Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14315
Views
10
Helpful
4
Replies

Spanning tree priority with VPC recommendations NX OS

Go to solution
Chris_78
Level 1
Level 1

‎11-15-2018 09:48 AM

Hi Guys 

I'm trying to verify the following configuration on Nexus switches as this one is going in production tomorrow night. 

sw.PNG

What always bugs me is STP currently I have SW1 and SW2 setup as follow:

SW1# sh run spanning-tree

spanning-tree vlan 1-1000 priority 4096
interface port-channel1
spanning-tree port type network

SW2# sh run spanning-tree

spanning-tree vlan 1-1000 priority 12288
interface port-channel1
spanning-tree port type network

Interface po 1 is our peer link as you probably already guessed ;)

VPC SW#1

vpc domain 1
peer-switch
role priority 2800
system-priority 10000
peer-keepalive destination 192.168.1.2
delay restore 60
peer-gateway
layer3 peer-router
auto-recovery
ip arp synchronize

 

My question is how do we go for SW3 and SW4 - they share 2 VLANs with SW1 and SW2 ...? Should I apply the same spanning tree priorities on SW3 and SW4? or if you have better idea?

Any feedback is greatly appreciated!

 

Chris

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Orlando Barboza
Cisco Employee
Cisco Employee
In response to Chris_78

‎11-20-2018 05:49 PM

Chris,

 

Each pair of Nexus switches should have the same priority but different between each other and the access should have a higher priority so they do not send a superior BPDU.

 

switch 1 and 2 ---> priority 10 vlan 10 --> root bridge switches.

switch 3 and 4 ---> priority 20 vlan 10

access switch ---> priority 30 vlan 10

 

Regarding the L3 protocols they are not related to this configuration.

 

HTH

- Orlando -

View solution in original post

4 Replies 4

Go to solution
Orlando Barboza
Cisco Employee
Cisco Employee

‎11-15-2018 05:32 PM

Hello Chris,

 

Regarding to your question, you just need to have one root bridge in the whole L2 domain so the priorities between switches need to be the same, for example:

 

switch 1 --> 1 for vlan 10

switch 2 --> 2 for vlan 10

switch 3 --> 3 for vlan 10

switch 4 --> 4 for vlan 10

 

So in this case the switch 1 will be the root for the whole tree, if you are running the default rstp, if you are using MST that would be based on instances.

 

As you can see above this is handled in the same way as with regular switches not running vPC, they will use their own MAC to send the vPC, the only difference is that the primary switch in the vPC domain (sw#1 with sw#2, sw#3 with sw#4) is the one in charge of processing the BPDUs no matter if the root is located in the other switch.

 

For example:

 

If switch #1 is the root but the primary in the vPC domain is switch #2 ( you can check that with the "show vpc role" command, that election takes place based on the root priority value under the vPC domain, the lower the better), then switch# 2 will be in charge of processing the BDPUs, if switch #1 receives a BPDU, the BPDU is sent accross the peer-link to the other switch to be processed.

 

So if you keep the setup like this, the priorities need to be different across the switches, to select one of the 4 as the root for  the VLAN.

---------

 

Now, I can see that you have configured the feature "peer-switch" under the vPC domain. When peer-switch is enabled, each Nexus switch shares a virtual bridge ID which allows both switches in the domain to act as root for the VLAN. The vPC peer-link is always in a forwarding status and runs L2 Gateway Interconnection Protocol (L2GIP) in order to prevent bridging loops.

Each Nexus switch sends BPDUs with with the system MAC they both shared form the vPC domain creation, that MAC is  00:23:04:ee + the domain #.

 

The main advantage of vPC peer-switch is the improvement in term of convergence time during vPC primary peer device failure/recovery. Without vPC peer-switch feature, vPC primary peer device failure and recovery usually create around 3 seconds of traffic disruption (for south to north traffic). With vPC peer-switch, traffic disruption is lowered to sub-second value because peer device down an up events do not generate any Rapid Spanning Tree Protocol Sync behavior (from a STP standpoint, there is no change in L2 topology.

 

Another enhancement with this feature is that both of the switches will process BPDUs.

 

The requirements to run properly the peer-switch feature are the following:

 

1- Configure the peer-switch feature under the vPC domain in both switches (already done in your case)

2- Configure the same priority in both switches, that is because both of the switches will be root, example assuming the 4 switches have peer-switch enabled:

 

sw#1 and sw#2 --> priority 10 for vlan 10 --> they both will appear as root for that VLAN to the rest of the tree.

sw#3 and sw#4 --> priority 20 for vlan 10 --> sw#4 will see the root in the peer-link and sw#3 will see the root in the connection to SW2.

 

In summary with the configuration you have (peer-switch enabled), my recommendation would be to follow the last example matching the same priority o a peer-domain basis.

 

One more thing, technically the only pair of switches that need to have peer-switch enabled are the ones that are going to be the root, so if we put everything together it will look like this:

 

sw#1 and sw#2 --> peer-switch enabled, priority 10 for vlan 10 --> they both will appear as root for that VLAN to the rest of the tree.

sw#3 --> peer-switch disabled, priority 20 for vlan 10 --> will see the root in the connection going to SW2

sw#4 --> peer-switch disabled, priority 30 for vlan 10 --> will see the root in the connection going to SW3.

 

More information about peer-switch can be found in the following link:

 

https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118858-config-nexus7000-00.html

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/interfaces/configuration/guide/if_cli/if_vPC.html#pgfId-1829433

 

Let me know if you have questions.

 

HTH.

 

Orlando :)

- Orlando -
0 Helpful

Go to solution
Chris_78
Level 1
Level 1
In response to Orlando Barboza

‎11-19-2018 07:03 PM

Thank you Orlando! Apology for the delay we were hiding from the smoke in NorCal, but we are back now! - Correct me if I'm wrong - from my understanding, I should keep each pair of switches with the same rstp priorities and I guess a bit lower priority from my access switches below..?

Just to clarify the design - the link between the two pair switches from SW2 - SW3 is some sort of old L2 point to point circuit (if that matters) and I'm also running VRRP and OSPF on each pair I know that's more L3 but just to confirm you never know!

 

Best!

 

Chris

 

0 Helpful

Go to solution
Orlando Barboza
Cisco Employee
Cisco Employee
In response to Chris_78

‎11-20-2018 05:49 PM

Chris,

 

Each pair of Nexus switches should have the same priority but different between each other and the access should have a higher priority so they do not send a superior BPDU.

 

switch 1 and 2 ---> priority 10 vlan 10 --> root bridge switches.

switch 3 and 4 ---> priority 20 vlan 10

access switch ---> priority 30 vlan 10

 

Regarding the L3 protocols they are not related to this configuration.

 

HTH

- Orlando -

Go to solution
Chris_78
Level 1
Level 1
In response to Orlando Barboza

‎11-21-2018 06:32 AM

Thank you Orlando!
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card