Example for Configuring LDT to Detect Loops on the Local Network

29 0 0 0

Overview

When a loop occurs on a network, broadcast, multicast, and unknown unicast packets are repeatedly transmitted on the network. This wastes network resources and may even cause a network breakdown. To minimize the impact of loops on a Layer 2 network, a detection technology that quickly notifies users of loops is required. When a loop occurs, users are requested to check network connections and configurations, and control the problematic interface.

Loop detection (LDT) periodically sends LDT packets on an interface to check whether the packets return to the local device (receive and transmit interfaces can be different), and determines whether loops occur on the interface, local network, or downstream network.
  • If LDT packets are received by the same interface, a loopback occurs on the interface or a loop occurs on the network connected to the interface.

  • If LDT packets are received by another interface on the same device, a loop occurs on the network connected to the interface.

After loops are detected, the device can send alarms to the NMS and record logs, and can control the interface status (the interface is shut down by default) according to the device configuration so that the impact of loops on the device and network is minimized. The device provides the following actions after LDT detects a loop:
  • Trap: The device reports a trap to the NMS and records a log, but does not take any action on the interface.

  • Block: The device blocks this interface, and can forward only BPDUs.

  • No learning: The interface is disabled from learning MAC addresses.

  • Shutdown: The device shuts down the interface.

  • Quitvlan: The interface is removed from the VLAN where a loop occurs.

The problematic interface continues to send LDT packets. If the device receives no LDT packets from the problematic interface within the recovery time, it considers that the loop is eliminated on the interface and restores the interface.

LDT can only detect loops on a single node, but cannot eliminate loops on the entire network in the same manner as ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST.

Configuration Notes

  • This example applies to all versions of the modular switches.

  • In V200R008C00 and earlier versions, LDT does not take effect in dynamic VLANs

  • LDT and LBDT cannot be configured simultaneously.

  • LDT needs to send a large number of LDT packets to detect loops, occupying system resources. Therefore, disable LDT if loops do not need to be detected.

  • When loops occur in multiple VLANs on many interfaces, LDT performance is lowered due to limitations of security policies and CPU processing capability. The greater the number of involved VLANs and interfaces, the lower the performance. In particular, the performance of the standby chassis in the cluster is lowered. Manually eliminating loops is recommended.

  • LDT cannot be used with ring network technologies of ERPS, RRPP, SEP, Smart Link, and STP/RSTP/MSTP/VBST. Do not configure ring network technologies on an interface of a LDT-enabled VLAN. If LDT has been enabled globally and ring network technologies need to be configured on an interface, disable LDT on the interface first.

  • LDT sends only tagged packets and can only detect loops based on VLANs. LDT can detect loops in a maximum of 4094 VLANs.

  • When a loop occurs on the network-side interface where the Block or Shutdown action is configured, all services on the device are interrupted. Do not deploy LDT on the network-side interface.

  • The Quitvlan action cannot be used with GVRP, HVRP, or the action of removing an interface from the VLAN where MAC address flapping occurs.

  • The blocked ports of LDT cannot block GVRP packets. To ensure that GVRP runs normally and prevent GVRP loops, do not enable GVRP on the blocked port of LDT.

Networking Requirements

In Figure 6-36, an enterprise uses Layer 2 networking. The Switch is the aggregation switch, and each switch allows packets from VLANs 10 to 20 to pass through. Because employees often move, the network topology changes frequently. Connections or configurations may be incorrect due to misoperations. As a result, loops may occur in VLANs 10 to 20.

Loops cause broadcast storms and affect device and network communication. It is required that loops be detected and eliminated in VLANs in a timely manner to prevent broadcast storms.

