nexus spanning-tree configurazioni e verifica con N9K cisco
04.01 2020 | by massimilianonexus spanning-tree configurazioni e verifica con N9K cisco Architettura di riferimento: Definizione di STP extension e […]
https://www.ingegnerianetworking.com/wp-content/uploads/2020/01/nexus-stp-lab1-1d0.png
nexus spanning-tree configurazioni e verifica con N9K cisco
Architettura di riferimento:
Definizione di STP extension e port types applicate:
Con i Nexus Cisco possiamo definire tre tipi di porte da configurare:
edge port:
porte alle quali abbiamo collegato Hosts devices
possono essere porte sia in access che in trunk mode
se collegate a switches layer 2 possiamo incorrere in bridging loop
network port:
porte alle quali abbiamo collegato solo switches layer 2 correttamente
se erroneamente si configurano porte collegate a switches layer 2 (edge devices) come pure ad hosts, in spanning tree port type network, queste porte verranno automaticamente posizionate in blocking state
normal port:
questa è la condizione di default di una spanning tree port
non sono né edge né network type port
queste porte possono essere collegate a qualsiasi tipo di devices
Configurazione vpc domain peer-keealive and peer-link (domain 12):
N9K-1:
feature vpc
feature lacp
!
vpc domain 12
role priority 4096
system-priority 8192
peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf management
auto-recovery
!
spanning-tree vlan 200,250 priority 4096
!
interface port-channel 12
description peer-Link
switchport mode trunk
spanning-tree port type network
vpc peer-link
!
vrf context management
!
interface mgmt0
vrf member management
ip address 192.168.1.1/24
N9K-2:
feature vpc
feature lacp
!
vpc domain 12
role priority 8192
system-priority 8192
peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf management
auto-recovery
!
spanning-tree vlan 200,250 priority 8192
!
interface port-channel 12
description peer-Link
switchport mode trunk
spanning-tree port type network
vpc peer-link
!
vrf context management
!
interface mgmt0
vrf member management
ip address 192.168.1.2/24
NOTE:
Role Priority:
assume il ruolo di vpc peer con ruolo primario quello con valore più basso; l’altro vpc peer assumerà il ruolo di secondario e prenderà le veci del primario in caso di suo fault;
il role priority non è preemptive;
Cisco raccomanda di coniugare il vpc peer primario con il ruolo di STP root e HSRP active nel medesimo vpc peer.
System Priority:
System priority deve avere lo stesso valore per entrambi i vpc peer switches affinche il vpc sia up; in caso di assenza di configurazione esplicita il valore di default è di 32667.
In caso di LACP si possono avere sino a 16 ethernet port dello stesso tipo, di cui n° 8 attive e n° 8 in standby mode; attraverso il system priority possiamo avere un controllo di quali porte attive avere aggregate dentro il canale bundle e quale porte in standby mode.
Abbassando il valore di system priority, ci garantiamo che il peer partner del bundle (es. access switch o altro vpc pair) non prenda decisioni in termini di aggregazione e relative capability.
Verifica vpc consistency
N9K-1# show vpc
Legend:
(*) – local vPC is down, forwarding via vPC peer-link
vPC domain id : 12
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 3
Peer Gateway : Disabled
Dual-active excluded VLANs : –
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off. (timeout = 240 s)
Delay-recovery status : Timer is off. (timeout = 30s)
Delay-restore SVI status : Timer is off. (timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC Peer-link status
———————————————————————
id Port Status Active vlans
— —- —— ————————————————–
1 Po12 up 1,200,250
vPC status
———————————————————————-
id Port Status Consistency Reason Active vlans
— —- —— ———– —— ————
10 Po10 up success success 200,250
100 Po100 up success success 200,250
200 Po200 up success success 200,250
N9K-2# show vpc
Legend:
(*) – local vPC is down, forwarding via vPC peer-link
vPC domain id : 12
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 3
Peer Gateway : Disabled
Dual-active excluded VLANs : –
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off. (timeout = 240 s)
Delay-recovery status : Timer is off. (timeout = 30s)
Delay-restore SVI status : Timer is off. (timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC Peer-link status
———————————————————————
id Port Status Active vlans
— —- —— ————————————————–
1 Po12 up 1,200,250
vPC status
———————————————————————-
id Port Status Consistency Reason Active vlans
— —- —— ———– —— ————
10 Po10 up success success 200,250
100 Po100 up success success 200,250
200 Po200 up success success 200,250
Configurazione lacp vpc to access-switch and N9K-Border Leaf:
N9K-1:
feature lacp
!
