l Supports STP/RSTP interoperability between Huawei devices and non-Huawei devices.
Proper parameters are required on Huawei devices running STP/RSTP to ensure nonstop
communication.
Table 8-4 RSTP Protection Function
Protection
Function
Scenario Configuration Impact
BPDU
protection
An edge port changes to be
a non-edge port after
receiving a BPDU, which
triggers spanning tree
recalculation. If an attacker
keeps sending bogus
BPDUs to a switching
device, network flapping
occurs.
After BPDU protection is enabled on the
switching device, the switching device
shuts down the edge port if the edge port
receives an RST BPDU, and notifies the
NMS of the shutdown event. The attributes
of the edge port are not changed.
TC
protection
Generally, after receiving
TC BPDUs (packets for
advertising network
topology changes), a
switching device needs to
delete MAC entries and
ARP entries. Frequent
deletion operations will
exhaust CPU resources.
TC protection is used to suppress TC-
BPDUs. The number of times that TC-
BPDUs are processed by a switching
device within a given time period is
configurable. If the number of TC-BPDUs
that the switching device receives within a
given time exceeds the specified threshold,
the switching device handles TC-BPDUs
only for the specified number of times.
Excess TC-BPDUs are processed by the
switching device as a whole for once after
the timer (that is, the specified time period)
expires. This protects the switching device
from frequently deleting MAC entries and
ARP entries, thus avoiding over-burdened.
Root
protection
Due to incorrect
configurations or
malicious attacks on the
network, a root bridge may
receive BPDUs with a
higher priority.
Consequently, the
legitimate root bridge is no
longer able to serve as the
root bridge, and the
network topology is
illegitimately changed,
triggering spanning tree
recalculation. This may
transfer traffic from high-
speed links to low-speed
links, causing traffic
congestion.
If a designated port is enabled with the root
protection function, the role of the port
cannot be changed. Once a designated port
that is enabled with root protection
receives RST BPDUs with a higher
priority, the port enters the Discarding state
and does not forward packets. If the port
does not receive any RST BPDUs with a
higher priority before a period (generally
two Forward Delay periods) expires, the
port automatically enters the Forwarding
state.
Quidway S7700 Smart Routing Switch
Configuration Guide - Ethernet 8 STP/RSTP Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
387
To Next Page
Loading...
