Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpc and pvst+

How are vpc and pvst reconciled? Normally, a switch sends a BPDU toward the root bridge, but with vpc, both uplinks are supposed to be active....so what then? Does the STP secondary have to use the crisslink to send to the root?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

vpc and pvst+

Been a consultant for many years - you wont believe some of the sh-t I see out there....plenty of non-best practices and anomalous type of connections

I have seen a fair few horror stories eg. a token ting network where they couldn't get everyone in the company on the ring at the same time so they literally had to take it in turns to get network access.

I have seen lots of singly honed servers in a DC but have to admit usually connected to access switches.

It would definitely be a partiularly bad thing to do in a Nexus setup becaue you could saturate the peer link.

Jon

10 REPLIES
Purple

vpc and pvst+

Hall of Fame Super Blue

Re: vpc and pvst+

The short answer is that for vPC's the Nexus switch acting as the primary peer device is responsible for STP on vPCs. Only the primary device generates BPDUs for the vPC member ports.

If the secondary device receives any BPDUs from access switches on it's vPC ports it sends them to the primary device across the peer link.

This is regardless of which Nexus is STP root ie. it is always the primary device that generates BPDU's for vPC ports.

Jon

New Member

Re: vpc and pvst+

thanks, gents...

Jon, let me see if I got this....

I understand the BPDU and STP convergence part...the primary peer for vPC generates the BPDUs for all vPC ports, notwithstanding if it is the root bridge or has to advertise its peer as the root...not sure why it has to be that way, but I'll think about it in a sec...for now though I have the original question

My question was more about the data plane....it seems that it doesnt matter who the root bridge is because both uplinks from, say, an access switch will be active, so that switch will use both of uplinks and that means that the crosslink will be heavily used - I say that because traffic travels along the root path on its way to the root bridge....so if the primary vPC peer is the root bridge for vlan 10, the access switch will send its traffic out its root port toward the primary...BUT it will also use the secondary uplink to the secondary vPC peer, which is NOT the root bridge, and so vPC secondary will forward the traffic to the root acorss the crosslink...am I missing something?

Hall of Fame Super Blue

Re: vpc and pvst+

In any STP environment the root bridge is only so a loop free topology can be created. Once the network is stable it does not mean that all traffic must go via the root bridge. It can take the shortest path to the destination.

This doesn't just apply to Nexus, it is with all switches.

But with vPCs loop prevention is actually implemented in the data plane. If either Nexus switch receives a packet on a vPC member port and it is sent across the peer link then the other switch will not forward it out of any vPC member ports. This is how loop prevention works with vPCs.

So lets say you had two access switches connected with vPCs to the Nexus pair. If a device on one access switch in vlan 10 sends a packet to another device in vlan 10 on the second switch then the access switch would pick one of the etherchannel ports, send it to one of the Nexus switches. Lets say this Nexus switch is not the STP root. The Nexus switch should then send it direct to the second access switch ie. no need to go via the root bridge.

Like i say vPCs' do it slightly differently in terms of STP but even with normal STP packets do not necessarily have to go via the root bridge to get from one device to another.

I have to rush off so this answer is a bit short if you want further details please just ask.

Jon

New Member

Re: vpc and pvst+

"In any STP environment the root bridge is only so a loop free  topology can be created. Once the network is stable it does not mean  that all traffic must go via the root bridge. It can take the shortest  path to the destination.

This doesn't just apply to Nexus, it is with all switches."

Without spending cycles over thinking this statement and trying to find a scenario that matches, let me concede that youre right, but this is not typical. In 99% of environemnts in a data center, you have a very typical multi-tiered architecture. You know...the usual stuff... access switches dual homed (typically, not always, I know) to a pair of distro switches that may or may not act as the L2/L3 boundary. The L3 boundary at distro is what Im thinking of now.

[EDIT - 10 minutes later] - Just thought of a scneario that describes what youre saying....an access switch dual homed to a pair of distros which are then uplinked to a pair of cores which act as root bridges for all the vlans as well as the L3 boundary. A host is hanging off of one of the distros. The frame will head in the direction of the root bridge in the core BUT get diverted to the distro switch that the host is connected to. [EDIT END]

"So lets say you had two access switches connected with vPCs to the Nexus  pair. If a device on one access switch in vlan 10 sends a packet to  another device in vlan 10 on the second switch then the access switch  would pick one of the etherchannel ports, send it to one of the Nexus  switches. Lets say this Nexus switch is not the STP root. The Nexus  switch should then send it direct to the second access switch ie. no  need to go via the root bridge. "

OK, what if the destination host is connected to the root bridge for vlan 10...you know, one of the vPC switches in the pair? The access switch may send the frame on one of its port channel ports to the non-root, BUT then the frame would have to traverse the crosslink, not because the root bridge is the root but because the final destination is connected to the root and is accessible to the non-root through the crosslink. Yes?

On the other hand, in a non-vPC setup, the frame would have gone to the root brodge immediately. The observation here is that there is an element of path inefficiency with vPC.

Hall of Fame Super Blue

Re: vpc and pvst+

Hit the post message by accident so reposting

Without spending cycles over thinking this statement and trying to find a scenario that matches, let me concede that youre right, but this is not typical. In 99% of environemnts in a data center, you have a very typical multi-tiered architecture. You know...the usual stuff... access switches dual homed (typically, not always, I know) to a pair of distro switches that may or may not act as the L2/L3 boundary. The L3 boundary at distro is what Im thinking of now.

Yes, sorry i wasn't trying to tell you something you didn't already know.

OK, what if the destination host is connected to the root bridge for vlan 10...you know, one of the vPC switches in the pair? The access switch may send the frame on one of its port channel ports to the non-root, BUT then the frame would have to traverse the crosslink, not because the root bridge is the root but because the final destination is connected to the root and is accessible to the non-root through the crosslink. Yes?

So you mean if the destination host was actually connected directly into the Nexus root bridge and also had no connection to the non root switch ?

If so then yes it would have to send the frame across the peer link. It would be forwarded because even though the non root bridge received it on a vPC member port the root bridge is not sending it out of a vPC member port. But then you wouldn't really do this in a production environment ie. hosts directly connected to your distribution switches and only singly honed.

Again, not trying to tell you something you already know but i have never seen this done in DC environments.

Jon

New Member

Re: vpc and pvst+

"So you mean if the destination host was actually connected directly  into the Nexus root bridge and also had no connection to the non root  switch ?"

Correct. This could happen. Not all servers are dual homed. Hmmm...maybe its a WAP...just throwing somehting out there to illustrate a point.

I edited my last post to include a scenario...

New Member

Re: vpc and pvst+

"But then you wouldn't really do this in a production environment ie.  hosts directly connected to your distribution switches and only singly  honed."

Been a consultant for many years - you wont believe some of the sh-t I see out there....plenty of non-best practices and anomalous type of connections.

Hall of Fame Super Blue

vpc and pvst+

Been a consultant for many years - you wont believe some of the sh-t I see out there....plenty of non-best practices and anomalous type of connections

I have seen a fair few horror stories eg. a token ting network where they couldn't get everyone in the company on the ring at the same time so they literally had to take it in turns to get network access.

I have seen lots of singly honed servers in a DC but have to admit usually connected to access switches.

It would definitely be a partiularly bad thing to do in a Nexus setup becaue you could saturate the peer link.

Jon

New Member

Re: vpc and pvst+

Thanks, Jon

405
Views
20
Helpful
10
Replies
CreatePlease to create content