Spanning-tree vpc choosing peerlink as rootport instead of direct link

Sasquatch_13 · ‎02-26-2025

Hi all,

We have a one scenario that spanning tree choosing VPC peer link as root port instead of direct connect link toward spanning tree root. Diagram attached for reference. Spanning tree version RSTP.

Path cost is default.

VLAN - 570
C9K2 - Root for the VLAN 570

Spanning tree snap from C9K2, who is the root bridge for 570 VLAN

N7K-1

N7K-2 (Ignore Po78, it is an external connectivity from N7K2)

Diagram attached for reference

M02@rt37 · ‎02-26-2025

Hello @Sasquatch_13

Please confirm that VLAN 570 is properly allowed on all expected links and that there are no unexpected spanning-tree blocks on the direct link.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Sasquatch_13 · ‎02-26-2025

VLAN 570 is allowed properly allowed on those links. I am still confused why N7K-1 switch choosing root path cast as 3, where direct link is having path cost of 2.
Please suggest if I am missing anything

M02@rt37 · ‎02-26-2025

The key issue identified is that one Nexus 7K is selecting the vPC peer-link (Po1) as the root port instead of its direct uplink (Eth3/3), while the other Nexus 7K correctly selects its direct uplink (Eth8/2) as the root port. This creates an asymmetric STP topology, which can lead to suboptimal traffic forwarding. The root cause appears to be an unexpected path cost calculation, where Eth3/3 has a slightly higher cost (128.1027) than the vPC peer-link (128.4096). Normally, the direct uplink should have a lower cost than the vPC peer-link, ensuring proper STP behavior.

To fix this, first, manually adjust the spanning-tree cost on Eth3/3 to be lower than Po1 using spanning-tree cost 10 on the first N7K. This forces STP to prefer Eth3/3 as the root port. Additionally, verify the vPC peer-switch configuration by running show vpc. If peer-switch is not enabled, configure it on both N7Ks to synchronize STP behavior using vpc domain <domain-id> followed by peer-switch. This prevents one switch from choosing the peer-link as the root port while the other correctly selects the direct uplink.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

paul driver · ‎02-26-2025

Hello
Do you have vPC peer switch enabled, if not apply it...

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sasquatch_13 · ‎02-27-2025

We do have VPC peer switch configure.

I have search this on community found similar issue Solved: Spanning Tree with vPC and non-VPC - Cisco Community.Mention over there,

"vPC imposes the rule that the peer link should never be blocking because this link carries important traffic such as the Cisco Fabric Services over Ethernet (CFSoE) Protocol. The peer link is always forwarding"

I think, it is causing the Spanning tree to behave like this.
Please suggest me if you have different view on this, Thanks

Pavel Tarakanov · ‎02-27-2025

Note: The vPC Peer Switch enhancement is only supported on a vPC domain which contains the root for all VLANs.

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217274-understand-virtual-port-channel-vpc-en.html#toc-hId-770794586

Either remove peer-switch, or move root to VPC pair. One more option - configure uplink to C9K-2 as VPC.

Sasquatch_13 · ‎02-27-2025

@Pavel Tarakanov
Thanks, I understand your point
Will peer-link always be forwarding state on spanning tree vlan ?

Pavel Tarakanov · ‎02-27-2025

In some corner cases it could go to blocking state, but it's not a normal way of operation. During design and operation it's better to think about this link as always forward.