Bigleaf’s Premier plan provides two Bigleaf routers in a highly available (HA) setup that is bridged together for immediate failover should one of the routers fail.
If the Bigleaf routers are connected to a customer managed switch on both LAN ports, you must ensure Spanning Tree Protocol (STP) is enabled and configured to maintain a loop-free topology.
Ports in the LAN bridge
On both Bigleaf routers, the configured router to router (R2R) and LAN ports are all in the same layer 2 bridge, which we call the LAN bridge. Our LAN bridge is not configured with STP.
For a Premier plan site with BLR-108 routers, the R2R ports will be the AUX ports. For a site with BLR-112 routers, the R2R port could be the AUX port or a fiber expansion port (EXP). Please refer to Configuring expansion Ports in Standard High Availability for more on BLR-112 ports.
Loop Avoidance
Broadcast, multicast, and unknown unicast packets that are received on the LAN ports will be re-broadcasted out the LAN port of the other Bigleaf router as they are bridged together on these ports. This can create a switching or bridging loop if a customer connects their own switch(es) or switch stack to the Bigleaf router LAN ports.
STP must be enabled on the customer managed switches to ensure a loop-free topology. There will be degraded performance if there is a loop, and this is not a supported configuration.
This is not an issue for customers who directly connect their firewalls to each Bigleaf router LAN port.
Example diagram (ports circled in blue are in the LAN bridge):
Common issues and FAQ
Unmanaged switches may not support STP, or it is disabled by default. We do not support switches connecting to both Bigleaf routers without STP to ensure a loop-free topology. If STP is disabled, please enable STP.
Can the switch port connecting to the primary Bigleaf router LAN port be set to discarding? Yes, this is fine. Internet traffic can forward through our secondary router due to active/active architecture. NOTE: for sites with our multi-gig 2Gbps or 3Gbps service plans, they must ensure the R2R ports support 10Gbps.
Some HA firewall designs and configurations may have their WAN ports that connect to the Bigleaf router LAN ports configured as bridged interface. If you do this, please ensure your firewall bridge interface is running STP. Please consult your vendor documentation for specifics on this.
If you suspect there is a loop affecting performance, please contact Bigleaf Connect Care team, and we can check the routers for potential issues to provide specific guidance.
Comments
0 comments
Article is closed for comments.