Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
861
Views
10
Helpful
4
Replies

Cisco Spanning Tree Interoperability

visitor68
Level 5
Level 5

ā€Ž11-30-2010 07:43 PM - edited ā€Ž03-06-2019 02:17 PM

I have a blade chassis with 2 blade switches (BS). Those blade switches run IEEE STP.

They are stacked to each other.

Each blade switch has 2 uplinks to one of 2 Cisco Nexus ToR switches. The NK5s are running vPC between them and PVST+

The  N5Ks are dual-homed to distribution switches D1 and D2 (cross links not  shown), which act as L2/L3 boundaries and more importantly the root  bridges for the VLANs, D1 for some and D2 for the rest.

BS1==========N5K-1=========D1

||                            ||                             ||

||                            ||                             ||

BS2==========N5K-2=========D2

Observations:

1.)  Since the N5Ks are running vPC and form a virtual chassis, and BS1 and  BS2 are stacked, what you have is a virtual chassis in each layer. So,  each layer sees the other as ONE switch. The N5Ks see the BS switches as  1 virtual switch and the BS switches see the N5Ks as 1 virtual switch.  Therefore, there is no loop and STP is only acting as a preventive  mechanism.

2.)  Since BS1 and BS2 are running IEEE STP (which only has 1 STP instance,  namely, the CST) and the rest of the network is running PVST+, D1 OR D2  must act as the root bridge for ALL VLANs, since the IEEE STP only  understands one logical STP topology and all VLANs are mapped to it.

3.)  Loopguard, UDLD aggressive, BPDUGUARD and any other Cisco proprietary  STP add-on will not be recognized by BS1 and BS2 and will not  participate in any conversations that those protocols engage in.

4.)  An alternative to configuring either D1 or D2 as the root for all  VLANs, we can reconfigure the environment to run MSTP, since only 2  logical STP topologies exist anyway -- one in which D1 is the root and  the second in which D2 is the root. In the case of MSTP, two MSTI  instances will be created, in which half the VLANs may belong to one and  the other half to the other. In addition, one IST will be created and  that acts as the STP instance that communicates with the CST of the IEEE  STP.

5.)  A 3rd approach may be to create an MST region out of BS1, BS2, and  N5K-1 and N5K-2. In this case, D1 and D2 will see that MST region as one  logical CST bridge. This solution seems a bit clumsy.

Any thoughts on each of these bullet points? Do they make sense?

Thanks

Labels:
0 Helpful
4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

ā€Ž12-01-2010 02:21 AM

Hello,

You did not have to close the previous thread I just was on a business trip yesterday and did not have time to respond.

1.)  Since the N5Ks are running vPC and form a virtual chassis, and BS1 
and  BS2 are stacked, what you have is a virtual chassis in each layer. 
So,  each layer sees the other as ONE switch. The N5Ks see the BS 
switches as  1 virtual switch and the BS switches see the N5Ks as 1 
virtual switch.  Therefore, there is no loop and STP is only acting as a
 preventive  mechanism.

If I understand you correctly, the BS1+BS2 are stacked (behaving as a single switch), and N5K-1+N5K-2 form a virtual single chassis (also behaving as a single switch). Then, however, you have a "BS" switch and a "N5K" switch interconnected with two uplinks (BS1/N5K-1, BS2/N5K-2). I believe that is a loop and the STP is mandatory in such a case.

2.)  Since BS1 and BS2 are running IEEE STP (which only has 1 STP 
instance,  namely, the CST) and the rest of the network is running 
PVST+, D1 OR D2  must act as the root bridge for ALL VLANs, since the 
IEEE STP only  understands one logical STP topology and all VLANs are 
mapped to it.

I believe that you can configure the BS switch to act as STP root with no ill effects. This switch will in turn become the root also for VLAN1 in the PVST+ region. Other switches in the PVST+ region will become roots for other individual VLANs. I do not think you have to configure D1 or D2 to act as root switches for all VLANs.

3.)  Loopguard, UDLD aggressive, BPDUGUARD and any other Cisco 
proprietary  STP add-on will not be recognized by BS1 and BS2 and will 
not  participate in any conversations that those protocols engage in.

Loopguard does not send any special datagrams - it is simply about observing the arrival of BPDUs and taking certain countermeasures when they suddenly stop arriving. Thus, the is actually transparent to non-Cisco switches. BPGUGuard is at the same level - it reacts to arrival of an unexpected BPDU on a guarded port, nothing more. Again, this is transparent to non-Cisco switches. For UDLD to work, both switches on a point-to-point link must be configured for UDLD monitoring. It does not make to configure the UDLD only on a single side of a link - that would not provide any protection. Cisco UplinkFast or BackboneFast are proprietary extensions and would not be understood by non-Cisco switches (these conversations will be tunneled).

