nortel 8300

(1)

Nortel Ethernet Routing Switch 8300

Configuration — VLANs,

Spanning Tree, and Static

Link Aggregation using Device

Manager

(2)

The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks.

The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license. The software license agreement is included in this document.

Trademarks

*Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other products or services may be trademarks, registered trademarks, service marks, or registered service marks of their respective owners.

The asterisk after a name denotes a trademarked item.

Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Statement of conditions

In the interest of improving internal design, operational function, and/or reliability, Nortel Networks reserves the right to make changes to the products described in this document without notice.

Nortel Networks does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission.

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties).

(3)

"Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.

1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the

Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ("CFE"), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software.

2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,

Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE

LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The foregoing limitations of remedies also apply to any developer and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.

4. General

a. If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

(4)

(5)

5

New in this release

The following sections detail what is new in Configuration — VLANs,

Spanning Tree, and Static Link Aggregation using Device Manager

(NN46200-510) for Release 4.0.

• "Features" (page 11) • "Other changes" (page 11)

Features

See the following sections for information about feature changes:

• "Simple Loop Prevention Protocol" (page 52)

• "Configuring Simple Loop Prevention Protocol" (page 103) • "Port auto recovery" (page 54)

Other changes

See the following sections for information about changes that reflect the upgrade to eight port multilink trunking (MLT) for this release:

• Table 22 "MLT dialog box - MultiLink Trunks fields" (page 112) • "Adding ports to a link aggregation group" (page 113)

• "Adding an MLT-based SMLT" (page 120) • "Link aggregation rules" (page 30)

(12)

(13)

13

Preface

The Nortel* Ethernet Routing Switch (ERS) 8300 is a flexible and multifunctional Layer 2/Layer 3 switch that supports diverse network architectures and protocols. The ERS 8300 provides security and control features such as Extensible Authentication Protocol over LAN (EAPoL), Simple Network Management Protocol, Version 3 (SNMP3), and Secure Shell (SSH). The ERS 8300 provides quality of service (QoS) for a high number of attached devices and supports future network requirements for QoS for critical applications, such as Voice over IP (VoIP).

Java Device Manager (Device Manager) is a graphical user interface (GUI) used to configure and manage 8300 Series switches. You install it on a management station in the network. For instructions on installing and starting Device Manager on a Windows*, UNIX*, or Linux* platform, refer to Nortel Ethernet Routing Switch 8300 Fundamentals — Using Device

Manager (NN46200-303). The manual also describes some common

startup problems and how to troubleshoot them.

This guide describes how to use Device Manager to configure VLANs, spanning tree, and static link aggregation for the 8300 Series switches.

Before you begin

This guide is intended for network administrators who have the following background:

• basic knowledge of networks, Ethernet bridging, and IP routing

• familiarity with networking concepts and terminology

• experience with windowing systems or GUIs

(14)

For installation instructions, see Nortel Ethernet Routing Switch 8300

Installation — Chassis Installation and Maintenance (NN46200-304)

andNortel Ethernet Routing Switch 8300 Installation — Modules (NN46200-305).

2 Connect the switch to the network.

For more information, see Getting Started (316799-C).

—End—

Ensure that you are running the latest version of Nortel ERS 8300 software. For information about upgrading the ERS 8300, see Nortel Ethernet Routing

Switch 8300 Upgrades — Software Release 4.0(NN46200-400).

How to get help

This section explains how to get help for Nortel products and services.

Getting help from the Nortel web site

The best way to get technical support for Nortel products is from the Nortel Technical Support web site:

www.nortel.com/support

This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. From this site, you can:

• Download software, documentation, and product bulletins.

• Search the Technical Support Web site and the Nortel Knowledge Base for answers to technical issues.

• Sign up for automatic notification of new software and documentation for Nortel equipment.

• Open and manage technical support cases.

Getting help over the phone from a Nortel Solutions Center

If you do not find the information you require on the Nortel Technical Support web site, and you have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center.

In North America, call 1-800-4NORTEL (1-800-466-7835).

Outside North America, go to the following web site to obtain the phone number for your region:

(15)

How to get help 15

Getting help from a specialist using an Express Routing Code

To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to: www.nortel.com/erc

Getting help through a Nortel distributor or reseller

If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller.

(16)

(17)

17

VLANs, Spanning Tree, and Static Link

Aggregation

This chapter describes Virtual LANs, spanning tree groups, and link aggregation. The following topics are included:

• "VLANs" (page 17)

• "Spanning Tree Protocol (STP)" (page 26) • "Static link aggregation" (page 29)

• "Split MultiLink Trunking" (page 34)

• "Simple Loop Prevention Protocol" (page 52) • "Port auto recovery" (page 54)

• "VLAN, STG, and link aggregation feature support" (page 55)

VLANs

With a virtual LAN (VLAN), you can divide your LAN into smaller groups without interfering with the physical network. You can use VLANs to:

• Create workgroups for common interest groups.

• Create workgroups for specific types of network traffic.

• Add, move, or delete members from these workgroups without making any physical changes to the network.

By dividing the network into separate VLANs, you can create separate broadcast domains. This conserves bandwidth, especially in networks supporting broadcast and multicast applications that flood the network with traffic. A VLAN workgroup can include members from a number of dispersed physical segments on the network, improving traffic flow between them.

(18)

The ERS 8300 supports port-based VLANs and policy-based VLANs. This section includes the following topics:

• "VLAN ports" (page 18)

• "Port-based VLANs" (page 18) • "Policy-based VLANs" (page 19) • "Protocol-based VLANs" (page 20)

• "Independent VLAN Learning (IVL)" (page 22) • "VLAN tagging and port types" (page 22) • "VLAN router interfaces" (page 24) • "VLAN implementation" (page 24)

VLAN ports

A Virtual LAN is made up of a group of ports that define a logical broadcast domain. These ports can belong to a single switch, or they can be spread across multiple switches. In a VLAN-aware switch, every frame received on a port is classified as belonging to only one VLAN. Whenever a broadcast, multicast, or unknown destination frame needs to be flooded by a VLAN-aware switch, the frame is sent out through only the other active ports that are members of this VLAN.

