Solved: Re: spanning tree vs loss of services

lcaruso · ‎03-02-2013

Hi,

Curious if spanning tree topology change can cause this problem.

Please see graphics (2nd graphic shows vlans being forward on each switch). Core is 3750X stack and others are 3560s (no ip routing on those)

Users attached to switch E1 (and/or E2, not specified precisely) lose services when switch W1 is disconnected from the core.

Given loop in network switch E1 is blocking on port Gi0/3.

How could I determine if spanning tree is an issue in this scenario? What does "shr" port status mean in spanning tree detail?

Appeciate your helpful input.

Thanks.

Peter Paluch · ‎03-02-2013

Hello,

Can you please give us more information according to the following questions?

Which kind of STP are you runing in your network? Is it PVST+ (legacy STP) or RPVST+ (Rapid STP)?
If running Rapid STP, are all your access ports configured with spanning-tree portfast?
When users on E1/E2 lose connectivity, does this loss of connectivity resolve in 30-50 seconds, or does it stay indefinitely?
What switch is the root switch?
Are you using any additional STP features like STP Root Guard or STP Loop Guard?

Regarding the "Shr" output in the show spanning-tree - this describes a shared link. A shared link is a link that interconnects more than two switches together. This can be accomplished only using a hub, WiFi interconnect or a non-STP switch that connects multiple STP-capable switches together. In a network in which all switches are STP-capable, shared links do not exist. Assuming that all your devices in your network are pure switches running STP and you have no hubs placed anywhere in the network, this indication is definitely a reason for concern. On shared links, Rapid STP is unable to converge rapidly.

Cisco Catalyst switches try to guess the link type by the duplex setting of the port that connects to the link. If the port operates at half duplex, Cisco switch assumes it is a shared link (because hubs were never capable of full duplex). If the port operates at full duplex, Cisco switch assumes it is a point-to-point link. Note that this is just a guess and is not always precise. Therefore, the link type can be overriden on a particular port using the spanning-tree link-type command. Check whether this command is being used on the port that is marked with the Shr flag. If not, check whether port operates in half-duplex mode, and if so, verify why is that the case.

This issue will definitely require more investigation. I am looking forward to seeing more information from you.

Best regards,

Peter

View solution in original post

Alexander Maroukian · ‎03-02-2013

Hello,

You may try using some debug commands e.g. debug spanning-tree switch state and debug pm vp.

Please check the following link for more info:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml#stp_debug

HTH,

Alex

View solution in original post

Peter Paluch · ‎03-02-2013

Hello,

So we have a couple of issues at our hand.

First, your network is using mixed STP and RSTP. Basically, this degrades the whole network to STP operation. My first suggestion would therefore be to move the whole network to RSTP using the spanning-tree mode rapid-pvst command. You may need to schedule a maintenance window for this as there will be transient outages as you reconfigure your switches for RSTP operation.

Once again, it is crucial to verify that all access ports towards end stations are configured as PortFast ports. This can conveniently be done using a single global config level command spanning-tree portfast default. I am stressing this very much because in RSTP, non-edge (i.e. non-PortFast) ports can get blocked during the Proposal/Agreement wave in the network and will remain blocked for 30 seconds. I have seen a couple of posts here where people have turned on the RSTP and their experience actually got worse because they forgot to configure edge ports using PortFast.

Regarding the two commands: spanning-tree uplinkfast and spanning-tree backbonefast, these commands activate proprietary extensions to STP that should speed up its convergence. I do not believe, though, that their operation in mixed environment lives up to its full potential. In any case, after migrating to RSTP, you can safely remove them because RSTP implements its own features similar to these two extensions.

With the port in the Shr mode - what is it connected to? Is it some kind of an IP phone or something?

How about the question 3 - does the outage on E1/E2 last indefinitely, or is the connectivity restored after 30-50 seconds?

Best regards,

Peter

View solution in original post

Alexander Maroukian · ‎03-02-2013

Hello,

You may see the last change when you use the following command:

sh spanning-tree detail

VLAN0001 is executing the ieee compatible Spanning Tree protocol

Bridge Identifier has priority 32768, sysid 1, address xxxx.xxxx.xxxx

Configured hello time 2, max age 20, forward delay 15

Current root has priority 32768, address xxxx.xxxx.xxxx

Root port is 102 (GigabitEthernet2/0/48), cost of root path is 38

Topology change flag not set, detected flag not set

Number of topology changes 17 last change occurred 3d03h ago

from GigabitEthernet2/0/11

---------------------output omitted-------------------------------------------

This is sample output the last row which is bold you should see the time since last change.

HTH,

Alex

View solution in original post

Wilson Bonilla · ‎03-02-2013

Hello

Thank for your question, the answer is Spanning-tree works the same way in a 2960s, 3560s, 3750s, 4500s, 6500s, 7600s................. the fact the platform changes doesn't make stp different. Off course just for spanning-tree in this case there're other features mentioned on the artitle that are not even supported in 3560. : )

Regards

Wilson B.

