Operation Manual – MSTP
H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1
MSTP Configuration
1-34
III. Loop prevention
A switch maintains the states of the root port and other blocked ports by receiving and
processing BPDUs from the upstream switch. These BPDUs may get lost because of
network congestions or unidirectional link failures. If a switch does not receive BPDUs
from the upstream switch for certain period, the switch selects a new root port; the
original root port becomes a designated port; and the blocked ports turns to the
forwarding state. This may cause loops in the network.
The loop prevention function suppresses loops. With this function enabled, if link
congestions or unidirectional link failures occur, both the root port and the blocked ports
become designated ports and turn to the discarding state. In this case, they stop
forwarding packets, and thereby loops can be prevented.
IV. TC-BPDU attack prevention
A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If
a malicious user sends a large amount of TC-BPDUs to a switch in a short period, the
switch may be busy in removing MAC address entries and ARP entries, which may
decrease the performance of the switch and affect the stability of the network.
With the TC-BPDU prevention function enabled, the switch performs only one
removing operation in a specified period (it is 10 seconds by default) after it receives a
TC-BPDU. The switch also checks to see whether other TC-BPDUs arrive in this period
and performs another removing operation in the next period if a TC-BPDU is received.
Such a mechanism prevents a switch from busying itself in performing removing
operations.
Caution:
Among loop prevention function, root protection function, and edge port setting, only
one can be valid on a port at one time.
V. BPDU packet drop
In a STP-enabled network, some users may send BPDU packets to the switch
continuously in order to destroy the network. When a switch receives the BPDU
packets, it will forward them to other switches. As a result, STP calculation is performed
continuously, which may occupy too much CPU of the switches or cause errors in the
protocol state of the BPDU packets.
In order to avoid this problem, you can enable the function of dropping BPDU packets
on the Ethernet ports. Once the function is enabled on a port, the port will not receive
To Next Page
Loading...
Need help?
General