cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4945
Views
5
Helpful
20
Replies

vPC design question - STP priority on non-vPC vlans and others

Difan Zhao
Level 5
Level 5

1. With peer-switch turned on, do I give same priority on non-vPC vlans like the vPC ones, or do I give lower value on the primary and higher on the secondary?

 

2. I will have a separate port-channel to carry non-vPC vlans. Can I use one vlan for L3 routing peering between the two Nexus?

 

Thanks,

Difan

20 Replies 20

balaji.bandi
Hall of Fame
Hall of Fame

I Strongly suggest look at the Desing guide.

 

 

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/design_guide_c07-625857.html

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

 

If you have still question, we would like to know how is your network and where you placing this nexus switches ? do you have exiting network with spanning tree.

 

vPC designed meant to mitigate the spanning tree in DC Environment.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks Balaji. I am asking after I read the design guide. It did not mention what I should do with the non-vPC vlans. The Nexus switches are the core and L2/L3 boundary. I will have EIGRP and BGP peering with other routers and firewalls and all of them will not be on the vPC. 

 

This is a new data center I am building. The switches I have are Nexus 9732. 

 

Is there not a general recommendation for what we should do with STP config with the non-vPC vlans? Thanks

If this is Core then Nexus will be Root bridge for your no vPC VLAN, the document also give you information regarding Spanning Tree priorities.

 

Page 62

Best Practices for Spanning Tree Protocol Interoperability

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The guide says that I should use the same STP priority for vPC Vlans but did not mention if I should use the same or different priority for non-vPC vlans.

It is all depends on how layered network and your boundary of network.

 

suggest to make HLD Diagram to look how is your network and your approach, we can only suggest based on the understand.of your information.

 

Case to Case core changes from enterprice network vs Data center work.

 

Please explain in detailed diagram how you like to be your network, so we can suggest where STP need to as root bridge for best practice ?

 

make sense ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I don't understand. Why would it be different in a different design? My switches will be the core. You suggested (in the guide) the same STP priority on the vPC vlans on both peers. Why would that recommendation not design specific? 

Ok let's say I have a device that doesn't support etherchannel so can't do vPC but need to be dual connected to the Nexus peers. As per page 55 the second best alternative is to connect the device to the peers using a non-vPC vlan. In this case, should I set STP priority to be the same or different on the Nexus?

Lets me Claify once again.

 

If this is only core you have in the network, then suggest nexus will be suggested to be Root for all the Vlans. immeterial either vPC or non-vPC.

 

You need to configure your network, Nexus select as root always ( so suggest to keep lower Value), rest of the device keep higher value so they not particiate as root for the VLAN.

 

Make Sense ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Let me clarify myself one more time too. I have TWO nexus switches. Should they have the same priority value or not

Depends on Design requirement.

 

Options 1 : They can be Same Priority for all the VLAN.

 

Option2 : 

 

Nexus Switch 1  : root bridge for Odd VLAN ( Example Vlan 3 5 7 So on)

Nexus Switch 2 :  root bridge for  Even  VLAN ( Example Vlan 2 4 6 So on)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

You know what, the same priority does not work. I have Vlan 1 in the non-vPC port-channel (between the two Nexus) and exclude it from the vPC peer-link. Here is what I see. Even if the non-vPC port-channel is the only link in the vlan, it is blocked on one Nexus peer. 

# sh spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    1
             Address     0023.04ee.be28
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    1      (priority 0 sys-id-ext 1)
             Address     0023.04ee.be28
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po900            Back BLK 1         128.4995 P2p

I think that with peer-switch, both Nexus use the same bridge ID. When the priority is set to be the same, it is conflicting. It is like plug a cable into itself

 

 

Another scenario is on page 101 shown in the Figure 75. In this case, what STP priority do I set on both of my peers for the non-vPC vlan used for the Layer3 peering?

 

image.png

 

Hello Difan,

 

plz check my simple topology which it may helps and cut it short.

1-for VPC connected switches we should consider STP priority and keep it the same to prevent split brain loop issue.

 

but lets consider for non port channel connected switches/nodes, without changing the STP priority for their vlans.

so these devices will receive the same BPDUs packet with the same priority from two switches (N9K-1 and N9k-2) so it will think that there is a loop. and will block one of them in err-disabled state.

 

so we should allow the vlans for switches connected via port channel facing vpc in the peer-link, and keep both cores switch are the STP root switch.

 

and for non port-channel devices change the core priority for primary and secondary switches.

 

as the second case is like vpc failure scenario when peelink and keep alive link is disconnected which lead to network failures.

 

hope it help you and plz rate if yes, and keep me updated for any clarification.

Thanks for confirming. Even without the two green lines to your sw2, the link carrying the non-vPC vlans between the two switches is blocked on one side...

Is 1 the default vlan on your switches? Can you try any other vlan?

 

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: