[c-nsp] Spanning Tree works great - except when it doesn't

Thu Oct 15 05:37:33 EDT 2015

Hi, all,

we still rely on STP in our data centre. Top-of-rack switches are connected
to two core switches with Gigabit configured as trunks.

The two core switches have

	spanning-tree vlan 1-1005 priority 24576
and
	spanning-tree vlan 1-1005 priority 28672

respectively, to make sure the first one is the root with the second as a backup.

Recently I replaced top-of-rack switch. Switched a WS-C2950T-24 for a
WS-C2960-48TT-L. We have quite a few of those in operation, already
buying them refurbished in the last couple of months.

To my big surprise the new switch that I preconfigured and booted for minimal
downtime, then just moved the cables, put both uplink/trunk ports into the
forwarding state and quickly flooded the console with:

00:26:02: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.f7f6.8f80 in vlan 1 is flapping between port Gi0/2 and port Gi0/1
00:26:03: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0c9f.f001 in vlan 1 is flapping between port Gi0/1 and port Gi0/2
...

What the ...? For the moment I could only solve the problem by unplugging one of
the trunks. I'm not quite sure if I really built a loop that would have brought my entire
network down, but definitely all servers on that particular switch were unreachable
- the switch was flooded and completely overloaded.

The software on the new switch is

	Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE5, RELEASE SOFTWARE (fc1)

How can I debug this? I have remote access to the misbehaving switch and the old
one it replaced is on my desk. Of course I can provide configuration details, if needed.

Activating the second uplink port is only possible for short periods of time, so I'd
like to prepare as well as possible ;-)

Thanks for any hints.

Second with all the fun we have with STP and VTP: we are actively looking into products
that can replace our layer 2/STP architecture. As far as I know there are products that can
scale in a mesh and use all active links for traffic.

But when I lookup, say, Brocade's line of switches, we are faced with price tags ... well.

The 48-Port FE switches cost about a thousand when they were current hardware and
we bought new. One switch supports 16 servers in our rack. Now we get them for 350
refurbished.

Of course I would happily pay a thousand or two/three for a more modern architecture
plus GE/10G-uplink instead of FE/GE-uplink. But all products I find seem to be in the
10k and more range. Which unfortunately is completely out of reach for an access switch
for us.

Any suggestions on what I should look for?

Kind regards
Patrick
--
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info at punkt.de       http://www.punkt.de
Gf: Jürgen Egeling      AG Mannheim 108285

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20151015/d82b66b4/attachment.sig>