Spanning-Tree Switches Attached to FabricPath Domains

Introduction

This document describes the behavior of Spanning-Tree Protocol (STP) switches when they are attached to FabricPath (FP) domains. In order for the FP switches to support these connections on edge ports, they process STP Bridge Protocol Data Units (BPDUs) in each STP-attached domain.

Prerequisites

Requirements

Cisco recommends that you have knowledge of STP and FP.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco Nexus 5000 Series Switches
• Cisco Nexus 7000 Series Switches

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

STP with FP Behavior

For the proper FP behavior when STP is used, all of the FP switches must be seen by the attached devices as a single switch that acts as the root of the STP domain. In order for this to occur, they must share a common bridge ID (c84c.75fa.6000 + STP domain number) inside each STP domain.

Tip: The domain number can be changed with the spanning-tree domain [id] command.

In order to guarantee that the FP switches act as the root of the STP domain, you must set the priority of the FP switches so that they become the root of the STP domain. In order to complete this, enter this CLI command:

switch(config)# spanning-tree vlan x priority 0

Note: Ensure that the attached STP switches have an STP priority that is set higher than the FP switches.

FP Spanning Root-Guard at Switch Reload

In order to ensure that the FP switches are the root of the STP domain, a built-in root-guard is enabled on all Content Edge (CE) ports. When an edge switch is reloaded (before it is active inside the FP), it behaves as a traditional STP device on its edge ports. It sends a bridge ID with its own system Message Authentication Code (MAC) and the configured STP priority, not a common FP bridge ID, as described in the previous section.

This means that in the process of a reload, an edge switch might start to transmit superior BPDUs (as the local system MAC might be lower than the common FP bridge ID) before it becomes active inside of the FP. This can lead to a disconnection of the attached STP switch to the FP network, which occurs because of the active edge switch that remains. The CE port might receive a superior BPDU (as the same priority is configured on all of the FP switches) from the attached STP switch. This access switch forwards the BPDU that is received from the reloaded edge switch on its uplink towards the active edge switch.

The edge switch that remains places its CE port in a Layer 2 Gateway Inconsistence state until the condition is cleared, which occurs after the other edge switch is reconnected to the FP network and begins to send the common bridge ID and priority information.

A syslog message similar to this is generated:

2013 Jul 30 19:33:03 N7K-SW %STP-2-L2GW_BACKBONE_BLOCK: L2 Gateway Backbone
 port inconsistency blocking port Ethernet1/1 on VLAN0032.

Pseudo-Information Command

The spanning-tree pseudo-information command was originally developed for Virtual PC (vPC) and vPC+ designs in order to allow users to create a hybrid vPC and non-vPC peer switch topology. In order to accomplish this, two different BPDU priorities are sent by the switch. Though this command was created in order to work in vPC environments, it fits well in the scenario that is described in the previous section.

When you globally enable this command, there are then two different STP priorities: a lower value (or, better priority) when the switch is connected to the FP (FP core ports up/ready), and a higher value (or, worst priority) that is used in the BPDUs that are sent by the switch after it reloads.

These CLI commands are used in order to configure the FP switch to send the two BPDU priorities:

switch(config)#spanning-tree vlan x priority 8192

switch(config)#spanning-tree pseudo-information

switch(config-pseudo)#vlan x root priority 4096

Note: The value that is set by pseudo-information command is the priority that is used by the FP switch when it is connected to the FP network, so it must be a lower value than the information that is set by the CLI spanning-tree vlan x priority command.

Useful Commands

These commands are useful for the scenarios that are described in this document:

N7K# show fabricpath isis interface brief

Fabricpath IS-IS domain: default
Interface Type Idx State Circuit MTU Metric Priority Adjs/AdjsUp
----------------------------------------------------------------
Ethernet2/29 P2P 1 Up/Ready 0x01/L1 9216 40 64 1/1
Ethernet3/29 P2P 2 Up/Ready 0x01/L1 9216 40 64 1/1


N7K# show spanning-tree internal info l2gstp vlan 2
------- L2G-STP Info (VLAN 2)---------
flags 0x1
appnt_fwd_lost_counter 5
l2mp_core_port_ref_count 2

Known Caveats

Be aware of Cisco bug ID CSCuj23131. When you run Multiple Spanning Tree (MST) with multiple regions that connect to the FP, Cisco recommends that you use at least one FP VLAN mapped to the MST0 Instance.