cancel
Showing results for 
Search instead for 
Did you mean: 

LoopProtect and MSTP

LoopProtect and MSTP

jeronimo
Contributor III
Hi,

I've been reading up on Spanning Tree and LoopProtect. In the 7100 v8.41 Configuration Guide on page 338 there is a note that says:

The Loop Protect enable/disable settings for an MSTI port should match those for the CIST port.
What exactly does this mean? What does this statement require us to be vigilant about in our configs?

Does it mean that if you "set spantree lp ge.1.2 enable sid 1" you should also "set spantree lp ge.1.2 enable" (sid 0) etc. for all other SIDs? Why?

Bye,

Marki

8 REPLIES 8

Allen_George
Extreme Employee
Hello Marki,

A1) So that diagram and port/SID layout looks correct for how you would want it configured.

Q2) In regards to your second question, are you referring to a specific port in this diagram that you are seeing this? Keep in mind that the MSTI BPDUs are most likely still going to be sent regardless, but the remote device just won't process them as the SID/region doesn't exist (Assuming I am understanding what you are trying to explain). Reason for this is because all ports belong in each SID in the background by design, the VLANs are just required to carry proper MSTP communication between switches so it will functionally speak when required and dropped when not needed/configured.

Regards,
Allen George
Technical Support Engineer, GTAC / Extreme Networks

Thanks a lot for the clarifications and approval concerning Q1.

You understood right concerning Q2 and I realize that I should have reflected more thoroughly on this before asking. For the people following this thread: indeed, if the hash transmitted in MST BPDU differs between sender and recipient, they know that they are at a region boundary and will ignore the M-records. For the case where the remote side runs classic STP and not MSTP it will ignore the MSTP part entirely as you said, as (R)STP and MSTP are designed to be interoperable. So, it is not an error or a problem that MSTI BPDUs are generated/sent/received as one can see with the debug commands.

jeronimo
Contributor III

Hi again,

So, can someone confirm if what I thought I had understood from Allen's reply is correct or not? (See my reply above.)

Let me give you a simple and concrete example:

80e379ab4f934cf98e4eb49db4b00fa8_RackMultipart20160427-52063-1eandh9-mstp-lp-example_inline.png



Q1) In that diagram, how should the different ports be configured for LoopProtect? I am proposing the following:
P1 LoopProtect SID0+SID1
P2 LoopProtect SID0+SID1
P3 LoopProtect SID0
P4 LoopProtect SID0+SID1
P5 LoopProtect SID0+SID1
P6 LoopProtect SID0+SID1
P7 LoopProtect SID0+SID1
P8 LoopProtect SID0Q2) Oh and in that regard: Why is it that "show spantree debug active port x.y.z sid 1" shows an MSTI BPDU Rx Count and MSTI BPDU Tx Count when the port is a master port? By definition, there are no MSTI BPDUs between regions...?

Bye,

Marki

jeronimo
Contributor III
Ok, so if I understand correctly, the "problem" arises through the fact that MSTP, contrary to e.g. PVST, does not send BPDUs per VLAN but on a port-basis. Thus, for LoopProtect to be effective and not create more trouble than it should prevent, you have to perform a manual and explicit accounting of what VLANs are present on what ISLs.

So generally speaking, if we'd like to use the LoopProtect feature, we have to perform the following with our ISLs:
1) Enable LoopProtect in SID0 for every ISL ;
2) Enable LoopProtect in SIDx if any of the VLANs configured in SIDx are active on that ISL.

In our case where we
1) mainly chose to use MSTP to get the higher max. hopcount of 20 compared to RSTP (7)
2) are using only one MSTP instance in every MSTP region
then this boils down to simply activating LoopProtect on SID0 and SID1 on every ISL and we should be good.

Can you confirm that this reasoning is correct?
If so, why not share such details in the Configuration Guides for example 🙂

Thanks a lot for your insight.

Marki

PS. If all my reasoning is correct, and to prevent problems for people not aware of all this, then the switch could/should IMHO enable LoopProtect in SID0 automatically as soon as you activate it for any SID different than SID0...
GTM-P2G8KFN