Solved: Avoiding spanning-tree loops in a backbone network?

gibsowe55 · ‎10-19-2017

Hello - Below is my topology in PT. I'm designing a redundant backbone network that interconnects 3 buildings. They connect via L3 routed port-channels as well as L2 trunk port-channels to forward specific vlans. Obviously this design causes spanning-tree to block two of the ports (you can see them on Building 2 Core 1.) This is causing EIGRP neighborships to flap, and probably worse if this was in a production network...

My question is - What is the best way to avoid the loop? Will I have to keep two of the redundant links shutdown? Or is there another best practice to avoid this design flaw?

chrihussey · ‎10-26-2017

Understand your needs and if this the way it has to operate, then it is what it is.

The fact that ports that were blocking are now forwarding would be a concern. If you have a stable environment it should remain relatively static. You should keep an eye on it. That being said:

1- Suggest configuring the root of the spanning tree for the all building VLANs, especially if one of the buildings is the central location.

2- Just in case, the L3 port channels should be just that and not configured as access ports in dedicated VLANs. Especially ones that could end up on the L2 trunks.

3- The L3 interfaces for the all building VLANs should be isolated to one or possibly two buildings and not EIGRP peer across them. Have the network advertised across the L3 links instead. Just think it would be cleaner that way.

Hope this helps

View solution in original post

Reza Sharifi · ‎10-19-2017

Hi,

Can you explain why do you have L2 and L3 Portchannels connecting the buildings together. L2 Portchannel should terminate at each building core. Between buildings, there should be only L3 Portchannel .

HTH

gibsowe55 · ‎10-19-2017

@Reza Sharifi wrote:

Hi,

Can you explain why do you have L2 and L3 Portchannels connecting the buildings together. L2 Portchannel should terminate at each building core. Between buildings, there should be only L3 Portchannel .

HTH

Hello - Thanks for the reply. We require L2 port-channels as well because there are SVI's that live in a certain building and they need to be forwarded to another one. Example, Building 1 has the SVI for vlan100. There are access switches in Building 2 that use vlan100, etc.

Reza Sharifi · ‎10-19-2017

Hi,

What is the reason for having building 1 and 2 in the same vlan (100)?

Extending vlans across buildings with so many uplinks is going to cause problems. Use local vlans per site and terminate them at the core. This will eliminate STP issues.

HTH

gibsowe55 · ‎10-19-2017

@Reza Sharifi wrote:

Hi,

What is the reason for having building 1 and 2 in the same vlan (100)?

Extending vlans across buildings with so many uplinks is going to cause problems. Use local vlans per site and terminate them at the core. This will eliminate STP issues.

HTH

I would agree with you, but there are redundant systems that rely on the vlans being extended across buildings. For example, our HA Wireless controller has one unit in building 2, the other unit is in building 3 so if one building goes offline, the wifi would still work for the rest of the campus. We also have redundant servers that follow a similar design.

gibsowe55 · ‎10-19-2017

It's interesting that after I came back from lunch, I had PT running for about an hour, and those two ports are no longer in a blocking state.. I don't know if this is a good thing or a bad thing.. lol. Perhaps it will work as designed, after all.

gibsowe55 · ‎10-26-2017

To expand on this a bit, when all is said and done, I will have all three buildings connected via L2 and L3 port channels. Should I be concerned with causing a loop? I've seen this same setup work without issue at a previous job. Will I have to manipulate any STP settings, change root bridge priorities, etc.?

chrihussey · ‎10-26-2017

Understand your needs and if this the way it has to operate, then it is what it is.

The fact that ports that were blocking are now forwarding would be a concern. If you have a stable environment it should remain relatively static. You should keep an eye on it. That being said:

1- Suggest configuring the root of the spanning tree for the all building VLANs, especially if one of the buildings is the central location.

2- Just in case, the L3 port channels should be just that and not configured as access ports in dedicated VLANs. Especially ones that could end up on the L2 trunks.

3- The L3 interfaces for the all building VLANs should be isolated to one or possibly two buildings and not EIGRP peer across them. Have the network advertised across the L3 links instead. Just think it would be cleaner that way.

Hope this helps

rasmus.elmholt · ‎10-26-2017

There shouldnt be a problem, the L2 vlans you have will be blocked/forwaring as per STP without any problems. If you have problems with your EIGRP neighbors it is because of something else. Could you share the configuration?

gibsowe55 · ‎10-26-2017

The EIGRP issues were probably unrelated and likely even a Packet Tracer bug.. I love PT for quick/dirty testing, but anything complex is enough to drive someone mad. It's hard to tell if it's a valid issue or just a PT bug!

Currently I have building 1 core 1 and building 3 core 1 connected via the L3 and L2 port-channels. They have formed an EIGRP adjacency with each other and all seems fine so far. :)
Thanks everyone for the replies.