Best practices
-
The network switches in the IIAS environment are not running Spanning Tree Protocol. Therefore, bpduguard and bpdufilter are not available options. To make these available, run them on the client-side switch ports. The switches do not generate BPDUs. However, they will forward BPDUs when received.
-
These external connections are setup as a single bond that consists of LACP bonds across two switches setup in a multi-chassis link aggregation group (MLAG) by default. It is a single logical path. Therefore, you must set up the client-side ports as either a single LACP bond to a single switch, or a single MLAG/VPC to multiple switches. Splitting the bond into multiple bonds or multiple MLAG/VPCs results in a network loop and potential for broadcast storm.