Date: Sun, 20 Feb 2011 12:50:17 +0200 From: Nikos Vassiliadis <nvass@gmx.com> To: Tom Judge <tom@tomjudge.com> Cc: freebsd-net@freebsd.org, kevin <k@kevinkevin.com> Subject: Re: Bridging + VLANS + RSTP / MSTP Message-ID: <4D60F1E9.8020707@gmx.com> In-Reply-To: <4D5FFE9C.30005@tomjudge.com> References: <000c01cbcf94$35e76e20$a1b64a60$@com> <4D5FAC16.7080207@gmx.com> <00a201cbd03f$2bdc3540$83949fc0$@com> <4D5FD91F.20704@gmx.com> <4D5FDCF1.6050909@gmx.com> <00a501cbd04f$2276b5b0$67642110$@com> <4D5FFE9C.30005@tomjudge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/19/2011 7:32 PM, Tom Judge wrote: > In this setup it does not matter where the root bridge is, each of the > firewalls will always have on port in disguarding state as both ports > lead back to the same peer bridge. With states such as: > > fw 1 - 1: forwarding > fw 2 - 1: forwarding > fw 1 - 2: disguarding - backup > fw 2 - 2: disguarding - backup > If I got the topology correctly, it is supposed to be like this: (Broadcast domain 1) | | | | | | (fw1) (fw2) | | | | | | (Broadcast domain 2) If fw1 is the root bridge, then it'll look like this: (Broadcast domain 1) | | | | D R (fw1) (fw2) D B | | | | (Broadcast domain 2) fw2 will have one root port and one backup, and the fw1 will have two designated ports. Since the switch will not take part in the STP, there is no single bridge. If I get the topology correctly... > > There is a also the caveat: The switch will probably _not_ forward the > STP BPDU's from one port to another. This is because if the switch is a > properly compliant bridge it will not forwards the frames as they are > marked as link local ethernet multicast frame which is not allowed to > forwarded by a bridge per the ethernet spec. If this is indeed the case > you will make an instant forwarding loop in your network when you try to > make it work. Yes this is true, but when a port is not running STP it is not considered to be part of a compliant bridge so there should be mechanism to allow forwarding BPDUs to the other bridges that run STP. Like when one combines simple unmanaged switches(with no STP functionality) with managed ones. The unmanaged ones simply forward everything they receive and the STP ones can detect and break the loops. Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D60F1E9.8020707>