4.)  An alternative to configuring either D1 or D2 as the root for all  
VLANs, we can reconfigure the environment to run MSTP, since only 2  
logical STP topologies exist anyway -- one in which D1 is the root and  
the second in which D2 is the root. In the case of MSTP, two MSTI  
instances will be created, in which half the VLANs may belong to one 
and  the other half to the other. In addition, one IST will be created 
and  that acts as the STP instance that communicates with the CST of the
 IEEE  STP.

As I indicated earlier, my feeling is that you do not need to have D1/D2 be the root for all VLANs. You can if you need, but you don't have to. Otherwise, you are correct in your assumptions here. However, you won't avoid the troubles with PVST+ when you migrate to MSTP only on D1+D2 - a Cisco switch running MSTP performs MSTP-to-PVST+ translation on boundary ports. If you'd like to migrate to MSTP, then do it completely - make all switches run MSTP, which is recommended anyway (combining different STP types in a single switched network is in my opinion not the way to go).

5.)  A 3rd approach may be to create an MST region out of BS1, BS2, and 
 N5K-1 and N5K-2. In this case, D1 and D2 will see that MST region as 
one  logical CST bridge. This solution seems a bit clumsy.

No mixing of STP incarnations. You don't want to have your headaches multiplied by the count of STP versions running in your network

Best regards,

Peter

visitor68
Level 5
Level 5
In response to Peter Paluch

ā€Ž12-01-2010 05:31 AM

Peter, thanks. I figured you werent around, but I just wanted to start the discussion fresh. Sometimes people shy away from joining a discussion if they see others have already engaged the OP.

1.) If I understand you correctly, the BS1+BS2 are stacked (behaving as a  single switch), and N5K-1+N5K-2 form a virtual single chassis (also  behaving as a single switch). Then, however, you have a "BS" switch and a  "N5K" switch interconnected with two uplinks (BS1/N5K-1, BS2/N5K-2). I  believe that is a loop and the STP is mandatory in such a case.

My mistake, I should have mentioned that all 4 uplinks will be part of a LAG. Thats why I said STP will not be used to remove loops but only as a preventive measure.

2.) I believe that you can configure the BS switch to act as STP root with  no ill effects. This switch will in turn become the root also for VLAN1  in the PVST+ region. Other switches in the PVST+ region will become  roots for other individual VLANs. I do not think you have to configure  D1 or D2 to act as root switches for all VLANs.

I wouldnt make a blade switch the root for any VLAN. Thats a poor choice for placement. The roots bridges should be relatively robust switches that exist somewhere in the center of the topology. It makes more sense in my opinion to let D1 or D2 act as the root for all. Im not sure you can run a PVST+ region with multiple roots while connecting to a CST region. It seems to me that the CST bridges will only recognize one logical topology for the VLANs configured on them.

3.) Agree on the ancillary features of STP. Although, IEEE 802.1s (RSTP) bridges do run Backbonefast and Uplinkfast. This is why it is "rapid" in the first place.

4.) I have to think about that one, but I agree with the general premise that mixing STP flavors may not make for the most simple environment.

5.) Same as 4.

0 Helpful

Mohamed Sobair
Level 7
Level 7

ā€Ž12-01-2010 05:25 AM

Hello Guys,

Instance 0 is a special instance , its the IST and the Only instance that crosses regions in MST and its responsible for sending and recieving BPDUs to the IEEE  address. All rest of the instances has different topolgy views  between each other.

A switch running PVST+  would send its BPDU to a Cisco Properitay Address , Only VLAN 1 is Special and can communicate with IST (Instance 0) to make a CST . all the rest of PVST+ STP BPDUs wont be recognized by your Blade Servers which could result in a spanning tree loop in your case.  I would extremely & Strongly suggest in your case to migrate all your Switches from PVST+ to MSTP for Interoperability between your blad Switches and Cisco Switches .

Also usually the root bridges can be determined and chosen based on thier location/performance  capability in a Switching Network, So you should have Nexus as your MSTP root bridges for your both instances and you can easily achieve loadbalancing with this setup.

HTH

Mohamed

visitor68
Level 5
Level 5
In response to Mohamed Sobair

ā€Ž12-01-2010 06:17 AM

Mohamed, good stuff. Agree.

Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card