STP Best Practice between different Service Providers

Unanswered Question
Jun 22nd, 2009
User Badges:

Hi All,


We resell the wireless services of another Service Provider and establish a trunk with them to which they send us the required customer vlans.


interface GigabitEthernet2/10

description Wireless Interconnect

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 301-322

switchport mode trunk

load-interval 30

speed 100

duplex full

no cdp enable


They've stopped spanning tree on their end because "as part of these measure we blocked spanning tree between networks to prevent potential flooding of either network."


We run spanning tree on our end and have "spanning-tree loopguard default" enabled and as a result the vlans being allowed through Gi2/10 stopped passing traffic because it no longer received any BPDU's. Below you can see that it's in a "broken" state.


core1#sh spanning-tree int g2/10


Vlan Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

VLAN0301 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0302 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0303 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0304 Desg BKN*19 128.266 P2p *LOOP_Inc


We contacted the wireless Service Provider and they have re-enabled spanning tree on their end - "We have re-enabled access to the spanning tree feature however we ask if this is a necessary requirement between our two networks as there is potential to flood each others network with spanning tree related traffic."


I'm not really sure what the best practice in this situation is with two different Service Providers passing customer vlans through the trunk port?


My understanding of spanning tree isn't all that great so was wondering what we should be doing in this situation. Do we continue to run spanning-tree and ask the other Provider to keep spanning tree enabled on their end as well? Or does the wireless Service Provider have a valid point in that they may be flooded by BPDU's from our end? If so, do we have to turn spanning tree off on the interface then?


Any help would be greatly appreciated.


Thanks.


Andy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Tue, 06/23/2009 - 00:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Andy,

STP is needed if there are multiple links between the two providers.


if the link is only one and there is no plan to add a second link you can disable STP on both sides using

spanning-tree bpdu filter enable


flooding happens in any case because it is the process of propagation of broadcast, multicast and unknown unicast traffic on each vlan = broadcast domain


Only BPDUs of permitted vlans are sent on the trunk with your configuration.


so the reasons are other ones and is that you may want to keep separated the two STP domains.


Hope to help

Giuseppe


asaykao73 Thu, 07/02/2009 - 14:46
User Badges:

Hi Guru,


Thank you for your suggestion. We do have QnQ running with some Service Providers.


Cheers.


Andy

asaykao73 Wed, 07/01/2009 - 17:59
User Badges:

Hi Giuseppe,


Thank you for your reply and sorry for my late response.


I totally agree with you - but we have loopguard turned on globally with "spanning-tree loopguard default". If we then enable "spanning-tree bpdufilter enable " on the interface, the port goes into a broken state because it's no longer receiving BPDUs. Does that mean we have to turn off "spanning-tree loopguard default" globally? What are the implications of doing this?


Thanks.


Andy

asaykao73 Thu, 07/02/2009 - 15:56
User Badges:

Would it safe to say that we shouldn't really be sharing spanning-tree bpdu's with another service provider if there's only one interconnect to/from us to their network.


Would something like this be good to put on our interface that interconnects us to another service provider.


spanning-tree loopguard default

!

interface GigabitEthernet0/43

description Interconnect with ISP2

spanning-tree bpdufilter enable

spanning-tree guard none

spanning-tree portfast


Thanks.


Andy

Actions

This Discussion