Re: Steps to Avoid Spanning tree Loops

virgoboy009 · ‎01-30-2011

Hello Guys,

Can you please explain me to how to avoid Spanning tree loops incase any switch misbehaves abnoramally after a reboot or due to a physical loop by connecting addiotional uplink to another switch.

Also i would like to know how STP choose one path from switch A ---B as Forwarding and other as Blocking. Also how to does hosts come know they shoould not send data via blocked path and what does Host do when Spanning tree loop.

Switch A ----------path1------- Switch B

----------path2-------

Appreciate if you post me the reason for this.

Regards,

KA.

Shashank Singh · ‎01-30-2011

Hi Karim,

Spanning tree protocol works to keep the network loop free.Layer 2 loops occur when redundant links are not blocked by spanning tree protocol. This happens in case of link flaps, faulty hardware or when a non intelligent device with a loop (say a hub) is added to the network. There is no straightforward way to avoid loops resulting from these causes and the best way is to configure STP properly on all the switches.

In case a switch reboots there is a topology change which makes spanning tree converge again on the network. The convergence generally involves unblocking the blocked ports to restore connectivity. This process requires some time and hence during this time, there may be a network outage.

When the switch finishes rebooting and comes back online, spanning tree may converge again.

Out of two redundant links, STP blocks one, to avoid a loop. This choice is made by checking the STP costs of the links. Higher cost means an inferior link which is likely to be blocked by STP while the other link stays in forwarding state. Hosts learn mac addresses only from the active links and thus know where to forward data.

When the active link goes down due to any reason, STP unblocks the blocked link to restore layer 2 connectivity.

End hosts (PC/phones/printers etc) do not understand STP and hence should not be allowed to trigger a STP reconvergence in case they reboot. Hence it is recommended to configure spanning -tree portfast on the interfaces connected to end hosts.

More information is available at

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml

Hope this helps,

Shashank

Please rate if you found the content useful

andrew.butterworth · ‎01-30-2011

In my experience the best way to avoid STP loops is to design them out of the network and have a loop free topology.

Apart from the Data Centre there are no real reasons to have STP loops in your network - even in the Data Centre its possible to engineer out Layer-2 topologies. Its easy to daisy chain switches together and let VLANs flow everywhere, however with a bit of thought and design its easy to deploy Layer-3 hierarchical networks that are not affected by Layer-2 issues.

Andy

Lungelo Ngqumetyana · ‎01-30-2011

Hi Andrew,

I'm having a similar problem with one of my customers that I manage and support. I'm more interested in your response since you sort of dealt with switches that are daisy chained and VLANs that flow everywhere in the network.

The problem is that we have a network two tier Hierarchical Campus Network Design, with 2 layer3 Core switches (Cisco 4510) and 38 access switches (Cisco 3560). Only 15 of the 38 switches has direct connection to the 2 Core swtches and the rest is daisy chained from one another. As an example: Switch23 connects to Core Switch1, Switch26 connects to Core Switch2, then from Switch23 there's a connection to Switch24, from Switch24 a connection to Switch25 which connects to Switch26. This is but one of the sections of the Campus LAN. We are running PVST which is the default.

This network is having spanning tree issues all the time, and I have imformed the customer that the current design of the network is the cause of failures on their network but they have made it clear that currently they cannot spend more money on redisigning the network, but to go for a short term resolution, which will minimize the impact of Spanning Tree convergence.

I was thinking firstly of replacing PVST with RSTP since there is no running away form design issues and hoping that this will speed up STP when there is a failure in the network. Secondly to contain VLANs per floor or per department in order to minimize the impact of broadcast.

I would appreciate very much an advise in this regard.

Thanking you all,

Lungelo

Shashank Singh · ‎01-31-2011

Hi Lungelo,

Spanning Tree Protocol Failure can occur due to one or more of the following reasons:

Duplex Mismatch : Rule out the possibility of a duplex mismatch by hardcoding duplex and speed wherever possible.

Unidirectional Link : Enable udld on interswitch trunk links so that a faulty link is detected immediately.

Packet Corruption : Rule out any bad cables, GBICs etc.
Portfast Configuration Error : It is highly recommended to configure portfast on all ports connected to hosts.

Design tips for STP include:

Know Where the Root Is : In your case, make the L3 switches the root and ensure all the downstream L2 switches know where the root is.
Minimize the Number of Blocked Ports : Make sure that you design the network in such a way that the number of blocked ports remain as less as possible. This ensures lesser convergence time in case of STP recalculation.
Keep Traffic off the Administrative VLAN and Do Not Have a Single VLAN Span the Entire Network
Enable VTP pruning to prune unnecessary vlans off trunks.

It is a good idea to move to RSTP as it provides lesser convergence time that pvst. Also, I would suggest that you configure uplinkfast and backbonefast features on suitable links that further lessen the convergence delay.

For more information visit http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.shtml#packet

Hope this helps,

Shashank

Please rate if you found the content useful

Lungelo Ngqumetyana · ‎01-31-2011

Hi Shashank,

Thank you so much for that quick response, much appreciated.

Duplex - is currently on auto through out the network. I will hard code it going forward.

UDLD - I have thinking of this one for some time and I will be configuring this on the Trunk ports because all trunks on the network are fibre optic.

Packet Corruption - This I will investigate.

Portfast Configuration Error - This has been done but will further investigate if all access ports are configured with Portfast.

Know Where the Root is - Both Core Switches have been configured with spanning-tree vlan X,X,X,X,X root primary and secondary. I'm sure this is correct?

Minimize the Number of Blocked ports - I'm not sure how do I get around this one but I will investigate..

Keep Traffic off the Administrative VLAN and Do Not Have a Single VLAN Span the Wntire Network - 100% I'm currently in a process of correcting this.

Enable VTP pruning to prune unnecessary vlans off trunks - Would you recommend the use of VTP Pruning or VLAN Allowed list?

I will move to RSTP.

Once again thank you so much Shashank, much appreciated.

Kind Regards

Lungelo

Shashank Singh · ‎01-31-2011

Hi Lungelo,

Spanning tree root primary and secondary configuration on the core switches is correct.

To prune vlans, I would suggest that we enable VTP pruning globally and vlan allowed list under the trunk interfaces.

Also, on downstream switches having redundant uplinks where one uplink is forwarding and others are blocking, I would recommend enabling uplinkfast. This would reduce the downtime to less than a second in case the active uplink fails.

Cheers,

Shashank

Please rate if you found the content useful

Lungelo Ngqumetyana · ‎01-31-2011

Hi Shashank,

Thank you so much, I will implement.

Regards

Lungelo