Good stuff...

Im aware that pvstp is Cisco proprietary....I am sking for recommendations on how to get them to play nicely...

Your recommendation with regard to the root bridge  is what I was thinking and Im trying to think it through to make sure that we're correct...

Does this mean that someone has to reconfigure their distribution switches (these are typically the roots) and allow their entire topology to reconverge just to place an IEEE compliant switch into the network? Sounds bad...

What else?

Yes. that can be an issue. Please take note that IEEE recommendation dictates the CST.

With PVST+, Cisco is merely providing a workaround for what many regard as a disadvantage of the standard.

When someone decides to put a device into the network which is compliant with the IEEE standards but does not support the additional functionalty as provided by the Cisco solution, functionality which is already in place and used extensively, one might consider this as a poor design decision.

You are now experiencing that this decision has impact on the whole design, an impact which has apparently not been foreseen.

Other solutions? When we are talking about a large network, you might consider switching over to MSTP.

This is not a small change but MST does support load balancing like PVST with the additional advantage of less STP instances.

When you like to follow standards, this is THE solution for you, even though it is not easy to implement.

When the network is smaller (in number of vlans) you might be able to allow only a limited number of vlans on the trunks leading to the dell switch.

This will reduce the number of vlans which are blocked by the CST. However, any future change of the topology will need to take this workaround into consideration and evaluate possible pitfalls. Only adviseable when you expect little changes to the network.

regards,

Leo

Interesting...

lets see...so a Cisco switch does not allow for disabling pvstp+ and using the IEEE (CST) instead? Ive never tried it, actually....hmmmm.  Im talking about something like switch(config)# spanning-tree mode IEEE

Assuming the answer is no, then, basically, what we are saying is that if we connect a Dell or HP blade to a Cisco ToR switch, which is then connected to an EoR L3 (distribution) switch, what we must do is:

• reconfigure the distribution switches such that only one switch is the root for ALL VLANs.

• keep the STP mode set to PVSTP+ or RPVSTP+ (I have been told that the Cisco switch will sense an IEEE bridge and fallback to operating in IEEE STP mode ....????)
  

Yes? If so, Im wondering if the fact that the Cisco switch is running multiple instances of STP will create any interop issues in and of itself, even if the roots are set for all VLANs as described aboce.

Im also wondering about add-ons like root guard, loopguard, bpduguard UDLD aggressive, etc....? Ive never configured a non-Cisco switch for STP, so Im not sure which features would be available...

Thoughts?

There is no need for such a command because both PVST+ and rapidPVST+ are fully backwards compatible with the standard protocol.

You will have no issues as a result of this. Your problem is solely the lack of support for PVST by non-cisco switches.

Because of this, I really think that MST is the best solution because it is also an IEEE standard.

Reagrding the additional instances: In fact, these additional instances of STP are encapsulated in UDP and sent as multicasts over the non-cisco region. As such, they are not recognized as BPDU's by other vendors.

For the other cisco enhancements your guess is probably correct: you cannot configure it on non-cisco devices.

regards,

Leo

Hello Leo,

I am sorry but I believe that some of your statements in your last post are not correct.

both PVST+ and rapidPVST+ are fully backwards compatible with the standard protocol.

No, they are not, and there are numerous differences:

1. PVST+/RPVST+ BPDUS are 802.1Q encapsulated while standard BPDUs are not.
2. PVST+/RPVST+ BPDUs are using a slightly modified BPDU format - it contains a TLV on its very end describing the VLAN number on which the BPDU has been originated, to detect possible native VLAN mismatches.
3. IEEE 802.1D STP/RSTP uses 802.2 LLC encapsulation with DSAP=SSAP=0x43. Cisco PVST+/RPVST+ uses 802.2 SNAP encapsulation with DSAP=SSAP=0xAA, OUI=0x00000c, PID=0x010b.
4. The destination MAC address is different - standard BPDUs use DSTMAC of 01:80:c2:00:00:00, PVST+/RPVST+ BPDUs use DSTMAC of 01:00:0c:cc:cc:cd.

PVST+/RPVST+ therefore cannot be declared fully backwards compatible with the standard protocol - what it really does is avoiding the cooperation with standard IEEE by encapsulating and tunnelling its BPDUs so that they are not processed by IEEE-compliant switches.

Reagrding the additional instances: In fact, these additional instances 
of STP are encapsulated in UDP and sent as multicasts over the non-cisco
 region.

Encapsulated in UDP? Absolutely not. They are encapsulated into SNAP Ethernet frames as I have described earlier.

Best regards,

Peter

Hi Peter,

What I meant with my statement regarding compatibility is that it will work seamlessly with other vendors who do not support it.

I know there are differences, thanks for pointing them out, but non-cisco boxes will not notice their presence.

Regarding the encapsulation, you are right.

Leo

Peter, great stuff! Can you tell me where I can find such information regarding all the differences between Cisco implementation of STP and non-Cisco switches? So what youre saying on a igher level is that the Cisco switches do NOT seamlessly interoperate with bridges that only run IEEE STP, correct?

Leo, gotcha...

But just to make sure I got it....for a NON-MST solution, the Cisco switches can be left in PV mode, as you dont have an "IEEE" choice anyway, BUT they will seamlessly operate with the non-Cisco blade switches. But for this to happen, your Cisco environment must have each distro switch configured as the bridge for all VLANs. Correct with all this?

As for MST, the same holds true, right? You cannot just configure an MST region between the blade switches and the Cisco ToR and leave the rest of the environment configured as it was before. The distro switches will have to be reconfigured for MST, too. Correct?

If you want some details on how it works and how to configure it, please start with the followint two documents:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfc.shtml

They describe RSTP and MST in considerable detail. The link below provides additional reading on STP in general:

http://www.cisco.com/en/US/tech/tk389/tk621/tsd_technology_support_protocol_home.html

However, as far as I can see from the postings, your problem is the IEEE compatible devices are lacking the additional features that cisco provides for STP. For example, 'normal' 802.1w utilizes the CST so one port will be blocking for all vlans. It is this fact which is now giving you problems.

That's why I think MST is the way forward here.

best regards,

Leo

Hi Leo,

What I meant with my statement regarding compatibility is that it will work seamlessly with other vendors who do not support it.
I know there are differences, thanks for pointing them out, but non-cisco boxes will not notice their presence.

Yes - obviously we see the meaning of the word "compatible" in slightly different meaning. Cisco's PVST+ makes sure that normal switches treat it as an ordinary multicast data application and do not even try to interact with it. So much for the compatibility of PVST+ Another meaning for compatibility would be the capability of RSTP to fall back to ordinary STP operation when a legacy STP client is detected on a port. That is how I perceive the meaning of compatibility. Avoiding interaction is hardly a compatibility feature...

You have provided a nice set of STP-related documents. Allow me please to add one more URL that talks especially about the things I have pointed out earlier and possible PVST+/IEEE STP interactions:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00801d11a0.shtml#topic1

Best regards,

Peter

Hi,

First of all - I am afraid no one has pointed it out so far - the entire hassle about PVST+ and IEEE interoperation comes into play if and only if we are looking at PVST+ operation at trunk ports. Normal access ports on Catalyst switches always emit and process standard IEEE STP BPDUs according to the access VLAN they are configured into.

Peter, great stuff! Can you tell me where I can find such information 
regarding all the differences between Cisco implementation of STP and 
non-Cisco switches?

The differences? Well, years of sitting in the lab, sniffing all packets going around No, really, Leo has provided a nice set of links in one of his recent posts in this thread, and I have included yet another link that is specific to the PVST+/IEEE STP interoperation - I am including it here again just for the sake of having things in place:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00801d11a0.shtml#topic1

 So what youre saying on a igher level is that the 
Cisco switches do NOT seamlessly interoperate with bridges that only run
 IEEE STP, correct?

