Re: STP ROOT BRIDGE PROBLEM!!!! from Marko Milivojevic on 2010-06-18 (Ccielab archives 06/2010)

From: Marko Milivojevic <markom_at_ipexpert.com>
Date: Fri, 18 Jun 2010 17:55:08 -0400

> Oh, I just re-read this... No... this is *not* true. Frames WILL cross
> border ports.

Since this is a study list, let's not leave it at empty words. I
labbed this up real quick.

So, the suggestion was that: [loosely quoted] "MST can be used to
prevent switch from becoming root, since it will isolate it from the
rest of the network". Another one was that "border between MST regions
is inpassable barrier for frames between them".

Very well, I like testing this stuff.

I built network of 4 switches: Cat1, Cat2, Cat3 and Cat4. They are
connected as such:

Cat1-Cat2: Fa0/24
Cat2-Cat3: Fa0/22
Cat3-Cat4: Fa0/22
Cat4-Cat1: Fa0/24

Cat1 and Cat3 make one MST region, while Cat2 and Cat4 form another.
Interfaces Fa0/24 are shut-down. Let's take a look.

Cat1#show spanning-tree mst configuration
Name [IPexpert-Rulez]
Revision 1 Instances configured 1

Instance Vlans mapped
-------- ---------------------------------------------------------------------
0 1-4094
-------------------------------------------------------------------------------
Cat1#show spanning-tree mst

##### MST0 vlans mapped: 1-4094
Bridge address 000b.be96.d800 priority 24576 (24576 sysid 0)
Root this switch for the CIST
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/22 Desg FWD 200000 128.22 P2p

------------------------------8<------------------------------

Cat3#show spanning-tree mst configuration
Name [IPexpert-Rulez]
Revision 1 Instances configured 1

##### MST0 vlans mapped: 1-4094
Bridge address 0018.baf8.a200 priority 28672 (28672 sysid 0)
Root address 000b.be96.d800 priority 24576 (24576 sysid 0)
port Fa0/22 path cost 0
Regional Root address 000b.be96.d800 priority 24576 (24576 sysid 0)
internal cost 200000 rem hops 19
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/22 Root FWD 200000 128.24 P2p

------------------------------8<------------------------------

Cat2#show spanning-tree mst configuration
Name [IPexpert-Rocks]
Revision 1 Instances configured 1

##### MST0 vlans mapped: 1-4094
Bridge address 001b.d4d3.0280 priority 24576 (24576 sysid 0)
Root this switch for the CIST
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/22 Desg FWD 200000 128.24 P2p

------------------------------8<------------------------------

Cat4#show spanning-tree mst configuration
Name [IPexpert-Rocks]
Revision 1 Instances configured 1

##### MST0 vlans mapped: 1-4094
Bridge address 0018.baf8.5a80 priority 28672 (28672 sysid 0)
Root address 001b.d4d3.0280 priority 24576 (24576 sysid 0)
port Fa0/22 path cost 0
Regional Root address 001b.d4d3.0280 priority 24576 (24576 sysid 0)
internal cost 200000 rem hops 19
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/22 Root FWD 200000 128.24 P2p

------------------------------8<------------------------------

We can clearly see that Cat1 is the root for MST domain called
IPexpert-Rulez and Cat2 for the IPexpert-Rocks. Furthermore, we can
see that two roots have the same priority (24576), with Cat1 having
lower Bridge-ID. We'll need that for later.

One more thing I did is that in all four switches, I created SVI Vlan1
with IP address 10.0.0.X/24, where X is the switch number. Cat1 should
be able to ping Cat3 and Cat2 should be able to ping Cat2.

Cat1#ping 10.0.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

------------------------------8<------------------------------

Cat2#ping 10.0.0.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

------------------------------8<------------------------------

Very nice. Now, let's test our inpenetrable barrier. I will bring
Fa0/24 interfaces up on all switches. What happens now. From what I
read in this thread, Cat1 should remain root and Cat2 should remain
root, as ... they can't communicate. [btw. this is wrong, like I
stated earlier]

Cat1#show spanning-tree mst

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/22 Desg FWD 200000 128.22 P2p
Fa0/24 Desg FWD 200000 128.24 P2p

------------------------------8<------------------------------

Cat2#show spanning-tree mst

##### MST0 vlans mapped: 1-4094
Bridge address 001b.d4d3.0280 priority 24576 (24576 sysid 0)
Root address 000b.be96.d800 priority 24576 (24576 sysid 0)
port Fa0/24 path cost 200000
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/22 Desg FWD 200000 128.24 P2p
Fa0/24 Root FWD 200000 128.26 P2p Bound(RSTP)

------------------------------8<------------------------------

Interesting. Yes, Cat2 remains "regional root", but the switch for the
whole network is Cat1! Furthermore... all switches can ping each
other.

Cat1#ping 10.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Cat1#ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Cat1#ping 10.0.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Cat1#ping 10.0.0.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

------------------------------8<------------------------------

No, MST is not the solution for the problem in this thread... hence my
question "how would that help?".

The easiest solution for the question in this thread is to make all
other switches "root primary" in sequence, leaving the undesirable
switch as the least likely to be elected as one.

--
Marko Milivojevic - CCIE #18427
Senior Technical Instructor - IPexpert
YES! We include 400 hours of REAL rack
time with our Blended Learning Solution!
Mailto: markom_at_ipexpert.com
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Web: http://www.ipexpert.com/
Blogs and organic groups at http://www.ccie.net

Received on Fri Jun 18 2010 - 17:55:08 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:37 ART