The default switch configuration groups all ports into the port-based default VLAN 1. This VLAN cannot be deleted from the system, and is statically bound to the default spanning tree group (STG).

Port-based VLANs

A port-based VLAN is a VLAN with ports explicitly configured as members. When creating a port-based VLAN, you assign a VLAN identification number (VID) and specify the ports that belong to the VLAN. The VID is used to coordinate VLANs across multiple switches.

The example inFigure 1 "Port-based VLAN" (page 19) shows two

port-based VLANs: one for the marketing department and one for the sales department. Ports are assigned to each port-based VLAN. A change in the sales area can move the sales representative at port 3/1 (the first port in the I/O module in chassis slot 3) to the marketing department without moving cables. With a port-based VLAN, you only need to indicate in Device Manager or the CLI that port 3/1 in the sales VLAN now is a member of the marketing VLAN.

(19)

VLANs 19

Figure 1

Port-based VLAN

Policy-based VLANs

The ERS 8300 supports a total of 500 unique policy-based VLANS.

However, there are some restrictions on the number of types of policy-based VLANs.

In a policy-based VLAN, a port can be designated as always a member or never a member. Table 1 "Port membership types for policy-based VLANS" (page 19)describes these port membership types.

Table 1

Port membership types for policy-based VLANS

Membership type Description

Static(Always a member) Static members are always active members of the VLAN, when configured as belonging to that VLAN. This membership type is used in policy-based and port-based VLANs.

(20)

A non-tagged port can belong to multiple VLANs, as long as the VLANs are not of the same type but are in the same spanning tree group.

Protocol-based VLANs

Protocol-based VLANs are an effective way to segment your network into broadcast domains according to the network protocols in use. Traffic generated by any network protocol — IPX, Appletalk, and so forth — can be automatically confined to its own VLAN.

Port tagging is not required for a port to be a member of multiple protocol-based VLANs.

The ERS 8300 supports the following protocol-based VLANs:

• IP version 4 (ip)

• Novell IPX on Ethernet 802.3 frames (ipx802dot3)

• Novell IPX on IEEE 802.2 frames (ipx802dot2)

• Novell IPX on Ethernet SNAP frames (ipxSnap)

• Novell IPX on Ethernet Type 2 frames (ipxEthernet2)

• AppleTalk on Ethernet Type 2 and Ethernet SNAP frames (AppleTalk)

• DEC LAT Protocol (decLat)

• Other DEC protocols (decOther)

• IBM SNA on IEEE 802.2 frames (sna802dot2)

• IBM SNA on Ethernet Type 2 frames (snaEthernet2)

• NetBIOS Protocol (netBIOS)

• Xerox XNS (xns)

• Banyan VINES (vines)

• IP version 6 (ipv6)

• Reverse Address Resolution Protocol (RARP)

• User-defined protocols

Example: IPX protocol-based VLAN

You can create a VLAN for the IPX protocol and place ports carrying substantial IPX traffic into this new VLAN.

InFigure 2 "Dynamic protocol-based VLAN" (page 21), the network manager placed ports 7/1, 3/1, and 3/2 in an IPX VLAN. These ports still belong to their respective marketing and sales VLANs, but they are also new members of the IPX VLAN. This arrangement localizes traffic and ensures that only three ports are flooded with IPX broadcast packets.

(21)

VLANs 21

Figure 2

Dynamic protocol-based VLAN

User-defined protocol-based VLANs

You can create user-defined protocol-based VLANs in support of networks with non-standard protocols. For user-defined protocol-based VLANs, you can specify the Protocol Identifier (PID) for the VLAN. For release 2.1, you can enter the PID as a range of hexadecimal identifiers separated by a comma (,) a dash (-), or some combination of the two. Note that you can provide a maximum of 8 PIDs in this range.

Frames that match the specified PID for the following are assigned to that user-defined VLAN:

• the ethertype for Ethernet type 2 frames

• the PID in Ethernet SNAP frames

• the DSAP or SSAP value in Ethernet 802.2 frames

Table 2 "PIDs not available for user-defined protocol-based VLANs" (page 21)lists the predefined policy-based PIDs, which are reserved and cannot be designated as user-defined PIDs.

Table 2

PIDs not available for user-defined protocol-based VLANs

PID (hex) Description

04xx, xx04 sna802dot2

(22)

PID (hex) Description

0800 IP

0806 ARP

8035 RARP

809B, 80F3 AppleTalk

8100 Reserved by IEEE 802.1Q for tagged frames

8137, 8138 ipxEthernet2 and ipxSnap

80D5 snaEthernet2

86DD ipv6

8808 IEEE 802.3x pause frames

9000 Used by diagnostic loopback frames

Independent VLAN Learning (IVL)

In the ERS 8300, each VLAN has its own, independent, forwarding database. That is, the same MAC address can be learned in different VLANs; and, based on the VLAN receiving traffic for this address, the switch is able to forward to this MAC address without any confusion. This means that before the switch can look up the source or destination MAC address in a received frame, or before it can decide whether to bridge or to route a frame, it must first determine the VLAN that the frame belongs to. The IVL mode is used to learn MAC addresses in the context of the VLAN they belong to.

VLAN tagging and port types

The ERS 8300 uses IEEE 802.1Q tagging of frames and coordinating VLANs across multiple switches. Figure 3 "VLAN tag insertion" (page 22)shows the additional 4-octet (tag) header inserted into a frame after the source address and before the frame type. The tag contains the VLAN ID associated with the frame.

Figure 3

(23)

VLANs 23

802.1Q tagged ports

Tagging a frame adds four octets to a frame, making it bigger than the traditional maximum frame size. These frames are sometimes referred to as "baby giant" frames. If a device does not support IEEE 802.1Q tagging, it can have problems interpreting tagged frames and receiving baby giant frames.

