Articles
This is a posting page for various articles matching interesting IT problems with viable solutions.
- 5 Prevalent Spanning Tree Mistakes and How to Avoid Them
Spanning Tree Protocol has been a fundamental part of most computer networks since the early 1990’s. The original IEEE 802.1D flavor of Spanning Tree Protocol was created by Radia Perlman back in 1985 as a means to block loops in the physical layer 2 Ethernet topology in order to prevent broadcast storms, mac table instability and multiple frame transmission problems.
In fulfilling its intended purpose, Spanning Tree generally works straight out of the box with little or no tweaking. It elects a root bridge, calculates best paths to the root from the other switches, and blocks any suboptimal links that would create a loop. One would think that because of its long stint as a staple in networking, Spanning Tree configurations at most companies would be thoroughly dialed in and configured for max efficiency. However, we have not found this to be the case. Because no manual configuration is initially required for a basic level of performance, often no further adjustments are made to the STP configuration. When optimization is not initially neglected, it is often later neglected as the network changes leaving a once-optimized Spanning Tree behind. At some point down the line many businesses encounter problems that could have been avoided by paying a little more attention to this often uncared for behind-the-scenes protocol. Basic implementation and configuration mistakes seem to be quite common, especially with small to mid-sized businesses. Some of these mistakes we see over and over again, despite the fact that they could be easily dodged. Below is a summary of the 5 most common mistakes we find and how to avoid or resolve them.1.) Failure to Utilize 802.1W Rapid-PVST
These days most switches are capable of running the faster, more recent version of STP, called Rapid Spanning Tree. However, it is surprising how many businesses are still configured to use the much slower 802.1D standard, which is now well over 2 decades old! I’m hard pressed to think of many items in technology that are not in the graveyard long before reaching that kind of life-expectancy. But more important than age is speed. The initial standard, which we so commonly see still being unnecessarily utilized, often takes around 50 seconds to converge (20 sec hold, 2 x 15 sec forward timers). In today’s fast-paced networks, that is an eternity! Utilizing Rapid Spanning Tree can make your layer 2 convergence more than 10x faster, and with a little extra tuning even faster than that. Aside from drastically increased convergence, core functionality remains that same, with some changes in the timers and the way that RSPT moves from Discarding to Forwarding. Configuration is painless and straight forward with backwards compatibility in the event that the network requires fallback to 802.1D. This is a no-brainer!2.) Root Bridge Not Manually Configured
If you never change the STP priority on your switches, the switch with the lowest mac-address on your network can end up as the root switch. Oftentimes, older, much less powerful switches will have lower mac-addresses. If one of these switches becomes the root it can cause big problems for any connected LAN segments. Typically you want one of your more robust switches, located in a focal point of your topology, such as the core, to be designated as root. This is unlikely to happen by chance, so it is recommended that you configure the root switch and backup root by design, utilizing the Cisco command “spanning-tree vlan # root primary|secondary” or “spanning-tree vlan # priority #” (lower priority wins). There are also cases where the location of root should mirror other factors in topology such as coinciding with the frame-relay hub or the FHRP Master/Active layer 3 switch. Failure to take these design considerations into account usually leads to suboptimal data paths and associated traffic congestion.3.) Multiple Uplinks Not Correctly Aggregated
Believe it or not, we have repetitively witnessed the following spoiled fruit from the labor of various well-meaning support technicians. The technician connects multiple ports from one switch to the other for uplink, expecting to be able to utilize the bandwidth from the multiple connections, only to have Spanning Tree rain on the parade by allowing connectivity only through a single link. We must not forget that it is STP’s job to block redundant links in an effort to keep the network loop free. The links introduced by the technician in an attempt to gain uplink bandwidth/redundancy would cause a L2 loop if Spanning Tree was not there to block all but one of them, so that is exactly what it does. Only one of the cables will actually carry traffic, unless further action is taken. Remember that in order to utilize redundant links in an uplink, they must be correctly configured for control plane aggregation. Etherchannel would be one common method of accomplishing this. It is readily available for configuration on most platforms through protocols such as (LACP and PAgP). This method logically bundles the links together in the control plane, and treats them as a single interface eliminating any looping and allowing full utilization of the aggregated bandwidth (at least for links numbered in powers of 2). Other methods could include Multi-Chassis Etherchannel and other virtual switch technologies.4.) STP Security Not Implemented
