Improve Network Stability By Preventing Loops

tiger-and-turtle-52691_640Network stability is very important to your users.  If your network is stable, your users will forget that there even is a network.  This is the goal really.  For the network to work so well that it is taken for granted by the users.  If your network, however, is not configured correctly it can become unstable, start crashing frequently, or just run slowly.  A major culprit when it comes to network crashes, instability, and slowness is the network loop.

What is a Network Loop?

A Network Loop is the result of network switches or hubs being plugged into themselves or into each other more then once.  When switches connect this way, network packets can be bounced between two switches infinitely.  In certain circumstances they can even begin to be duplicated over and over again.  Doubling is number each time.  This problem happens because of a quirk with how networks function.

If a switch doesn’t know which port to send a packet out, it will actually send the packet out all its ports except for the port it received the packet on.  It will do this to ensure the packet will get to its destination.  Once the switch learns which port a computer is connected to it will stop sending packets to that computer out all its ports and only send them out the port the destination computer is on.  This behavior works really well and can automatically optimize the network.  But, this structure breaks down when there is a loop.

Simple Two Switch Example

Lets do a quick rundown of what happens on two switches when a packet is sent out and a loop is present.  When switch “A” sends out a packet destine for a computer it hasn’t seen before it will send the packet out all its ports except for the port the packet came in on.  In this case, switch “B” will receive TWO copies of the packet, one copy for each cable connecting the two switches.  Remember, because there is a loop, there are two or more cable connecting these switches.  Now, switch “B” has two packets it has to send out, and if it, like switch “A”, hasn’t seen the destination computer on the network before it will send each of the two packets it has out all of its interfaces.  In the process it sends copies of the packets back to switch “A”.  Both switches will repeat this process as quickly as they can and begin to flood the network with copies of these packets causing slowness or even complete outages for users on the network.

Two Technologies To Help

Switch manufactures have come up with 2 ways to address this issue.  Spanning Tree and Loop Protection.  Each method addresses a slightly different situation so you should implement both techniques on your network.

Spanning Tree

Spanning Tree works between managed switches.  You configure it on your switches and it will allow you to actually connect multiple links between switches.  When you do this, spanning tree will disable any redundant links automatically to prevent loops.  What this feature allows you to do is plug in multiple cables between key switches and create fail over paths.  So, should one of the cables break, spanning tree will turn back on the other cable and traffic can continue to flow even though you have a broken cable.  It should be noted that spanning tree runs on a per-VLAN basis rather then a per-port basis.  So to really have protection against loops, you will want to enable spanning tree for all your VLAN’s.

Below I cover how to enable this feature on the most common types of both Cisco and HP switches.  Though the specific commands are little different, the concept of how the feature is enabled is really the same for both manufactures.

Cisco

To enable spanning tree on a Cisco switch do the following.

To disable spanning tree on a Cisco switch do the following.

HP

Enable spanning tree on an entire HP Procurve switch by doing the following.

Enable spanning tree on a specific VLAN on a HP Procurve switch by doing the following.

Disable spanning tree on HP Procurve switches by doing the following.

Loop Protection

Loop protection is a feature that allows you to limit the damage a loop may cause when you have unmanaged switches on your network.  An unmanaged switch is a switch that has no configuration options.  Think, switches you get at Best Buy for your home.  They do the trick in really small setups, they are technically switches because the learn and switch packets based off computer MAC addresses, but beyond that unmanaged switches have no additional features.

Loop protection allows managed switches to cut off access to the network for any segment that it detects a loop on.  So, if someone connects an unmanaged switch to your network and then connects that switch to itself, creating a loop on the unmanaged switch, a switch running loop protection will disable the network port the unmanaged switch is connected to.

This does cause an issue for computers connected to the unmanaged switch that has the loop; however, it prevents the problems created by the loop from spreading throughout the network and bringing down the entire system.

Here is how you configure loop protection on Cisco and HP switches.

Cisco

Step one: Your done.  Cisco calls their loop protection feature loopback detection and it is enabled by default.  You can turn the feature off if you want (not recommended) by doing the following.

If you turn it loopback detection off and want to turn it back on, or simply want to make sure it is enabled issue the following command to turn it back on.

HP

HP calls their loop protection feature loop protect.  On HP Procurve switches you will do the following to enable loop protect.  These commands are issued in the “global config” mode.

  1. Configure the switch to use loop protect on an interface or VLAN basis
  2. Set a disable timer so the switch knows how long to keep the port offline once it sees a loop
  3. Enable loop protect on specific ports or VLANS.

Loop Protect on Ports

I prefer configuring loop protect to work on a port basis.  It is more granular in my opinion and feels more intuitive to me.  Here is code chunk on how to configure loop protect on a port basis.

Loop Protect on VLANs

I recommend configuring loop protect on a per-port basis, but if you want to configure it on a per-VLAN basis here is code chunk for you.  When configured on a per-VLAN basis loop protect will be enabled on any port that is running the specified VLAN.

Conclusion

Spanning tree and loop protection can go a long way toward improving the stability of your network.  I recommend using these features because turning them on is simple enough and doing so can really improve the experience your users have on your network as well as make life a little easier on you.

Do you plan on or have you already enabled spanning tree and loop protection on your network?

Leave a Reply

Your email address will not be published. Required fields are marked *