No Instance of spanning tree, create a loop?

flammia · ‎12-29-2013

Have a network that has been experiencing a L2 issues and got an example of a mis-configuration below that I'm not sure how the network would react. There are a lot of other design issues around this scenario that’s not correct, but just want to understand the outcome of this example. The network fails once in a while with the core switchs going into 99.9% CPU utilisation. This seems to be around when there is a topology change in the network, yet some parts of the network a topology change will have no effect, which I think maybe done to some specific vlans. Reboot of the cores rectifies the problem.

There are 2 x 6509 cores that are connected together but the vlan in question hasn't been shared between the two. The core switchs are running rapid-pvst and the edge switchs are running a mixture of rapid-pvst and ieee pvst.

For the particular vlan in question, say 195, has been configured from each of the cores to each of the edge switchs. Each edge switch as 2 port, port-channel with vlan 195 added to each port-channel / trunk from both sides of the switch, each one going to a separate core.

When looking into spanning tree, on the root bridge for vlan 195 of one of the cores you get for each port-channel / trunk to each edge switch the following:

Swicth 1) Alt Blk, 2) Alt Blk, 3) Alt Blk, 4)Root Fwd, 5) Desg FWD

And on the other core

1) Desg FWD, 2) Desg FWD, 3) Desg FWD ,4) Desg FWD, 5) Desg FWD

Now switchs 1), 2), 3), each show Desg Fwd to the backup bridge and Root FWD the root bridge.

Swicth 4) shows Root Fwd and Desg Fwd

Switch 5) Does not have vlan 195 created, therefore no spanning tree instance for it.

This is the strange part and what I need clarification on. If this switch has no spanning tree instance for Vlan 195 running on it and Vlan 195 is being piped down to either side of the switch and both the core switches show Desg FWD for the spanning tree instance of Vlan 195 to this switch – would the switch pass through BPDU’s for the spanning tree instance of Vlan 195 and therefore potentially create a loop? Or does it simply not pass any BPDU’s for that Vlan?

XMER1#sh spanning-tree vlan 195

VLAN0195
Spanning tree enabled protocol rstp
Root ID    Priority    32768
             Address     0015.2cb3.ccc3
             Cost        6
             Port        1677 (Port-channel33)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768
             Address     0015.c760.20c3
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po33             Root FWD 3         128.1677 P2p Peer(STP)
Po59             Altn BLK 3         128.1686 P2p Peer(STP)
Po133            Altn BLK 3         128.1709 P2p
Po145            Desg FWD 3         128.1713 P2p
Po147            Altn BLK 3         128.1714 P2p Peer(STP)

XMER1#sh running-config interface port-channel 145
Building configuration...

Current configuration : 303 bytes
!
interface Port-channel145
description Channeled with G1/37,G2/37 to GMER1_S1
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 91,95-99,195,600,610-612,901,999
switchport mode trunk
end

XMER-02#sh spanning-tree vlan 195

VLAN0195
Spanning tree enabled protocol rstp
Root ID    Priority    32768
             Address     0015.2cb3.ccc3
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32768
             Address     0015.2cb3.ccc3
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po34             Desg FWD 3         128.1677 P2p Peer(STP)
Po60             Desg FWD 3         128.1686 P2p Peer(STP)
Po134            Desg FWD 4         128.1709 P2p
Po146            Desg FWD 3         128.1713 P2p
Po148            Desg FWD 3         128.1714 P2p Peer(STP)

XMER-02#sh running-config interface port-channel 146
Building configuration...

Current configuration : 296 bytes
!
interface Port-channel146
description Channeled with G1/37,G2/37 to GMER1_S1
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 91,95,195,600,610-612,999
switchport mode trunk
end

XMER01_S1#sh spanning-tree vlan 195

Spanning tree instance(s) for vlan 195 does not exist.

X4SER3_S1#sh spanning-tree vlan 195

VLAN0195
Spanning tree enabled protocol rstp
Root ID    Priority    32768
             Address     0015.2cb3.ccc3
             Cost        4
             Port        496 (Port-channel2)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32963 (priority 32768 sys-id-ext 195)
             Address     ec44.7643.a580
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Desg FWD 3         128.488 P2p
Po2              Root FWD 4         128.496 P2p

Many thanks.

Marvin Rhoads · ‎12-29-2013

I don't have a lab setup to confirm on at the moment but my understanding is the switch 5 would not introduce a loop for vlan 195 as it would simply discard the BPDUs tagged for that VLAN when they come in on the two trunk ports.

Since it has no spanning-tree instance for that VLAN, it would never encapsulate or forward BPDUs with the vlan id 195 in any of its outgoing trunk ports.

flammia · ‎12-30-2013

Thanks for posting.

That makes sense, but not what I was hoping to hear - back to the drawing board in finding the cause.

If you find out anything different then let me know.

Cheers.