There are also security considerations that should be taken into consideration with all version of Spanning Tree. Unfortunately, this is something that is often overlooked entirely on many of the networks we’ve seen. For instance, Portfast is often configured on edge ports going out to end user devices to speed up convergence by not going through unnecessary transitory states when no other switch is expected on that port. Portfast effectively disables the listening/learning STP states for that port. Since the port may be publicly accessible, it is conceivable that another switch could be plugged into the port, possibly even with malicious intent. Since Portfast enabled ports do not go through protective transitional states, loop prevention could be bypassed and a denial of service attach could ensue. To avoid having an unauthorized switch become root, create a loop or initiate a DOS attack, simply make sure that BPDU guard is enabled on any port that is running Portfast. These two belong side by side. BPDU guard will listen for a Bridge Protocol Data Unit on the link, and if a BPDU comes across it will take action to shut the port down, thus defending the network. Root Guard and Etherchannel Guard are other features that can be used to make sure that your STP configuration remains secure and functioning as desired.5.) STP Not Scaled to Efficient Design Standards
As a network evolves, it should be evaluated on a regular basis. One of the things that is important to check is the LAN size in relation to spanning-tree function. Like a human adolescent, networks often grow in spurts. Sometimes switches are installed in a rush to fill time-sensitive capacity needs, and the LAN segment can sneakily end up growing beyond the size at which Spanning Tree can function optimally. For instance, 802.1D recommends that STP include no more than 7 switch hops. However, it is easy to surpass this count if switches are allowed to be daisy-chained out on the fly to extend areas of the network which are experiencing fast growth. LAN’s should be evaluated on a regular basis to determine if further segmentation may be necessary in order to bring STP back within optimal design standards.Why Does It Matter?
The above items have been found over and over again in various networks that we have assessed. Each of the issues has a relatively simple and straight forward fix. Making sure that these common mistakes are not found in your network can alleviate a lot of headaches by noticeably increasing reliability, performance and convergence. It is recommended that you avoid these issues in the first place if you can, or implement the corrections ASAP. It will be well worth while! written by Josh R Blaylock, Network Engineer – IT Solution Ramp - Understanding NAT Terminology – Inside Global and Outside Local
NAT Terminology can be confusing. Although it is imperative for network personnel to have a good grasp on these concepts, it is also helpful for the customer to have a basic understanding as well.
NAT translates IP addresses as they cross a boundary maintained by a router configured to perform the translation. An address used on the inside of a private network may be different than an address used on the outside network, despite referring to the exact same host. This is typically configured in order to conserve ip address space by making many private ip addresses reachable from the Internet by utilizing only one publicly routable ip address. Specific terminology refers to the location of the host and reference network utilizing the words Inside|Outside and Local|Global.
The first word in each phrase combination , “INSIDE” is used to describe the location (not address, just residing location) of a host located inside the private network, and “OUTSIDE” is used to describe the location of a host residing outside that private network.
Adding to that logic, the second word in the NAT terminology phrases refers to perspective, identifying which part of the network a packet is traversing rather than a host location. “LOCAL” refers to either host’s ip address as it appears in packets captured inside the local private network, and GLOBAL refers to either host’s ip address as it appears in packets captured outside the private network, i.e., in global, public space or the Internet.
So, an OUTSIDE LOCAL address would refer to a host residing “outside” the private network, but the actual ip address used to reach that outside host in a packet captured within the “local” private network would be whatever ip address the local network knows the outside host by. Usually (but not always) this will be a publicly routable ip address. It is typically not translated as it crosses the NAT router, so usually the OUTSIDE GLOBAL address will remain the same as it was when it was an OUTSIDE LOCAL address found inside the private network. There are some exceptions for corner cases such as those in which translation between two private networks using the same address space is necessary.