Figure 6-36  Networking for configuring LDT to detect loops on the local network 
imgDownload?uuid=49aa7f64c77448e5b88d2f7

Configuration Roadmap

Loops need to be detected in VLANs 10 to 20. Because there are more than eight VLANs, you can configure LDT to detect loops and configure an action after loops are detected to prevent broadcast storms. All VLANs share a link. To prevent loop removal in a VLAN from affecting data forwarding in other VLANs, configure the Quitvlan action. The configuration roadmap is as follows:

  1. Enable LDT on GE1/0/0 and GE2/0/0 on the Switch to detect loops in VLANs 10 to 20.

  2. Configure an action to be taken after a loop is detected on GE1/0/0 and GE2/0/0, and set the recovery time so that the Switch can immediately take the preconfigured action on the interface to prevent broadcast storms after a loop is detected. In addition, the Switch can restore the interface after the loop is eliminated.

imgDownload?uuid=f2f9225868a2425eb1cab3f NOTE:

Configure interfaces on other switching devices as trunk or hybrid interfaces and configure these interfaces to allow packets from corresponding VLANs to pass through to ensure Layer 2 connectivity.

Procedure

  1. Enable global LDT.

    <HUAWEI> system-view[HUAWEI] sysname Switch[Switch] loop-detection enable  //Enable LDT globally.

  2. Enable LDT in VLANs.

    [Switch] vlan batch 10 to 20[Switch] loop-detection enable vlan 10 to 20  //Enable the device to detect loops on all interfaces in VLANs 10 to 20.

  3. Set the interval for sending LDT packets.

    [Switch] loop-detection interval-time 10  //Set the interval for sending LDT packets to 10s.

  4. Configure an action to be taken after a loop is detected.

    # Enable the trap function for LDT.

    [Switch] snmp-agent trap enable feature-name ldttrap  //Enable the LDT alarm function so that the device can send LDT traps.

    # Set the action to Quitvlan.

    [Switch] interface gigabitethernet 1/0/0[Switch-GigabitEthernet1/0/0] stp disable  //Disable STP on the interface.[Switch-GigabitEthernet1/0/0] port hybrid tagged vlan 10 to 20[Switch-GigabitEthernet1/0/0] loop-detection mode port-quitvlan  //Configure the Quitvlan action to be taken after a loop is detected.[Switch-GigabitEthernet1/0/0] quit[Switch] interface gigabitethernet 2/0/0[Switch-GigabitEthernet2/0/0] stp disable  //Disable STP on the interface.[Switch-GigabitEthernet2/0/0] port hybrid tagged vlan 10 to 20[Switch-GigabitEthernet2/0/0] loop-detection mode port-quitvlan  //Configure the Quitvlan action to be taken after a loop is detected.[Switch-GigabitEthernet2/0/0] quit

  5. Set the interface recovery time.

    [Switch] interface gigabitethernet 1/0/0[Switch-GigabitEthernet1/0/0] loop-detection recovery-time 30  //Set the recovery time to 30s.[Switch-GigabitEthernet1/0/0] quit[Switch] interface gigabitethernet 2/0/0[Switch-GigabitEthernet2/0/0] loop-detection recovery-time 30  //Set the recovery time to 30s.[Switch-GigabitEthernet2/0/0] quit

  6. Verify the configuration.

    1. Check the LDT configuration.

      # After the configuration is complete, run the display loop-detection command to check global LDT information.

      [Switch] display loop-detectionLoop Detection is enabled.
      Detection interval time is 10 seconds.Following VLANs enable loop-detection:
       VLAN  10 to 20Following ports are blocked for loop:
      NULL
      Following ports are shutdown for loop:
      NULL
      Following ports are nolearning for loop:
      NULL
      Following ports are trapped for loop:
      NULLFollowing ports are quitvlan for loop:
      GigabitEthernet1/0/0    Include Vlans:
      10 11 12 16 19
      GigabitEthernet2/0/0    Include Vlans:
      13 14 15 17 18
      20