In the ERS 8300, your port level configuration determines whether tagged frames are sent and received. Tagging is set as true or false for the port and is applied to all VLANs on that port.

When you enable tagging on an untagged port, the port’s previous configuration of VLANs and STGs is lost. In addition, the port resets and runs Spanning Tree Protocol, thus breaking connectivity while the protocol goes through the normal listening and learning states before the forwarding state.

A ERS 8300 port with tagging enabled sends frames explicitly tagged with a VLAN ID. Tagged ports are typically used to multiplex traffic belonging to multiple VLANs to other IEEE-802.1Q-compliant devices.

If tagging is disabled on a ERS 8300 port, it does not send tagged frames. A nontagged port connects the ERS 8300 to devices that do not support IEEE 802.1Q tagging. If a tagged frame is forwarded out a port on which tagging is set to false, the switch removes the tag from the frame before sending it out the port.

If a port is set for tagging on a ERS 8300, and the port is also a member of an untagged multilink trunk (MLT), or the reverse is true. The port settings on the MLT overrides.

Treatment of tagged and untagged frames

A ERS 8300 associates a frame with a VLAN based on the data content of the frame and the configuration of the destination port. Whether the frame is tagged or untagged dictates how that frame is treated.

If a tagged frame is received on a tagged port, with a VLAN ID specified in the tag, the ERS 8300 directs it to that VLAN, if it is present.

For untagged frames, VLAN membership is implied from the content of the frame itself. For untagged frames received on a tagged port, you can configure the port to either discard or accept the frame. If you configure

(24)

How the frame is forwarded is based on the VLAN the frame is received and on the forwarding options available for that VLAN. A ERS 8300 tries to associate untagged frames with a VLAN in the following order:

• Does the frame belong to a protocol-based VLAN?

• What is the port-based VLAN of the receiving port?

If the frame meets none of the preceding criteria, it is discarded.

VLAN router interfaces

Virtual router interfaces correspond to routing on a virtual port associated with a VLAN. This type of routing is the routing of IP traffic to and from a VLAN. Because a given port can belong to multiple VLANs (some of which are configured for routing on the switch and some of which are not), there is not a one-to-one correspondence between the physical port and the router interface. For VLAN routing, the router interface for the VLAN is called a virtual router interface because the IP address is assigned to an interface on the routing entity in the switch. This initial interface has a one-to-one correspondence with a VLAN on any given switch.

The ERS 8300 chassis supports 4096 MAC addresses. If you are using an 8600 chassis, make sure it supports 4096 MAC addresses. You can install the 8600 MAC upgrade kit to support 4096 MAC addresses. For more information, see the publication, Adding MAC addresses to the 8600 Series Switch (part number 212486-A).

VLAN implementation

This section describes how to implement VLANs on a ERS 8300. The following topics are included:

• "Default VLANs" (page 24) • "Unassigned VLANs" (page 24) • "VLAN rules" (page 25)

Default VLANs

The ERS 8300 is factory configured with all ports residing in a port-based VLAN and default spanning tree group (STG) 1. With all ports in this default VLAN, the switch behaves like a layer 2 switch. The VLAN ID of this default VLAN is always 1, and it is always a port-based VLAN. The default VLAN cannot be deleted.

Unassigned VLANs

The unassigned VLAN is a port-based VLAN that acts as a placeholder for ports that are removed from other port-based VLANs. Ports can belong to policy-based VLANs as well as to the unassigned VLAN. If a frame does not meet any policy criteria and there is no underlying port-based VLAN, the

(25)

VLANs 25

port belongs to the unassigned VLAN and the frame is dropped. Only ports in the unassigned VLAN have no spanning tree group association, so they do not participate in Spanning Tree Protocol negotiation; that is, no BPDUs are sent out of ports in the unassigned VLAN.

The unassigned VLAN cannot be deleted or viewed. If a user-defined spanning tree group is deleted, the ports are moved to the unassigned VLAN and can later be assigned to another spanning tree group. Moving the ports to the unassigned VLAN avoids creating unwanted loops and duplicate connections. If routing is disabled in these ports, the port is completely isolated and no layer 2 or layer 3 functionality is provided. The unassigned VLAN is useful for security concerns or when using a port for monitoring a mirrored port.

VLAN rules

Table 3 "VLAN rules" (page 25)describes the VLAN rules for the ERS 8300.

Table 3 VLAN rules

• In addition to the default VLAN, the ERS 8300 supports 4000 VLANs. VLAN IDs range in value from 1 to 4000. See note1

• If you enable tagging on a port in a VLAN, the spanning tree group configuration for that port is lost. To preserve VLAN assignment of ports, enable tagging on the ports before you assign the ports to VLANs.

• Tagged ports can belong to multiple VLANs and multiple spanning tree groups. When a tagged port belongs to multiple spanning tree groups, the BPDUs are tagged for all spanning tree groups except for spanning tree group number 1. Under the default configuration, the default is spanning tree group number 1.

• An untagged port can belong to only one port-based VLAN. A port in a port-based VLAN can belong to other policy-based VLANs.

• An untagged port can belong to only one policy-based VLAN for a given protocol. For example, a port can belong to only one policy-based VLAN where the policy is IPX802dot2 protocol. • A VLAN cannot span multiple spanning tree groups; that is, the ports in the VLAN must all

be within one spanning tree group. Spanning tree group IDs can range in value from 1 to 64. See note 1

• A frame’s VLAN membership is determined by the following order of precedence: 1. VLAN ID in the frame’s VLAN tag

(26)

Spanning Tree Protocol (STP)

The operation of the Spanning Tree Protocol (STP) is defined in the IEEE Std 802.1D. The Spanning Tree Protocol detects and eliminates logical loops in a bridged or switched network. When multiple paths exist, the spanning tree algorithm configures the network so that a bridge or switch uses only the most efficient path. If that path fails, the protocol automatically reconfigures the network to make another path become active, thus

sustaining network operations. You can control path redundancy for VLANs by implementing the panning Tree Protocol (STP).