Well, perhaps I am too strict on the word selection after all. What I wanted to say is that regarding the PVST+/RPVST+ alone, IEEE switches ignore it because the BPDUs are encapsulated differently and addressed differently than IEEE STP BPDUs. The PVST+/RPVST+ BDPUs are tunelled through IEEE switches as if the entire IEEE-compliant switching domain was just a wire. However, each Catalyst switch, in parallel to PVST+/RPVST+, emits a standard IEEE STP BPDU to speak to IEEE-compliant neighboring switch, and that is where the interoperation takes place.

Also see the following document, it is also describing the PVST+ specifics:

http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_vlan_cfg_rtg_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1006491

for a NON-MST solution, the Cisco switches can be left in PV mode, as 
you dont have an "IEEE" choice anyway, BUT they will seamlessly operate 
with the non-Cisco blade switches. But for this to happen, your Cisco 
environment must have each distro switch configured as the bridge for 
all VLANs. Correct with all this?

Yes. If the 802.1Q-encapsulated PVST+ BPDUs are to be tunneled through the IEEE region correctly, then all VLANs must be known to all switches. The IEEE STP BPDUs will be well understood by the IEEE neighbors, though.

As for MST, the same holds true, right? You cannot just configure an MST
 region between the blade switches and the Cisco ToR and leave the rest 
of the environment configured as it was before. The distro switches will
 have to be reconfigured for MST, too. Correct?

Basically, yes - introducing yet another MSTP variant into a part of the network would only further complicate things. It would be ideal if all switches spoke MSTP, as Leo has correctly pointed out in his earlier post.

But - looking through the thread, I am not quite sure what problem we are trying to solve. You have said in your first post here that you have "STP issues". Can you be more specific about that?

Best regards,

Peter

Ok, let me get to the nittry gritty.

I have a blade chassis with 2 blade switches (BS). Those blade switches run IEEE STP.

They are stacked to each other.

Each blade switch has 2 uplinks to one of 2 Cisco Nexus ToR switches. The NK5s are running vPC between them and PVST+

The N5Ks are dual-homed to distribution switches D1 and D2 (cross links not shown), which act as L2/L3 boundaries and more importantly the root bridges for the VLANs, D1 for some and D2 for the rest.

BS1==========N5K-1=========D1

||                            ||                             ||

||                            ||                             ||

BS2==========N5K-2=========D2

Observations:

1.) Since the N5Ks are running vPC and form a virtual chassis, and BS1 and BS2 are stacked, what you have is a virtual chassis in each layer. So, each layer sees the other as ONE switch. The N5Ks see the BS switches as 1 virtual switch and the BS switches see the N5Ks as 1 virtual switch. Therefore, there is no loop and STP is only acting as a preventive mechanism.

2.) Since BS1 and BS2 are running IEEE STP (which only has 1 STP instance, namely, the CST) and the rest of the network is running PVST+, D1 OR D2 must act as the root bridge for ALL VLANs, since the IEEE STP only understands one logical STP topology and all VLANs are mapped to it.

3.) Loopguard, UDLD aggressive, BPDUGUARD and any other Cisco proprietary STP add-on will not be recognized by BS1 and BS2 and will not participate in any conversations that those protocols engage in.

4.) An alternative to configuring either D1 or D2 as the root for all VLANs, we can reconfigure the environment to run MSTP, since only 2 logical STP topologies exist anyway -- one in which D1 is the root and the second in which D2 is the root. In the case of MSTP, two MSTI instances will be created, in which half the VLANs may belong to one and the other half to the other. In addition, one IST will be created and that acts as the STP instance that communicates with the CST of the IEEE STP.

5.) A 3rd approach may be to create an MST region out of BS1, BS2, and N5K-1 and N5K-2. In this case, D1 and D2 will see that MST region as one logical CST bridge. This solution seems a bit clumsy.

Any thoughts on each of these bullet points? Do they make sense?

Thanks

Peter? Leo? Jon? Giuseppe? Anyone?

THREAD  CLOSED