Switching

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  RSTP and BPDU Block-On-Edge

     
    Posted 11-02-2020 11:25

    Hello colleagues, 

    According to my understanding and reading about configuring rstp on Juniper interfaces: 

    if bpdu-block-on-edge is configured:

    - When BPDU is received the port will be blocked.

    -It should be configured on all host interfaces to prevent any possible loops. 

    -it should not be configured on the ends of links between switches. 

     

    But our customer has the below recommendations: 

    Interface To

    Configuration

    Notes

    Global

    BPDU Block-On-Edge

    BPDU Block-On-Edge will operate on all Edge ports to ensure that the reception of a STP BPDU will block the port

    Host Port

    Edge Port

    Rapid transition to a forwarding state, BPDU Block-On-Edge will automatically be applied to the port from the Global configuration

    Switch

    Edge port

    Rapid transition to a forwarding state, BPDU Block-On-Edge will automatically be applied to the port from the Global configuration

    Rapid transition to a forwarding state, BPDU Block-On-Edge blocks the port in the event of a loop during start-up.

    The external switch to be connected to the fabric must configured with STP disabled so that when a loop is formed, BPDUs flowing from the fabric will automatically be forwarded through the loop back to the fabric switch resulting in the port on the fabric switch being disabled.

     

    and so seems it has Edge port enabled on Fabric switches towards Access ones and disable on Access ones towards Fabric ones (configuration is below), so my question how is that working? ACC swithces are sending BPDUs I guess to Fabric switches so in theory Fabric ports should be blocked, but it is not and all is working fine, so it seems I am missing something, can you help in understanding this. 

     

    VCF ae20 > ACC01 ae0

    ------------------------------

    S00-VCF> show configuration | display set | match ae20
    set interfaces xe-11/0/17:0 ether-options 802.3ad ae20
    set interfaces xe-12/0/17:0 ether-options 802.3ad ae20
    set interfaces ae20 apply-groups LAG
    set interfaces ae20 description "VCF:S1>S01-ACC"
    set interfaces ae20 mtu 9192
    set interfaces ae20 aggregated-ether-options lacp active
    set interfaces ae20 aggregated-ether-options lacp periodic slow
    set interfaces ae20 unit 0 family ethernet-switching vlan members all
    set protocols rstp interface ae20 edge
    set class-of-service interfaces ae20 apply-groups TRUSTED
    set protocols rstp bpdu-block-on-edge

    ---------------------------------------------------

    S01-ACC> show configuration | display set | match ae0
    set interfaces xe-0/2/0 ether-options 802.3ad ae0
    set interfaces xe-1/2/0 ether-options 802.3ad ae0
    set interfaces ae0 apply-groups LAG
    set interfaces ae0 description S01-ACC->S00-VCF
    set interfaces ae0 unit 0 family ethernet-switching vlan members all
    set protocols uplink-failure-detection group TRACK_UPLINK_ACC:1 link-to-monitor ae0
    set protocols uplink-failure-detection group TRACK_UPLINK_ACC:2 link-to-monitor ae0
    set class-of-service interfaces ae0 apply-groups TRUSTED
    set protocols rstp bpdu-block-on-edge

     


  • 2.  RE: RSTP and BPDU Block-On-Edge

     
    Posted 11-17-2020 06:47
    Any ideas?

    ------------------------------
    Alex
    ------------------------------



  • 3.  RE: RSTP and BPDU Block-On-Edge

    Posted 11-17-2020 09:47
    Hello Alex,

    If you do a monitor traffic in ACC interface AE0, do you see bpdus going out to the VCF?

    >monitor traffic interface ae0 size 1500 no-resolve

    Regards,


  • 4.  RE: RSTP and BPDU Block-On-Edge

     
    Posted 11-17-2020 18:32
    Good question, here what I see (below) : 
    seems it receives them via ae0 but sending none
    d0:07:ca:56:c4:a2 belongs to  VCF master 

    14:52:06.003254 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:06.376384 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:06.584196 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.210456 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.506785 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.982370 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:08.069567 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:08.359442 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:08.982918 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.285234 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.807436 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.866199 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:10.171632 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:10.649367 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.001562 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.503528 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.752101 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:11.775741 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:12.429213 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:12.696579 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.416375 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.539581 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.691133 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:14.368734 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:14.377757 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:15.164333 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:15.223490 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1

    ------------------------------
    Alex
    ------------------------------



  • 5.  RE: RSTP and BPDU Block-On-Edge

     
    Posted 11-17-2020 18:33
    Edited by bdale 11-17-2020 18:32
    Good question, here what I see (below) : 
    seems it receives them via ae0 but sending none
    d0:07:ca:56:c4:a2 belongs to  VCF master 

    14:52:06.003254 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:06.376384 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:06.584196 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.210456 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.506785 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.982370 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:08.069567 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:08.359442 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:08.982918 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.285234 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.807436 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.866199 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:10.171632 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:10.649367 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.001562 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.503528 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.752101 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:11.775741 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:12.429213 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:12.696579 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.416375 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.539581 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.691133 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:14.368734 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:14.377757 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:15.164333 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:15.223490 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1

    ------------------------------
    Alex
    ------------------------------



  • 6.  RE: RSTP and BPDU Block-On-Edge

     
    Posted 11-17-2020 18:33
    Good question, here what I see (below) : 
    seems it receives them via ae0 but sending none
    d0:07:ca:56:c4:a2 belongs to  VCF master 

    14:52:06.003254 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:06.376384 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:06.584196 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.210456 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.506785 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:07.982370 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:08.069567 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:08.359442 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:08.982918 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.285234 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.807436 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:09.866199 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:10.171632 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:10.649367 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.001562 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.503528 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:11.752101 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:11.775741 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:12.429213 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:12.696579 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.416375 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.539581 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:13.691133 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43
    14:52:14.368734 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:14.377757 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:15.164333 In IP 10.77.99.2 > 224.0.0.18: AH(spi=2880154539,seq=0x6ba7f7a3): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1
    14:52:15.223490 In IP 10.77.3.2 > 224.0.0.18: AH(spi=2880154539,seq=0x75400573): VRRPv2-advertisement 20: vrid=1 prio=115 authtype=ah intvl=1

    ------------------------------
    Alex
    ------------------------------



  • 7.  RE: RSTP and BPDU Block-On-Edge

    Posted 11-17-2020 10:25
    We do see STP packets coming in

    14:52:06.003254 In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.d0:07:ca:56:c4:a2.8017, length 43

    But no stp packets going out. Can you monitor the other end and confirm if any stp packet is being received?

    Do you have rst enabled in AE0?


  • 8.  RE: RSTP and BPDU Block-On-Edge

     
    Posted 11-17-2020 11:00
    No as described rstp is not enabled on ACC switches side (ae0) , for logs on VCF side will check

    ------------------------------
    Alex
    ------------------------------



  • 9.  RE: RSTP and BPDU Block-On-Edge
    Best Answer

    Posted 11-17-2020 11:03
    If STP is not enabled on AE0, no BPDUs will be exchanged. If AE20 is not receiving BPDUs it shouldn't block the port.

    Regards,


  • 10.  RE: RSTP and BPDU Block-On-Edge

     
    Posted 11-17-2020 11:09
    I see, seems this is the purpose, enabling it on VCF switch ports to protect if from any possible loops and disabling rstp on access ones so the connection works, can't think about different reasons for such design.

    ------------------------------
    Alex
    ------------------------------