lacp system-priority 8192
port-channel load-balance src-dst l4port
!
interface port-channel10
description to-ACCSW1
switchport switchport mode trunk
switchport trunk allowed vlan 200,250
vpc 10
!
interface port-channel100
description to-BL1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
vpc 100
!
interface port-channel200
description to-BL2
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
vpc 200
!
interface ethernet1/4
description to-ACCSW1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 10 # command is: channel-group 10 force mode on
!
interface ethernet1/6
description to-BL1 switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 100 mode active
!
interface ethernet1/7
description to-BL2
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 200 mode active
!
interface ethernt1/9
description Host-PC5
switchport switchport access vlan 200
spanning-tree port type edge
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
!
N9K-2:
feature lacp
!
lacp system-priority 8192
port-channel load-balance src-dst l4port
!
interface port-channel10
description to-ACCSW1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
vpc 10
!
interface port-channel100
description to-BL1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
vpc 100
!
interface port-channel200
description to-BL2
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
vpc 200
!
interface ethernet1/4
description to-ACCSW1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 10 # command is: channel-group 10 force mode on
!
interface ethernet1/6
description to-BL1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 100 mode active
!
interface ethernet1/7
description to-BL2
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 200 mode active
!
interface ethernt1/9
description Host-PC6
switchport
switchport access vlan 250
spanning-tree port type edge
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
!
N9K-BL1:
feature lacp
!
interface port-channel100
description to-N9K-12
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
!
interface port-channel300
description to-N9K-34
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
!
interface Ethernet 1/1
description to-N9K-1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 100 mode active
!
interface Ethernet 1/2
description to-N9K-2
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 100 mode active
!
interface Ethernet 1/3
description to-N9K-3
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 300 mode active
!
interface Ethernet 1/4
description to-N9K-4
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 300 mode active
!
N9K-BL2:
feature lacp
!
interface port-channel200
description to-N9K-12
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
!
interface port-channel400
description to-N9K-34
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
spanning-tree port type network
!
interface Ethernet 1/1
description to-N9K-1
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 200 mode active
!
interface Ethernet 1/2
description to-N9K-2
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 200 mode active
! interface Ethernet 1/3
description to-N9K-3
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 400 mode active
!
interface Ethernet 1/4
description to-N9K-4
switchport
switchport mode trunk
switchport trunk allowed vlan 200,250
channel-group 400 mode active
!
ACCSW1:
interface port-channel10
description to-N9K-12
switchport
switchport mode trunk
switchport mode trunk encapsulation dot1q
switchport trunk allowed vlan 200,250
!
interface GigabitEthernet0/1
description to-N9K-1
switchport
switchport mode trunk
switchport mode trunk encapsulation dot1q
switchport trunk allowed vlan 200,250
channel-group 10 mode on
!
interface GigabitEthernet0/2
description to-N9K-2
switchport
switchport mode trunk
switchport mode trunk encapsulation dot1q
switchport trunk allowed vlan 200,250
channel-group 10 mode on
!
La configurazione per N9K-3, N9K-4 è medesima ai rispettivi N9K-1 e N9K-2 per i vpc di competenza; stessa cosa per lo switch di accesso ACCSW2 al corrispettivo ACCSW1
NOTE:
lacp-system priority:
Significa che il vpc peer con il più basso valore di priorità determina (prende decisione) quali links tra il canale lacp con il partner peer switch sono attivi e quali in standby mode per ognuno dei lacp presenti;
Valore di default è 32768 più il suo switch MAC address
lacp-port priority:
Significa che il vpc peer con valori più bassi su base interface sono usati per la trasmissione attraverso un canale lacp;
Valore di default è 32768 più il suo port ID value (port-number)
port-channel load-balance src-dst:
NX-OS software ha la capacità di bilanciare il traffico trasmesso attraverso differenti links via port-channel con un meccanismo di hashing che indirizza la frame ad un valore numerico che seleziona uno dei link appartenente al canale;
Port-channel utilizza valori per il bilanciamento quali il MAC-address, IP-address, oppure layer 4 port number; utilizza indirizzi di sorgenti, indirizzi di destinazioni oppure una combinazione di entrambi.