A network can include multiple instances of STP. The collection of ports in one spanning tree instance is called a spanning tree group (STG).

This section includes the following topics:

• "Spanning tree groups" (page 26) • "Spanning Tree modes" (page 28) • "Spanning Tree FastStart" (page 28)

• "Understanding STGs and VLANs" (page 28)

• "Spanning Tree Protocol topology change detection" (page 29)

Spanning tree groups

Each STG consists of a collection of ports that belong to the same instance of the STP protocol. These STP instances are completely independent from each other (for example, they send their own BPDUs, they have their own timers, and so on).

Multiple STGs are possible within the same switch; that is, the routing switch can participate in the negotiation for multiple spanning trees.

Figure 4 "Multiple spanning tree groups" (page 27)shows multiple spanning tree groups.

(27)

Spanning Tree Protocol (STP) 27

Figure 4

Multiple spanning tree groups

Spanning Tree Protocol controls

The ports associated with a VLAN and VLANs themselves must be contained within a single STG to prevents problems with spanning tree blocking ports and loss of connectivity within the VLAN.

Each untagged port can belong only one STG, while tagged ports can belong to more than one STG. When a tagged port belongs to more than one STG, the spanning tree bridge protocol data units (BPDUs) are tagged to distinguish those of one STG from those of another STG. BPDUs from STG 1 are not tagged. The tagged BPDUs are transmitted using a multicast MAC address as tagged frames with a VLAN ID. Because tagged BPDUs are not part of the IEEE 802.1D standard, not all devices can interpret tagged BPDUs.

You can enable or disable the Spanning Tree Protocol at the port or at the spanning tree group level. If you disable the protocol at the group level, received BPDUs are handled like a MAC-level multicast and flooded out the other ports of the STG. Note that an STG can contain one or more VLANs. Remember that MAC broadcasts are flooded out on all ports of a VLAN; a BPDU is a MAC-level message, but the BPDU is flooded out all ports on the STG, which can encompass many VLANs.

When STP is globally enabled on the STG, BPDU handling depends on the STP setting of the port:

(28)

Spanning Tree modes

ERS 8300 software release 2.2 introduces a Cisco-compatible Spanning Tree mode. By default, the Nortel STG (NTSTG) is enabled, and all BPDUs are sent on every MLT link. To use the Cisco-compatible Spanning Tree mode, disable NTSTG — BPDUs are sent on only one link of the aggregation group. See"Adding a link aggregation group" (page 110)for configuration instructions.

Spanning Tree FastStart

When enabled on a port with no other bridges, Spanning Tree FastStart brings the port up more quickly following switch initialization or a spanning tree change. The port goes through the normal blocking and learning states before the forwarding state, but the hold times for these states is the bridge hello timer (2 seconds by default) instead of the bridge forward delay timer (15 seconds by default). Thus, if FastStart is enabled on a port using the defaults of 2 seconds for Hello time and 15 seconds for Forward Delay time, it goes into the forwarding state in 4 seconds, instead of the usual 30 seconds. If the port sees a BPDU, it reverts to regular behavior.

Instead of disabling STP on a port, Nortel recommends enabling FastStart on the port as an alternative.

FastStart is intended for access ports where only one device is connected to the switch (as in workstations with no other spanning tree devices). It may not be desirable to wait the usual 30 to 35 seconds for spanning tree initialization and bridge learning.

Use Spanning Tree FastStart with caution. This procedure is contrary to that specified in the IEEE 802.1D standard for Spanning Tree Protocol (STP), in which a port enters the blocking state following the initialization of the bridging device or from the disabled state when the port is enabled through configuration.

Understanding STGs and VLANs

A VLAN can include all the ports in a given STG and there can be multiple VLANs in an STG, but a VLAN never has more ports than exist in the STG. The recommended practice is to plan STGs and then create VLANs. In the ERS 8300 default configuration, a single STG encompasses all the ports in the switch. For most applications, this configuration is sufficient. The default STG is assigned ID 1 (STG1).

If a VLAN spans multiple switches, it must be within the same STG across all switches; that is, the ID of the STG in which it is defined must be the same across all devices.

(29)

Static link aggregation 29

Spanning Tree Protocol topology change detection

Change detection enables the detection of topology changes and sends a topology change notification (TCN) to the Root, on an individual port basis. Change detection is enabled by default. When change detection is enabled and a topology change occurs, a trap is sent containing the following information so that you can identify the device:

• the MAC address of the STG sending the TCN

• the port number

• the STG ID

You can disable change detection on ports where a single end station is connected, and where powering that end station on and off triggers the TCN. Change detection is referenced in IEEE STD 802.1D.

Topology change detection configuration rules

The following rules apply to the Spanning Tree topology change detection setting.

Table 4

Spanning Tree Protocol topology change detection configuration rules

• You can configure change detection on access ports only. This also applies to link aggregation ports.

• If you disable change detection and then change the port from access to tagging-enabled, the switch automatically sets change-detection to enabled for the port. This also applies to link aggregation ports.

• In a link aggregation group with access ports, modifications to change detection for a member port are automatically applied to the remaining member ports.

Static link aggregation

Link aggregation is a point-to-point connection that aggregates multiple ports so that they logically act like a single port with the aggregated bandwidth. Grouping multiple ports into a logical link provides higher aggregate throughput on a switch-to-switch or switch-to-server application. Link aggregation provides media and module redundancy.

The ERS 8300 supports link aggregation in a static configuration mode where no LACP is used. The ERS 8300 link aggregation is interoperable with Baystack and Ethernet Routing Switch 8600 link aggregation, also referred to as MLT.

(30)

Link aggregation traffic distribution

Static aggregation groups can be used to aggregate bandwidth between two switches. The ERS 8300 distributes traffic by determining the active port in a link aggregation group that can be used for each outgoing packet. Link aggregation group algorithms provide load sharing while ensuring that packets do not arrive out of sequence.

