[c-nsp] Spanning Tree works great - except when it doesn't

daniel.dib at reaper.nu daniel.dib at reaper.nu
Thu Oct 15 06:11:23 EDT 2015 


2015-10-15 11:37 skrev Patrick M. Hausen:
> Hi, all,
> 
> we still rely on STP in our data centre. Top-of-rack switches are 
> connected
> to two core switches with Gigabit configured as trunks.
> 
> The two core switches have
> 
> 	spanning-tree vlan 1-1005 priority 24576
> and
> 	spanning-tree vlan 1-1005 priority 28672
> 
> respectively, to make sure the first one is the root with the second
> as a backup.
> 
> Recently I replaced top-of-rack switch. Switched a WS-C2950T-24 for a
> WS-C2960-48TT-L. We have quite a few of those in operation, already
> buying them refurbished in the last couple of months.
> 
> To my big surprise the new switch that I preconfigured and booted for 
> minimal
> downtime, then just moved the cables, put both uplink/trunk ports into 
> the
> forwarding state and quickly flooded the console with:
> 
> 00:26:02: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.f7f6.8f80 in vlan 1 is
> flapping between port Gi0/2 and port Gi0/1
> 00:26:03: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0c9f.f001 in vlan 1 is
> flapping between port Gi0/1 and port Gi0/2
> ...
> 
> What the ...? For the moment I could only solve the problem by 
> unplugging one of
> the trunks. I'm not quite sure if I really built a loop that would
> have brought my entire
> network down, but definitely all servers on that particular switch
> were unreachable
> - the switch was flooded and completely overloaded.
> 
> The software on the new switch is
> 
> 	Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version
> 15.0(2)SE5, RELEASE SOFTWARE (fc1)
> 
> How can I debug this? I have remote access to the misbehaving switch 
> and the old
> one it replaced is on my desk. Of course I can provide configuration
> details, if needed.
> 
> Activating the second uplink port is only possible for short periods
> of time, so I'd
> like to prepare as well as possible ;-)
> 
> Thanks for any hints.
> 
> 
> Second with all the fun we have with STP and VTP: we are actively
> looking into products
> that can replace our layer 2/STP architecture. As far as I know there
> are products that can
> scale in a mesh and use all active links for traffic.
> 
> But when I lookup, say, Brocade's line of switches, we are faced with
> price tags ... well.
> 
> The 48-Port FE switches cost about a thousand when they were current
> hardware and
> we bought new. One switch supports 16 servers in our rack. Now we get
> them for 350
> refurbished.
> 
> Of course I would happily pay a thousand or two/three for a more
> modern architecture
> plus GE/10G-uplink instead of FE/GE-uplink. But all products I find
> seem to be in the
> 10k and more range. Which unfortunately is completely out of reach for
> an access switch
> for us.
> 
> Any suggestions on what I should look for?
> 
> Kind regards
> Patrick
> --
> punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
> Tel. 0721 9109 0 * Fax 0721 9109 100
> info at punkt.de       http://www.punkt.de
> Gf: Jürgen Egeling      AG Mannheim 108285
> 
> 


What protocol are you running? RPVST+ or MST? What were the port roles 
when the loop formed? Did you have the default bridge priority on the 
new switch? Is it possible that you had a unidirectional link? Copper or 
fibre for the trunk ports? Any other STP features enabled? Root Guard? 
Loop Guard? BPDU filter? Did you verify the trunks were fully 
operational?

It won't be easy giving more advice until we can see the output from the 
actual devices.

For your second question, there are lots of different options such as 
stacking, VSS, VPC which can be used for less painful STP 
implementations. Nothing is perfect though and you need to understand 
why you choose a certain architecture. Then you also have FabricPath or 
TRILL to build L2 network not relying on STP.

Regards,

Daniel Dib
Senior Network Architect
CCIE #37149

More information about the cisco-nsp mailing list