11-02-2011 02:14 PM
Hello,
There are two N7Ks connected with peer-link (Po1). There will be some other L2 switches connected to those N7Ks with vPC. Also, there is a separate, dedicated L2 link (Po9) between N7Ks to carry VLANs for orphan ports connected on both N7Ks. Here is configuration:
N7K-1:
spanning-tree mst configuration
name test
revision 3
instance 1 vlan 1-9,12-14,16-1005
instance 2 vlan 10,11,15
spanning-tree mode mst
spanning-tree mst 0-2 priority 4096
spanning-tree pseudo-information
mst 0-2 designated priority 4096
mst 0-2 root priority 4096
vpc domain 1
peer-keepalive destination 1.1.1.2 source 1.1.1.1 vrf peer-keepalive
system-priority 1000
role priority 1
auto-recovery reload-delay 240
peer-gateway
peer-switch
graceful consistency-check
ip arp synchronize
delay restore 30
delay restore interface-vlan 40
interface port-channel 1
vpc peer-link
switchport trunk allowed vlan remove 10,11,15
[...]
interface port-channel 9
switchport trunk allowed vlan 10,11,15
spanning-tree mst 2 cost 100
[...]
N7K-2:
spanning-tree mst configuration
name test
revision 3
instance 1 vlan 1-9,12-14,16-1005
instance 2 vlan 10,11,15
spanning-tree mode mst
spanning-tree mst 0-2 priority 4096
spanning-tree pseudo-information
mst 0-2 designated priority 8192
mst 0-2 root priority 8192
vpc domain 1
peer-keepalive destination 1.1.1.1 source 1.1.1.2 vrf peer-keepalive
system-priority 1000
role priority 1
auto-recovery reload-delay 240
peer-gateway
peer-switch
graceful consistency-check
ip arp synchronize
delay restore 30
delay restore interface-vlan 40
interface port-channel 1
vpc peer-link
switchport trunk allowed vlan remove 10,11,15
[...]
interface port-channel 9
switchport trunk allowed vlan 10,11,15
spanning-tree mst 2 cost 100
[...]
In theory, for vPC VLANs, that is those carried over peer-link, global STP configuration should be used. And, because peer-switch is used, both N7Ks will generate the same BPDU (the same Bridge ID with priority 4096), both becomming root. And, for other VLANs, carried over dedicated L2 link, the pseudo-information should be used. That is, N7K-1 should become root, and Po9 should be Designated. The N7K-2 should be backup root and Po9 should be Root port.
Unfortunately, it's not how it works. Maybe I am missing something, but BPDUs sent over dedicated L2 Po9 are exactly the same as for VPC VLANs. N7K-1 becomes root and its Po9 becomes Designated. But, N7K-2 is also a root, and since it sees the same BPDU as it generates by itself, it treats Po9 as an alternate way to itself and places that port in Alternate/Blocking state.
So, am I doing something wrong, or dedicated L2 link cannot co-exist with peer-link? I had no chance to test it, but it may work if I remove peer-switch feature (although it is recommended to have it)
Best regards,
Krzysztof