The ERS 8300 determines the port a packet is transmitted through by:

• Tabulating the trunks and their active assigned port members for each link aggregation group. Ports defined as trunk members are written to the table in the order in which they are activated. If a link goes down, the table is rewritten with one less trunk member.

• Using a selected index, based on traffic type and a hashing algorithm.

Packet distribution methods

Table 5 "Methods of traffic distribution for packets with a trunk destination" (page 30)shows the methods used, by type of packet, to distribute packets with a trunk destination.

Table 5

Methods of traffic distribution for packets with a trunk destination

Type of packet MAC source address (SA) MAC destination address (DA) IPv4 source IP address (SIP) IPv4 destination IP address (DIP) Layer 3 protocol Bridged packet X X

Bridged packet with Layer 3 trunk load balancing

X X

Routed packet X X X

Trunk load sharing algorithms by traffic type

For information about hashing parameters and algorithms that are used for distributing link aggregation traffic, see Nortel Ethernet Routing Switch 8300

Planning and Engineering—Network Design Guidelines (NN46200-200).

Link aggregation rules

This section describes the rules for the link aggregation groups in the ERS 8300 ..

• Link aggregation is supported on 10BASE-T, 100BASE-TX, 100Base-FX, Gigabit Ethernet ports, and 10Gigabit Ethernet ports.

• The switch supports eight ports per aggregation group. All ports in a link aggregation group must be of the same media type and have the same speed and duplex settings.

(31)

• A physical port cannot belong to more than one link aggregation group.

• Link aggregation is compatible with the Spanning Tree Protocol.

• IEEE 802.1Q tagging is supported on a link aggregation group.

• All ports in a link aggregation group must be in the same STG unless they are tagged. If tagged, they can belong to multiple STGs.

• For static aggregation groups, follow these guidelines:

— For 8348TX, 8348TX-PWR, and 8324FX ports, you can use only link aggregation groups 1 to 7.

— For 8348GB, 8324GTX, 8324GTX-PWR, 8348GTX, and

8348GTX-PWR ports, as well as 8308XL, 8393SF, and 8394SF, you can use link aggregation groups 1 to 31.

See note1.

• In addition to the default VLAN, the ERS 8300 supports 4000 VLANs. VLAN IDs range in value from 1 to 4000.

• The ports in a link aggregation group can span modules, providing module redundancy.

• Bridged packet traffic (except for IP distribution) is distributed across the link aggregation group using a source and destination MAC address-based algorithm.

• Bridged and routed IP traffic is distributed across the link aggregation group using a source and destination MAC and IP address-based algorithm.

1 See Nortel Ethernet Routing Switch Release Notes — Software Release

4.0 (NN46200-401) for the latest information about supported software

and hardware capabilities.

Link aggregation examples

With link aggregation, you can group switch ports together to form a link to another switch or server, thus increasing aggregate throughput of the interconnection between the devices. When the Spanning Tree Protocol is enabled, Link aggregation software detects misconfigured or broken trunk links and removes the port from the link aggregation group.

(32)

Figure 5

Switch-to-switch link aggregation configuration

Each of the trunks shown inFigure 5 "Switch-to-switch link aggregation configuration" (page 32)can be configured with multiple switch ports to increase bandwidth and redundancy. When traffic between switch-to-switch connections approaches single port bandwidth limitations, creating a link aggregation group can supply the additional bandwidth required to improve performance.

Switch-to-server link aggregation configuration

Figure 6 "Switch-to-server link aggregation configuration" (page 33)shows a typical switch-to-server trunk configuration. In this example, file server FS1 utilizes dual MAC addresses, using one MAC address for each network interface card (NIC). No link aggregation group is configured to FS1. FS2 is a single MAC server (with a 4-port NIC) and is set up as trunk configuration T1.

(33)

Figure 6

Switch-to-server link aggregation configuration

Client/server link aggregation configuration

Figure 7 "Client/Server link aggregation configuration" (page 34)shows an example of how link aggregation can be used in a client/server configuration. In this example, both servers are connected directly to switch S1. FS2 is connected through a trunk configuration (T1).

The switch-to-switch connections are through trunks (T2, T3, T4, and T5). Clients accessing data from the servers (FS1 and FS2) are provided with maximized bandwidth through trunks T1, T2, T3, T4, and T5. On the ERS 8300, trunk members (the ports making up each trunk) do not have to be consecutive switch ports; they can be selected across different modules for module redundancy.

With spanning tree enabled and trunks T2 and T3 in the same spanning tree group, one of the trunks (T2 or T3) acts as a redundant (backup) trunk to switch S2, and STP blocks one of the trunks. With spanning tree disabled, neither trunk T2 nor trunk T3 is blocked; they must be configured into separate STGs to avoid a loop in the network.

(34)

Figure 7

Client/Server link aggregation configuration

With spanning tree enabled, ports that belong to the same link aggregation group operate as follows. All ports in the group must belong to the same spanning tree group if spanning tree is enabled. Identical bridge protocol data units (BPDUs) are sent out of each port. The group port ID is the ID of the lowest numbered port. If identical BPDUs are received on all ports, the link aggregation mode is forwarding. If no BPDU is received on a port or if BPDU tagging and port tagging do not match, the individual port is taken offline. Path cost is inversely proportional to the active link aggregation bandwidth.

Split MultiLink Trunking

This section describes the Split MultiLink Trunking (SMLT) feature. The following topics are included:

• "Overview" (page 35)

• "Advantages of SMLT" (page 36) • "How SMLT works" (page 38) • "Inter-Switch Trunks" (page 40)

(35)

Split MultiLink Trunking 35

• "CP-Limit and SMLT IST" (page 41)

• "Traffic flow in an SMLT environment" (page 42) • "Single port SMLT" (page 44)

• "SMLT topologies" (page 45)

• "Using MLT-based SMLT with single port SMLT" (page 49) • "SMLT network design considerations" (page 50)

• "SMLT and VRRP backup master" (page 51)

To configure SMLT using Device Manager, see"Configuring SMLT" (page 120).

