Implications of a Router becoming the root bridge

ccie16351 · ‎03-02-2009

Hi there,

while trying to figure out the cause for route flap and extremly high CPU utilization at the WAN Aggregation routers, I noticed one of the WAN Aggregation routers is the root bridge for the WAN vlan.

I have attached text file show the spanning-tree detail for the vlan, which shows port 1/0/9 is the root. I did also show the config. of the router at that interface.

Appreciate your opanion, if I should leave it as is, or this is wrong situation and must be rectified.

Thanks

sami

Mohamed Sobair · ‎03-02-2009

Sami,

I have no clue about the rest of the config of your router, but from what you have posted , you are bridging the F0/0/1 interface connected to your aggregation Switch, its indeed normal for a router interface to participate in Spanning-tree L2 Network if its bridged or L2 interface, this will certainley be possible with IRB or DLSW configuration.(Transparent Bridging).

My Openion To resolve the Issue:

Your Network is running PVST+, then on every bridge configure (Backbone fast) and (uplinkfast) on the access switches. for faster convergence.

On all Switches root ports, configure Spanning tree Guard root feature. for example: lets say you have SW1 SW2 & SW3 as aggregation Switches, SW2 is the root for Vlan 5 and you want to keep it as it is, the port connects to Switch3 and Switch1 should be enabled for (Guard root) feature.

HTH

Mohamed

Giuseppe Larosa · ‎03-02-2009

Hello Sami,

as Mohammed correctly notes once a router takes part in L2 topology using IRB and or DLSW as it is in your case it is possible for it to become the root bridge.

I don't think however that the router can implement the Cisco convergence features like uplinkfast or backbone fast.

Actually, on the interfaces members of the bridge-group 4 the router can send out 802.1D IEEE BPDUs.

I think you can change this using

spanning-tree priority on the real lan switches to have another root bridge elected (and a secondary root bridge too)

The router has already a lot of heavy cpu work for the DLSW features and so it is better to give to another device the role of root bridge for vlan 5.

Also because being the root bridge exposes the router to be a transit point for unnecessary traffic if it has multiple interfaces all of them are in forwarding state and designated ports in their segments

Once that you have changed the root bridge you should see some relief on the router.

Hope to help

Giuseppe

Mohamed Sobair · ‎03-03-2009

Giuseppe,

Your suggestions are valid, but the point as understood from the poster that the router or adevice behind the router claims to be the root while it has been configured to be one of the switches.

If my understanding is correct, then he should implement what i suggested above OR he could prevent BPDUs from being recieved by the router and affect his spanning tree decision IF and ONLY IF the router doesnt connect another switch participating in Spanning-tree, Based on his current design.

HTH

Mohamed

Giuseppe Larosa · ‎03-03-2009

Hello Mohamed,

my understanding is that with default values and being the switch using extended system-id the router ends to be elected:

from the log of the Original Poster:

Bridge Identifier has priority 32768, sysid 5, address 0021.55b0.e580

Configured hello time 2, max age 20, forward delay 15

Current root has priority 32768, address 0005.01ea.c020

Root port is 9 (GigabitEthernet1/0/9), cost of root path is 19

simply because

0005.01ea.c020 < 0021.55b0.e580

with default parameters the older device has usually a smaller MAC and wins election.

if the original poster reduces the spanning-tree priority on the switch I expect the router to stop to claim to be the root bridge

Hope to help

Giuseppe