[c-nsp] Port-channel between Cisco 4948 and ASR 9k going err-disable

David Wilkinson cisco-nsp at noroutetohost.net
Wed Oct 12 13:06:29 EDT 2016 

On 12/10/2016 00:12, Tom Hill wrote:
>
> I'm assuming you know what that device is that's claiming the root
> bridge? That's probably a good clue.
The "new" root bridge mac is device which has always been the root for 
this VLAN, not of the other devices between these and the root logged a 
change.
> Assuming PVST BPDUs are leaking across the VPLS instance, perhaps this
> is (as Dragan alludes to) triggering the EtherChannel/STP
> misconfiguration detection.
>
> There's a good description here:
>
>   http://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/20625-127.html
"Both sent and received BPDUs are examined by the detection mechanism. 
An EtherChannel is considered inconsistent if the channel detects 
greater than 75 BPDUs from different MAC addresses in more than 30 
seconds. However, if 5 BPDUs are seen consecutively from the same MAC 
address, the detection counters are reset. These timers/counters can 
change in future software releases."

This might be it, It will be seeing BPDUs from different MAC addresses 
as there are multiple STP speaking switches connected the VPLS instances.

>
> With the split horizon forwarding inherent to VPLS, do you need PVST (or
> STP in general) to run across these links?
Without PVST running I end up with looping traffic, The traffic leaves 
the VPLS on ASR 1, goes to the 4948 devices, then comes back into the 
VPLS on ASR 2, which then gets forwarded back to ASR 1 and out to 4948.
Running PVST over the VPLS allowed the 4948 to put one of port-channels 
up to the an ASR into blocking and stopping the loop.

Take the following as an example, customer has a layer 2 service between 
sites. Should one of the ASRs or one links to the ASR fails traffic 
should flow via one of the other links.
The customer's VLAN from the 4948 goes in to a VPLS on the ASRs.

            Customer
               |
               |
4948 1 ---- 4948 2
|              |
|              |
ASR 1 ------ ASR 2
|              |
|              |
4948 3 ---- 4948 4
|
|
Customer

If the BPDUs are not sent over the VPLS instance then it loops.

Should split horizon stop the loops when connecting downstream switches 
in a resilient configuration?

More information about the cisco-nsp mailing list