Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1844
Views
5
Helpful
5
Replies

STP Best Practice between different Service Providers

asaykao73
Level 1
Level 1

‎06-22-2009 02:53 PM - edited ‎03-06-2019 06:23 AM

Hi All,

We resell the wireless services of another Service Provider and establish a trunk with them to which they send us the required customer vlans.

interface GigabitEthernet2/10

description Wireless Interconnect

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 301-322

switchport mode trunk

load-interval 30

speed 100

duplex full

no cdp enable

They've stopped spanning tree on their end because "as part of these measure we blocked spanning tree between networks to prevent potential flooding of either network."

We run spanning tree on our end and have "spanning-tree loopguard default" enabled and as a result the vlans being allowed through Gi2/10 stopped passing traffic because it no longer received any BPDU's. Below you can see that it's in a "broken" state.

core1#sh spanning-tree int g2/10

Vlan Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

VLAN0301 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0302 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0303 Desg BKN*19 128.266 P2p *LOOP_Inc

VLAN0304 Desg BKN*19 128.266 P2p *LOOP_Inc

We contacted the wireless Service Provider and they have re-enabled spanning tree on their end - "We have re-enabled access to the spanning tree feature however we ask if this is a necessary requirement between our two networks as there is potential to flood each others network with spanning tree related traffic."

I'm not really sure what the best practice in this situation is with two different Service Providers passing customer vlans through the trunk port?

My understanding of spanning tree isn't all that great so was wondering what we should be doing in this situation. Do we continue to run spanning-tree and ask the other Provider to keep spanning tree enabled on their end as well? Or does the wireless Service Provider have a valid point in that they may be flooded by BPDU's from our end? If so, do we have to turn spanning tree off on the interface then?

Any help would be greatly appreciated.

Thanks.

Andy

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-23-2009 12:47 AM

Hello Andy,

STP is needed if there are multiple links between the two providers.

if the link is only one and there is no plan to add a second link you can disable STP on both sides using

spanning-tree bpdu filter enable

flooding happens in any case because it is the process of propagation of broadcast, multicast and unknown unicast traffic on each vlan = broadcast domain

Only BPDUs of permitted vlans are sent on the trunk with your configuration.

so the reasons are other ones and is that you may want to keep separated the two STP domains.

Hope to help

Giuseppe

guruprasadr
Level 7
Level 7
In response to Giuseppe Larosa

‎06-23-2009 05:30 AM

HI Andy,

You can think about enabling QnQ in your Network, if it is connection between different Service Providers.

This will help you in avoiding the VLAN overlapping, etc.,

http://www.ippacket.org/blog/archives/2004/08/ieee_8021q-in-q.html

Best Regards,

Guru Prasad R.

0 Helpful

asaykao73
Level 1
Level 1
In response to guruprasadr

‎07-02-2009 02:46 PM

Hi Guru,

Thank you for your suggestion. We do have QnQ running with some Service Providers.

Cheers.

Andy

0 Helpful

asaykao73
Level 1
Level 1
In response to Giuseppe Larosa

‎07-01-2009 05:59 PM

Hi Giuseppe,

Thank you for your reply and sorry for my late response.

I totally agree with you - but we have loopguard turned on globally with "spanning-tree loopguard default". If we then enable "spanning-tree bpdufilter enable " on the interface, the port goes into a broken state because it's no longer receiving BPDUs. Does that mean we have to turn off "spanning-tree loopguard default" globally? What are the implications of doing this?

Thanks.

Andy

0 Helpful

asaykao73
Level 1
Level 1

‎07-02-2009 03:56 PM

Would it safe to say that we shouldn't really be sharing spanning-tree bpdu's with another service provider if there's only one interconnect to/from us to their network.

Would something like this be good to put on our interface that interconnects us to another service provider.

spanning-tree loopguard default

!

interface GigabitEthernet0/43

description Interconnect with ISP2

spanning-tree bpdufilter enable

spanning-tree guard none

spanning-tree portfast

Thanks.

Andy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card