Overview

Link Aggregation technologies have become popular for improving link bandwidth and to protect against link failures.

SMLT is an extension of link aggregation, which improves the level of Layer 2/Layer 3 resiliency by providing nodal protection in addition to link failure protection and flexible bandwidth scaling. SMLT achieves this by allowing edge switches using link aggregation to dual-home to two SMLT aggregation switches. SMLT is transparent to those attached devices that support link aggregation.

Because SMLT inherently avoids loops due to its superior enhanced link aggregation control protocol, when designing networks using SMLT, it is not necessary to use the IEEE 802.1d/w Spanning Tree protocols to enable loop-free triangle topologies.

With split multilink trunking, two aggregation switches can appear as a single device to edge switches, which are dual-homed to the aggregation switches. The aggregation switches are interconnected using an Inter-Switch Trunk (IST) and can exchange addressing and state information (permitting rapid fault detection and forwarding path modification). Although SMLT is primarily designed for Layer 2, it also provides benefits for Layer 3 networks.

ATTENTION

Layer 2 edge switches must support some form of link aggregation (such as MLT) to allow communications with the SMLT aggregation switches.

(36)

Advantages of SMLT

SMLT improves the reliability of Layer 2 networks that operate between edge switches and the network center aggregation switches by providing the following:

• load sharing among all links

• fast failover in case of link failures

• elimination of single point of failure

• fast recovery, in case of nodal failure

• transparent and interoperable solution

• elimination of STP convergence issues

These advantages are described in more detail in the sections that follow.

Single point of failure elimination

SMLT helps eliminate all single points of failure and create multiple paths from all edge switches to the core of the network. In case of failure, SMLT recovers as quickly as possible so that no unused capacity is created. Finally, SMLT provides a transparent and interoperable solution that requires no modification on the part of the majority of existing edge devices.

SMLT compared to Spanning Tree Protocol

Networks that are designed to have edge switches dual-homed to two aggregation switches, and that have VLANs spanning two or more edge switches, experience the following design constraints:

• spanning tree must be used to detect loops

• no load sharing exists over redundant links

• slow network convergence exists in case of failure (30–45 seconds)

Figure 8 "Resilient networks with Spanning Tree Protocol" (page 37)shows a typical aggregator switch configuration dependent upon STP for loop detection.

(37)

Figure 8

Resilient networks with Spanning Tree Protocol

As shown inFigure 9 "Resilient networks with SMLT" (page 38), with the introduction of SMLT, all dual-homed Layer 2 frame-switched network devices are no longer dependent upon STP for loop detection because a properly designed SMLT network inherently does not have any logical loops.

(38)

Figure 9

Resilient networks with SMLT

SMLT solves the Spanning Tree problem by combining two aggregation switches into one “logical” MLT entity, which makes it transparent to any type of edge switch. In the process, it provides quick convergence, while load sharing across all available trunks.

How SMLT works

Figure 10 "8300 switches as SMLT aggregation switches" (page

39)illustrates an SMLT configuration with a pair of 8300 switches (E and F) as aggregation switches. Also included are four separate edge switches (A, B, C, and D). Refer to the following sections for a description of the components shown in this SMLT example:

• "Inter-Switch Trunks" (page 40) • "CP-Limit and SMLT IST" (page 41)

(39)

Figure 10

8300 switches as SMLT aggregation switches

Other SMLT aggregation switch connections

Figure 10 "8300 switches as SMLT aggregation switches" (page 39)also includes end stations connected to each of the switches.

In this example, a, b1, b2, c1, c2, and d are clients and printers, while e and f can be servers or routers.

Edge switches B and C can use any method for determining a link of their multilink trunk connections to use for forwarding a packet, as long as the same link is used for a given Source/Destination (SA/DA) pair. This is true, regardless of whether or not the DA is known by B or C. SMLT aggregation switches always send traffic directly to an edge switch and only use the IST for traffic that they cannot forward in another more direct way.

The examples that follow explain the process in more detail:

(40)

Example 1-Traffic flow from a to b1 or b2 Assuming a and b1/b2 are communicating using Layer 2, traffic flows from A to switch E and is forwarded over the direct link to B. Traffic coming from b1 or b2 to a is sent by B on one of its MLT ports.

B sends traffic from b1 to a on the link to switch E, and traffic from b2 to a on the link to F. In the case of traffic from b1, switch E forwards the traffic directly to switch A, while traffic from b2, which arrived at F, is forwarded across the IST to E and then on to A.

Example 2-Traffic flow from b1/b2 to c1/c2 Traffic from b1/b2 to c1/c2 is always sent by switch B through the MLT to the core. No matter which switch (E or F) it arrives at, traffic is sent directly to C through the local link.

Example 3-Traffic flow from a to d Traffic from a to d (and the reverse) is forwarded across the IST because it is the shortest path. This link is treated purely as a standard link with no account taken of SMLT and the fact that it is also an IST.

Example 4-Traffic flow from f to c1/c2 Traffic from f to c1/c2 is sent directly from F. With return traffic from c1/c2, you can have one active VRRP Master for each IP subnet. The traffic is passed across the IST if switch C sends it through the link to E.

Inter-Switch Trunks

SMLT aggregation switches must be connected with an Inter-Switch Trunk (IST). For example, inFigure 10 "8300 switches as SMLT aggregation switches" (page 39), edge switches B and C are connected to the aggregation switches using multilink trunks split between the two aggregation switches. The implementation of SMLT requires only two SMLT-capable aggregation switches.

Aggregation switches use the IST to:

• Confirm that they are alive and exchange MAC address forwarding tables.

• Carry the SMLT control packets.

• Send traffic between single switches attached to the aggregation switches.

• Serve as a backup if one SMLT link fails.

