Solved: Re: 2 root ports on Nx5k vPC pair.

delahais · ‎01-05-2012

In a large architecture DC,we have

(x) As core layer, one vPC pair of 2 Nx7010 : hsrp + root bridge of 2 MST instances with peer-switch.

(x) As distrib layer, one vPC pair of 2 Nx5596, layer 2 only

(x) As access layer, three vPC pairs of 2 Nx5548 layer 2 only + many fex single homed. These 3 pairs are called :

- 5548-1 : accesA1 ; 5548-2 : accesA11

- 5548-1 : accesB1 ; 5548-2 : accesB11

- 5548-1 : accesC1 ; 5548-2 : accesC11

Between core, distrib and access layers, we have 8 x 10 Gps link as Port-channel vPC / port-channel

For the peer-link of each pair, we have 4 or 2 x 10 Gps link.

accesA1, accesB1 and accesC1 are the primary vPC role

accesA11, accesB11 and accesC11 are the secondary vPC role.

The DC does work fine.

Via DCNM, I noticed that on accesA11, accesB11 et accesC11, we have this log :

2011 Dec 16 16:45:02 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root

2011 Dec 16 16:45:02 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root

2011 Dec 16 16:45:03 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root

2011 Dec 16 16:45:03 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root

2011 Dec 16 16:45:04 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root

2011 Dec 16 16:45:04 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root

2011 Dec 16 16:45:05 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root

2011 Dec 16 16:45:05 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root

2011 Dec 16 16:45:06 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root

2011 Dec 16 16:45:06 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0001 role changed to root

2011 Dec 16 16:45:07 accesB11 %STP-6-PORT_ROLE: Port port-channel220 instance MST0000 role changed to root

Please note the frequency !!!

I took a look on Nexus 5548 about MST and i could see that we have 2 root port on accesA11, accesB11 and accesC11. The 2 root ports explain this log... but i could not understant why we have 2 root ports ; On my mind, it is not possible :

accesA11# sh span

MST0000

Spanning tree enabled protocol mstp

Root ID Priority 0

Address 0023.04ee.be01

Cost 0

Port 4205 (port-channel110)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)

Address 547f.ee1a.d4bc

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po110 Root FWD 1000 128.4205 (vPC peer-link) Network P2p

Po210 Root FWD 200 128.4305 (vPC) P2p

MST0001

Spanning tree enabled protocol mstp

Root ID Priority 1

Address 0023.04ee.be01

Cost 1400

Port 4205 (port-channel110)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 547f.ee1a.d4bc

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po110 Root FWD 1000 128.4205 (vPC peer-link) Network P2p

Po210 Root FWD 200 128.4305 (vPC) P2p

Po110 : Po for the vPC peer-link

Po210 : Po for the vPC to distrib layer

I took a long moment on CCO but i did not find any way to solve this issue

Please, could you assist me ???

Many thanks in advance.

Nicolas.

Jerry Ye · ‎01-12-2012

It is fixed in 5.2(3a).

You can do one of the workaround, upgrade to a fixed version or change the syslog level on the N5K.

Those release number with the "S" designation is internal test built, it will not release to CCO.

Regards,

jerry

View solution in original post

Jerry Ye · ‎01-05-2012

What version is the N5500 and the N7K running? Also assumed you hard coded spanning-tree priority on the N7K.

Also, any reason you are doing 3 tier L2 design here???

Regards,

jerry

delahais · ‎01-09-2012

Hello Jerry,

First of all, thanks for your reply. Below my answers to your questions :

What version is the N5500 running ? :

Software

BIOS: version 3.5.0

loader: version N/A

kickstart: version 5.0(3)N2(1)

system: version 5.0(3)N2(1)

power-seq: Module 1: version v1.0

Module 3: version v2.0

uC: version v1.2.0.1

SFP uC: Module 1: v1.0.0.0

BIOS compile time: 02/03/2011

kickstart image file is: bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin

kickstart compile time: 6/13/2011 6:00:00 [06/13/2011 15:43:33]

system image file is: bootflash:/n5000-uk9.5.0.3.N2.1.bin

system compile time: 6/13/2011 6:00:00 [06/13/2011 17:33:42]

What version is the N7K running ? :

Software

BIOS: version 3.22.0

kickstart: version 5.1(4)

system: version 5.1(4)

BIOS compile time: 02/20/10

kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.4.bin

kickstart compile time: 12/25/2020 12:00:00 [06/29/2011 05:28:40]

system image file is: bootflash:///n7000-s1-dk9.5.1.4.bin

system compile time: 5/31/2011 18:00:00 [06/29/2011 06:19:13]

Also assumed you hard coded spanning-tree priority on the N7K.

core 1 :

spanning-tree mode mst

spanning-tree pathcost method long

no spanning-tree bridge assurance

spanning-tree mst 0-1 priority 0

spanning-tree mst configuration

name DCRonchin

revision 100

instance 1 vlan 2-4094

vpc domain 1

peer-switch

role priority 100

peer-keepalive destination 10.10.0.12 source 10.10.0.2

peer-gateway

reload restore

ip arp synchronize

core 2 :

spanning-tree mode mst

spanning-tree pathcost method long

no spanning-tree bridge assurance

spanning-tree mst 0-1 priority 0

spanning-tree mst configuration

name DCRonchin

revision 100

instance 1 vlan 2-4094

vpc domain 1

peer-switch

role priority 200

peer-keepalive destination 10.10.0.2 source 10.10.0.12

peer-gateway

reload restore

ip arp synchronize

Also, any reason you are doing 3 tier L2 design here???

Because we have 2 other computer Rooms with blade servers. These 2 rooms have one 2 Nx7k pair as distrib layer. the acces layer are 3020 CBS or HP flex-10 in blade servers.

So for each room, we have distrib and acces layer architecture.

For information, we have about 375 Vlans.

Many thanks in advance.

Nicolas.

krun_shah · ‎01-11-2012

Two root port po110 and po210 in show span command is due to switches' secondary vpc role seeing peer link as root port always. According to error MSG po220 is becoming root port for mst instance 0 and1 can you post config for po220

Sent from Cisco Technical Support iPhone App

delahais · ‎01-12-2012

hi,

Many thanks for your reply.

since my fist post, I did understand that we can have 2 root ports on secondary vpc role ; the "second" root port is the peer-link.

Please, see below the po 220 config :

accesB11 :

interface port-channel220

description distrib1

switchport mode trunk

vpc 220

spanning-tree port type normal

interface Ethernet1/25

description distrib11_1/21

switchport mode trunk

channel-group 220 mode active

interface Ethernet1/26

description distrib11_1/22

switchport mode trunk

channel-group 220 mode active

interface Ethernet1/28

description distrib12_1/21

switchport mode trunk

channel-group 220 mode active

interface Ethernet1/29

description distrib12_1/22

switchport mode trunk

channel-group 220 mode active

for info accesB1 :

interface port-channel220

description distrib1

switchport mode trunk

vpc 220

spanning-tree port type normal

interface Ethernet1/25

description distrib11_1/17

switchport mode trunk

channel-group 220 mode active

interface Ethernet1/26

description distrib11_1/18

switchport mode trunk

channel-group 220 mode active

interface Ethernet1/28

description distrib12_1/17

switchport mode trunk

channel-group 220 mode active

interface Ethernet1/29

description distrib12_1/18

switchport mode trunk

channel-group 220 mode active

I have 3 acces rows with 2 Nx 5548 pair: each 5548 vpc secondary log this message 3 or 4 times by second.

Many thx for your feedback.

nicolas.

Jerry Ye · ‎01-12-2012

Hi Nicolas,

The STP port role on the vPC secondary is normal. I was just wondering your topology, nothing to worry.

Also, to troubleshoot this syslog message, I need to know couple info from your STP root (N7K), what version is it running? Did you enable peer-switch? I would like to take a look at those config.

Regards,

jerry

delahais · ‎01-12-2012

Hello Jerry,

Yes peer-switch is used. please see below all info asked :

What version is the N5500 running ? :

Software

BIOS: version 3.5.0

loader: version N/A

kickstart: version 5.0(3)N2(1)

system: version 5.0(3)N2(1)

power-seq: Module 1: version v1.0

Module 3: version v2.0

uC: version v1.2.0.1

SFP uC: Module 1: v1.0.0.0

BIOS compile time: 02/03/2011

kickstart image file is: bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin

kickstart compile time: 6/13/2011 6:00:00 [06/13/2011 15:43:33]

system image file is: bootflash:/n5000-uk9.5.0.3.N2.1.bin

system compile time: 6/13/2011 6:00:00 [06/13/2011 17:33:42]

What version is the N7K running ? :

Software

BIOS: version 3.22.0

kickstart: version 5.1(4)

system: version 5.1(4)

BIOS compile time: 02/20/10

kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.4.bin

kickstart compile time: 12/25/2020 12:00:00 [06/29/2011 05:28:40]

system image file is: bootflash:///n7000-s1-dk9.5.1.4.bin

system compile time: 5/31/2011 18:00:00 [06/29/2011 06:19:13]

Also assumed you hard coded spanning-tree priority on the N7K.

core 1 :

spanning-tree mode mst

spanning-tree pathcost method long

no spanning-tree bridge assurance

spanning-tree mst 0-1 priority 0

spanning-tree mst configuration

name DCRonchin

revision 100

instance 1 vlan 2-4094

vpc domain 1

peer-switch

role priority 100

peer-keepalive destination 10.10.0.12 source 10.10.0.2

peer-gateway

reload restore

ip arp synchronize

core 2 :

spanning-tree mode mst

spanning-tree pathcost method long

no spanning-tree bridge assurance

spanning-tree mst 0-1 priority 0

spanning-tree mst configuration

name DCRonchin

revision 100

instance 1 vlan 2-4094

vpc domain 1

peer-switch

role priority 200

peer-keepalive destination 10.10.0.2 source 10.10.0.12

peer-gateway

reload restore

ip arp synchronize

Many thanks.

Jerry Ye · ‎01-12-2012

I think you are hitting this bug

CSCtt81655

Regards,

jerry

delahais · ‎01-12-2012

Hi,

Cool. it seems to me you get the point !!! thx

So, i have to upgrade the Nx7k from 5.1(4) to 5.2(3a)

or

I have to increase logging level for stp on the Nx5k ?

i could not fin the release 6.2(0.28)S0, 5.2(3.6)S0, 6.1(0.160)S0 on CCO : why ?

many thanks for your assitance. it is great !

Nicolas.

Jerry Ye · ‎01-12-2012

It is fixed in 5.2(3a).

You can do one of the workaround, upgrade to a fixed version or change the syslog level on the N5K.

Those release number with the "S" designation is internal test built, it will not release to CCO.

Regards,

jerry

delahais · ‎01-16-2012

that works !

Many thanx for your assistance.

It is great.

Best regards.

Nicolas.