HPE Community
Switches, Hubs, and Modems
1752728 Members
5761 Online
108789 Solutions
New Discussion юеВ

Re: rstp takes about 30s to be ready... ?

 
Stefan Priebe
Frequent Advisor

тАО08-23-2010 04:13 AM

тАО08-23-2010 04:13 AM

Re: rstp takes about 30s to be ready... ?

And what about point-to-point-mac option?
0 Kudos
Gerhard Roets
Esteemed Contributor

тАО08-23-2010 04:50 AM

тАО08-23-2010 04:50 AM

Re: rstp takes about 30s to be ready... ?

Hi Stefan

1. You should disable auto-edge if possible. I will admit I tested it aon a 5400, and I just checked on a 2800 and I see that that option is not there.
no admin-edge should be fine.

2. Definitely disable LACP where it is not needed. This won't help with spanning tree, but it can create a security issue in practice.

3. Loop protect works fine with spanning tree.

The default behaviour for loop protect is to disable the port. Then you have to manually enable the port again. So yes you should see the loops detected on "down" ports.

You will notice in the release notes where loop-protect is documented that you should use it with spanning tree.

4. Now regarding the point to point mac.
That one is a bit difficult to describe, effectively it means if you have a shared ethernet medium between a se tof switch ports.

I.e. you have three switch link together through a hub.
Switch1-Port1<==>HUB-Port1
Switch2-Port1<==>HUB-Port2
Switch3-Port1<==>HUB-Port3
In that case you would disable point to point mac(This should happen automatically since it assumes hds=shared)

If you have any switches link together via a transparent bridge without spanning tree support that supports full duplex operation you should manually disable this.

This means you have a point-to-point mac sublayer and not or multi-point mac sublayer.

If you disable this you loose in effect the gains of rapid port state transitions.

From what I have seen of your topology description. Leaving the defaults *should* be fine.


HTH
Gerhard




0 Kudos
Stefan Priebe
Frequent Advisor

тАО08-23-2010 05:19 AM

тАО08-23-2010 05:19 AM

Re: rstp takes about 30s to be ready... ?

thanks again - but i'm still now sure whether spanning tree and loop protect work correctly.

Here is the output of both. Some ports are eben not connected at all and other are in state blocking throught STP but are still detected as loop.

Status and Counters - Loop Protection Information

Transmit Interval (sec) : 5
Port Disable Timer (sec) : 300
Loop Detected Trap : Disabled


Loop Loop Loop Time Rx Port
Port Protection Detected Count Since Last Loop Action Status
---- ----------- --------- ---------- ---------------- ------------ --------
1 Yes Yes 1 6d,8h,45m,24s send-disable Up
2 Yes No 0 send-disable Up
3 Yes No 0 send-disable Up
4 Yes No 0 send-disable Up
5 Yes Yes 1 1h,55m,49s send-disable Down
6 Yes No 0 send-disable Down
7 Yes No 0 send-disable Down
8 Yes No 0 send-disable Down
9 Yes Yes 1 1h,55m,49s send-disable Down
10 Yes No 0 send-disable Down
11 Yes No 0 send-disable Down
12 Yes No 0 send-disable Down
13 Yes No 0 send-disable Down
14 Yes No 0 send-disable Down
15 Yes No 0 send-disable Down
16 Yes No 0 send-disable Down
17 Yes No 0 send-disable Down
18 Yes No 0 send-disable Down
19 Yes No 0 send-disable Up
20 Yes Yes 1 1h,55m,44s send-disable Up
21 Yes No 0 send-disable Down
22 Yes No 0 send-disable Down

Rapid Spanning Tree (RSTP) Information

STP Enabled : Yes
Force Version : RSTP-operation

Switch Priority : 40960 Hello Time : 2
Max Age : 20 Forward Delay : 15

Topology Change Count : 2579
Time Since Last Change : 61 mins

Root MAC Address : 002438-2c8d80
Root Path Cost : 40000
Root Port : 23
Root Priority : 0

Root Guard Ports :
TCN Guard Ports :
BPDU Protected Ports : 2,6-8,10-18,21-22
BPDU Filtered Ports :

