I am looking for best practices for spanning-tree features in an entire vPC network, read a cisco doc where it says to do not use bridge assurance in a vPC environment. Is there any other spanning-tree feature that we need to look further before applying with vPC, like loopguard or root-guard. Should I take care before applying those features with or without peer-switch vPC feature
Thanks in advance
Yes, there specific recommendation when using spanning-tree with VPC.
Have a look at this link under:
Special Considerations for Spanning Tree with vPCs
For the Nexus Series, the default is Rapid PVST+. If you don't have a whole a lot of vlans, I would stay with RSTP. If you have a lots of vlans, then MST probably scales better.
MST Compared to Rapid PVST+
MST allows you to assign two or more VLANs to a spanning
tree instance. MST is not the default spanning
mode; Rapid PVST+ is the default mode on Cisco
MST instances with the same
name, revision number, and VLAN
instance mapping combine to form an MST
region. The MST region appears as a single bridge to spanning
tree configurations outside the region.
The advantages of MST over Rapid PVST+ are as follows:
MST is an IEE
MST is more resource efficient. In particular, the number of BPDUs transmitted by MST does not depend on
the number of VLANs, as Rapid PVST+ does.
MST decouples the creation of VLANs from the definition for forwarding the topology.
MST simplifies the depl
oyment of stretched Layer 2 networks, because of its ability to define regions.
For all these reasons, it is advisable for many deployments to migrate to an MST
Thanks for the good info. My question is that is there any impact on network performance due resource consumption if I enable RSTP on all the switches in a network?
It is usually a good practice to enable loop guard on both sides of your link:
Loop Guard provides additional protection against Layer 2 forwarding loops. Loop Guard should be enabled on root and alternate ports in the spanning tree topology. When Loop Guard detects that BPDUs are no longer being received on a non-designated port, the port is moved into a loop-inconsistent state instead of transitioning to the listening/learning/forwarding state. This prevents a Layer 2 loop from occurring in the event that a link becomes unidirectional or a node stops transmitting BPDUs for some reason. Loop Guard may also be configured globally, but port-specific configuration is preferred to ensure that it is only enabled where specifically necessary. An illustration of where to enable Loop Guard, Root Guard, and BPDU Guard spanning tree enhancements is shown in Figure 6.
more info here: