- For a topology please see the attached diagram. Switch1 is a stack of 2 3750's running 12.2(44)SE, Switch2 and Switch3 are 2960's running 12.2(46)SE.
- Switch2 and Switch3 are each connected to Switch1 via L2 Etherchannel
- All switches are running spanning-tree mode MST
- All switches have the following MST configuration (I've double checked)
- name: global
- revision: 1
- instance 1 vlan 10,38,40
- instance 2 vlan 36,44,122
- MST0, 1, and 2 Switch1 is root
- All ports besides the trunk ports are edge ports (portfast)
- Two Dell EqualLogic PS5500 iSCSI SAN array's with five VMWare ESX 3.5 hosts are attached to Switch1. All ports attached to the SAN VLAN are edge ports as stated above
I recently went into Switch1 to add a new VLAN; VLAN9 to be exact. Understanding that VLAN9 is now part of MST0 and that it will not be propagated to the other switches via VTP I added VLAN9 to MSTI1 and attempted to log in to Switch2 in order to make the same changes. As I was logging in to Switch2 I hear people popping up and asking "hey, did your e-mail go down too?? hey, did your ERP application go down too??". I'm like, oh hell no, spanning-tree somehow took everything out, it's the only thing that could have. It literally took everything out as we have 98% of our server infrastructure virtualized.
Here's where I'm completely stumped as to why this happened:
1) When ports are in the edge role, they should not participate in spanning-tree by sending/receiving TC BPDU's so even if the other switches were in the proposal/agreement stage (for whatever reason) they should have remained up and unaffected, but this did not happen as all of the VMWare hosts lost connections their iSCSI targets. Why did this happen??
2) How in the hell are you supposed to safely add new VLAN's into an MST configuration if this is going to happen??
I thought I thoroughly knew the ins and outs of spannning-tree, but I've obviously missed something here.
MST is different from other types of STP.
In the moment you change the vlans to MST instances mapping you are creating two regions:
two MST switches consider themselves to be in the same region if:
the region name is the same
the revision number is the same
the VLans mappings to MST instances is the same.
Actually an hash of the vlans mappings travel in the MST BPDU.
by moving vlan 9 to MST1 on root the other switches detect a change in the hash field of its BDPUs and regarded it as a foreigner and the links as MST region borders.
As a result of this only the IST is executed at region border.
2) the best answer to this question is a note made by Cisco expert Francois Tallet:
with MST you need to carefully plan ahead and he noted that you can map all 4094 possible vlans to MSTs before even they exist.
His suggestions are to divide the vlan space in 64 subsets and to associate them to each MST.
So you make provision once and when you need a vlan that needs to follow a certain topology you pickup a vlan from the appropriate subset/MST instance and you don't need to modify MST config anymore.
Hope to help