MSTP and bpdu-restrict - CIST vs MSTI

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Enabling edge-safeguard on CIST is propagated to MSTIs as per documentation, what about bpdu-restrict?
Bpdu-restrict first must be enabled on the CIST, without that MSTIs don't want to enable it that for sure.
But what is the behavior when a BPDU arrives on an edge port that is in a VLAN (MSTI instance) and bpdu-restrict is enabled only on the CIST?

Basically this:

configure vlan V99 add ports 1
configure stpd s0 mode mstp cist
create stpd s1
configure stpd s1 mode mstp msti 1
enable stpd s1 auto-bind vlan V99
configure stpd s0 ports mode dot1d 1
configure stpd s0 ports cost auto 1
configure stpd s0 ports port-priority 128 1
configure stpd s0 ports link-type edge 1
configure stpd s0 ports edge-safeguard enable 1 recovery-timeout 300
configure stpd s0 ports bpdu-restrict enable 1 recovery-timeout 300
enable stpd s0 ports 1
configure stpd s1 ports mode dot1d 1
configure stpd s1 ports cost auto 1
configure stpd s1 ports port-priority 128 1
configure stpd s1 ports link-type edge 1
configure stpd s1 ports edge-safeguard enable 1
enable stpd s1 ports 1
# show s1 port 1
Port   Mode   State      Cost  Flags     Priority Port ID Designated Bridge
1      802.1D DISABLED   200000 e?ee-w-SB- 128      8001    00:00:00:00:00:00:00:00

Total Ports: 1
...
zgsw169.9 # show s0 port 1
Port   Mode   State      Cost  Flags     Priority Port ID Designated Bridge
1      802.1D DISABLED   200000 e?ee-w-GB- 128      8001    00:00:00:00:00:00:00:00

Total Ports: 1
...

Does the port get disabled or not?
I mean, the port IS afterall in CIST with bpdu-restrict active...

Thanks.
Photo of vobelic

vobelic

  • 362 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,514 Points 5k badge 2x thumb
Hi Vobelic,

I did a test in the LAB.

Here is the config which i have in LAB

configure mstp region 0004968fb060
configure stpd s0 mode mstp cist
create stpd s1
configure stpd s1 mode mstp msti 1
configure stpd s1 add vlan v99 ports 5 dot1d
configure stpd s0 ports mode dot1d 5
configure stpd s0 ports cost auto 5
configure stpd s0 ports port-priority 128 5
configure stpd s0 ports link-type edge 5
configure stpd s0 ports edge-safeguard enable 5
configure stpd s0 ports bpdu-restrict enable 5
enable stpd s0 ports 5
configure stpd s1 ports mode dot1d 5
configure stpd s1 ports cost auto 5
configure stpd s1 ports port-priority 128 5
configure stpd s1 ports link-type edge 5
configure stpd s1 ports edge-safeguard enable 5
enable stpd s1 ports 5

I have enabled the BPDU restrict only the STP S0 which is the CIST and here are the logs once i enabled the same.

11/11/2015 01:18:30.08 <Info:vlan.msgs.portLinkStateDown> Port 5 link down
11/11/2015 01:18:30.04 <Info:vlan.dbg.info> Toggling AdminState on Port 5
11/11/2015 01:18:30.04 <Warn:STP.DsblPortBrdgDtect> BPDU Restrict Port (5) has received a bpdu and will be shutdown.

* B3:U16.58 # show stpd "s0" ports
Port   Mode   State      Cost  Flags     Priority Port ID Designated Bridge
1      802.1D FORWARDING 20000 eRppam--B- 128      8001    80:00:00:04:96:82:5a:28
3      802.1D FORWARDING 20000 eDpp-m--B- 128      8003    80:00:00:04:96:8f:b0:60
5      802.1D DISABLED   20000 e?ee-m-GB- 128      8005    00:00:00:00:00:00:00:00

* B3:U16.59 # show stpd "s1" ports
Port   Mode   State      Cost  Flags     Priority Port ID Designated Bridge
1      802.1D FORWARDING 20000 eMppam--B- 128      8001    80:00:00:04:96:8f:b0:60
3      802.1D FORWARDING 20000 eDpppm--B- 128      8003    80:00:00:04:96:8f:b0:60
5      802.1D DISABLED   20000 e?ee-m-SB- 128      8005    00:00:00:00:00:00:00:00


I hope this is what the answer you are looking for...
Photo of vobelic

vobelic

  • 362 Points 250 badge 2x thumb
Thanks!

That indeed answers my question.

Now the only thing that could be even more helpful would be an update in the documentation or even in the code - there's really no need for S flag in MSTI instances when there's already a G flag in CIST is there?
One could simply state that both the bpdu-restrict as well as edge-safeguard are propagated from CIST to MSTI instances.
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,514 Points 5k badge 2x thumb
Hi Vobelic,

BPDU Restrict on Edge Safeguard
BPDU restrict causes a port on which this feature is configured to be disabled as soon as an STP BPDU is received on that port.

If we take the actual working scenario the CIST is configured with BPDU Restrict disable's the port physically up on receiving the STP BPDU.

So it does not propagate the BPDU-restrict function to the MIST rather it disables the port physically.
Photo of vobelic

vobelic

  • 362 Points 250 badge 2x thumb
I simply meant that it's misleading to be able to specifically enable bpdu-restrict per MSTI even when it's already enabled in CIST.
I think that the "G" flag should be shown in MSTI port info rather than "S" as soon as bpdu-restrict is enabled in CIST. It may be just a matter of being consistent :)
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,514 Points 5k badge 2x thumb
Hi Vobelic,

In which version of the user/concepts guide ?
Could you please point me to the documentation the exact line and the page number?

once shared i can get in touch with the internal team and get back to you.