Possiamo anche configurare un bilanciamento di tipo simmetrico (questo significa che il traffico di andata e ritorno utilizzano lo stesso link) e quindi un traffico bidirezionale è forzato ad essere impigato.
Quando il traffico bilanciato è forzato ad essere simmetrico, i parametri utilizzati per l’hashing sono normalizzati prima di essere calcolati dall’algoritmo di hash, assicurando che quando i parametri sono invertiti (l’indirizzo sorgente che trasmette traffico diventa destinazione per il traffico di ritorno), l’hashing di output è sempre lo stesso e la medesima interfaccia sarà scelta.
Il bilanciamento simmetrico si basa su questi parametri:
src ip
dst ip rotate
dst ip
src ip rotate
src-dst ip
src ip-l4port
dst ip-l4port rotate
dst ip-l4port
src ip-l4port rotate
src-dst ip-l4port-vlan
dst ip-vlan
src ip-vlan rotate
src-dst ip-vlan
src l4port
dst l4port rotate
dst l4port
src l4port rotate
src-dst l4port
src mac
dst mac rotate
dst mac
src mac rotate
src-dst mac
ANALISI Spanning-Tree con Nexus N9K1 and N9K2 in vpc peer-link
Nella nostra architettura andiamo ora ad analizzare i percorsi Spanning-Tree per i due segmenti d broadcast vlan 200 e vlan 250.
In prima battuta analizziamo solo la parte di sinistra della architettura di riferimento (vedi figura 1) considerando lo ACC-SW1 + N9K-1 in coppia con N9K-2 via vpc ed infine la coppia di nexus BL1 e BL2
La rappresentazione grafica seguente mette in evidenza la topogia STP di questa prima architettura:
Verifica STP from ACCSW1:
spanning-tree vlan 200,250 priority 61440
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296 # il N9K-1 ha priority settata a 4096
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3
Port 65 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61640 (priority 61440 sys-id-ext 200)
Address 5220.2c47.3a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/1 Desg FWD 4 128.6 P2p
Po10 Root FWD 3 128.65 P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346 # il N9K-1 ha priority settata a 4096
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 65 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61690 (priority 61440 sys-id-ext 250)
Address 5220.2c47.3a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/2 Desg FWD 4 128.7 P2p
Po10 Root FWD 3 128.65 P2p
Verifica STP from N9K-1 in vpc peer-link con N9K-2:
spanning-tree vlan 200,250 priority 4096
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4296 (priority 4096 sys-id-ext 200)
Address 5220.2ca9.3907
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Desg FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
Eth1/9 Desg FWD 4 128.9 Edge P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4346 (priority 4096 sys-id-ext 250)
Address 5220.2ca9.3907 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Desg FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
Verifica STP from N9K-2 in vpc peer-link con N9K-1:
spanning-tree vlan 200,250 priority 8192
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 4 Port 4107 (port-channel12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8392 (priority 8192 sys-id-ext 200)
Address 5220.2c76.2507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Root FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 4 Port 4107 (port-channel12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8442 (priority 8192 sys-id-ext 250)
Address 5220.2c76.2507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Root FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
Eth1/9 Desg FWD 4 128.9 Edge P2p
Verifica STP from N9K-BL1 Border Leaf (with priority default):
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4195 (port-channel100)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32968 (priority 32768 sys-id-ext 200)
Address 5220.2ce5.7007
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po100 Root FWD 3 128.4195 Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346 Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4195 (port-channel100)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33018 (priority 32768 sys-id-ext 250)
Address 5220.2ce5.7007
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po100 Root FWD 3 128.4195 Network P2p
Verifica STP from N9K-BL2 Border Leaf (with priority default):
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296 Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4295 (port-channel200)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32968 (priority 32768 sys-id-ext 200)
Address 5220.2c56.e507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po200 Root FWD 3 128.4295 Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346 Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4295 (port-channel200)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33018 (priority 32768 sys-id-ext 250)
Address 5220.2c56.e507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po200 Root FWD 3 128.4295 Network P2p
ANALISI Spanning-Tree con Nexus N9K1 ed N9K-2 più la coppia N9K-3 ed N9K-4 entrambe in vpc peer-link
A differenza dell’architettura precedente con una sola coppia di Nexus N9K in vpc peer-link, in questa ultima abbiamo una doppia coppia di Nexus N9K in vpc peer-link ed entrambe le coppie collegate a livello 2 con i due N9K aventi ruolo di Border Leaf (non collegati tra loro).
