Hi Collin

Enclosed I send you a show spanning-tree from access switch C4506. I have a lot of vlans but currently only two are active. Vlan 250 for management goes over port-channel 50 and backup vlan 1970 goes over port-channel 10.

Backup vlan 1970 is blocked over port-channel 50 , but I have there sometimes huge backup traffic to 1,5Gbps.

Please let me know if you need more information. Thank you marco

VLAN0250

Spanning tree enabled protocol rstp

Root ID Priority 8442

Address 001f.269d.2000

Cost 6660

Port 690 (Port-channel50)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33018 (priority 32768 sys-id-ext 250)

Address 0011.5c2e.e740

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po10 Altn BLK 6660 128.650 P2p

Po50 Root FWD 6660 128.690 P2p

VLAN1970

Spanning tree enabled protocol rstp

Root ID Priority 10162

Address 001f.269f.2000

Cost 6660

Port 650 (Port-channel10)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 34738 (priority 32768 sys-id-ext 1970)

Address 0011.5c2e.e740

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Gi2/9 Desg FWD 2000000 128.73 Edge Shr

Gi2/10 Desg FWD 2000000 128.74 Edge Shr

Gi2/21 Desg FWD 20000 128.85 Edge P2p

Gi2/42 Desg FWD 20000 128.106 Edge P2p

Po10 Root FWD 6660 128.650 P2p

Po50 Altn BLK 6660 128.690 P2p

HCS26-1#sh interfaces port-channel 50

Port-channel50 is up, line protocol is up (connected)

Hardware is EtherChannel, address is 001e.7ad0.fae3 (bia 001e.7ad0.fae3)

Description: *** HCS51-0 channel ***

MTU 1500 bytes, BW 3000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 1000Mb/s, media type is N/A

input flow-control is off, output flow-control is unsupported

Members in this channel: Gi1/2 Gi3/4 Gi3/5

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output never, output hang never

Last clearing of "show interface" counters 03:11:16

Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 448000 bits/sec, 44 packets/sec

5 minute output rate 6000 bits/sec, 1 packets/sec

276208 packets input, 362097744 bytes, 0 no buffer

Received 21324 broadcasts (21319 multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

15911 packets output, 3014850 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Ciao Giuseppe

The blocked Vlan on trunk port respectively port-channel does still receive BPDU frames.

Please be aware that I have two vlans in use.

One vlan 250 for network management goes over port-channel 50 and a vlan 1970 for backup traffic goes over port-channel 10. The backup vlan 1970 is blocked over port-channel 50, but I have there a lot of traffic until 1,5 Gbps. So it's really strange..

Please let me know if you have a good idea.

Thank you

Marco

Port 690 (Port-channel50) of VLAN1970 is alternate blocking

Port path cost 6660, Port priority 128, Port Identifier 128.690.

Designated root has priority 10162, address 001f.269f.2000

Designated bridge has priority 18354, address 001f.269d.2000

Designated port id is 128.1668, designated path cost 1000

Timers: message age 15, forward delay 0, hold 0

Number of transitions to forwarding state: 1

Link type is point-to-point by default

Loop guard is enabled on the port

BPDU: sent 935, received 695

Ciao Marco,

of course you cannot have 1,5 Gbps of STP BPDUs !

verify that all switches are in RSTP mode.

Is possible to have all this traffic on vlan250 the one in forwarding state ?

How can you say that traffic is of vlan 1970 ?

>> BPDU: sent 935, received 695

it looks like there is some conflict here because rx should be much more then tx on a blocked port.

Number of transitions to forwarding state: 1

for some time the port was in forwarding

Hope to help

Giuseppe

Hi Giuseppe

All switches are in RSTP mode:

spanning-tree mode rapid-pvst

spanning-tree extend system-id

spanning-tree pathcost method long

You're right I assume that the traffic is on

blocked backup vlan 1970, cause the other vlan 250 in forwarding state is only for switch management. On C4506 I have only vlan 250 with IP address for management configured, there is no other access port or trunk with vlan 250, so I would say this huge traffic is not from management.

Best regards

Marco

Hello Marco,

good all switches in the same mode.

The traffic is incoming from the upstream switch ?

on the upstream switch the port for vlan1970 is in forwarding state.

So broadcast multicast traffic is allowed to go out of the upstream switch or unknown unicast

To verify this do the following:

on the upstream's stream port-channel configure

storm-control broadcast level 1.00

Switch(config-if)#storm-control ?

broadcast Broadcast address storm control

multicast Multicast address storm control

unicast Unicast address storm control

you can do the same for multicast or unknown unicast

let's see if this traffic is reduced

if it is reduced you have multicast or broadcast traffic that is going everywhere and you may enable igmp snooping on upstream switches.

given the very high volume I don't suggest to try to capture it it would be dangerous !

Hope to help

Giuseppe

Hello Giuseppe

I did some tests again and there is no mutch multicast or broadcast traffic.

Multicast (PIM sparese mode)is still configured in conjunction with IGMP. I did a capture with NAM module of one trunk which is blocked and I saw there is backup traffic of Vlan 1970 from uptream switch (C6509) to access switch (C4509) and it's normal unicast traffic. It looks like like a loadsharing of backuptraffic over blocked and forwarding trunk or channel.

Maybe it has something to do with Supervisor Engine 720 10GE (Active) VS-S720-10G ?

Thank you.

Best regards

Marco

Hello Marco,

you are playing with the newest toys.

New rules may apply:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vss.html#wp1054759

Multichassis EtherChannels

Multichassis EtherChannel (MEC) is an EtherChannel with ports that terminate on both chassis of the VSS. These sections describe multichassis EtherChannels:

•Overview

•Failure Scenarios

Overview

Multichassis EtherChannel (MEC) is an EtherChannel with ports that terminate on both chassis of the VSS (see Figure 4-7). A VSS MEC can connect to any network element that supports EtherChannel (such as a host, server, router, or switch).

At the VSS, a MEC is an EtherChannel with additional capability: the VSS balances the load across ports in each chassis independently. For example, if traffic enters the active chassis, the VSS will select a MEC link from the active chassis. This MEC capability ensures that data traffic does not unnecessarily traverse the VSL.

Each MEC can optionally be configured to support either PAgP or LACP. These protocols run only on the active chassis. PAgP or LACP control packets destined for a MEC link on the standby chassis are sent across VSL.

Hope to help

Giuseppe

Hello Giuseppe

Our two C6509 switches are still in standalone mode so we have no virtual switching system (VSS) in use and Multichassis EtherChannel (MEC)could only operate with virtual switching system (VSS)

#show switch virtual

Switch Mode : Standalone

Thank you for your help.

Best regards

Marco

Hello Marco,

at this point I would open a TAC case that traffic shouldn't be there.

Hope to help

Giuseppe