Because the IST is required for the SMLT, Nortel recommends that you use multiple links on the IST to ensure reliability and high availability. Nortel recommends using Gigabit Ethernet links for IST connectivity to provide enough bandwidth for potential cross traffic.

(41)

ATTENTION

Nortel recommends that an IST MLT contain at least 2 physical ports.

CP-Limit and SMLT IST

Control packet rate limit (CP-Limit) controls the amount of multicast and broadcast traffic that can be sent to the CPU from a physical port. It protects the CPU from being flooded by traffic from a single, unstable port. The CP-Limit default settings are:

• default state = enabled

• default multicast packets-per-second (pps) value = 15 000

• default broadcast pps value = 10 000

ATTENTION

Nortel recommends setting the multicast packets-per-second value to 6000 pps when you configure SMLT links.

If the actual rate of packets-per-second sent from a port exceeds the defined rate, the port is administratively shut down to protect the CPU from continued bombardment. Disabling IST ports in this way can impair network traffic flow in an SMLT configuration.

To avoid this scenario, the 8300 Series switch automatically disables CP-Limit on all IST port members.

Disabling CP-Limit on IST MLT ports forces another, less-critical port to be disabled if the defined CP-Limits are exceeded. In doing so, the switch preserves network stability if a protection condition (CP-Limit) arises. Note that, although it is likely that one of the SMLT MLT ports (risers) is disabled in such a condition, traffic continues to flow uninterrupted through the remaining SMLT ports.

When you remove the IST configuration from an IST port member, the switch returns the CP-Limit for the port to the default state (enabled). Do not confuse CP-Limit with port rate limiting. Port rate limiting and CP-Limit serve different purposes. Port level rate limiting, if enabled, limits all packets with broadcast and multicast addresses to control the amount of

(42)

Traffic flow in an SMLT environment

Traffic flow in an SMLT environment follows these rules:

• If a packet is received from an interswitch trunk port, it is not forwarded to any active SMLT groups, which is key in preventing network loops.

• When a packet is received, a look-up is performed on the forwarding database. If an entry exists, and if the entry was learned locally from the split multilink trunk or through the interswitch trunk as a remote split multilink trunk, it is forwarded out the local port (the packet cannot be sent to the interswitch trunk for forwarding unless there is no local connection). Unknown and Broadcast packets are flooded out all ports that are members of this VLAN.

• For loadsharing purposes in an SMLT scenario, the Ethernet Routing Switch 8300 obeys the trunk distribution algorithm. See Nortel Ethernet

Routing Switch 8300 Planning and Engineering—Network Design Guidelines (NN46200-200) for more details about the algorithms.

Traffic flow example

In an SMLT environment, the two aggregation switches share the same forwarding database by exchanging forwarding entries using the IST. In the following figure,Figure 11 "show vlan info fdb-entry 10 sample output" (page 43), the forwarding databases are shown for a pair of IST nodes (B and C). Note that the entry for 00:E0:7B:B3:04:00 is shown on node C as being learned on MLT-1, but because SMLT REMOTE is true, this entry was actually learned from node B. On B, that same entry is shown as being directly learned through MLT-1 because SMLT REMOTE is false. Figure 12 "Network topology for traffic flow example" (page 43)shows the network topology.

When a packet arrives at node C destined for 00:E0:7B:B3:04:00, if the SMLT REMOTE status is true, the switch tries to send the packet out MLT-1 first, rather than through the interswitch trunk. Traffic rarely traverses the interswitch trunk unless there is a failure. If this same packet arrives at B, it is forwarded to MLT-1 on the local ports.

(43)

Figure 11

show vlan info fdb-entry 10 sample output

Figure 12

(44)

Single port SMLT

With single port SMLT, you can configure a split multilink trunk using a single port and scale the number of split multilink trunks on a switch to a maximum number of available ports. Single port SMLT behaves just like an MLT-based SMLT and can coexist with SMLTs in the same system.

Split MLT links can exist in the following combinations on the SMLT aggregation switch pair:

• MLT-based SMLT + MLT-based SMLT

• MLT-based SMLT + single port SMLT

• single port SMLT + single port SMLT

The rules for configuring single port SMLT are the following:

• The dual-homed device connecting to the aggregation switches must be capable of supporting MLT.

• Single port SMLT is supported on Ethernet ports.

• Each single port SMLT is assigned an SMLT ID from 1 to 512.

• Single port SMLT ports can be designated as Access or Trunk (that is, IEEE 802.1Q tagged or not), and changing the type does not affect their behavior.

• You cannot change a single port SMLT into an MLT-based SMLT by adding more ports. You must delete the single port SMLT, and then reconfigure the port as SMLT/MLT.

• You cannot change an MLT-based SMLT into a single port SMLT by deleting all ports but one. You must first remove the SMLT/MLT and then reconfigure the port as single port SMLT.

• A port cannot be configured as MLT-based SMLT and as single port SMLT at the same time.

Figure 13 "Single port SMLT example" (page 45)shows a configuration, in which both aggregation switches have single port SMLTs with the same IDs. With this configuration, you can have as many single port SMLTs as there are available ports on the switch.

(45)

Figure 13

Single port SMLT example

SMLT topologies

Four generic topologies are available, in which SMLT can be deployed. Depending on the resiliency and redundancy you require, you can choose among one of the following configurations:

• "Single port SMLT topology" (page 45) • "SMLT triangle topology" (page 46) • "SMLT square topology" (page 47) • "SMLT full mesh topology" (page 48)

Single port SMLT topology

Sometimes you need to exceed the Ethernet Routing Switch 8300 multilink trunk Group ID limit for server farm applications. In this case, you can use Single Port SMLT (seeFigure 14 "Single Port SMLT topology" (page 46)). With this topology, you can scale up to the maximum number of ports on a switch. Any Layer 2 switch capable of link aggregation can be used as the client in this case.

