So I've been preparing for a Nexus DC project and have run into learning
about Bridge Assurance. I get what the protocol does in a traditional STP
sense - If I stop receiving BPDU's from a neighboring switch, I assume
there is a problem and move the port to inconsistent state. This works
great for protecting against unidirectional links in a traditional STP
environment. Very much like loop guard
In the traditional sense, this makes perfect sense to me...port is in
blocking state to prevent a bridging loop, stops receiving BPDUs from it's
designated port, transitions to forwarding and causes a loop. Bridge
assurance can fix that issue.
What I'm struggling to understand is it's default application on a vPC
peer-link. From what I understand both sides of the peer-link are ALWAYS
forwarding. One side is always the designated port while the other is the
root port. So...let's say I have this situation - SW1 peer link is the
designated port and SW2 peer link is the root port. Say SW1 has a failure
of sorts or there is a unidirectional link such that SW1 is sending BPDUs
but SW2 does not receive them. Since both switch peer-links are ALREADY
forwarding, what's the difference? It's not like I am going to transition
from blocking to forwarding and cause a bridging loop. The loop prevention
is still being done by the vPC rules (never forward a frame that came over
the peer-link to vPC member ports)
What am I missing?
-- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan Blogs and organic groups at http://www.ccie.netReceived on Fri Jun 28 2013 - 10:38:39 ART
This archive was generated by hypermail 2.2.0 : Mon Jul 01 2013 - 06:58:42 ART