Solved: Spanning Tree with vPC and non-VPC

BastiiGee · ‎05-20-2022

Hello dear community,
I am currently trying to understand an existing topology and its spanning tree (screenshot attached).
This is probably a topology that deviates from best practice.
We have two nexus switches and a cat switch in use. nex4(secondary) and (primary) nex5 have a peer link on which is vlan 622. both nexus are connected with cat1 also on vlan 622. (not in vpc or portchannel).
The cat switch is root for all vlans. I have used VLAN 622 as an example for my question.
I wonder why nex4 disconnects the uplink to the cat1 switch, although the costs via nex5 are higher.
On the other hand, there is vlan 627, where the cost from nex4 to cat1 has been reduced to 1. But then nex5 blocks its direct link to cat1 and chooses the path via nex4, although the costs would now be the same.
Does this have anything to do with the VPC construct? How is it calculated here which link is blocked?

Here are the outputs from both nexus:(also attached)
sh spanning tree vlan 622
sh spanning tree vlan 627
Sh spanning tree vlan 622 detail

VLAN622:

Nex4#
VLAN0622
Spanning tree enabled protocol rstp
Root ID Priority 4718
Address cccc.cccc.cccc
Cost 3
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33390 (priority 32768 sys-id-ext 622)
Address bbbb.bbbb.bbbb
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 1 128.4105 (vPC peer-link) Network P2p
Eth1/29 Altn BLK 2 128.157 P2p

Nex4# sh spanning-tree vlan 622 interface po10 detail

Port 4105 (port-channel10, vPC Peer-link) of VLAN0622 is root forwarding
Port path cost 1, Port priority 128, Port Identifier 128.4105
Designated root has priority 4718, address cccc.cccc.cccc
Designated bridge has priority 33390, address aaaa.aaaa.aaaa
Designated port id is 128.4105, designated path cost 2
Timers: message age 4, forward delay 0, hold 0
Number of transitions to forwarding state: 5
The port type is network
Link type is point-to-point by default
BPDU: sent 17091466, received 17091798

Nex4# sh spanning-tree vlan 622 interface eth1/29 detail

Port 157 (Ethernet1/29) of VLAN0622 is alternate blocking
Port path cost 2, Port priority 128, Port Identifier 128.157
Designated root has priority 4718, address cccc.cccc.cccc
Designated bridge has priority 4718, address cccc.cccc.cccc
Designated port id is 128.391, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 7
Link type is point-to-point by default
BPDU: sent 4179530, received 16985131

Nex5# sh spanning-tree vlan 622

VLAN0622
Spanning tree enabled protocol rstp
Root ID Priority 4718
Address cccc.cccc.cccc
Cost 2
Port 158 (Ethernet1/30)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33390 (priority 32768 sys-id-ext 622)
Address aaaa.aaaa.aaaa
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Desg FWD 1 128.4105 (vPC peer-link) Network P2p
Eth1/30 Root FWD 2 128.158 P2p

Nex5# sh spanning-tree vlan 622 interface eth1/30 detail

Port 158 (Ethernet1/30) of VLAN0622 is root forwarding
Port path cost 2, Port priority 128, Port Identifier 128.158
Designated root has priority 4718, address cccc.cccc.cccc
Designated bridge has priority 4718, address cccc.cccc.cccc
Designated port id is 128.199, designated path cost 0, Topology change is set
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 72, received 12429187

Nex5# sh spanning-tree vlan 622 interface po10 detail

Port 4105 (port-channel10, vPC Peer-link) of VLAN0622 is designated forwarding
Port path cost 1, Port priority 128, Port Identifier 128.4105
Designated root has priority 4718, address cccc.cccc.cccc
Designated bridge has priority 33390, address aaaa.aaaa.aaaa
Designated port id is 128.4105, designated path cost 2
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 4
The port type is network
Link type is point-to-point by default
BPDU: sent 17091752, received 17091420

VLAN627:

nex5# sh spanning-tree vlan 627

VLAN0627
Spanning tree enabled protocol rstp
Root ID Priority 4723
Address cccc.cccc.cccc
Cost 2
Port 4105 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33395 (priority 32768 sys-id-ext 627)
Address aaaa.aaaa.aaaa
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Root FWD 1 128.4105 (vPC peer-link) Network P2p
Eth1/30 Altn BLK 2 128.158 P2p

nex4# sh spanning-tree vlan 627
VLAN0627
Spanning tree enabled protocol rstp
Root ID Priority 4723
Address cccc.cccc.cccc
Cost 1
Port 157 (Ethernet1/29)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33395 (priority 32768 sys-id-ext 627)
Address bbbb.bbbb.bbbb
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10 Desg FWD 1 128.4105 (vPC peer-link) Network P2p
Eth1/29 Root FWD 1 64.157 P2p

MHM Cisco World · ‎05-20-2022

https://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-series-switches/C07-572834-00_STDG_NX-OS_vPC_DG.pdf

this from Cisco it not specify how Nexus make vPC peer-link always forward.
""Special Considerations for Spanning Tree with vPCs

Even if the Cisco Nexus devices are configured for vPC, each device preserves its root or secondary root role or whichever priority it has as defined by the spanning-tree configuration.

The main difference between a vPC configuration and a non-vPC configuration is in the forwarding behavior of the vPC peer link and the BPDU forwarding behavior of vPC member ports only.

