Re: STP spanning tree what did my network admin do?

cts_55 · ‎07-06-2020

I'm relatively new to large-level networking, setting up a new vlan to be distributed on my network.
I have a loop of 5 c2960x switches all connected on a 10G fiber backbone and SFP+ ports, 1&2 are stacked, the rest in a loop.

1&2

/ \

5 3

\ /

4

show running-config/startup-config for each of the switches has the identically same lines in it

spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 2,12,110,170 priority 24576
!
vlan internal allocation policy ascending

I am adding vlan 160 to the network, and have successfully done so PROVIDED that I severed the link between switch 1 and switch 5, so

interface TenGigabitEthernet1/0/1
 description uplink c2960x-4 port Te 1/0/1
 switchport trunk allowed vlan 2,12,110,160,170
 switchport trunk native vlan 999
 switchport mode trunk
 switchport nonegotiate
!
interface TenGigabitEthernet1/0/2
 description uplink c2960x-1 port Te 2/0/2
 switchport trunk allowed vlan 2,12,110,170
 switchport trunk native vlan 999
 switchport mode trunk
 switchport nonegotiate
!

Now, I read some things but I'm having a hard time discerning which command is allocating the root switch. For some reason, the readout for c2960x-3 is

C2960X-3#show spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0005, VLAN0010, VLAN0100, VLAN0147, VLAN0160
EtherChannel misconfig guard            is enabled
Extended system ID                      is enabled
Portfast Default                        is disabled
Portfast Edge BPDU Guard Default        is disabled
Portfast Edge BPDU Filter Default       is disabled
Loopguard Default                       is disabled
PVST Simulation Default                 is enabled but inactive in pvst mode
Bridge Assurance                        is enabled but inactive in pvst mode
UplinkFast                              is disabled
BackboneFast                            is disabled
Configured Pathcost method used is short

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0002                     0         0        0         23         23
VLAN0012                     0         0        0         20         20
VLAN0110                     0         0        0         20         20
VLAN0160                     0         0        0          3          3
VLAN0170                     0         0        0         20         20

---------------------- -------- --------- -------- ---------- ----------
5 vlans                      0         0        0         86         86

After I severed vlan160 for switches 1 and 5, I got successful comms for vlan160 out of #3, and have since reestablished the vlan on the trunk and comms stayed up.

If I have a large amount of these vlan160 connections coming into switch 1 instead of switch 3, should I allocate that as the root bridge?

on switch 1:

spanning-tree vlan 160 priority 8192

if someone's willing, please explain:

is it that simple?
why did vlan160's root bridge automatically be allocated to switch 3?
how are things working when they're all being assigned the same priority?

also, are they actually broken when bridge ID is itself and not the next switch in line?

C2960X-4#show spanning-tree vlan 110

VLAN0110
  Spanning tree enabled protocol ieee
  Root ID    Priority    24676
             Address     <<MAC addr of c2960x-3>>
             Cost        2
             Port        52 (TenGigabitEthernet1/0/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24676  (priority 24576 sys-id-ext 100)
             Address     <<MAC addr of ITSELF>>
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  15  sec

thanks!!!

Seb Rupik · ‎07-06-2020

Hi there,

Yes, changing the root bridge is as simple as the priority command you suggests.

A word of warning, unless you have a compelling reason (ie, two gateways with a FHRP running) you should want the root bridge to always be on the same switch. This switch should always be the one where the VLANs gateway is configured.

Regarding why switch 3 became the root bridge, I suggest you read about the STP root bridge election process:

https://www.cisco.com/c/en/us/td/docs/routers/access/3200/software/wireless/SpanningTree.html#wp1040301

Quite why you had loss of connectivity would need further analysis. Incorrect placement of a root bridge would lead to a sub-optimal tree, but not an isolated switch.

The final piece of output is normal. A switch would have its own bridge ID which it advertises via its own BPDU. Depending on the result of the STP election the root bridge ID may or may not match its own.

cheers,

Seb.

paul driver · ‎07-07-2020

Hello

@cts_55 wrote:

show running-config/startup-config for each of the switches has the identically same lines in it
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 2,12,110,170 priority 24576
!
vlan internal allocation policy ascending

Assigning the same stp bridge priority’s to all switchs in this topology is just the same as not specifying any value which would have the stp root election elect switch that has the lowest (preferred) stp bridge ID based on its base mac-address of the switch, which in your case looks like it is Sw3
Best practice would have the STP root bridge for all vlans central to your lan users so in most times this would be your core/distribution switch however is you have a switch that is not the core/distribution but serves as a central point for that vlan then it would be applicable to make that switch the stp root for that vlan.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

cts_55 · ‎07-11-2020

Paul and Seb, thanks so much for your responses. I've been spending the last few days doing some research, I read through the website Seb gave and I'm still slightly miffed as to what switch I should actually dedicate as the root switch. I feel like no3 isn't the true answer though. So according to Paul's response/Seb's cisco reference and other research I've done, its good practice to essentially make the root bridge either the most centralized or the switch where most of the vlans were generated (this was a little confusing as the vlans are generated either on offshots originally or generated on every switch.

