Re: [j-nsp] TCN guard on Juniper EX
Kill layer2; stick with layer3 :-) On Sat, Sep 14, 2013 at 1:02 AM, joel jaeggli joe...@bogus.com wrote: segmenting the office from the DC by subnetting seems like a really easy win. On 9/11/13 4:45 AM, Ben Dale wrote: Hi Dennis, The closest thing Junos has at the moment is root-guard, which would stop your Netgears assuming root for the topology, but AFAIK TCNs would still be accepted and acted upon. Are your netgear boxes manageable? You can't force ports into edge mode to stop this? On 11/09/2013, at 8:18 PM, Dennis Hagens r...@ipaddr.nl wrote: Hi All, Is there some way to filter out STP TCN BPDU's on a Juniper EX series switch? We have some old Netgears in our office environment (yes, I need to get rid of those) which send TCN's on edge port flaps. This causes a lot of reconvergence / mac table flushes on our datacenter switches, which are connected via layer 2 with the office. We currently hooked up an HP switch with TCN guard to mitigate this, but this introduces a SPOF. Any ideas? Thanks, Dennis Hagens ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Phil Fagan Denver, CO 970-480-7618 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] TCN guard on Juniper EX
segmenting the office from the DC by subnetting seems like a really easy win. On 9/11/13 4:45 AM, Ben Dale wrote: Hi Dennis, The closest thing Junos has at the moment is root-guard, which would stop your Netgears assuming root for the topology, but AFAIK TCNs would still be accepted and acted upon. Are your netgear boxes manageable? You can't force ports into edge mode to stop this? On 11/09/2013, at 8:18 PM, Dennis Hagens r...@ipaddr.nl wrote: Hi All, Is there some way to filter out STP TCN BPDU's on a Juniper EX series switch? We have some old Netgears in our office environment (yes, I need to get rid of those) which send TCN's on edge port flaps. This causes a lot of reconvergence / mac table flushes on our datacenter switches, which are connected via layer 2 with the office. We currently hooked up an HP switch with TCN guard to mitigate this, but this introduces a SPOF. Any ideas? Thanks, Dennis Hagens ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] TCN guard on Juniper EX
Hi All, Is there some way to filter out STP TCN BPDU's on a Juniper EX series switch? We have some old Netgears in our office environment (yes, I need to get rid of those) which send TCN's on edge port flaps. This causes a lot of reconvergence / mac table flushes on our datacenter switches, which are connected via layer 2 with the office. We currently hooked up an HP switch with TCN guard to mitigate this, but this introduces a SPOF. Any ideas? Thanks, Dennis Hagens ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] TCN guard on Juniper EX
Hi Dennis, The closest thing Junos has at the moment is root-guard, which would stop your Netgears assuming root for the topology, but AFAIK TCNs would still be accepted and acted upon. Are your netgear boxes manageable? You can't force ports into edge mode to stop this? On 11/09/2013, at 8:18 PM, Dennis Hagens r...@ipaddr.nl wrote: Hi All, Is there some way to filter out STP TCN BPDU's on a Juniper EX series switch? We have some old Netgears in our office environment (yes, I need to get rid of those) which send TCN's on edge port flaps. This causes a lot of reconvergence / mac table flushes on our datacenter switches, which are connected via layer 2 with the office. We currently hooked up an HP switch with TCN guard to mitigate this, but this introduces a SPOF. Any ideas? Thanks, Dennis Hagens ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] TCN guard on Juniper EX
Hi Ben, We currently implement root-protect already. This indeed does not filter TCN's. These Netgears can't even do MSTP or RSTP... as i said, really need to get rid of them :-). The closest thing I found just now is fast link which i assume is somewhat like cisco portfast. I need to validate in a test environment if that stops the switches from sending TCN's... Dennis From: Ben Dale [bd...@comlinx.com.au] Sent: Wednesday, September 11, 2013 1:45 PM To: Dennis Hagens Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] TCN guard on Juniper EX Hi Dennis, The closest thing Junos has at the moment is root-guard, which would stop your Netgears assuming root for the topology, but AFAIK TCNs would still be accepted and acted upon. Are your netgear boxes manageable? You can't force ports into edge mode to stop this? On 11/09/2013, at 8:18 PM, Dennis Hagens r...@ipaddr.nl wrote: Hi All, Is there some way to filter out STP TCN BPDU's on a Juniper EX series switch? We have some old Netgears in our office environment (yes, I need to get rid of those) which send TCN's on edge port flaps. This causes a lot of reconvergence / mac table flushes on our datacenter switches, which are connected via layer 2 with the office. We currently hooked up an HP switch with TCN guard to mitigate this, but this introduces a SPOF. Any ideas? Thanks, Dennis Hagens ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] TCN guard on Juniper EX
http://forums.juniper.net/t5/Ethernet-Switching/spanning-tree-bpdufilter/td-p/113048 http://en.wikipedia.org/wiki/Multicast_address#Ethernet Looks like someone else with the same issue. Careful taking your layer 2 domains too far :D Mark On Wed, Sep 11, 2013 at 8:18 PM, Dennis Hagens r...@ipaddr.nl wrote: Hi All, Is there some way to filter out STP TCN BPDU's on a Juniper EX series switch? We have some old Netgears in our office environment (yes, I need to get rid of those) which send TCN's on edge port flaps. This causes a lot of reconvergence / mac table flushes on our datacenter switches, which are connected via layer 2 with the office. We currently hooked up an HP switch with TCN guard to mitigate this, but this introduces a SPOF. Any ideas? Thanks, Dennis Hagens ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Regards, Mark L. Tees ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