View solution in original post

Peter Paluch · ‎03-02-2013

Hello,

Can you please give us more information according to the following questions?

Which kind of STP are you runing in your network? Is it PVST+ (legacy STP) or RPVST+ (Rapid STP)?
If running Rapid STP, are all your access ports configured with spanning-tree portfast?
When users on E1/E2 lose connectivity, does this loss of connectivity resolve in 30-50 seconds, or does it stay indefinitely?
What switch is the root switch?
Are you using any additional STP features like STP Root Guard or STP Loop Guard?

Regarding the "Shr" output in the show spanning-tree - this describes a shared link. A shared link is a link that interconnects more than two switches together. This can be accomplished only using a hub, WiFi interconnect or a non-STP switch that connects multiple STP-capable switches together. In a network in which all switches are STP-capable, shared links do not exist. Assuming that all your devices in your network are pure switches running STP and you have no hubs placed anywhere in the network, this indication is definitely a reason for concern. On shared links, Rapid STP is unable to converge rapidly.

Cisco Catalyst switches try to guess the link type by the duplex setting of the port that connects to the link. If the port operates at half duplex, Cisco switch assumes it is a shared link (because hubs were never capable of full duplex). If the port operates at full duplex, Cisco switch assumes it is a point-to-point link. Note that this is just a guess and is not always precise. Therefore, the link type can be overriden on a particular port using the spanning-tree link-type command. Check whether this command is being used on the port that is marked with the Shr flag. If not, check whether port operates in half-duplex mode, and if so, verify why is that the case.

This issue will definitely require more investigation. I am looking forward to seeing more information from you.

Best regards,

Peter

lcaruso · ‎03-02-2013

Excellent (as usual) Peter. Thanks very much. I'll get those answers.

Peter Paluch · ‎03-02-2013

Hello my friend,

Excellent (as usual) Peter. Thanks very much.

You are very welcome but so far, there's nothing to thank for yet. Let's wait with the thanks until we get this matter settled

Best regards,

Peter

lcaruso · ‎03-02-2013

Uploaded file has complete output of sh span summary. I'm still getting the other answers but wanted to provide this. Looks like the core is running rapid-pvst and the others are not.

**CORE SWITCH

Switch is in rapid-pvst mode

Root bridge for: VLAN0001-VLAN0002, VLAN0008-VLAN0010, VLAN0035, VLAN0050

VLAN0101, VLAN0105, VLAN0200, VLAN0900, VLAN0999

**E1 SWITCH

Switch is in pvst mode

Root bridge for: none

**E2 SWITCH

Switch is in pvst mode

Root bridge for: none

**L1 SWITCH

Switch is in pvst mode

Root bridge for: none

**L2 SWITCH

Switch is in pvst mode

Root bridge for: none

**L3 SWITCH

Switch is in pvst mode

Root bridge for: none

lcaruso · ‎03-02-2013

It appears all access ports on the core are set for spanning-tree portfast. Working on other answers.

here's the core switch related config

spanning-tree mode rapid-pvst

spanning-tree extend system-id

spanning-tree uplinkfast

spanning-tree backbonefast

spanning-tree vlan 1-2,10,50,101,200,900,999 priority 4096

lcaruso · ‎03-02-2013

Port 41 on switch E1 status is "Shr Edge" and cost is 100 which is far higher than other ports.

interface FastEthernet0/41

switchport access vlan 50

switchport mode access

switchport nonegotiate

switchport voice vlan 101

priority-queue out

mls qos trust cos

spanning-tree portfast

VLAN0050

Spanning tree enabled protocol ieee

Root ID Priority 4146

Address 503d.e571.ad00

Cost 4

Port 2 (GigabitEthernet0/2)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32818 (priority 32768 sys-id-ext 50)