Port Type Cost Priority State | Designated Bridge
----- --------- --------- -------- ---------- + -----------------
1 100/1000T 20000 144 Blocking | 000e7f-6e6a60
2 100/1000T 200000 144 Forwarding | 000f20-ce9f00
3 100/1000T 20000 144 Blocking | 000e7f-6e6a60
4 100/1000T 200000 144 Blocking | 000e7f-6e6a60
5 100/1000T 200000 144 Disabled |
6 100/1000T 20000 144 Disabled |
7 100/1000T 20000 144 Disabled |
8 100/1000T 20000 144 Disabled |
9 100/1000T 200000 144 Disabled |
10 100/1000T 20000 144 Disabled |
11 100/1000T 20000 144 Disabled |
12 100/1000T 20000 144 Disabled |
13 100/1000T 20000 144 Disabled |
14 100/1000T 20000 144 Disabled |
15 100/1000T 20000 144 Disabled |
16 100/1000T 20000 144 Disabled |
17 100/1000T 20000 144 Disabled |
18 100/1000T 20000 144 Disabled |
19 100/1000T 20000 144 Blocking | 000e7f-6e6a60
20 100/1000T 20000 144 Blocking | 000e7f-6e6a60
21 100/1000T 20000 144 Disabled |
22 100/1000T 20000 144 Disabled |
23 100/1000T 20000 96 Forwarding | 000e7f-6e6a60
24 1000SX 20003 112 Blocking | 001bed-b04e80

Stefan
0 Kudos
Gerhard Roets
Esteemed Contributor

тАО08-23-2010 06:59 AM

тАО08-23-2010 06:59 AM

Re: rstp takes about 30s to be ready... ?

What is connected to those ports above that is in the blocking state ?

You should use STP on the inter switch links and not loop protect though.

Spanning tree - Is for creating a loop free switched(bridged) topology.

You should use Loop-protect on your edge ports. Loop-protect is there to get rid of "unexpected loops" remember it complements spanning tree and is not a 100% replacement.

Using loop-protected on the inter switch links might lead to some funnies. I.e. a an inter switch link toggling every 300 seconds. Inherently the failover time when using loop-protect would be 300seconds+.

Some of your counters for loops detected seems quite old .

What is worrying
1 100/1000T 20000 144 Blocking | 000e7f-6e6a60 <<<<<**
3 100/1000T 20000 144 Blocking | 000e7f-6e6a60 <<<<<**
4 100/1000T 200000 144 Blocking | 000e7f-6e6a60 <<<<<**
19 100/1000T 20000 144 Blocking | 000e7f-6e6a60 <<<<<**
20 100/1000T 20000 144 Blocking | 000e7f-6e6a60 <<<<<**

Seems those ports have a legitimate loop.

Also remember loop-protect does not use STP BPDUs to detect a loop, so this means if a port goes into forwarding by STP, and it receives a loop-protect BPDU from the same switch that switch-port will be disabled by loop-protect. Hence my statement of do not use loop-protect on inter switch links.

Remember to look at the counter "Time since last loop" field.

This *could* explain what you are seeing.
Topology change ... STP changes forwarding path... loop protects blocks a different port .... new topology change.

My Suggestion
Fully document the network and all inter switch links.
Remove loop-protect.
Tune spanning tree on inter switch links, and get all the parameters correct.
Tune spanning tree on all edge-ports make sure they are all edge-port.
Test spanning tree failover.
Now enable loop-protect on edge ports that is not under secure control.
Test spanning tree failover again.

Just a side note
show spanning-tree detail will help. For an edge port that is online it should contain.
AdminEdgePort : Yes
OperEdgePort : Yes
For an inter switch link. It should be
AdminEdgePort : No
OperEdgePort : No

HTH
Gerhard


0 Kudos
Stefan Priebe
Frequent Advisor

тАО08-23-2010 11:46 PM

тАО08-23-2010 11:46 PM

Re: rstp takes about 30s to be ready... ?

> What is connected to those ports above that is in the blocking state ?

A normal Switch - sometimes an unmanaged switch sometimes a managed switch.

> You should use STP on the inter switch links > and not loop protect though.
On a lot of switches i don't even know if the customer connects a switch or a computer to it. So i wanted to activate STP AND loop-protect. To be shure that even when BPDUs are blocked the network is loop free.

But in my case we see that the state is blocking to stp is working fine.


0 Kudos
Stefan Priebe
Frequent Advisor

тАО08-24-2010 12:00 AM

тАО08-24-2010 12:00 AM

Re: rstp takes about 30s to be ready... ?

OK i think a concrete example could help.

I've tried the following:
Two ports on two different switches connected to another switch.

Details on these ports:
Port 4 on Switch I:
Status and Counters - RSTP Port(s) Detailed Information

Port : 4
Status : Up
BPDU Protection : No
BPDU Filtering : No
Role : Designated
State : Forwarding
Priority : 128
Path Cost : 20000
Root Path Cost : 20000
Root Bridge ID : 0:002438-2c8d80
Designated Bridge ID : 12288:000e7f-6e6a60
Designated Port ID : 128:4
AdminEdgePort : Yes
OperEdgePort : Yes
AdminPointToPointMAC : True
OperPointToPointMAC : Yes
Aged BPDUs Count : 0
Loop-back BPDUs Count : 0
TC Detected : 83
TC Flag Transmitted : 0 TC ACK Flag Transmitted : 0
TC Flag Received : 0 TC ACK Flag Received : 0