An INSIDE GLOBAL address would refer to a host residing inside the private network as seen from the “global” public Internet perspective. This address will typically be a global, publicly routable address. Many inside hosts can use this same ip address with a “one to many” Port Address Translation mapping, which appends port numbers to the ip address to differentiate between unique Inside Local destinations. The ingress port of the NAT router’s outside interface would listen for packets containing this INSIDE GLOBAL address and translate it to a private INSIDE LOCAL address as it crosses the NAT boundary and travels through the “inside” or private network.
written by Josh R Blaylock, Network Engineer – IT Solution Ramp
- Checklist: Efficiently Setting Up a New Computer or Operating System
Anytime you reload an operating system or get a brand new computer, there will inevitably be some basic things you will need to do to get it set up and running the way you want it to. Although the process if pretty simple, it helps to have the steps listed out so that you can get set up quickly without forgetting anything. Here is a quick summary of some of the things that you will probably either have to do or want to do:
- Install drivers for any devices that you will be connecting. It is best to install the latest drivers from your manufacturer. These can typically either be found on their website, or if recently purchased, on the mfg disk that came with your hardware. If you can’t find the appropriate drivers on mfg disk or website, then usually there will be universal drivers available in windows update that may work as a fallback option.
- Install applications that you will need: e.g., MS Office, Team Viewer, Norton Internet Security (or other antivirus), Backup Software (like Cobian, Crashplan, Marcium, etc.), Printer Software, Quick Books, Skype, Google Chrome, iTunes, software to add functionality to any attached devices, creative suites, business software, etc.
- Link applications with their restored data files: i.e., Quick Books needs a database of transaction information in order to do anything, Outlook needs your backed up .pst files in order for you to access past e-mail, etc.
- Configure applications: i.e., Outlook must receive server settings and login credentials in order to check your e-mail.
- Customize Windows layout: Operating Systems typically have a lot of flexibility as to how they can be configured to look and function. You can add your favorite programs to the start menu and/or to the task bar for quick access. You can also make the task bar bigger, auto-hiding, at bottom, sides or top, etc. You can customize backgrounds, folder view options, shortcuts, scripts, task scheduling, backup scheduling, mouse behavior, display behavior, sounds, etc., etc. You spend a lot of time on your computer… create the experience that is right for you.
- Image the OS for quick disaster recover: After you have everything set up the way you want it, use Macrium Reflect (Free) or similar disk imaging application to save an image on your data drive of your customized OS drive with all applications installed and functioning, so that if there is a problem you can just reformat the OS drive and quickly copy everything back to the way it was from the image now stored on your secondary data drive.
Solid State Drive’s (SSD) are now affordable and mainstream. There is really no excuse for not using one. This is the single biggest area where a small investment will make a huge difference in your computing experience. Bang for buck, the SSD provides the largest increase to your computer’s speed and your productivity.
An SSD is exponentially faster than a mechanical drive. No matter how fast your CPU and backplane are, you will always see performance bottlenecked by the limitations of hard drives that require mechanical action to perform their search, read and write functions. Because of this, your system’s apparent speed is directly scalable in relation to the speed of the drive on which the operating system is installed.
We recommend buying and installing at least a 250gb SSD as your OS drive. You can clone your full system drive, including OS and applications over from your mechanical drive to the SSD with typically included software, or you can do a fresh install of the OS and applications.
This also happens to be a really good time to implement a better filing system since you are starting fresh and actually have two separate hard drives inside your new computer.
Typically windows creates directories like “my pictures” “my videos” “my documents”, etc. under the user profile on the hard drive that it is installed on. In this case that would be on the SSD by default. There are two major problems with this: 1.) Although the SSD is exponentially faster, the technology is more expensive so the drive has a much smaller storage capacity. The storage capacity of the less expensive SSD’s is ideal to fit windows and all of your installed applications, but could easily be overloaded by your other files and data. 2.) If you ever want/need to do a clean reinstall windows, since that destroys all the data on the OS drive, you would have to copy all of the files in these default “my [whatever]” directories off the OS drive, reinstall windows and then find and copy all of the files back into the new default directories in the freshly reinstalled Windows.
A much better way would be to keep all of your photos, videos, documents, music, etc. on a separate inexpensive, large capacity mechanical hard drive, instead of placing them on the SSD where windows is installed. This way if your windows ever stops running smoothly, gets a virus or has some problem that would necessitate reinstallation of windows, you will not have to do anything with all of your personal files and documents. You just reinstall windows on the SSD, and all of your personal files and documents remain unaffected for as long as that hard drive lives, since they were on a completely separate physical drive from Windows. We highly recommend doing this as it makes life soooo much easier when the inevitable problem arises. It is also a little more secure and can possibly provide some protection from data loss due to viruses or malicious activity.
