Spanning Tree Zero Outage

mdieken011 · ‎12-16-2020

Here is my scenario. I have a core switch a 6509E that I need to replace with a Catalyst 9500. The spanning tree root bridge has never been set to any switch. The root bridge for my over 100 VLAN's is all over the place in the 20 closets in my building.

I am being told that I can not get a downtime because the applications that are running in our virtual environment will have issues. We are running per VLAN STP.

I have a theory and tested in a small lab of sorts on how STP will work. I have 3 switches and connected them together and let STP run it's course and switch 1 became the root bridge. I issued the command "spanning-tree vlan 1-4093 root primary" on switch #3 and it became the root bridge. The main thing is the root bridge role was transferred without any ports going through the 50 seconds to learn the topology of the network. I have always thought that with any change like this the relearning process is triggered. I do realize that there is not a change in the topology of the network just a re-assignment of the root bridge. Can I expect this from all switches that participate in STP? That as long as there is not a topology change then spanning-tree root bridge can just be re-assigned with no outage?

Joseph W. Doherty · ‎12-16-2020

Are you running "original" PVSTP or rapid-PVSTP?

Regarding your lab not taking 50 seconds, how long did it take?

50 seconds assumes that all four STP states are needed, hello is 2 seconds, and you're not using some of Cisco's optional STP enhancements.

If re-convergence took about 30 seconds, your switches probably skipped the blocking state.

mdieken011 · ‎12-16-2020

This is just running the PVSTP and not rapid PVSTP. The only thing that happened is the root bridge role was shifted to the other switch. There was never a listening/learning/etc. involved. I had a constant ping going and didn't loose any packets. I interrited this network when I took the job. I would prefer to run rapid-PVSTP but since it is a hospital I doubt I will get the chance to implement it.

My question is since the topology never changed only the root bridge role was moved, is this what is the expected result on PVSTP?

Joseph W. Doherty · ‎12-17-2020

Like Balaji, I too wondered whether a small test L2 topology would be representative, time impact wise, of your production network.

Further, the impact (and you noticing no ping loss) might also have been determined by where the "old" and "new" roots were in your test topology and/or where the two hosts you were pinging between were in your test topology.

I don't recall ever supporting a network that actually relied on STP beyond as a "safety" matter in case someone accidentally created a loop. In the very few times I've changed a root bridge and/or switched from PVST to rapid-PVSTP, I recall at least some of those changes created a very noticeable, short time (some faction of a minute), impact to network traffic (however, all these were done as part of scheduled maintenance, so the network impact wasn't an issue).

mdieken011 · ‎12-16-2020

It didn't re-converge. There was no outage. I had a ping going and never lost a packet. This is after I issue the command "spanning-tree vlan 1-4093 root primary" to a switch that is not the root bridge. My question is if I manually moving root isn't it supposed to re-converge? I have to replace our old Catalyst 6509E switches with newer Catalyst 9500's. If I can avoid downtime for this then it will be a plus.

mdieken011 · ‎12-21-2020

Sorry to take so long to get back to you. The switches on our network are basically running what they defaulted to. Our older are running PVSTP while our newer are running rapid-PVST. When I change a root bridge in a lab there is no re-learning just the root bridge changes and no ping losses. I am curious that is changing the root bridge not a topology change but just the role changing? In doing so can I expect this when I go live in a production environment? I can migrate a less important VLAN first to test this theory but trying to understand the expected behavior before I take down our storage network or something like that.

Thanks,

balaji.bandi · ‎12-16-2020

PVSTP convergence will be the same as other STP protocols with many improvements, you get a good advantage when you running Rapid PVST (very quick) but still you may see a time 1 ping loss depends on network size.

If the root bridge changes from one to another and there is no Loops in the path of network?

since you mentioned health case some of the application so sensitive or some legacy one may not co-up due to this,, that time may require application restart or since i have seen some issue around. always do this task in a maintenance window.

coming to your topic

Topology is changed since the root bridge moved, all the Layer2 paths moved to the new root bridge now. for the VLAN specifically configured old device to be a new bridge and a new one elected as root bridge now.

in the network, if this is only 2 or 3 devices you may not notice, but if this large Layer 2 network, you see some difference in the convergence time)

for reference :

https://www.ciscopress.com/articles/article.asp?p=2832407&seqNum=5

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

leemorales81882 · ‎12-16-2020

This can be avoided by disabling the spanning tree feature for the entire user interface. This can also be done by enabling root protection on CISCO hardware or bpdu guard on the user's port to disable the zero priority value, so that a malicious user cannot get the root bridge.

https://community.cisco.com thetermpapers