What is Best Practise to avoid Spanning Tree Loops

netadmindha · ‎11-12-2012

Dear Friends,

I want to know what is the best design for avoiding spanning tree Loops .

I want to brief you about the our network .

We have core-sw1 and core-sw2 which are running with Layer3 routing

Core-sw1 is running with Vtp Server and core-sw2 is running with VTP client mode.

Core-sw 1 is Primary root and core-sw2 is Secondary root.

All the Access-switches are running in VTP Client mode.

All Access-switches are directly connected to core1 and core2 switches as we do not have any distribution switches in our network

to connec the Access switches.

All the Production servers & Baldecentre switches are connected direcly to the Core-sw1 instead connecting to a Server Farm Switch. as we donot have any ServerFarm switch.

However , We would like to make changes to our network to avoid or reduce the Laey2 loops effecting the production traffic .

I want to know what are the new hardware required to have further best desing to avoid Layer 2 loops.

1) Distribution switches 4900 ( hardware available) -2 what all we need to configure.

2) Server Farm switch with which sup engine -- what all we need to configure.

3) Are we supposed to connect the Blade switches directly to Core-sw1 incase if we agree to have server farm (6500) switch can we directly connect

the Balde centre switches to Server Farm (6500 ) with access port or trunk mode .

4) Suppose if i want to configure vlan2 & vlan 222 as my serverfarm switch , I believe we need to have only these Layer 2 vlans and their relevant L3 vlans. When I do this I guess we will not have any impact on the servers incase if any loop occurs in the access-switches which are connected to Distribution switches. Please correct me if i am wrong ?

I am attaching the diagram of our existing setup and please recommned me the best design to avoid L2 loops .

Abzal · ‎11-13-2012

Hi,

If you want reduce STP usage, I would recommend implement Local VLAN instead of flat VLAN. It means using L3 link between distribution layer and core. And L2 links only between distribution and access layer. Dynamic routing protocol provide you fast convergence less than second and better redundancy.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html

Please rate helpful posts.

Best regards,
Abzal

netadmindha · ‎11-13-2012

Cisco Experts - Please commen your valubale inputs!

Adbzal - Thanks for your reply!

Lets disucss on your suggession :

To have Layer 3 link between Distribution switch -----to-- Core-switch

To have Layer 2 link between Distribution --to -- Access-switch

I understand from your point this way you can definitely stop any spanning tree loop occuring in Access Layer reaching to Core-Layer ( L3 switch).

But somehow if any loop occured in my Server-Farm or in the Core-switch due to any new or existing Blade switche with ether channel trunk or access-port (Dell/Cisco/Nortel) has been connected to ServerFarm it will impact my Production servers and loop will previal and bring my Prodcution servers down.

Option 1 :- To have a seperate ServerFarm switch to connect all the Prod servers to Core-switch .

I will need to create the the required two vlans ( 2,222..as an example) in Layer 2 and Layer 3 on Core-switch.

create Layer2/L3 vlans on Server Farm switch(6500) for vlans 2,222.

Option2 : When servers are directly connected to Core-switch and L2/L3 vlans are created at core-switch for the

vlan2,vlan222.

I have faced a problem in my exisiting setup when we tried to connect a new Blade centre switch to our core-switch

it triggered a Loop in Core-switch and we immediately disconnected the Cables to revert the problem.

Blade centre switch was configured by mistake as the following which we realized

Blade centre switch1 config :-

interface Port-channel1

description "Connected to 6500-core1"

switchport mode trunk

logging event trunk-status

link state group 1 upstream

storm-control broadcast level 70.00

spanning-tree bpdufilter disable

interface GigabitEthernet0/15

description "Connected to 6500 core1

switchport mode trunk

logging event trunk-status

udld port aggressive

storm-control broadcast level 70.00

channel-group 1 mode on

link state group 1 upstream .....This command created the Loop Problem

spanning-tree bpdufilter disable

interface GigabitEthernet0/16

description "Connected to 6500-core1

switchport mode trunk

logging event trunk-status

udld port aggressive

storm-control broadcast level 70.00

channel-group 1 mode on

link state group 1 upstream .....This command created the Loop Problem

spanning-tree bpdufilter disable

Core-switch 1 :-

!

interface Port-channel150

switchport

shut

SWitchport trunk encap dot1q

description "Connected to HQ-BCH5-SW1 PORT G0/15-16"

switchport mode trunk

logging event trunk-status

storm-control broadcast level 70.00

INTERFACE G2/12

switchport

SWitchport trunk encap dot1q

description "Connected to HQ-BCH5-SW1 PORT G0/15 "

SWitchport trunk encap dot1q

switchport mode trunk

logging event trunk-status

udld port aggressive

storm-control broadcast level 70.00

channel-group 150 mode on

!

INTERFACE G2/13

switchport

SWitchport trunk encap dot1q

description "Connected to HQ-BCH5-SW1 PORT G0/16"

SWitchport trunk encap dot1q

switchport mode trunk

logging event trunk-status

udld port aggressive

storm-control broadcast level 70.00

channel-group 150 mode on

!

%STANDBY-3-DUPADDR: Duplicate address 10.1.2.2 on Vlan2, sourced by 0000.0c07.ace0

Nov 12 17:29:20.702 UAE:

%STANDBY-3-DUPADDR: Duplicate address 10.1.222.2 on Vlan222, sourced by 0000.0c07.ac01

However after this error appeared on my core-switch it has imapcted my existing Blade switches which are in Production and brought down the Blade centre server although the New Blade centre were immediately disconnected

after seeing the logs in core-switch.

In this scenario is there a way we can stop Spanning Tree Loop to impact my Servers and i want to know what all should have configured in my Core-switch to stop the spreading of Loops

I appreciate your valubale response

Regards,

Akber Mirza.

Abzal · ‎11-13-2012

I suggest you to stack switches in Server farms and connect to core with etherchannel bundle. Or you can connect servers directly to core if you have available ports. And put servers on separate subnet, in this way you reduce broadcasts, and for easy administration.

About these errors, have you configured core with HSRP? You might check ip addresses on hsrp groups if there duplicate addresses.

Please rate helpful posts.

Best regards,
Abzal

netadmindha · ‎11-15-2012

Cisco Forum experts - Request your inputs on this query!

Abzal ,

I agree with your point that To put servers in a Different subnet, However the point is my servers uses /24 subnet mask

which means if loop occurs it will impact atleast one subnet .

Moreover, my Blade switch to Coreswitch is Trunk based config and allows four vlans in this scenario how could i avoid Spanning tree Loop.

I have the following questions :

1) Once i Implement CoreL3 ---> Distribution L2 ---> Access-switches where should i connect my Blade Centre switches (IBM/Dell/Nortel) whether it is at Distribution or at Core? Tell me the benefits/disadvantages for each ?

2) If use a new Server Farm 6500 switch ...should i Connect it to Core switch ?

3) What are the standards to be applied on Core-switch ..to avoid Spanning tree loops ?

4) what are the best practise to connect the Blade switches (IBM/Dell/Nortel ) to Core-swithches 6513 ( core1 & Core2) to have redundancy?

In regards to my duplicate address message ... it wil also appear if there is loop in L2 environment.

~ Akber Mirza.

ALIAOF_ · ‎11-15-2012

You can also use the "spanning-tree guard root" command on the core.

Leo Laohoo · ‎11-15-2012

spanning-tree bpdufilter disable

I've never seen this command being used for a trunk/etherchannel link. And I've never seen this being used in "best practices" either.

udld port aggressive

If the port(s) is/are fibre, then go ahead and use this command. If it's copper, take it off for both sides.