things like:
When doing 1:1 VLAN:Port mapping, can you do more than 4096
VLANs/ports? Or are you doing QinQ?
> A few words on this config: in what you see above, a user simply
> cannot introduce enough traffic to the network (unicast) to matter
> (i.e. perhaps they create an unknown unicast dest flood..), and will
> be shut down if they spew enough bcast/mcast frames (thresholds set
> appropriate given your expected end-user profiles). Further, only
> the first 10 mac addresses can ride this bus (sorry, no LAN parties
> without prior approval), mitigating concerns for CAM or vlan table
> exhaustion. Lastly, no funky l3/4 acl's are required to prevent
> users handing out DHCP addresses, leaking RA's, or fronting ARP as
> your routers MAC address to their vlan-sharin' neighbors--simply
> because they don't get to send layer2 frames to anyone but the
> upstream routers control plane.
Cool, but I'm not sure this will work in my non-Cisco campus
environment with 10,000 edge ports.
Thanks.
More information about the NANOG
mailing list