Address 0019.e781.f600

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/2 Root FWD 4 128.2 P2p

Fa0/1 Desg FWD 19 128.3 P2p Edge

Fa0/4 Desg FWD 19 128.6 P2p Edge

Fa0/5 Desg FWD 19 128.7 P2p Edge

Fa0/7 Desg FWD 19 128.9 P2p Edge

Fa0/9 Desg FWD 19 128.11 P2p Edge

Fa0/10 Desg FWD 19 128.12 P2p Edge

Fa0/11 Desg FWD 19 128.13 P2p Edge

Fa0/12 Desg FWD 19 128.14 P2p Edge

Fa0/13 Desg FWD 19 128.15 P2p Edge

Fa0/14 Desg FWD 19 128.16 P2p Edge

Fa0/15 Desg FWD 19 128.17 P2p Edge

Fa0/16 Desg FWD 19 128.18 P2p Edge

Fa0/17 Desg FWD 19 128.19 P2p Edge

Fa0/19 Desg FWD 19 128.21 P2p Edge

Fa0/20 Desg FWD 19 128.22 P2p Edge

Fa0/21 Desg FWD 19 128.23 P2p Edge

Gi0/3 Altn BLK 4 128.27 P2p

Fa0/26 Desg FWD 19 128.30 P2p Edge

Fa0/27 Desg FWD 19 128.31 P2p Edge

Fa0/28 Desg FWD 19 128.32 P2p Edge

Fa0/32 Desg FWD 19 128.36 P2p Edge

Fa0/33 Desg FWD 19 128.37 P2p Edge

Fa0/34 Desg FWD 19 128.38 P2p Edge

Fa0/35 Desg FWD 19 128.39 P2p Edge

Fa0/36 Desg FWD 19 128.40 P2p Edge

Fa0/37 Desg FWD 19 128.41 P2p Edge

Fa0/39 Desg FWD 19 128.43 P2p Edge

Fa0/41 Desg FWD 100 128.45 Shr Edge

Fa0/42 Desg FWD 19 128.46 P2p Edge

Fa0/43 Desg FWD 19 128.47 P2p Edge

Fa0/45 Desg FWD 19 128.49 P2p Edge

Fa0/47 Desg FWD 19 128.51 P2p Edge

Fa0/48 Desg FWD 19 128.52 P2p Edge

Alexander Maroukian · ‎03-02-2013

Hello,

You may try using some debug commands e.g. debug spanning-tree switch state and debug pm vp.

Please check the following link for more info:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080136673.shtml#stp_debug

HTH,

Alex

lcaruso · ‎03-02-2013

Thank for the link.

Do you know which command, if any, will show me the length of time since the last spanning tree topology change?

I've seen that output on other brands but don't know how to obtain it on Cisco.

Thanks.

Alexander Maroukian · ‎03-02-2013

Hello,

You may see the last change when you use the following command:

sh spanning-tree detail

VLAN0001 is executing the ieee compatible Spanning Tree protocol

Bridge Identifier has priority 32768, sysid 1, address xxxx.xxxx.xxxx

Configured hello time 2, max age 20, forward delay 15

Current root has priority 32768, address xxxx.xxxx.xxxx

Root port is 102 (GigabitEthernet2/0/48), cost of root path is 38

Topology change flag not set, detected flag not set

Number of topology changes 17 last change occurred 3d03h ago

from GigabitEthernet2/0/11

---------------------output omitted-------------------------------------------

This is sample output the last row which is bold you should see the time since last change.

HTH,

Alex

lcaruso · ‎03-02-2013

The section

Securing the Network Against Forwarding Loops

has many items recommended to implement to prevent forward loops.

Does the situation I've desribed sound like it possibly could be a forward loop and/or should most of these recommendations be implemented regardless?

lcaruso · ‎03-02-2013

Yes, it is operating in half duplex

FastEthernet0/41 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0019.e781.f62d (bia 0019.e781.f62d)

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Half-duplex, 10Mb/s, media type is 10/100BaseTX

lcaruso · ‎03-02-2013

I was surprised to learn the core switch and others were running different spanning tree algorithims. Shouldn't they all be running the same one for stability and dependable/fast convergence?

Peter Paluch · ‎03-02-2013

Hello,

So we have a couple of issues at our hand.

First, your network is using mixed STP and RSTP. Basically, this degrades the whole network to STP operation. My first suggestion would therefore be to move the whole network to RSTP using the spanning-tree mode rapid-pvst command. You may need to schedule a maintenance window for this as there will be transient outages as you reconfigure your switches for RSTP operation.

Once again, it is crucial to verify that all access ports towards end stations are configured as PortFast ports. This can conveniently be done using a single global config level command spanning-tree portfast default. I am stressing this very much because in RSTP, non-edge (i.e. non-PortFast) ports can get blocked during the Proposal/Agreement wave in the network and will remain blocked for 30 seconds. I have seen a couple of posts here where people have turned on the RSTP and their experience actually got worse because they forgot to configure edge ports using PortFast.

Regarding the two commands: spanning-tree uplinkfast and spanning-tree backbonefast, these commands activate proprietary extensions to STP that should speed up its convergence. I do not believe, though, that their operation in mixed environment lives up to its full potential. In any case, after migrating to RSTP, you can safely remove them because RSTP implements its own features similar to these two extensions.

With the port in the Shr mode - what is it connected to? Is it some kind of an IP phone or something?

How about the question 3 - does the outage on E1/E2 last indefinitely, or is the connectivity restored after 30-50 seconds?

Best regards,

Peter

lcaruso · ‎03-02-2013

Thank again for all of the good information.

Unfortunately, I await a reply from another on the shr port device connection and probably won't know until next week. That same person reported the problems and also is expected to answer the outage questions. I'll post as soon as I get those.