MSTP in a rapidly changing environment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-05-2016 10:19 AM
I'm having a hard time integrating MSTP in my environment.
Basically it's a rapidly changing environment where projects change on a weekly, sometimes even daily basis.
This means that adding VLANs and creating new networks and firewall policies is a very frequent task.
The topology consists of a pair of core switches (MLAG peers) and lots of edge switches (20+). All of those belong to the same MSTP region.
What happens is that often I have to add another VLAN/network for a particular area (covered by a particular edge switch) and since I want to have it protected by STP i end up with a very time consuming task.
Problem is, when I create another VLAN I have to make MSTP digest consistent throughout my whole topology.
That means I have to go through all of core and ALL of my edge switches (20-30 of them) and create the VLAN, auto-bind it to a MSTI and finally even add it to the uplink.
Basically it's such an overhead I'm almost thinking of binding only permanenly existing VLANs (e.g. infrastructure, sales...) and leave the project VLANs outside of STP completely.
Creating a script to automate the config at least on the edge switches seems very dangerous...
I hate to say this but something like this is a breeze on cisco.
There you can manage and propagate VLANs with VTP (yes i know of the shortcomings...); MSTP can be configured in advance identically everywhere since VLANs don't have to _exist_ in order to be defined in MSTI config.
I desperately need some advice or suggestion how to reduce the overhead this imposes...
To sum it up,
Problem 1 - is there really no way to make MSTP config consistent everywhere before VLANs are even created on the switch? E.g. configure mstp to bind vlans 1-999 to MSTI before all of those VLANs even exist - just so that the digest matches everywhere.
Problem 2 - is there really no way to simplify VLAN propagation? MVRP comes really close but it's meant only for AVB. Since it's impossible to manually adding ports to dynamically created VLAN it's useless in this scenario.
If those problems aren't solved, how do you guys cope?
Thanks in advance,
Regards,
Vladimir
Basically it's a rapidly changing environment where projects change on a weekly, sometimes even daily basis.
This means that adding VLANs and creating new networks and firewall policies is a very frequent task.
The topology consists of a pair of core switches (MLAG peers) and lots of edge switches (20+). All of those belong to the same MSTP region.
What happens is that often I have to add another VLAN/network for a particular area (covered by a particular edge switch) and since I want to have it protected by STP i end up with a very time consuming task.
Problem is, when I create another VLAN I have to make MSTP digest consistent throughout my whole topology.
That means I have to go through all of core and ALL of my edge switches (20-30 of them) and create the VLAN, auto-bind it to a MSTI and finally even add it to the uplink.
Basically it's such an overhead I'm almost thinking of binding only permanenly existing VLANs (e.g. infrastructure, sales...) and leave the project VLANs outside of STP completely.
Creating a script to automate the config at least on the edge switches seems very dangerous...
I hate to say this but something like this is a breeze on cisco.
There you can manage and propagate VLANs with VTP (yes i know of the shortcomings...); MSTP can be configured in advance identically everywhere since VLANs don't have to _exist_ in order to be defined in MSTI config.
I desperately need some advice or suggestion how to reduce the overhead this imposes...
To sum it up,
Problem 1 - is there really no way to make MSTP config consistent everywhere before VLANs are even created on the switch? E.g. configure mstp to bind vlans 1-999 to MSTI before all of those VLANs even exist - just so that the digest matches everywhere.
Problem 2 - is there really no way to simplify VLAN propagation? MVRP comes really close but it's meant only for AVB. Since it's impossible to manually adding ports to dynamically created VLAN it's useless in this scenario.
If those problems aren't solved, how do you guys cope?
Thanks in advance,
Regards,
Vladimir
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-07-2016 04:56 PM
There's a few hundred vlans we manage (small number of access ports per vlan tho) so MSTP makes most sense in terms of reduced cpu footprint.
Also, different root is desirable (currently not needed) for cases when integrating dedicated project equipment into existing infrastructure.
Also, different root is desirable (currently not needed) for cases when integrating dedicated project equipment into existing infrastructure.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-07-2016 02:15 PM
On the edge.
Do you currently use MSTP to load balance vlans across redundant links, or need different root?
Do you currently use MSTP to load balance vlans across redundant links, or need different root?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-07-2016 01:49 PM
On which side you mean? The core or on the edge switches?
In any case, I assume you mean to abandon MSTP and just use plain STP with only one VLAN participating?
I guess that defeats the whole concept then.
In any case, I assume you mean to abandon MSTP and just use plain STP with only one VLAN participating?
I guess that defeats the whole concept then.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-06-2016 10:44 AM
I like that idea,
That's like the ELRP spanning tree config.
That's like the ELRP spanning tree config.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-06-2016 10:42 AM
How about adding a tagged vlan to all your end system ports, such as STP_VLAN? You can setup that one vlan to do spanning tree and then you can leave it alone, and add and delete other vlans off of the port, without affecting your STP config.
