The MST BPDU are not transmitted in the VLAN as with Rapid PVST+, but instead transmitted untagged in the native vlan of the switch.
ACI fabric does not run spanning-tree. By default, an EPG in ACI will just flood BPDUs (even if Hardware proxy mode is chosen for the BD). However it is likely that there won't be an EPG matching the untagged vlan encapsulation on ports connected to MST switches.
In that scenario, the MST BPDU send by the nexus7000 will be dropped ingress of ACI fabric.
then, you would see for the topology here that all 4 ports in vlan 1110 (now MST instances 1) are forwarding and that both switches believes to be root.
N7K-65# sh spanning-tree Vlan 1110
MST0001 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 001b.54c2.2641 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 001b.54c2.2641 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
This scenario will potentially easily introduce a layer 2 loop. With ACI loop may not occur if the BD do not allow flooding (which is the default).
However this is not a valid design.
Avoiding loop with MST connected switches
In order to avoid the loop, we need to make sure MST BPDU are propagated across ACI fabric. To do that we need to create an EPG containing all ports going to spanning-tree MST switches and with untagged native vlan.
Assuming on the nexus 7000 the native vlan is set to be vlan 1102. We will create a new EPG with the 4 port-channel in vlan 1102 and mark those as untagged (native).
Step 1 - Create a new EPG.
- in tenant TAB --> Application Profiles --> Application EPGs : right click and create a new Application EPG
- In create application EPG window:
-- select Name for the new EPG (EPG-native-vlan)
-- select the bridge domain (here RD_BD_1101)
-- Associate with a physical domain that contains the port-channel