01-05-2012 12:49 PM
In a large architecture DC,we have
(x) As core layer, one vPC pair of 2 Nx7010 : hsrp + root bridge of 2 MST instances with peer-switch.
(x) As distrib layer, one vPC pair of 2 Nx5596, layer 2 only
(x) As access layer, three vPC pairs of 2 Nx5548 layer 2 only + many fex single homed. These 3 pairs are called :
- 5548-1 : accesA1 ; 5548-2 : accesA11
- 5548-1 : accesB1 ; 5548-2 : accesB11
- 5548-1 : accesC1 ; 5548-2 : accesC11
Between core, distrib and access layers, we have 8 x 10 Gps link as Port-channel vPC / port-channel
For the peer-link of each pair, we have 4 or 2 x 10 Gps link.
accesA1, accesB1 and accesC1 are the primary vPC role
accesA11, accesB11 and accesC11 are the secondary vPC role.
The DC does work fine.
Via DCNM, I noticed that on accesA11, accesB11 et accesC11, we have this log :
2011 Dec 16 16:45:02 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root
2011 Dec 16 16:45:02 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root
2011 Dec 16 16:45:03 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root
2011 Dec 16 16:45:03 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root
2011 Dec 16 16:45:04 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root
2011 Dec 16 16:45:04 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root
2011 Dec 16 16:45:05 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root
2011 Dec 16 16:45:05 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root
2011 Dec 16 16:45:06 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root
2011 Dec 16 16:45:06 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root
2011 Dec 16 16:45:07 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root
Please note the frequency !!!
I took a look on Nexus 5548 about MST and i could see that we have 2 root port on accesA11, accesB11 and accesC11. The 2 root ports explain this log... but i could not understant why we have 2 root ports ; On my mind, it is not possible :
accesA11# sh span
MST0000
Spanning tree enabled protocol mstp
Root ID Priority 0
Address 0023.04ee.be01
Cost 0
Port 4205 (port-channel110)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 547f.ee1a.d4bc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po110 Root FWD 1000 128.4205 (vPC peer-link) Network P2p
Po210 Root FWD 200 128.4305 (vPC) P2p
MST0001
Spanning tree enabled protocol mstp
Root ID Priority 1
Address 0023.04ee.be01
Cost 1400
Port 4205 (port-channel110)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 547f.ee1a.d4bc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po110 Root FWD 1000 128.4205 (vPC peer-link) Network P2p
Po210 Root FWD 200 128.4305 (vPC) P2p
Po110 : Po for the vPC peer-link
Po210 : Po for the vPC to distrib layer
I took a long moment on CCO but i did not find any way to solve this issue
Please, could you assist me ???
Many thanks in advance.
Nicolas.
Solved! Go to Solution.
01-12-2012 06:52 PM
It is fixed in 5.2(3a).
You can do one of the workaround, upgrade to a fixed version or change the syslog level on the N5K.
Those release number with the "S" designation is internal test built, it will not release to CCO.
Regards,
jerry
01-05-2012 05:59 PM
What version is the N5500 and the N7K running? Also assumed you hard coded spanning-tree priority on the N7K.
Also, any reason you are doing 3 tier L2 design here???
Regards,
jerry
01-09-2012 08:20 AM
Hello Jerry,
First of all, thanks for your reply. Below my answers to your questions :
What version is the N5500 running ? :
Software
BIOS: version 3.5.0
loader: version N/A
kickstart: version 5.0(3)N2(1)
system: version 5.0(3)N2(1)
power-seq: Module 1: version v1.0
Module 3: version v2.0
uC: version v1.2.0.1
SFP uC: Module 1: v1.0.0.0
BIOS compile time: 02/03/2011
kickstart image file is: bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
kickstart compile time: 6/13/2011 6:00:00 [06/13/2011 15:43:33]
system image file is: bootflash:/n5000-uk9.5.0.3.N2.1.bin
system compile time: 6/13/2011 6:00:00 [06/13/2011 17:33:42]
What version is the N7K running ? :
Software
BIOS: version 3.22.0
kickstart: version 5.1(4)
system: version 5.1(4)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.4.bin
kickstart compile time: 12/25/2020 12:00:00 [06/29/2011 05:28:40]
system image file is: bootflash:///n7000-s1-dk9.5.1.4.bin
system compile time: 5/31/2011 18:00:00 [06/29/2011 06:19:13]
Also assumed you hard coded spanning-tree priority on the N7K.
core 1 :
spanning-tree mode mst
spanning-tree pathcost method long
no spanning-tree bridge assurance
spanning-tree mst 0-1 priority 0
spanning-tree mst configuration
name DCRonchin
revision 100
instance 1 vlan 2-4094
vpc domain 1
peer-switch
role priority 100
peer-keepalive destination 10.10.0.12 source 10.10.0.2
peer-gateway
reload restore
ip arp synchronize
core 2 :
spanning-tree mode mst
spanning-tree pathcost method long
no spanning-tree bridge assurance
spanning-tree mst 0-1 priority 0
spanning-tree mst configuration
name DCRonchin
revision 100
instance 1 vlan 2-4094
vpc domain 1
peer-switch
role priority 200
peer-keepalive destination 10.10.0.2 source 10.10.0.12
peer-gateway
reload restore
ip arp synchronize
Also, any reason you are doing 3 tier L2 design here???
Because we have 2 other computer Rooms with blade servers. These 2 rooms have one 2 Nx7k pair as distrib layer. the acces layer are 3020 CBS or HP flex-10 in blade servers.
So for each room, we have distrib and acces layer architecture.
For information, we have about 375 Vlans.
Many thanks in advance.
Nicolas.
01-11-2012 09:45 PM
Two root port po110 and po210 in show span command is due to switches' secondary vpc role seeing peer link as root port always. According to error MSG po220 is becoming root port for mst instance 0 and1 can you post config for po220
Sent from Cisco Technical Support iPhone App
01-12-2012 01:44 AM
hi,
Many thanks for your reply.
since my fist post, I did understand that we can have 2 root ports on secondary vpc role ; the "second" root port is the peer-link.
Please, see below the po 220 config :
accesB11 :
interface port-channel220
description distrib1
switchport mode trunk
vpc 220
spanning-tree port type normal
interface Ethernet1/25
description distrib11_1/21
switchport mode trunk
channel-group 220 mode active
interface Ethernet1/26
description distrib11_1/22
switchport mode trunk
channel-group 220 mode active
interface Ethernet1/28
description distrib12_1/21
switchport mode trunk
channel-group 220 mode active
interface Ethernet1/29
description distrib12_1/22
switchport mode trunk
channel-group 220 mode active
for info accesB1 :
interface port-channel220
description distrib1
switchport mode trunk
vpc 220
spanning-tree port type normal
interface Ethernet1/25
description distrib11_1/17
switchport mode trunk
channel-group 220 mode active
interface Ethernet1/26
description distrib11_1/18
switchport mode trunk
channel-group 220 mode active
interface Ethernet1/28
description distrib12_1/17
switchport mode trunk
channel-group 220 mode active
interface Ethernet1/29
description distrib12_1/18
switchport mode trunk
channel-group 220 mode active
I have 3 acces rows with 2 Nx 5548 pair: each 5548 vpc secondary log this message 3 or 4 times by second.
Many thx for your feedback.
nicolas.
01-12-2012 07:09 AM
Hi Nicolas,
The STP port role on the vPC secondary is normal. I was just wondering your topology, nothing to worry.
Also, to troubleshoot this syslog message, I need to know couple info from your STP root (N7K), what version is it running? Did you enable peer-switch? I would like to take a look at those config.
Regards,
jerry
01-12-2012 08:22 AM
Hello Jerry,
Yes peer-switch is used. please see below all info asked :
What version is the N5500 running ? :
Software
BIOS: version 3.5.0
loader: version N/A
kickstart: version 5.0(3)N2(1)
system: version 5.0(3)N2(1)
power-seq: Module 1: version v1.0
Module 3: version v2.0
uC: version v1.2.0.1
SFP uC: Module 1: v1.0.0.0
BIOS compile time: 02/03/2011
kickstart image file is: bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
kickstart compile time: 6/13/2011 6:00:00 [06/13/2011 15:43:33]
system image file is: bootflash:/n5000-uk9.5.0.3.N2.1.bin
system compile time: 6/13/2011 6:00:00 [06/13/2011 17:33:42]
What version is the N7K running ? :
Software
BIOS: version 3.22.0
kickstart: version 5.1(4)
system: version 5.1(4)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.4.bin
kickstart compile time: 12/25/2020 12:00:00 [06/29/2011 05:28:40]
system image file is: bootflash:///n7000-s1-dk9.5.1.4.bin
system compile time: 5/31/2011 18:00:00 [06/29/2011 06:19:13]
Also assumed you hard coded spanning-tree priority on the N7K.
core 1 :
spanning-tree mode mst
spanning-tree pathcost method long
no spanning-tree bridge assurance
spanning-tree mst 0-1 priority 0
spanning-tree mst configuration
name DCRonchin
revision 100
instance 1 vlan 2-4094
vpc domain 1
peer-switch
role priority 100
peer-keepalive destination 10.10.0.12 source 10.10.0.2
peer-gateway
reload restore
ip arp synchronize
core 2 :
spanning-tree mode mst
spanning-tree pathcost method long
no spanning-tree bridge assurance
spanning-tree mst 0-1 priority 0
spanning-tree mst configuration
name DCRonchin
revision 100
instance 1 vlan 2-4094
vpc domain 1
peer-switch
role priority 200
peer-keepalive destination 10.10.0.2 source 10.10.0.12
peer-gateway
reload restore
ip arp synchronize
Many thanks.
01-12-2012 08:41 AM
01-12-2012 09:03 AM
Hi,
Cool. it seems to me you get the point !!! thx
So, i have to upgrade the Nx7k from 5.1(4) to 5.2(3a)
or
I have to increase logging level for stp on the Nx5k ?
i could not fin the release 6.2(0.28)S0, 5.2(3.6)S0, 6.1(0.160)S0 on CCO : why ?
many thanks for your assitance. it is great !
Nicolas.
01-12-2012 06:52 PM
It is fixed in 5.2(3a).
You can do one of the workaround, upgrade to a fixed version or change the syslog level on the N5K.
Those release number with the "S" designation is internal test built, it will not release to CCO.
Regards,
jerry
01-16-2012 12:54 AM
that works !
Many thanx for your assistance.
It is great.
Best regards.
Nicolas.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide