[j-nsp] Connecting two spanning-tree domains

Marvin Bartchlett mbartchlett at juniper.net
Tue Aug 27 13:19:28 EDT 2013 

Yep - Agree with Josh. I had this same scenario where a customer was migrating data centers. We built a new DC based off Juniper hardware and needed to provide connectivity to the old DC (within the same colo) which was all Cisco based (MSTP (Juniper) to PVST (Cisco)).

At first we connected the two networks together via a simple 10G Ethernet connection between the 2 DC’s. Things worked fine until one of the engineers at the old DC installed a really old cisco switch which then became root for both DCs.

In the end we decided it was safer to segment the 2 data centers behind a Layer 3 device in order to keep the STP domains from stepping on each other.

There is no L2 Spanning Tree ‘firewall’ and the way STP works you will always have issues with root elections when you try to ‘merge’ two different STP schemes unless you physically separate the 2 STP domains with a router or firewall.

You could also try filtering out BPDU’s (like Josh said below) on the uplinks between the 2 data centers, but then you will need to manually ensure there is only 1 path between the 2 else you could get into a switching loop.

In this case, if you need to ensure link redundancy between the two centers, you could try an aggregated link between the two switching infrastructures and filter-out BPDUs on the AE. This is essentially the same as keeping MSTP on one side of the connection and RSTP on the other.


Best regards,
Marvin Bartchlett
Juniper Networks
Resident Engineer - City of Lakeland, FL
Mobile: +1-904-614-1712
Skype & Google+: mbartchlett

From: Josh Hoppes
Sent: ‎Tuesday‎, ‎August‎ ‎27‎, ‎2013 ‎12‎:‎56‎ ‎PM
To: Johan Borch, juniper-nsp at puck.nether.net

If you filter out BPDUs it won't change the roots, but it won't talk
either protocol. What you're talking about is breaking fundamental
part of spanning tree anyway so why do you care if the device even
participates in the process?

On Tue, Aug 27, 2013 at 10:16 AM, Johan Borch <johan.borch at gmail.com> wrote:
> This is basically two datacenters with a lot of devices on each side, and I
> need to exchange vlans in a redundant way. I need something solid so that
> one side can't interfere with the other side. Is there some way to add an
> extra L2 device between the networks to act as some kind of spanning tree
> "firewall" ;) talking MSTP and RSTP but not changing the root on either
> side?
>
> Regards
> Johan
>
>
> On Tue, Aug 27, 2013 at 4:20 PM, Marvin Bartchlett
> <mbartchlett at juniper.net>wrote:
>
>>  You will have to be very careful. If I’m not mistaken MST actually uses
>> CST to tie together the multiple spanning tree instances running in MST. If
>> you tie in a Cisco device running RSTP the Juniper and Cisco devices will
>> default to CST on those links since that’s the common ground (as Johan said
>> below).
>>
>> This will trigger a spanning-tree root election on your CST instance -
>> depending on how you have things configed you may endup with different
>> roots. This could effect the flow of your MST instances that rely on CST.
>>
>>  Best regards,
>> Marvin Bartchlett
>> Juniper Networks
>> Resident Engineer - City of Lakeland, FL
>> Mobile: +1-904-614-1712
>> Skype & Google+: mbartchlett
>>
>>  *From:* Ge Moua
>> *Sent:* Tuesday, August 27, 2013 9:35 AM
>> *To:* Johan Borch
>> *Cc:* juniper-nsp at puck.nether.net
>>
>> This is a juniper forum so I apologize ahead of time for the vendor-C
>> reference below (but standards-based L2 works mostly the same across all
>> vendor implementations):
>>
>> https://supportforums.cisco.com/thread/344842
>>
>> --
>> Regards,
>> Ge Moua
>> Univ of Minn Alumnus
>> --
>>
>> On 08/27/2013 08:16 AM, Johan Borch wrote:
>> > Will that mean that I still have two roots, one in each network and
>> > that they don't affect each other?
>> > Regards
>> > Johan
>> >
>> >
>> > On Tue, Aug 27, 2013 at 2:53 PM, Ge Moua <moua0100 at umn.edu
>> > <mailto:moua0100 at umn.edu>> wrote:
>> >
>> >     IIRC once joined, the MST and r-pvst L2 domains will speak CST (as
>> >     a common denominator).   You may want to consider pruning vlans
>> >     where only needed (esp if you have a high vlan count on either or).
>> >
>> >     --
>> >     Regards,
>> >     Ge Moua
>> >     Univ of Minn Alumnus
>> >     --
>> >
>> >
>> >     On 08/27/2013 03:56 AM, Johan Borch wrote:
>> >
>> >         Hi!
>> >
>> >         I need to connect two spanning-tree domains, one is running
>> >         MSTP and one is
>> >         running rapid-pvst. Is this doable? The two networks have
>> >         different roots
>> >         and it needs to stay like that but I still need redundant
>> >         links between
>> >         them. I need to transport VLANs from one network to the other
>> >         and only one
>> >         side support MPLS.
>> >
>> >         Ideas? :)
>> >
>> >         Regards
>> >         Johan
>> >         _______________________________________________
>> >         juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >         <mailto:juniper-nsp at puck.nether.net>
>>
>> >         https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> >
>> >     _______________________________________________
>> >     juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >     <mailto:juniper-nsp at puck.nether.net>
>>
>> >     https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> >
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list