Simple Loop Prevention Protocol (SLPP) provides active protection against Layer 2 network loops on a per-VLAN basis. SLPP uses a lightweight hello packet mechanism to detect network loops. SLPP packets are sent using Layer 2 multicast and a switch will only look at its own SLPP packets or at its peer SLPP packets. It will ignore SLPP packets from other parts of the network. Sending hello packets on a per-VLAN basis allows SLPP to detect VLAN-based network loops for untagged as well as tagged IEEE 802.1Q VLAN link configurations. Once a loop is detected, the port is shut down. The SLPP functionality is configured using the following criteria:
- SLPP TX Process – the network administrator decides on which VLANs a switch should send SLPP hello packets. The packets are then replicated out all ports which are members of the SLPP-enabled VLAN. It is recommended to enable SLPP on all VLANs.
- SLPP RX Process – the network administrator decides on which ports the switch should act when receiving an SLPP packet that is sent by the same switch or by its SMLT peer. This process should be enabled only on Access SMLT/SLT ports and never on IST ports or Core SMLT/SLT ports in the case of a square/full mesh core design.
- SLPP Action – the action operationally disables the ports receiving the SLPP packet. The administrator can also tune the network failure behavior by choosing how many SLPP packets need to be received before a switch starts taking an action. These values need to be staggered to avoid edge switch isolation – see the recommendations at the end of this article.
Loops can be introduced into the network in many ways. One way is through the loss of an MLT configuration caused by user error or malfunctioning equipment. This scenario may not always introduce a broadcast storm, but because all MAC addresses are learned through the looping ports, does significantly impact Layer 2 MAC learning. Spanning Tree would not in all cases be able to detect such a configuration issue, whereas SLPP reacts and disables the malfunctioning links, limiting network impact to a minimum. The desire is to prevent a loop from causing network problems while also attempting to not totally isolate the edge where the loop has been detected. Total edge closet isolation is the last resort in order to protect the rest of the network from the loop. With this in mind, the concept of an SLPP Primary switch and SLPP Secondary switch has been adopted. These are strictly design terms and are not configuration parameters. The Rx thresholds are staggered between the primary and secondary switch, therefore the primary switch will disable an uplink immediately upon a loop occurring. If this resolves the loop issue, the edge closet still has connectivity back through the SLPP secondary switch. If the loop is not resolved, the SLPP secondary switch will disable the uplink and isolate the closet to protect the rest of the network from the loop.
Rules to be followed while using SLPP in Square or Mesh Topology:
- For Square and Full Mesh configurations that use a bridged core (Layer 2 VLANs extend from the edge through all switches in the core), Extreme Network recommends enabling SLPP on the primary switch as shown below. Enabling SLPP on half of the core will still prevent any possible loops and will not allow the possibility of the entire core being shut down by a loop at the edge of the network. Enabling SLPP on both primary & secondary switches (Which is not recommended) can cause a situation in which multiple different loop events, can lead to an event where both primary and secondary links have their threshold reached and both links bring their ports down, and edge isolation could occur.
- Do not enable SLPP-Rx on IST ports, since ever want to take these ports down.
- Do not enable auto recovery on primary switch – Once the port is down, it will stay in the down state and need manual intervention to be enabled.
The Switch Clustering implementations on the VSP9000, ERS 8000, VSP 7000, and ERS 5000 sends a Simple Loop Prevention Protocol (SLPP) packet which helps to prevent loops occurring when Switch Clustering is implemented. In some customer environments there is a need to provide additional loop protection when used in combination with Extreme Network’s Switch Clustering (SMLT). SLPP-guard helps prevent loops in customer’s networks by administratively disabling an edge port if they received a SLPP packet. SLPP is necessary because SMLT requires that STP/MSTP/RSTP is not enabled on links to the switch performing switch clustering.In some networks due to moves, adds or changes, it could be possible to create a loop within the customers networks by connecting an edge port back to a port of the switch cluster. When operational, SLPP-guard will immediately administratively disable a port when a SLPP packet is received on a port and generate a local log message, syslog message (if the syslog server(s) are configured) and SNMP traps (if SNMP trap receivers are configured).
Each port has its own administrative hold-down timer:
- When the port is shut down due to reception of a SLPP packet the timer should start for that port.
- When the timer reaches the configured interval, the port is re-enabled and a local log message, Syslog message (if the Syslog server(s) are configured) and SNMP traps (if SNMP trap receivers are configured).
- This timer is user configurable between 10 seconds and 65535 seconds, with 60 seconds set as the default. The port timer is disabled if it is configured as 0, which means the port will be disabled until an administrator re-enabled the port.
- The default SLPP Ethertype is (hex): 0x8102, though on some switches it has used an old value of 0x8104.
- User can globally configure the EtherType for SLPP guard
- The admin state of the port which has been disabled due to SLPP-guard will not be saved across switch reboots, ACG or other activities.
- The show interface verbose commands has been enhanced to show if the port BPDU Filtering and SLPP-guard status are enabled