Il diametro layer 2 STP si raddoppia e questa volta abbiamo dei port-channel in blocked status rilevati dalla coppia di N9K-3 e N9K-4 (vedi tabelle di output seguenti)
Verifica STP from ACCSW1 con doppia coppia di N9K in vpc:
spanning-tree vlan 200,250 priority 61440
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296 # il N9K-1 ha priority settata a 4096
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 65 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61640 (priority 61440 sys-id-ext 200)
Address 5220.2c47.3a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/1 Desg FWD 4 128.6 P2p
Po10 Root FWD 3 128.65 P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346 # il N9K-1 ha priority settata a 4096
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 65 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61690 (priority 61440 sys-id-ext 250)
Address 5220.2c47.3a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/2 Desg FWD 4 128.7 P2p
Po10 Root FWD 3 128.65 P2p
Commento: nessun cambiamento rispetto a prima
Verifica STP from ACCSW2 con doppia coppia di N9K in vpc:
spanning-tree vlan 200,250 priority 61440
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296 # il N9K-1 ha priority settata a 4096
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 65 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61640 (priority 61440 sys-id-ext 200)
Address 5220.2ca1.1400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/1 Desg FWD 4 128.6 P2p
Po10 Root FWD 3 128.65 P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346 # il N9K-1 ha priority settata a 4096
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 65 (port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 61690 (priority 61440 sys-id-ext 250)
Address 5220.2c47.3a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/2 Desg FWD 4 128.7 P2p
Po10 Root FWD 3 128.65 P2p
Commento: Lo switch di accesso ACCSW2 (quello dietro alla seconda coppia di N9K in vpc) vede per entrambi le vlans:
– Root Switch: N9K-1 (non il N9K-3 poiché pur avendo la stessa priority stp ha un valore di MAC address più alto rispetto al N9K-1);
– Le sue porte in status FWD con il po10 correttamente in Root Role
Verifica STP from N9K-1 in vpc peer-link con N9K-2:
spanning-tree vlan 200,250 priority 4096
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4296 (priority 4096 sys-id-ext 200)
Address 5220.2ca9.3907
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Desg FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
Eth1/9 Desg FWD 4 128.9 Edge P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4346 (priority 4096 sys-id-ext 250)
Address 5220.2ca9.3907
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Desg FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
Commento:
Lo switch N9K-1 mantiene il suo ruolo di Root Bridge e conserva lo stesso output precedente evidenziato in tabella.
Verifica STP from N9K-2 in vpc peer-link con N9K-1
spanning-tree vlan 200,250 priority 8192
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 4 Port 4107 (port-channel12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8392 (priority 8192 sys-id-ext 200)
Address 5220.2c76.2507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Root FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 4 Port 4107 (port-channel12)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8442 (priority 8192 sys-id-ext 250)
Address 5220.2c76.2507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po12 Root FWD 4 128.4107 (vPC peer-link) Network P2p
Po100 Desg FWD 1 128.4195 (vPC) Network P2p
Po200 Desg FWD 1 128.4295 (vPC) Network P2p
Eth1/9 Desg FWD 4 128.9 Edge P2p
Commento:
Lo switch N9K-2 in vpc peer con N9K-1 conserva lo stesso output precedente evidenziato in tabella.
Verifica STP from N9K-3 in vpc peer-link con N9K-4
spanning-tree vlan 200,250 priority 4096
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 4 Port 4495 (port-channel400)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4296 (priority 4096 sys-id-ext 200)
Address 5220.2cd3.6c07
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po34 Desg FWD 4 128.4129 (vPC peer-link) Network P2p
Po300 Altn BLK 1 128.4395 (vPC) Network P2p
Po400 Root FWD 1 128.4495 (vPC) Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 4 Port 4495 (port-channel400)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4346 (priority 4096 sys-id-ext 250)
Address 5220.2ca9.3907
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po34 Desg FWD 4 128.4129 (vPC peer-link) Network P2p
Po300 Altn BLK 1 128.4395 (vPC) Network P2p
Po400 Root FWD 1 128.4495 (vPC) Network P2p
Commento:
Lo switch N9K-3 in vpc peer con N9K-4, mette in Blocking il port-channel 300 collegato al BL1, di fatto eseguendo correttamente quanto lo spanning-tree protocol è tenuto a fare (costruire un albero loop free).