(46)

Figure 14

Single Port SMLT topology

SMLT triangle topology

The most often used configuration, the triangle configuration, connects multiple access switches to a pair of Ethernet Routing Switch 8300 devices. In many cases, dual-NIC servers capable of link aggregation are connected directly to the Ethernet Routing Switch 8300 devices in a similar fashion. The following figure,Figure 15 "SMLT triangle topology" (page 47), depicts Extranet Switches (ES) as the SMLT Clients. In real-world applications, any Layer 2 device capable of link aggregation can become the SMLT client.

(47)

Figure 15

SMLT triangle topology

SMLT square topology

Often used in an enterprise core, the square SMLT configuration provides network resiliency. The following figure,Figure 16 "SMLT square topology" (page 48), shows this topology.

(48)

Figure 16

SMLT square topology

SMLT full mesh topology

For maximum reliability and resiliency, all SMLT nodes can be fully meshed. This may not be an economical solution for many cases, but if traffic loss cannot be tolerated, this design can route traffic around any failure. The following figure,Figure 17 "SMLT full mesh topology" (page 49), shows the full mesh topology.

(49)

Figure 17

SMLT full mesh topology

Using MLT-based SMLT with single port SMLT

You can configure a split trunk with a single port SMLT on one side and an MLT-based SMLT on the other. Both must have the same SMLT ID. In addition to general use,Figure 18 "Changing a split trunk from MLT-based SMLT to single port SMLT" (page 50)shows how this configuration can be used for upgrading an MLT-based SMLT to a single port SMLT without taking down the split trunk.

(50)

Figure 18

Changing a split trunk from MLT-based SMLT to single port SMLT

SMLT network design considerations

Use the following base guidelines when designing an SMLT network (for more information, refer to Nortel Ethernet Routing Switch 8300 Planning

and Engineering — Network Design Guidelines (NN46200-200)).

Step Action

1 Define a separate VLAN for the IST protocol:

config mlt 1 ist create ip <value> vlan-id <value>

(51)

config ethernet <slot/port> perform-tagging enable

3 Enable dropping of untagged frames on IST trunk links:

config ethernet <slot/port> untagged-frames-discard enable

—End—

SMLT and VRRP backup master

When configuring routing on SMLT aggregation switches, Nortel recommends that you use VRRP for default gateway redundancy. With the standard implementation in a VRRP environment, you can have one active primary router per IP subnet, with all other network VRRP interfaces in backup mode.

A deficiency occurs when VRRP-enabled switches use SMLT. If VRRP switches are aggregated into two SMLT switches, the end host traffic is load-shared on all uplinks to the aggregation switches (based on the MLT traffic distribution algorithm).

VRRP normally has only one active routing interface enabled. All other VRRP routers are in backup (standby) mode. Therefore, all traffic that reaches the backup VRRP router is forwarded over the Inter Switch Trunk (IST) link towards the master VRRP router. In this case, the IST link does not have enough bandwidth to carry all the aggregated traffic.

You can overcome this issue by assigning the backup router as the Backup Master router. The Backup Master router is a backup router permitted to actively load-share the routing traffic with a master router.

When enabled, the VRRP Backup Master acts as an IP router for packets destined for the logical VRRP IP address. With the Backup Master router enabled, the incoming host traffic is forwarded over the SMLT links as normal. The Backup Master routes traffic received on the SMLT VLAN, thus avoiding traffic flow across the IST trunk. This eliminates the potential limitation in the available IST bandwidth and provides true load-sharing capabilities.

(52)

The Backup Master feature provides an additional benefit. Under normal VRRP operation, a hello packet is sent every second. When three hellos are not received, all switches automatically revert to master mode. This results in a 3 second outage. When you are using VRRP in an SMLT environment, and a link goes down, traffic is automatically forwarded to the remaining ports configured for SMLT VRRP Backup Master. Because both switches are processing traffic, the node immediately recognizes the VRRP state change, so there is faster failure recovery (less than 1 second).

Network design considerations for SMLT with VRRP

When you enable the VRRP BackupMaster with SMLT, refer to the following guidelines:

• The VRRP virtual IP address and the VLAN IP address cannot be the same.

• Configure the hold-down timer for VRRP to a value approximately 150 percent of the IGP (Interior Gateway Protocol, such as RIP or OSPF) convergence time to allow the IGP enough time to reconverge following a failure. That is, if OSPF takes 40 seconds to reconverge, set the holddown timer to 60 seconds.

• Stagger the hold-down timers with ARP requests. This means that the Ethernet Routing Switch 8300 does not have to run ARP at the same time, causing excess CPU load. For example, if one node has the hold-down timer set for 60 seconds, you can set the other to 65 seconds.

• Enable hold-down times on both VRRP sides (Master and BackupMaster).

Simple Loop Prevention Protocol

Simple Loop Prevention Protocol (SLPP) is used at the edge of a network to prevent loops in an SMLT network if Spanning Tree is not used. Although SLPP is focused on SMLT networks, it also works with other configurations. Logical loops can occur in SMLT networks for the following reasons:

• Misconfigurations occur (for example, when SMLT client devices are erroneously directly connected together).

• MLT is not operating correctly (for example, when a switch is connected to the network using the default configuration without any MLT settings).

• Problems occur with the edge switch (for example, when MLT or some other form of link aggregation is not working).

You can detect loops with SLPP and the 8000 Series switch Loop Detection feature.

If an SLPP test packet—called an SLPP-packet data unit (SLPP-PDU)— is received by the originating switch SMLT port or by a peer aggregation switch on the same VLAN, a loop exists and the port is disabled.

nortel 8300

Nortel Ethernet Routing Switch 8300

Configuration — VLANs,

Spanning Tree, and Static

Link Aggregation using Device

Manager

Trademarks

Restricted rights legend

Statement of conditions

Contents

New in this release

Features

Other changes

Preface

Before you begin

How to get help

VLANs, Spanning Tree, and Static Link

Aggregation

VLANs

Spanning Tree Protocol (STP)

Static link aggregation

Split MultiLink Trunking

Simple Loop Prevention Protocol