RSTP RSTP CFG CFG TCN TCN
BPDUs Tx BPDUs Rx BPDUs Tx BPDUs Rx BPDUs Tx BPDUs Rx
---------- ---------- ---------- ---------- ---------- ----------
310830 331 0 0 0 0


Port 3 on Switch II:
Status and Counters - RSTP Port(s) Detailed Information

Port : 3
Status : Up
BPDU Protection : No
BPDU Filtering : No
Role : Alternate
State : Blocking
Priority : 144
Path Cost : 20000
Root Path Cost : 20000
Root Bridge ID : 0:002438-2c8d80
Designated Bridge ID : 12288:000e7f-6e6a60
Designated Port ID : 128:4
AdminEdgePort : Yes
OperEdgePort : No
AdminPointToPointMAC : True
OperPointToPointMAC : Yes
Aged BPDUs Count : 0
Loop-back BPDUs Count : 0
TC Detected : 87
TC Flag Transmitted : 0 TC ACK Flag Transmitted : 0
TC Flag Received : 0 TC ACK Flag Received : 0

RSTP RSTP CFG CFG TCN TCN
BPDUs Tx BPDUs Rx BPDUs Tx BPDUs Rx BPDUs Tx BPDUs Rx
---------- ---------- ---------- ---------- ---------- ----------
465 310936 0 0 0 0

Loop protection is on both ports disabled.

I then disabled Port 4 on Switch I which is active at the moment. Then it tooks 40s until Switch II Port 3 goes from Blocking state into Forwarding state. Most of the time it is in Learning and Listening state.

When i then enable port 4 again on Switch I it tooks only 3s to switch back.

Are these 40s really normal?

Stefan
0 Kudos
Gerhard Roets
Esteemed Contributor

тАО08-24-2010 12:43 AM

тАО08-24-2010 12:43 AM

Re: rstp takes about 30s to be ready... ?

Hi Stefan

You picked a very good example. If you look at SwitchI I see the following for port 4.

AdminEdgePort : Yes
OperEdgePort : Yes

That means that port will participate in STP but you might see some funnies, like extended failover times.

I also notice that that port is transmitting(TX) and receiving(RX) RSTP BPDUs.

That specific port should not be an admin edge port.

For SwitchII I notice
AdminEdgePort : Yes
OperEdgePort : No

It is an Admin-edge-port, it should not be an admin-edge-port but it is operating as a non-edge port.

If it goes through learning and listening mode it means it is not going through RSTP rapid state transitions.

Where are these ports connected to ?
Would you be able to post the same output for the neighbouring ports ? I.e. SwitchI port4 is connected to SwitchIII port 4 then post the "show span detail" for that port.
What are the models of SwitchI and SwitchII ?
Can you post an extract of your Brocade config containing the STP configuration ?

Thanks in advance.

HTH
Gerhard
0 Kudos
Gerhard Roets
Esteemed Contributor

тАО08-24-2010 12:54 AM

тАО08-24-2010 12:54 AM

Re: rstp takes about 30s to be ready... ?

Hi Stefan

I missed the tiny in between post. It explains a lot.

In that case the scenario changes a lot , and this should be treated a little bit differently. Since you have ethernet devices outside your sphere of influence.

Am I correct in saying you basically provide an IP service to a customer over an ethernet device ?

Is it more than one customer on the same infrastructure ?

Does the customers have redundant connections ?

You mention customers can install there own switches this introduce a risk to STP.

I woulsd move the config to saying the following then.

1. BPDU filtering on the "untrusted edge". You do not want unknown devices to be able to effect your spanning tree. A customer can in theory pull you spanning tree root out from under you, especially if your Primary root goes down. This might effect other customers.
2. Loop-protect on the edge, be aware though that customers can accidentally filter loop-protect BPDU's.
3. Some kind of broadcast limiting on the edge ports to avoid a customer from accidentally looping your network down.

This really changes the ballgame, and I might suggest you need to look for support outside the scope of a forum as this might involve other choices to be made.

HTH
Gerhard




0 Kudos
Stefan Priebe
Frequent Advisor

тАО08-24-2010 01:07 AM

тАО08-24-2010 01:07 AM

Re: rstp takes about 30s to be ready... ?

Mhm i thought about my two last posts. They are not completely correct.

In 99,9% we manage the switch behind or the customer do not have access to the equipment. In my example there is a switch behind port 3 and 4 which is managed by us. So in this case the stuff should work fine?

So you want to have a show span detail of the ports on Switch III which are connected to Switch I and II?

Stefan
0 Kudos
Richard Brodie_1
Honored Contributor

тАО08-24-2010 01:38 AM

тАО08-24-2010 01:38 AM

Re: rstp takes about 30s to be ready... ?

"So you want to have a show span detail of the ports on Switch III which are connected to Switch I and II?"

That would be helpful - and maybe show span for an overview also.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.