Good question, here what I see (below) :
seems it receives them via ae0 but sending none
d0:07:ca:56:c4:a2 belongs to VCF master
14:52:06.003254 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
14:52:06.376384 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:06.584196 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:07.210456 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:07.506785 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:07.982370 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
14:52:08.069567 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:08.359442 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:08.982918 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:09.285234 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:09.807436 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:09.866199 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
14:52:10.171632 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:10.649367 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:11.001562 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:11.503528 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:11.752101 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
14:52:11.775741 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:12.429213 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:12.696579 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:13.416375 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:13.539581 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:13.691133 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
14:52:14.368734 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:14.377757 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:15.164333 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
14:52:15.223490 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
------------------------------
Alex
------------------------------
Original Message:
Sent: 11-17-2020 09:46
From: Unknown User
Subject: RSTP and BPDU Block-On-Edge
Hello Alex,
If you do a monitor traffic in ACC interface AE0, do you see bpdus going out to the VCF?
>monitor traffic interface ae0 size 1500 no-resolve
Regards,
Original Message:
Sent: 11-02-2020 11:25
From: Alex
Subject: RSTP and BPDU Block-On-Edge
Hello colleagues,
According to my understanding and reading about configuring rstp on Juniper interfaces:
if bpdu-block-on-edge is configured:
- When BPDU is received the port will be blocked.
-It should be configured on all host interfaces to prevent any possible loops.
-it should not be configured on the ends of links between switches.
But our customer has the below recommendations:
Interface To
|
Configuration
|
Notes
|
Global
|
BPDU Block-On-Edge
|
BPDU Block-On-Edge will operate on all Edge ports to ensure that the reception of a STP BPDU will block the port
|
Host Port
|
Edge Port
|
Rapid transition to a forwarding state, BPDU Block-On-Edge will automatically be applied to the port from the Global configuration
|
Switch
|
Edge port
|
Rapid transition to a forwarding state, BPDU Block-On-Edge will automatically be applied to the port from the Global configuration
Rapid transition to a forwarding state, BPDU Block-On-Edge blocks the port in the event of a loop during start-up.
The external switch to be connected to the fabric must configured with STP disabled so that when a loop is formed, BPDUs flowing from the fabric will automatically be forwarded through the loop back to the fabric switch resulting in the port on the fabric switch being disabled.
|
and so seems it has Edge port enabled on Fabric switches towards Access ones and disable on Access ones towards Fabric ones (configuration is below), so my question how is that working? ACC swithces are sending BPDUs I guess to Fabric switches so in theory Fabric ports should be blocked, but it is not and all is working fine, so it seems I am missing something, can you help in understanding this.
VCF ae20 > ACC01 ae0
------------------------------
S00-VCF> show configuration | display set | match ae20
set interfaces xe-11/0/17:0 ether-options 802.3ad ae20
set interfaces xe-12/0/17:0 ether-options 802.3ad ae20
set interfaces ae20 apply-groups LAG
set interfaces ae20 description "VCF:S1>S01-ACC"
set interfaces ae20 mtu 9192
set interfaces ae20 aggregated-ether-options lacp active
set interfaces ae20 aggregated-ether-options lacp periodic slow
set interfaces ae20 unit 0 family ethernet-switching vlan members all
set protocols rstp interface ae20 edge
set class-of-service interfaces ae20 apply-groups TRUSTED
set protocols rstp bpdu-block-on-edge
---------------------------------------------------
S01-ACC> show configuration | display set | match ae0
set interfaces xe-0/2/0 ether-options 802.3ad ae0
set interfaces xe-1/2/0 ether-options 802.3ad ae0
set interfaces ae0 apply-groups LAG
set interfaces ae0 description S01-ACC->S00-VCF
set interfaces ae0 unit 0 family ethernet-switching vlan members all
set protocols uplink-failure-detection group TRACK_UPLINK_ACC:1 link-to-monitor ae0
set protocols uplink-failure-detection group TRACK_UPLINK_ACC:2 link-to-monitor ae0
set class-of-service interfaces ae0 apply-groups TRUSTED
set protocols rstp bpdu-block-on-edge