I went around and gathered the results from the spanning tree as such:

name	no vlans	blocking	listening	learning	forwarding	stp active	lldp neigh.
x-1	6	0	0	0	62	62	12
x-3	5	0	0	0	86	86	21
x-4	4	0	0	0	91	91	26
x-5	4	4	0	1	26	31	7

now I think this is equally a reflection of just the amount of devices plugged into the switches. show lldp neighbours results show this. (we have a lot of 4 port HP NJ5000 switches connected to this backbone)

so the changes made recently to the network are reflected as such:

6

1&2 (stacked) -------<

/ \ a series of sg300-28s in major offshot

5 3

\ /

4

I'm trying to rectify with my network admin that the sg300s shouldn't be as dangerously isolated (literally one gig eth port unplugged and you lose connectivity to the entire system....no redundant connection to offshot and c2960x-1) but I'm also hoping to propose a better root system than "lowest mac address", my intuition is that the 1&2 stack should be the root bridge.

with this limited info, am I thinking about this right? weighting centralized node over amount of things connected to it.

much appreciated again

Seb Rupik · ‎07-13-2020

Hello again,

One thing I am not clear on is whether these are Layer3 VLANs or not as you have not mentioned gateways in your posts. If they are then place the root bridge on the same switch as the subnet gateway. This will ensure that a switch at the edge of the converged tree has the least number of hops to pass through to be routed.

If however your VLANs are Layer2, ie with no subnet gateway, then your thinking about placing the root bridge on the switch with the highest host count is sound. This assumes that there is a direct correlation between host count and traffic. You would want a switch at the edge of the tree to be the least number of hops away from these 'traffic centres'.

cheers,

Seb.

sdavids5670 · ‎07-16-2020

@cts_55 wrote:

so the changes made recently to the network are reflected as such:
                                       6
1&2 (stacked) -------<
/ \                              a series of sg300-28s in major offshot
5    3
\ /
4

I'm trying to rectify with my network admin that the sg300s shouldn't be as dangerously isolated (literally one gig eth port unplugged and you lose connectivity to the entire system....no redundant connection to offshot and c2960x-1) but I'm also hoping to propose a better root system than "lowest mac address", my intuition is that the 1&2 stack should be the root bridge.

with this limited info, am I thinking about this right? weighting centralized node over amount of things connected to it.

much appreciated again

Normally priorities are tweaked on the distribution/aggregation switches that make up the boundary that separates the access layer of your network from the routed portion of your network. It's hard to tell, by looking at your diagram, where that boundary exists (if it even exists on any of the switches depicted in the diagram). In this case I wouldn't worry so much about centralizing the root bridge. You could make the case, for STP stability sake, that 1&2 should be the root regardless of any other consideration because it is the most resilient option. One or the other of the two switches could fail and the stack would remain the root. Even if making 1&2 the root caused a sub-optimal path from a switch hop count point-of-view, the amount of extra delay incurred is negligible (microseconds). If, for whatever reason, making 1&2 the root causes a link to become congested you could remedy that with other mechanisms (such as tweaking interface-level per-vlan port costs). For example, by making 1&2 the root you will change the location of the blocking port to either the 4-5 trunk or the 3-4 trunk (on 4's side). Let's say, for the sake of this discussion, 4 blocks on the link to 3 and, because of this, traffic from devices off 4 and destined to something hanging off 3 need to take the lengthy path through 5-1&2-3. If this were to lead to a congestion situation on any of those links you could tweak interface-level spanning tree costs or priorities to change which link on 4 is blocked for a given VLAN or set of VLANs to remedy that issue. For instance, you could increase the port cost on 4's port that is facing 5 so that 1/2 of the VLANs prefer the path through 3 instead of 5-1&2-3. Given that all inter-switch trunk links are 10 Gbps it is very unlikely that you'll run into this problem. For example, before I tweak the port costs switch 4 prefers the same link to reach the root for all VLANs. I can change this so that 4 prefers the link through 5 for some VLANs and the link through 3 for the other VLANs thus splitting the traffic load.

SW4#show span int gi1/0/19

Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0002 Root FWD 4 128.19 P2p
VLAN0012 Root FWD 4 128.19 P2p
VLAN0110 Root FWD 4 128.19 P2p
VLAN0160 Root FWD 4 128.19 P2p
VLAN0170 Root FWD 4 128.19 P2p
SW4#show span int gi1/0/23

Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0002 Altn BLK 4 128.23 P2p
VLAN0012 Altn BLK 4 128.23 P2p
VLAN0110 Altn BLK 4 128.23 P2p
VLAN0160 Altn BLK 4 128.23 P2p
VLAN0170 Altn BLK 4 128.23 P2p
SW4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW4(config)#int gi1/0/19

SW4(config-if)#span vlan 2,12 cost 40
SW4(config-if)#do show span int gi1/0/19

Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0002 Altn BLK 40 128.19 P2p
VLAN0012 Altn BLK 40 128.19 P2p
VLAN0110 Root FWD 4 128.19 P2p
VLAN0160 Root FWD 4 128.19 P2p
VLAN0170 Root FWD 4 128.19 P2p
SW4(config-if)#do show span int gi1/0/23

Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0002 Root FWD 4 128.23 P2p
VLAN0012 Root FWD 4 128.23 P2p
VLAN0110 Altn BLK 4 128.23 P2p
VLAN0160 Altn BLK 4 128.23 P2p
VLAN0170 Altn BLK 4 128.23 P2p
SW4(config-if)

paul driver · ‎07-13-2020

Hello

@cts_55 wrote:

If I have a large amount of these vlan160 connections coming into switch 1 instead of switch 3, should I allocate that as the root bridge?

on switch 1:
spanning-tree vlan 160 priority 8192
if someone's willing, please explain:

is it that simple?

Yes it is that simple

why did vlan160's root bridge automatically be allocated to switch 3?

how are things working when they're all being assigned the same priority?

also, are they actually broken when bridge ID is itself and not the next switch in line?

As explained before all your switches had the same stp priority set thus with everything else being considered equal in the stp bpdu hello messages the root election sounds like it was decided on the lowest base mac address of the switch and SW3 won that election, if/when this stp root switch fails then a new stp root election would be initcated either just for a single vlan of mutiple vlans depending if that failed switch was the root for a single of mutiple vlans.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul