Help to determine the most suitable STP type for my configuration

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello, everybody!

I have a network, where only Extremes exist.

Access layer are 8 stacks spread through floors.

Distribution layer is a stack of 2 X670.

Core layer are two BD8806 connected with MLAG. There is also VRRP configured.

There is one etherchannel between core for MLAG, and one etherchannel to X670 stack.

Floor stacks are connected to X670 with one etherchannel link.

I have 30 vlans total.

The schema is provided below.

Could you please help me to find the most suitable STP type/configuration?

At the moment I have configured EMISTP encapsulation with dot1w mode, but I don't like it. 

Many thanks in advance,

Ilya

P.S. With this scheme I have strange alternating ping replies from 1 to 50 ms. Is there any connection with STPDs or VRRP in the core?

P.P.S Could you give me a link to any article where the simplest STP configuration on extremes described? I am interested in the method of configuring STP for all vlans with minimum efforts like in CISCO.

Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of André Herkenrath

André Herkenrath, Employee

  • 1,962 Points 1k badge 2x thumb
Hi,

where do you see a potential for a loop ? I don't see any need for STP in this network.
If you want a loop prevention for access ports I would recommend ELRP.

Regards
André
(Edited)
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Hello, Andre!

Thank you for your reply.

First of all, at the access layer. Customers sometimes attach stupid switches.

Secondly, at the distribution layer. During the configuration process last weekend the technicians got wrong with cables and looped X670 stack. (LLDP was my salvation!)

Anyway, there are many free ports on X670. The both switches of this stack is located on different floors. The chance of mistake is high.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Hi Ilya,

for the distribution switches, you can disable unused ports. Alternatively you can remove any VLAN from the unused ports (e.g. "configure vlan Default delete ports all").

Br,
Erik
Photo of André Herkenrath

André Herkenrath, Employee

  • 1,962 Points 1k badge 2x thumb
OK - I understood your issue. 
Please look into ELRP - It makes life a lot easier than STP.

Regards
André
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Thanks to you, Andre!

I've heard about this feature, but still haven't clear understanding what it really does?

If it's enabled, what will happen in case of a loop?
Photo of André Herkenrath

André Herkenrath, Employee

  • 1,962 Points 1k badge 2x thumb
You can decide, what it does - Most customers disable the port for 60 seconds and send a notification.

Best Regards
André
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
So, your advice is to remove STP from core and distribution layers and replace them with ELRP?

Is there any negative impact of STPD on a network? on switches?
Photo of André Herkenrath

André Herkenrath, Employee

  • 1,962 Points 1k badge 2x thumb
In the core layer you already have MLAG. There you have to be very careful with another L2 Protocol. And when it comes to "stupid patch prevention" I'd always prefer ELRP over STP.
In your network I see the most risk of stupid patching in the Edge. In these areas ELRP is always a good choice.

Regards
André
Photo of David Coglianese

David Coglianese, Embassador

  • 7,388 Points 5k badge 2x thumb
ELRP is very simple to configure and works flawlessly from what I have seen.

Configure ELRP to run on a NoLoop Vlan tagged on every port and exclude the uplinks.

Most of our customers run it with a permanent disable and simply enable the port after they clear the loop.

Thanks,
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Hello, David!

What is the difference between uplinks and tagged ports? I think there isn't...

Am I correct, that you recommend me to use ELRP for access ports and STP for uplinks? Something like "enable stpd VLAN5 auto-bind vlan VLAN5"...?

Thank you!
Photo of David Coglianese

David Coglianese, Embassador

  • 7,388 Points 5k badge 2x thumb
By uplinks I simply meant your inter-switch connections which we obviously do not want to disable. 

We still add the noloop vlan to those ports so that a loop that spans two closets will be detected but we exclude the uplink port so elrp does not disable that port.

We do not need stp at all. In our configuration ELRP will tell you if there is a link on an uplink port but not disable it. If you do not add the vlan used by ELRP to the uplink ports  the link in the below drawing could go undetected.
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,714 Points 10k badge 2x thumb
The uplinks are the connections between the switches. You want to configure those ports for ELRP but exclude them from any action. You don't want an uplink port disabled. He referring to a simple VLAN present on the entire network where every port on every switch is tagged. Enabling ELRP on this VLAN on each switch will allow it to send out the necessary multicast traffic and perform an action if it receives it back.

I would not use both. ELRP will take care of everything you need. If you would like to use STP to prevent loops you can simply configure edge-safeguard on all the ports except the uplinks and it will do the same thing.
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Guys... Did I get it right...? To protect access ports against loops I have to add to all of them special technical VLAN as tagged. Then turn on the mysterious ELRP.  Associate it with the VLAN. In case of a loop ELRP have to detect on a certain port  BPDUs from current switch (from himself) and block the port, yes? Permanent or for period of time...

Would this conf be ok?

create vlan ELRP tag 4094
conf vlan ELRP add ports all tag
enable elrp-client
configure elrp-client disable-ports exclude 49,50 (these are uplinks)
configure elrp-client periodic "ELRP" ports all log disable-port duration 60

Why shouldn't I turn on the same feature at distribution layer on X670?

To be honest I scrating my head over whether is it safe to completely remove STPDs from core and distribution? Still thinking...

Many thanks to you!

P.S. Will you attend annual summit in Orlando?)
Photo of Drew C.

Drew C., Community Manager

  • 40,826 Points 20k badge 2x thumb
I'll be there working at the Services booth - stop by and say hello!
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Surely, Drew! See you in Orlando!
Photo of David Coglianese

David Coglianese, Embassador

  • 7,388 Points 5k badge 2x thumb
I have not tested it but I don't think you can name a VLAN elrp, I think it is "protected" which could be why we use "noloop" 

You can turn elrp on for the distribution layer, I think were where all just advising against letting it disable ports that will take down entire switches.

We don't use stp at all, but its your network......

Orlando sounds fun but boss would have to send me. Wish me luck on that one.

Thanks,
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
David, I wish you the luck!)

Thank you!
Photo of EtherMAN

EtherMAN, Embassador

  • 7,370 Points 5k badge 2x thumb
One other thing you can do that is also a great alarm generator and protection on edge access ports. Enable rate shaping.

you have three options... broadcast, mcast, and unknown mac address packets per second. This is fully configurable .. We only do broadcast and set it to 200 pps. If someone plugs a dumb switch in a loops it on their side this simple configuration will limit the amount of broadcast packets coming from them and send you monitoring system and nice trap.
Good luck