Mailing List Archive

Hi,

On Mon, Jun 24, 2013 at 04:27:18PM +0200, Marcin Kuczera wrote:
> hello,
>
> is there any AUTOMATIC method of loop detection and -> port blocking in
> EXOS ?
> (at the moment 15.3.1.4)
>
> At the moment I use on external ports limits:
> Broadcast Rate: 500 packets-per-second
> Multicast Rate: 2000 packets-per-second
> Unknown Dest Mac Rate: 2000 packets-per-second
>
> But, maybe there is a possibility tu use some automatic reaction instead
> like disablig ports with rates exceding given values ?

Have you tried ELRP protocol?
From Concepts Guide:

"The Extreme Loop Recovery Protocol (ELRP) is used to detect network loops
in a Layer 2 network."

Page 1476 in Concepts Guide for XOS Version 12.6.

--
MINO-RIPE
_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp

On 2013-07-03 18:43, Alexander Shikoff wrote:
> Hi,
>
> On Mon, Jun 24, 2013 at 04:27:18PM +0200, Marcin Kuczera wrote:
>> hello,
>>
>> is there any AUTOMATIC method of loop detection and -> port blocking in
>> EXOS ?
>> (at the moment 15.3.1.4)
>>
>> At the moment I use on external ports limits:
>> Broadcast Rate: 500 packets-per-second
>> Multicast Rate: 2000 packets-per-second
>> Unknown Dest Mac Rate: 2000 packets-per-second
>>
>> But, maybe there is a possibility tu use some automatic reaction instead
>> like disablig ports with rates exceding given values ?
> Have you tried ELRP protocol?
> From Concepts Guide:
>
> "The Extreme Loop Recovery Protocol (ELRP) is used to detect network loops
> in a Layer 2 network."
>
> Page 1476 in Concepts Guide for XOS Version 12.6.
>

No, because this is per VLAN, so must be turned on on every vlan.

Marcin


--

Marcin Kuczera / Specjalista d/s telekomunikacji, Wiceprezes Zarza;du
+48 32 440 80 71/ marcin.kuczera@leon.pl <mailto:marcin.kuczera@leon.pl>

Leon Sp. z o.o.
ul. Kilin'skiego 33d, 44-200 Rybnik
http://www.leon.pl/

INTERNET | TELEWIZJA | TELEFON

KRS 0000223101 Sa;d Rejonowy w Gliwicach
Kapita? zak?adowy 200.000 z?
NIP: 6332068698

Hello,

it depends of what you want exactly, if it's to create a loop free and
safe topology, Rapid STP, ELRP, EAPS, MLAG and so on can be used.

If it's more to react in case of a loop occuring, you can use meters,
rate-limiting or even the dos-protect functionnalitty.

Regards,

Tristan Fauriant
Réseau / Pôle Site Distant
STIME- Parc de Treville
tfauriant@mousquetaires.com
Tel. : 0169645346



De : Marcin Kuczera <marcin@leon.pl>
A : Extreme List <extreme-nsp@puck.nether.net>
Date : 13/07/2015 00:36
Objet : Re: [e-nsp] LoopDetect on x650
Envoyé par : "extreme-nsp" <extreme-nsp-bounces@puck.nether.net>



On 2013-07-03 18:43, Alexander Shikoff wrote:
Hi,

On Mon, Jun 24, 2013 at 04:27:18PM +0200, Marcin Kuczera wrote:

hello,

is there any AUTOMATIC method of loop detection and -> port blocking in
EXOS ?
(at the moment 15.3.1.4)

At the moment I use on external ports limits:
Broadcast Rate: 500 packets-per-second
Multicast Rate: 2000 packets-per-second
Unknown Dest Mac Rate: 2000 packets-per-second

But, maybe there is a possibility tu use some automatic reaction instead
like disablig ports with rates exceding given values ?


Have you tried ELRP protocol?
From Concepts Guide:

"The Extreme Loop Recovery Protocol (ELRP) is used to detect network loops

in a Layer 2 network."

Page 1476 in Concepts Guide for XOS Version 12.6.



No, because this is per VLAN, so must be turned on on every vlan.

Marcin


--
Marcin Kuczera / Specjalista d/s telekomunikacji, Wiceprezes Zarz±du
+48 32 440 80 71/ marcin.kuczera@leon.pl
Leon Sp. z o.o.
ul. Kiliñskiego 33d, 44-200 Rybnik
http://www.leon.pl/
INTERNET | TELEWIZJA | TELEFON
KRS 0000223101 S±d Rejonowy w Gliwicach
Kapita³ zak³adowy 200.000 z³
NIP: 6332068698_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp

On 24/06/13 15:27, Marcin Kuczera wrote:
> At the moment I use on external ports limits:
> Broadcast Rate: 500 packets-per-second
> Multicast Rate: 2000 packets-per-second
> Unknown Dest Mac Rate: 2000 packets-per-second

Something I discovered through pain and suffering, was that (at least in
the X440) these rate-limiters are measured in the ASIC at a
per-millisecond rate, relative to your configured per-second rate.

So in the example example, frames would be dropped over 5ppms, 200ppms &
200pmms respectfully.

Hit me hard where we have a lot of CARP-enabled VLANs on a switchport
connected to an openbsd firewall. With a configured rate-limit of
5000pps for multicast, we hit problems with ~25 VLANs (v4 & v6 are
separate multicast MACs).

I thought this might be useful knowledge given the discussion has looped
back to rate-limits again. But maybe you all knew already! :)

--
Tom

_______________________________________________
extreme-nsp mailing list
extreme-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/extreme-nsp