      # Check LDT information on GE1/0/0 and GE2/0/0.

      [Switch] display loop-detection interface gigabitethernet 1/0/0The port is enabled.
      The port's status list:
      Status              WorkMode            Recovery-time       EnabledVLAN
      -----------------------------------------------------------------------Quitvlan            Quitvlan            30                  10Quitvlan            Quitvlan            30                  11Quitvlan            Quitvlan            30                  12
      Normal              Quitvlan            30                  13
      Normal              Quitvlan            30                  14
      Normal              Quitvlan            30                  15Quitvlan            Quitvlan            30                  16
      Normal              Quitvlan            30                  17
      Normal              Quitvlan            30                  18Quitvlan            Quitvlan            30                  19
      Normal              Quitvlan            30                  20
      [Switch] display loop-detection interface gigabitethernet 2/0/0The port is enabled.
      The port's status list:
      Status              WorkMode            Recovery-time       EnabledVLAN
      -----------------------------------------------------------------------
      Normal              Quitvlan            30                  10
      Normal              Quitvlan            30                  11
      Normal              Quitvlan            30                  12Quitvlan            Quitvlan            30                  13Quitvlan            Quitvlan            30                  14Quitvlan            Quitvlan            30                  15
      Normal              Quitvlan            30                  16Quitvlan            Quitvlan            30                  17Quitvlan            Quitvlan            30                  18
      Normal              Quitvlan            30                  19Quitvlan            Quitvlan            30                  20

      In the command output, LDT is enabled in VLANs 10 to 20, GE1/0/0 is removed from VLANs 10, 11, 12, 16, and 19, and GE2/0/0 is removed from VLANs 13, 14, 15, 17, 18, and 20.

      imgDownload?uuid=f2f9225868a2425eb1cab3f NOTE:

      The VLANs that an interface is removed from are uncertain, but the interface will be removed from all VLANs where loops occur.

    2. After the loop is eliminated (for example, GE2/0/0 is shut down, and connections between devices are corrected), check whether GE1/0/0 and GE2/0/0 are restored.

      [Switch] display loop-detection interface gigabitethernet 1/0/0The port is enabled.
      The port's status list:
      Status              WorkMode            Recovery-time       EnabledVLAN
      -----------------------------------------------------------------------Normal              Quitvlan            30                  10Normal              Quitvlan            30                  11Normal              Quitvlan            30                  12
      Normal              Quitvlan            30                  13
      Normal              Quitvlan            30                  14
      Normal              Quitvlan            30                  15Normal              Quitvlan            30                  16
      Normal              Quitvlan            30                  17
      Normal              Quitvlan            30                  18Normal              Quitvlan            30                  19
      Normal              Quitvlan            30                  20
      [Switch] display loop-detection interface gigabitethernet 2/0/0The port is enabled.
      The port's status list:
      Status              WorkMode            Recovery-time       EnabledVLAN
      -----------------------------------------------------------------------
      Normal              Quitvlan            30                  10
      Normal              Quitvlan            30                  11
      Normal              Quitvlan            30                  12Normal              Quitvlan            30                  13Normal              Quitvlan            30                  14Normal              Quitvlan            30                  15
      Normal              Quitvlan            30                  16Normal              Quitvlan            30                  17Normal              Quitvlan            30                  18
      Normal              Quitvlan            30                  19Normal              Quitvlan            30                  20

      The command output shows that GE1/0/0 and GE2/0/0 are restored.

Configuration Files

Switch configuration file

#
sysname Switch#
vlan batch 10 to 20
#
loop-detection enable
loop-detection interval-time 10
loop-detection enable vlan 10 to 20
#
interface GigabitEthernet1/0/0
 port hybrid tagged vlan 10 to 20
 stp disable
 loop-detection mode port-quitvlan
 loop-detection recovery-time 30
#
interface GigabitEthernet2/0/0
 port hybrid tagged vlan 10 to 20
 stp disable
 loop-detection mode port-quitvlan
 loop-detection recovery-time 30
#
snmp-agent trap enable feature-name LDTTRAP
#
return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top