Determina quindi:
– Root Switch: N9K-1 (non il N9K-3 poiché pur avendo la stessa priority stp ha un valore di MAC address più alto rispetto al N9K-1);
– Le sue porte in status FWD con il po400 correttamente in Root Role;
– Le sue porte in status BLK con il po300 in Altn Role
Verifica STP from N9K-4 in vpc peer-link con N9K-3:
spanning-tree vlan 200,250 priority 8192
!
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 8 Port 4129 (port-channel34)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8392 (priority 8192 sys-id-ext 200)
Address 5220.2ced.c007
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po34 Root FWD 4 128.4129 (vPC peer-link) Network P2p
Po300 Altn BLK 1 128.4395 (vPC) Network P2p
Po400 Root FWD 1 128.4495 (vPC) Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 8 Port 4129 (port-channel34)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4346 (priority 4096 sys-id-ext 250)
Address 5220.2ca9.3907
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po10 Desg FWD 1 128.4105 (vPC) P2p
Po34 Root FWD 4 128.4129 (vPC peer-link) Network P2p
Po300 Altn BLK 1 128.4395 (vPC) Network P2p
Po400 Root FWD 1 128.4495 (vPC) Network P2p
Commento:
Lo switch N9K-4 in vpc peer con N9K-3, mette in Blocking il port-channel 300 collegato al BL1, di fatto eseguendo correttamente quanto lo spanning-tree protocol è tenuto a fare (costruire un albero loop free).
Determina quindi:
– Root Switch: N9K-1 (non il N9K-3 poiché pur avendo la stessa priority stp ha un valore di MAC address più alto rispetto al N9K-1);
– Le sue porte in status FWD con il po400 correttamente in Root Role;
– Le sue porte in status BLK con il po300 in Altn Role
– A differenza del suo vpc peer N9K-3, l’interfaccia po34 (vpc peer-link) è in Root Role come il portchannel 400 avendo comunque una priority più bassa rispetto a quest’ultima, preferendo il percorso verso il suo vpc-peer primario.
Verifica STP from N9K-BL1 Border Leaf (with priority default):
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4195 (port-channel100)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32968 (priority 32768 sys-id-ext 200)
Address 5220.2ce5.7007
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po100 Root FWD 3 128.4195 Network P2p
Po300 Desg FWD 3 128.4395 Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4195 (port-channel100)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33018 (priority 32768 sys-id-ext 250)
Address 5220.2ce5.7007
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po100 Root FWD 3 128.4195 Network P2p
Po300 Desg FWD 3 128.4395 Network P2p
Commento:
Lo switch N9K-BL1 Border Leaf, mantiene lo stesso output precedente ma aggiunge in tabella il nuovo port-channel 300 collegato alla seconda coppia di N9K-3 e N9K-4 in vpc tra loro con:
– Root Switch: N9K-1 (non il N9K-3 poiché pur avendo la stessa priority stp ha un valore di MAC address più alto rispetto al N9K-1);
– Le sue porte in status FWD con il po100 correttamente in Root Role;
– Le sue porte in status FWD con il po300 in Desg Role
Verifica STP from N9K-BL2 Border Leaf (with priority default):
VLAN200
Spanning tree enabled protocol rstp
Root ID Priority 4296
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4295 (port-channel200)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32968 (priority 32768 sys-id-ext 200)
Address 5220.2c56.e507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po200 Root FWD 3 128.4295 Network P2p
Po400 Desg FWD 3 128.4495 Network P2p
————————-
VLAN250
Spanning tree enabled protocol rstp
Root ID Priority 4346
Address 5220.2ca9.3907 # MAC-address del N9K-1 sup-eth1 (R)
Cost 3 Port 4295 (port-channel200)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33018 (priority 32768 sys-id-ext 250)
Address 5220.2c56.e507
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po200 Root FWD 3 128.4295 Network P2p
Po400 Desg FWD 3 128.4495 Network P2p
Commento:
Lo switch N9K-BL2 Border Leaf, mantiene lo stesso output precedente ma aggiunge in tabella il nuovo port-channel 400 collegato alla seconda coppia di N9K-3 e N9K-4 in vpc tra loro con:
– Root Switch: N9K-1 (non il N9K-3 poiché pur avendo la stessa priority stp ha un valore di MAC address più alto rispetto al N9K-1);
– Le sue porte in status FWD con il po200 correttamente in Root Role;
– Le sue porte in status FWD con il po400 in Desg Role
Rappresentazione grafica STP topology con doppia coppia N9K in vpc