Non-vPC ports on a vPC-configured switch behave in the same way as on a regular switch, except that the vPC peer link is always forwarding, which may require a slightly different (but still valid) topology.

How Spanning Tree Works in a vPC Deployment
A vPC deployment has two main spanning-tree modifications that matter:

● vPC imposes the rule that the peer link should never be blocking because this link carries important traffic such as the Cisco Fabric Services over Ethernet (CFSoE) Protocol. The peer link is always forwarding.
● For vPC ports only, the operational primary switch generates and processes BPDUs. The operational secondary switch forwards BPDUs to the primary switch.""

for your Q
1. if the cost are the same, it chooses the primary peer as the one connected to root

2. If the cost of secondary is lower it chooses that way

the cost never same Primary receive two BPDU one direct from Cat "root" and other via Secondary which is sum of Cost to Secondary and Peer-link"

so for for normal STP the Peer-link MUST be BLK not direct link to root BUT again cisco make rule that Per-link never be BLK always FWR this make Secondary have
one Root Port
other Port either DP or BLK and to prevent loop it will be BLK.

View solution in original post

MHM Cisco World · ‎05-20-2022

this called hybrid

https://www.cisco.com/c/en/us/support/docs/routers/7000-series-routers/116140-config-nexus-peer-00.html

read this doc. if you don't get what you want share here your Q.

BastiiGee · ‎05-20-2022

Thanks for sharing. already read the doc.
The problem is that the current topology and konfig doesn’t use the pseudo or the peer-switch.
command. Just want to understand the current situation.

balaji.bandi · ‎05-20-2022

@MHM Cisco World suggested document will help you. make sure you configure nexus side vPC for the portchannel going to Cat 1 switch, since its dual homed that is best practice.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

BastiiGee · ‎05-20-2022

Unfortunately it’s not possible to form a portchannel. We have to keep the
topology as shown.

balaji.bandi · ‎05-20-2022

If you do not like to change, that is nature of spanning tree as mentioned in other post.

you can only use 1 link at a time, or you can Load share with different VLAN with priority of VLAN.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎05-20-2022

first,
config the vPC peer primary as root primary
config the vPC peer secondary as root secondary
config Peer-Switch under the vPC domain.
this make Cat see one Nexus switch not two since there is vPC config between two Nexus Peer, please check spanning tree to see that both Peer MAC ID is same.

NOW image two SW connect via two link, to prevent LOOP one SW must BLK one Link to prevent LOOP.

and as @balaji.bandi suggest if you config PO between two SW then there is ONE LINK and SW will not BLK any PO member port.

BastiiGee · ‎05-20-2022

Sorry if my question was misleading . I don’t want to change anything. As it is it works.
i just want to understand how spanning tree work in the current situation

MHM Cisco World · ‎05-20-2022

Three different switch (since you not run peer-switch) bidge mac ID connect in triangle topology,

Stp run to prevent loop,

Cat is root

So Q here why peer-link not blk but direct connect to root is blk?

This because vpc nexus always work to prevent blk peer-link always it fwd from stp view,

So peer-link fwd the remaining link to prevent loop is direct connect to Cat and it BLK.

BastiiGee · ‎05-20-2022

Thanks…

Are there rules I can follow?
as I said, I just want to understand how these things works because it’s not like „normal“ STP.

Is it possible to say why it chooses nex5 to have the connection? Is it because it’s primary?
or the anomaly with the manipulated Cost of vlan 627.

it’s seems like:

1. if the cost are the same, it chooses the primary peer as the one connected to root

2. If the cost of secondary is lower it chooses that way

MHM Cisco World · ‎05-20-2022

https://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-series-switches/C07-572834-00_STDG_NX-OS_vPC_DG.pdf

this from Cisco it not specify how Nexus make vPC peer-link always forward.
""Special Considerations for Spanning Tree with vPCs

Even if the Cisco Nexus devices are configured for vPC, each device preserves its root or secondary root role or whichever priority it has as defined by the spanning-tree configuration.

The main difference between a vPC configuration and a non-vPC configuration is in the forwarding behavior of the vPC peer link and the BPDU forwarding behavior of vPC member ports only.

Non-vPC ports on a vPC-configured switch behave in the same way as on a regular switch, except that the vPC peer link is always forwarding, which may require a slightly different (but still valid) topology.

How Spanning Tree Works in a vPC Deployment
A vPC deployment has two main spanning-tree modifications that matter:

● vPC imposes the rule that the peer link should never be blocking because this link carries important traffic such as the Cisco Fabric Services over Ethernet (CFSoE) Protocol. The peer link is always forwarding.
● For vPC ports only, the operational primary switch generates and processes BPDUs. The operational secondary switch forwards BPDUs to the primary switch.""

for your Q
1. if the cost are the same, it chooses the primary peer as the one connected to root

2. If the cost of secondary is lower it chooses that way

the cost never same Primary receive two BPDU one direct from Cat "root" and other via Secondary which is sum of Cost to Secondary and Peer-link"

so for for normal STP the Peer-link MUST be BLK not direct link to root BUT again cisco make rule that Per-link never be BLK always FWR this make Secondary have
one Root Port
other Port either DP or BLK and to prevent loop it will be BLK.