Hello to All, I'm going to design and deploy network infrastructure in huge building based on Brocade ICX switches and other vendor switches (let's say "MS switches"). As I'm new at Brocade, I need to ask for an advice. The topology will be the star with some redundant links between ICX 7150 (red links in the attached schema). Core of the network will be the 3-unit stack, consists of ICX 7450-48F switches. ICX 7150 and "MS switches" (in total, about 100) will act as access switches. I intend to configure about 250 VLANs on ICX 7450-48F stack, but only a few chosen VLAN IDs will be passed through each trunk port (ranges given in the diagram). ICX 7450 Stack will be RSTP root with the Root Bridge priority: 4096, ICX 7150 will have Bridge Priority: 16384. All "MS switches" has RSTP/STP disabled, and only Loop protection enabled.
My questions are: - Does the ICX 7450 stack handle the calculation of the STP in such large deployment? - How to properly configure ICX 7450 trunk ports for all "MS Switches" to prevent them from participating in STP topology? - How to properly configure access ports to prevent from loops on all access switches? Should I use 'stp-bpdu-guard' or 'stp-protect' or something else? - Should I give up with redundant connections and give up at any kind of STP (clear star topology)?
According to the information contained in "RSTP scaling recommendations and best practices" document, my proposal of use of R-PVST+ or even RSTP in not good due to the large number of VLANs configured (~250). The only option seems to be MSTP. Does anybody has a experience with that in such complex deployment?
The switches will support RPVST, but you may see some CPU overhead based on the number of VLANs. Loop-detection would be the correct answer on the MS-Switches to stop a loop from killing the network. I would suggest MSTP for the network and also pose the question on why you want to disable Spanning-tree on the MS-Switches. It would be a better design to choose a version of STP that will go end-to-end in your network. MSTP is supported by most real switch vendors.
Hi David, Thank you for your answer. I decided to use MSTP only on
Brocade switches (core/access) with stp-bpdu-guard enabled for ports
dedicated for MS-Switches. I have also decided to configure errdisable
for each port. I would like to avoid recalculation of STP tree each time
when all the MS-switches will be restarted. Do you see any threats related to the lack of MSTP on MS-switches ?
If you use BPDU-guard on the ports that connect to other switches, the port will be error-disabled. You just need to use the mstp disable ethernet x/x/x command on the ports to the MS-Switches to disable MSTP going to those devices.