STP (Spanning Tree Protocol) is an algorithm that allows switches to create a loop-free, logical topology that can block its ports dynamically. By using STP, the logical infrastructure of the network operates without redundant links, free from switching loops and with an optimum level of performance.
Panda GateDefender Performa uses a load balancing algorithm based on STP that requires a specific, simple physical structure, as shown in the diagram below:
The logical topology of the load balancing model is shown in the diagram below:
In load balancing, the slave unit will block one of its ports and all traffic will pass through the master unit, thereby sharing the load.
If two intelligent switches or a switch with different virtual networks with STP enabled are used, Panda GateDefender Performa load balancing (also based on STP) will interact with the network STP algorithm, and as a result, any switch in the STP topology could block one of its ports (due to the STP algorithm). Therefore, Panda GateDefender Performa will not be able to find the correct physical topology on which to carry out load balancing:
NOTE: If Catalyst switches are used, you can check the status of STP through the “Show Spanning Tree detail” command in the Cisco IOS. In this case, it will show that the port to which the Panda GateDefender unit is connected is blocked (Blocked State) and that the original topology has been modified.
How can I resolve it?
The simplest way is to disable STP in the switch’s ports. However, this is not possible in the majority of cases, as the STP algorithm is essential for optimum network performance.
- Add virtual networks (VLAN)
If you cannot disable STP, you can create two virtual networks (VLAN) without enabling STP in them. At the same time, the default virtual network or other existing virtual networks can have STP enabled, as shown in the diagram below:
This configuration consists of two virtual networks (B) with STP disabled. Each VLAN must be configured with three ports, two for the Panda GateDefender units and an additional port to link this VLAN with the original virtual networks (A). This bridging link must be a crossed-cable and its only function is to connect the two isolated VLANs created with the rest of the VLANs that belong to the STP structure.
Note 1: In some cases, the default configuration of the trunk port in Cisco Catalyst is set to Desirable mode. Therefore, if two ports with this configuration are linked to one another, the status of the port and the link will change to trunking status. In this case, negotiation of trunking should be avoided. Therefore, trunking in all ports to which the Panda GateDefender Performa units are connected and the ports that connect the VLANs to one another should be set to Nonegotiate.
Note 2: BPDUs or Bridge Protocol Data Unit – data packets handled by STP – sent from the Panda GateDefender Performa master unit to the slave unit can interact with the STP algorithm in the rest of the network. In this case, additional settings must be implemented to avoid propagation of the BPDUs.
- Add non intelligent switches
Finally, another solution is to place two non intelligent switches between the main switches and the Panda GateDefender Performa units, as shown in the diagram below:
For instructions on how to place various Panda GateDefender Performa units in load balancing, click here.