05-14-2021 09:24 AM
Hi All,
We have 2 sites in the UK Site A & Site B which are connected with 5 & 7ks using fabricpath and OTV.
In each site we have a FW and we are looking to build the heartbeat config. We are not extending the heartbeat vlan over the OTV to the other site as this is where data traffic will traverse. We instead have a core MPLS network and we will trunk the vlan from the 5k where the firewall connects up to the PE that also connects to the 5k and create 2 L2 EOMPLS connection over to the other site.
When doing this we see the following error - STP-2-L2GW_BACKBONE_BLOCK: L2 Gateway Backbone port inconsistency blocking port
Is this because the heartbeat vlan is being stretched from one 5k to another other EOMPLS and causing some kind of STP issue? both vlans have a default STP priority of 4096
Any help would be much appreciated.
Thanks
05-14-2021 10:25 AM
I believe this is due to the FP header not being recognized over the MPLS core.
05-15-2021 01:34 AM
Hi @jay_7301
Allow me to start with some how FP works and then what does the STP log mean and what it's causing it.
First the theory:
In a network where Fabricpath is present, all FP enabled switches act as a one single big virtual switch, and must be seen by the attached devices as the root of the STP domain. In order for this to occur, they must share a common bridge ID (c84c.75fa.6000 + STP domain number) inside each STP domain. Note: the domain number can be changed using the "spanning-tree domain id" command
To ensure that FP switches act as the STP root, all switches are enabled with root-guard feature which cannot be deactivated. If any of the FP leaf switches receives an superior BPDU on any of the CE interfaces, the switch will block the receiving vlan on the receiving interface, and will also generate a syslog mesage: STP-2-L2GW_BACKBONE_BLOCK: L2 Gateway Backbone port inconsistency blocking port
Second, the potential root cause of your problem:
When you trunk the vlan between different networks with different FP fabrics, the STP BPDUs will be forwarded from one site to another, which will be received by FP leafs and will generate the above syslog message.
Last, the solution:
You filter the BPDUs between the sites, and make sure you do not have any second path between sites to avoid potential loops.
Stay safe,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide