Thats the thing, I am not exactly sure how I need to structure the port costs.

Here is how my secondary distribution switch looks like right now...

Gi0/43 Desg BLK 4 128.43

Gi0/44 Desg BLK 4 128.44

Gi0/45 Desg BLK 4 128.45

Gi0/46 Desg BLK 4 128.46

Gi0/47 Root FWD 4 128.47

Port 47 is the distribution interconnect to the primary distribution switch (primary root bridge). Port numbers 43 to 46 are links to various access switches.

Here is what happens when I remove that interconnect link on port 47...

Gi0/43 Root FWD 4 128.43

Gi0/44 Altn BLK 4 128.44

Gi0/45 Altn BLK 4 128.45

Gi0/46 Altn BLK 4 128.46

As you can see, traffic for this VLAN is now forwarded to the access switch on port 43. I dont want the switch on port 43 having a root port, and all others blocked. I want this distribution switch to be able to forward traffic out through all of its ports...depending on the access switch it needs to go to. Exactly how I showed it in the original JPEG image.

This secondary distribution switch does take over as the root when the primary distribution switch goes down. However, when I remove a single link (such as the interconnect on port 47)...this distribution switch is sends everything out port 43.

Dave,

As stated before, when the cost are equal, it will pick the interface with the lowest port number.

You can alter this selection by changing the port cost on the access switches, for instance lower G0/47 to port cost 2 and port cost 3 to the secondary distribution switch.

Hi Dave,

Basically, you want the secondary root to become primary root as a result of the link primary-secondary failing. There is nothing in the STP that allows you to do so. However, I don't think this is a big deal in your case. Indeed, the secondary now has connectivity to the root through an access (which is generally not recommended). But your access switches still have direct connectivity to the root. Nothing changes for them. The port that used to block between the access and the secondary are now blocking on the side of the secondary instead of the access... not a big change either.

What is it exactly that is bothering you in that scenario?

Regards,

Francois

Thanks guys, here is what is bothering me....

The secondary distribution switch has a direct connection to ALL of the access switches itself, as illustrated in the JPEG. However, it does NOT use those direct connections at all.

Instead, in the event of a link failure, the secondary distribution switch receives all frames - and forwards them to a specific access switch (which is the access switch on port 43 in my earlier posts). That access switch then forwards the frames back to the primary distribution switch (root). The primary distribution switch then forwards the frames to its destination.

It seems there are a lot of unnecessary hops there, when all the secondary distribution switch needs to do is just receive the frames from one port and forward it out to its destination. The path should be only one hop....but the way it is set up now - it can traverse a total of five hops. That is four uneccessary hops....not to mention the access switch on port 43 is going to get hit with much more overhead from taking on the additional load from the secondary distribution switch.

I take it I am forced to living with an access switch (port 43) that will get hit with distribution traffic whenever the interconnect (port 47) goes down?

Hi again,

Again, in the intial scenario, without the link failure, the secondary switch was not using any of its links to the access switches. The blocked port was on the access switches side, but the result was the same.

You are hitting a big limitation of the spanning tree: traffic for a given vlan is using a *unique* tree. By definition, a tree is a graph where there is only a single path between any two nodes. Take your secondary root when there is this link failure to the root. Suppose there a link forwarding between the secondary and access switch A and, at the same time, there is a link forwarding between the secondary and switch B. This is what you want, the secondary is directly connecting to both A and B. The problem is that A and B also have a forwarding link to the root bridge. Because of that, there are two paths between the secondary and the root bridge: one through A and one through B. This is a bridging loop:-( So basically, STP will only allow one connection between the secondary and the root bridge through one access bridge, never two.

Only the path to the root bridge is optimal... The IEEE is currently working on a solution to this. The draft is 802.1aq (shortest path bridging). This will allow to do bridging a little bit the way routing works: always using the shortest path between two nodes. Then, your problem will have a solution. In the meantime, you need to rely on load balancing on a per-vlan basis.

Regards,

Francois

Thanks ftallet. I was hoping for better, but oh well.