STP two root bridges

ippolito · ‎04-15-2011

Hi, STP question for the experts. In a large campus Lan with many L2 hops from one end of a vlan to the other, STP diameter could become an issue (Cisco and IEEE both recommend max STP diam=7). When the network grows, the accepted practice is to segment into different L3 subnets and route between them, rather than continuing to trunk the vlan all over the place.

I was asked by a customer why one can't just set up a bpdu filter somewhere in the middle of the Lan, effectively creating two STP domains on the same vlan. Each "side" of the network would elect its own root bridge, since bpdu's wouldn't flow past the filter, and the STP diam would be cut roughly in half. Conventional wisdom says that there must only be a single root bridge on a vlan, and, philosophically, I realize that filtering bpdu's in such a way is a horrible idea just waiting to fail. But is there a technical explanation that would be more appropriate, other than just calling it a kluge?

Thanks

Mike

Report Inappropriate Content · ‎04-15-2011

I am not sure I understand your question 100%. However, I assume you are talking about end to end VLANS. Meaning your VLANs span the entire campus. Your Root should be a core switch, that being said the core is the central point in your network and would not be at the edge of the campus.

If your campus is that large and you do not want to pass all your VLANs, you should consider changing your VLAN design from “end to end VLANs” to “local VLANs”. These design are referred to as 80/ 20 and 20/ 80 rules.

http://ciscoarticles.com/CCNP-CCIE-Complete/The-80-20-Rule.html

ippolito · ‎04-15-2011

The 80/20 and 20/80 rules refer to the amount of traffic in general that crosses the core versus kept local. I'm specifically referring to Layer 2 traffic that crosses many switches in a large campus network. I'm looking for the specific technical argument against having two STP root bridges in a vlan.

Thanks

Mike

Antonio Knox · ‎04-15-2011

You could start with the fact that your spanning tree would never converge with two root bridges. There could presumably be two root ports on a switch with direct connections to both root bridges (WHAT?!?!). And with no convergence to a single centralized switch, you will certainly be working with loop issues.

ippolito · ‎04-15-2011

Actually it would still converge -- twice -- wouldn't it? And I don't think any single switch would have two root ports with two different root bridges. The bpdu filter would prevent each half of the vlan from even knowing that spanning tree was running in the other half.

Antonio Knox · ‎04-16-2011

Unfortunately, BBDU filter doesn't stop BPDUs. So still, your LAN wouldn't converge. Once a BPDU is received on a port running BPDU filter it participates in STP as a normal STP port would, sending and receiving BPDUs. Additionally I'm not sure you want to run portfast between trunk ports. This is not a good design. If you want two root bridges, you will be better served running MSTP.

Sent from Cisco Technical Support iPhone App

Edit: I said that it wouldn't converge. I was saying this hypothetically in the case that there were 2 root bridges (which there wouldn't unless you were running multiple spanning trees or PVST). The best you can hope for in terms of attempting to achieve two root bridges in a single spanning tree would be a root primary and a root secondary.

mlund · ‎04-18-2011

Hi Mike

If You divide the campus into two domains, and only connect the two domains with a single connection. At the same time, configure bpdu-filter on the interfaces connecting these two domains. Important is that the bpdu-filter is configured in interface mode not global mode. Then You have divided into two different spanning-tree domain, and got two root-bridges.

However You can not have two connection-points with this scenario, if You do, it will end up with a loop.

So, for redundancy reasons, this is a bad idea. If You don't need redundance, You can do it.

/Mikael

milan.kulik · ‎04-18-2011

Hi,

IMHO, you could bring redundancy by using EtherChannels in the connecting point (terminated on different physical switches in a stack, e.g.).

But I see a bigger problem: In most LAN topologies there would be a question where to put that two STP roots to create a really effective topology.

BR,

Milan

bmuggall · ‎04-18-2011

Hi,

I understood this question to little extent. This is poor and invalid design. Following are the things I got in my mind when I read this question.

- When you configure BPDU filter on two sides of the same segment(ie on two bridges to break LAN into two as you told), those two ports will become designated ports for their invidual STP instances. Having two designated ports in the same segment is invalid

- When there is a topology change in one of the STP divisions, TCN BPDU from one division travels to another causing exceeding 7 hops

- When there is a broadcast or unknown-unicast, packet will be flooded from one division to another

- Finally, it wont meet the purpose what you are looking for. Still L3 is needed for communication between those two divisions which is the original point described cisco.

Reg,

Balu

ippolito · ‎04-18-2011

Thank you for all the replies. I do agree that this would be a horrible design destined for failure. But, I do think it's an interesting idea to try in a lab -- as long as you can guarantee that no BPDU's will flow between the two STP "domains" at the point of the split, then I'm not sure why it wouldn't work at least in theory. And your point is well taken that there could be no redundant links at the point of the split, execpt for etherchannel as was mentioned. That, in itself, I think is the deal breaker.

Thanks again for your time,

Mike