First time poster, I apologize if I am in the wrong place. I also inherited the configuration of this network... so be gentle.
I currently have 5 sites which are connected with a L2 service from our provider. We use a single VLAN (the default one, with the ID changed to 1000) which spans all 5 routers. The VLAN has a L3 interface bound to it, all in the same address space.
I recently discovered that we have a single RSTP instance, with one of the routers obviously serving as the root bridge. This is not what the previous administrator believed was happening, but it is unfortuantely so. I would like to make it so that the core router at each site is the root bridge for that site, and also that we aren't spamming BPDU's on our WAN connection. I understand STP fairly well, but I am not sure of the effect of having that VLAN in each of these sites.
Can I just disable the RSTP on each of the interfaces that connect the sites, and set the local router to have a bridge prioroty of 0?
We are running ex4600's (as the routers) at 2 of the sites, and ex4200's for the routers at the other 3.
I don't need any specific configuration help, I am just asking more as a general information question. Is there any way to make each of these sites it's own RSTP instance with the same VLAN at all 5 sites?
Thanks for any help you guys are willing to give.
It is better to put your query on Ethernet Switching forum: http://forums.juniper.net/t5/Ethernet-Switching/bd-p/switch
I will be sure to do so. Thanks!
Theoretically it would be possible. You can have separate RSTP at each site with their own root bridges.
You might disable RSTP, enable IGMP snooping, Disable PVST etc. on links facing the provider devices.
However you would need to take great precautions as any loop has a potential to affect multiple sites.
Note:- I have not seen anybody doing this though.
Believe me, it blew my mind when I saw what we were doing. I'm trying to work within the boundries I've been given until we do a full redesign later this year. Thanks so much!
Please view in a fixed-width font such as Courier.
+---------+ +---------+ +---------+
| | | | | |
| | | | | |
| 1 | | 2 | | 3 |
| | | | | |
+-------+-+ +----+----+ +----+----+
| | |
| | |
| | |
| | | |
| 4 | | 5 |
| | | |
| | | |
As per my understanding this is the connectivity. If RSTP is enabled in all the switches; its expexceted for 1 box to act as root.
Now, what are you trying to achive with disabling RSTP?
the layer 2 services is a mesh. Each of the sites are capable of communicating with the others. I was trying to find a simple way to not have a convergence everytime our provider connection goes down at one of the sites. I think the network can survive the way it is, at least for now. This is certainly not the setup I would want to use.
Thanks so much for taking the time to answer.
Is your intention to keep all the sites in the same VLAN and broadcast domain?
If so, then some version of spanning tree is advisable for loop prevention across the entire domain and your current issue with STP tafffic will not really change.
Is your L2 service an eLAN that connects all the sites in the same service?
Or an series of eLine point to point that connect only two sites at a time per service?
For user locations:
Generally, we recommend using the provider L2 service as a link between L3 devices at each site. And having local sites in their own broadcast domain.
With an eLAN you would have a single ip subnet with a L3 address at each site and full mesh peering for your OSPF or BGP route distribution. (or use static routes).
With the eLine you have a /31 between the two sites and neighbor relationships on each of these links.
For Data Center Interconnect:
Here there is a need to bridge VLAN and broadcast domains between sites. We generally recommend a transparent service that is used as a trunk port between the two sites. The devices on each side then can control which VLANs are shared between the DC. And generally use MSTP per VLAN.
"Generally, we recommend using the provider L2 service as a link between L3 devices at each site. And having local sites in their own broadcast domain."
This is what we have. The VLAN (default 1000) is only assigned to the interface that faces the provider. It then has to route to enter our production vlans. So, broadcast is limited to each site.
"With an eLAN you would have a single ip subnet with a L3 address at each site and full mesh peering for your OSPF or BGP route distribution. (or use static routes)"
This is what we are doing wrong. Instead of assigned an IP address on the interfaces at each site, they used put the VLAN at each of the sites and used intervlan routing. It has been making my head spin.......
"Here there is a need to bridge VLAN and broadcast domains between sites. We generally recommend a transparent service that is used as a trunk port between the two sites. The devices on each side then can control which VLANs are shared between the DC. And generally use MSTP per VLAN."
Yes, this is what they were trying for. Unfortunately, they never implemented VSTP or MSTP on the VLAN between the data centers, or anywhere else for that matter.
Thank you for the info... this verifies what I was thinking and gives me a path for moving forward.