To set this up you will just need to create a new folder on the secondary mechanical hard drive that will be used as the root of your new filing system. For instance, create a folder called “Joe’s Files”, inside of that folder create a bunch of new folders named things like “Photos” “Music” “Finances” “Medical” “Work”, etc. All you are doing is abandoning the default location of your filing system in windows and setting it up in a new and separate location on the mechanical drive. An analogy would be moving your personal files to a separate filing cabinet from your business file cabinet. If the IRS comes and confiscates your business file cabinet (Windows breaks down), at least you don’t lose your personal files.
You will also probably want to tell windows to use your new folders as its corresponding default locations, so that when you click on shortcuts/libraries like “my pictures” you will see the contents of your folder where you are now storing your pictures instead of the old default location in windows. This is done by right clicking on each of the quick launch buttons or libraries on the left column of windows file explorer and selecting “Properties”, then “Location” tab, then “Move…” From the browser window select the new folders you created on the mechanical hard drive as the target. Now the default locations will be on the mechanical drive instead of the windows SSD. You can now do a full clean reinstall of windows without even touching your personal files and documents. - You really should own an SSD
Solid State Drive’s (SSD) are now affordable and mainstream. There is really no excuse for not using one. This is the single biggest area where a small investment will make a huge difference in your computing experience. Bang for buck, the SSD provides the largest increase to your computer’s speed and your productivity.
An SSD is exponentially faster than a mechanical drive. No matter how fast your CPU and backplane are, you will always see performance bottlenecked by the limitations of hard drives that require mechanical action to perform their search, read and write functions. Because of this, your system’s apparent speed is directly scalable in relation to the speed of the drive on which the operating system is installed.
We recommend buying and installing at least a 250gb SSD as your OS drive. You can clone your full system drive, including OS and applications over from your mechanical drive to the SSD with typically included software, or you can do a fresh install of the OS and applications.
This also happens to be a really good time to implement a better filing system since you are starting fresh and actually have two separate hard drives inside your new computer.
Typically windows creates directories like “my pictures” “my videos” “my documents”, etc. under the user profile on the hard drive that it is installed on. In this case that would be on the SSD by default. There are two major problems with this: 1.) Although the SSD is exponentially faster, the technology is more expensive so the drive has a much smaller storage capacity. The storage capacity of the less expensive SSD’s is ideal to fit windows and all of your installed applications, but could easily be overloaded by your other files and data. 2.) If you ever want/need to do a clean reinstall windows, since that destroys all the data on the OS drive, you would have to copy all of the files in these default “my [whatever]” directories off the OS drive, reinstall windows and then find and copy all of the files back into the new default directories in the freshly reinstalled Windows.
A much better way would be to keep all of your photos, videos, documents, music, etc. on a separate inexpensive, large capacity mechanical hard drive, instead of placing them on the SSD where windows is installed. This way if your windows ever stops running smoothly, gets a virus or has some problem that would necessitate reinstallation of windows, you will not have to do anything with all of your personal files and documents. You just reinstall windows on the SSD, and all of your personal files and documents remain unaffected for as long as that hard drive lives, since they were on a completely separate physical drive from Windows. We highly recommend doing this as it makes life soooo much easier when the inevitable problem arises. It is also a little more secure and can possibly provide some protection from data loss due to viruses or malicious activity.
To set this up you will just need to create a new folder on the secondary mechanical hard drive that will be used as the root of your new filing system. For instance, create a folder called “Joe’s Files”, inside of that folder create a bunch of new folders named things like “Photos” “Music” “Finances” “Medical” “Work”, etc. All you are doing is abandoning the default location of your filing system in windows and setting it up in a new and separate location on the mechanical drive. An analogy would be moving your personal files to a separate filing cabinet from your business file cabinet. If the IRS comes and confiscates your business file cabinet (Windows breaks down), at least you don’t lose your personal files.
You will also probably want to tell windows to use your new folders as its corresponding default locations, so that when you click on shortcuts/libraries like “my pictures” you will see the contents of your folder where you are now storing your pictures instead of the old default location in windows. This is done by right clicking on each of the quick launch buttons or libraries on the left column of windows file explorer and selecting “Properties”, then “Location” tab, then “Move…” From the browser window select the new folders you created on the mechanical hard drive as the target. Now the default locations will be on the mechanical drive instead of the windows SSD. You can now do a full clean reinstall of windows without even touching your personal files and documents.
Leave a Reply