On 12/10/2016 21:51, Tom Hill wrote:
On 12/10/16 18:06, David Wilkinson wrote:
Should split horizon stop the loops when connecting downstream switches
in a resilient configuration?
It can't when you've the ability to loop a broadcast frame around via
devices that aren't party to the split horizon forwarding. I'm not
certain this is really how VPLS was supposed to be used, in all honesty.
I thought that was the case.
Your 4948s at each site /should not/ be able to broadcast between each
other; they ought to both go to a single PE. Anything between them then
relies on the PEs (and split horizon forwarding) for loop avoidance.
Assuming that you can't do that for some reason, then perhaps just
removing the LAG/STP misconfiguration protection (and sticking with
PVST) will solve your current woes.
For now, I think it I will disable the LAG/STP misconfiguration
protection, that will at least solve the issue in the short term.
I do, however, wonder if MST-AG might be safer for you in the long run:
https://supportforums.cisco.com/document/61401/asr9000xr-using-mst-ag-mst-access-gateway-mst-and-vpls
Mainly because the PEs would then know what's going on. It might provide
faster convergence across the VFI, too.
Interesting, I will look in to that further, I see there is a PVST-AG as
well which might be more suited.
It may have to wait until we get our next set of ASRs for me to lab it
up before rolling it out across the network.
To add some further resilience, you could look at multi-homed VPLS (or
EVPN) which would involve MC-LAG from both local PEs towards each 4948.
You'd still use the same number of 10G links as you are now. Less, if
the 4948s aren't interconnected.
I did originally look at MC-LAG down to the 4948s however they are in
different racks so didn't seem worth it with the extra cabling costs.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
