Hp Spanning Tree Best Practices
This appendix explains and provides step-by-step configuration instructions for implementing multiple instance spanning-tree protocol (MSTP) and virtual router redundancy protocol (VRRP) on specific HP and Cisco Catalyst switches. By combining both MSTP and VRRP you create a highly available network with layer 2 and layer 3 redundancies and enables load-balance network traffic, optimizing network performance. All HP and Cisco switches are configured for MSTP. VRRP is configured on the HP 8200zl switches in the core.
Hello, I may be a little old school. In my experience and training, Spanning Tree Protocol (STP) has always been considered mandatory. We are reconfiguring our network and the topic of STP is on the table. Per the HP documentation, STP is only recommened when you know you have a physical loop. This is easy to do as well. In the same config mode that you just enabled STP in, type 'spanning-tree priority 0'. This sets the root bridge permanently so that it won't ever change without you wanting it. If you have 2 core switches, set the other one to priority 1 so that if the main core fails the whole network will switch to the other one. Ethernet devices running the Spanning Tree Protocol (STP) have been implemented in networks since the early 1990s. Many organizations take STP for granted and do not configure it per industry best. If Spanning Tree, IGMP, or both are enabled in the switch, a dynamic LACP trunk operates only with the default settings for these features and does not appear in the port listings for these features. Half-duplex, different port speeds, or both not allowed in LACP trunks.
Spanning Tree Protocol (STP) is a link management protocol that provides path redundancy while preventing undesirable loops in the network. For an ethernet network to function properly, only one active path can exist between two devices. Multiple Spanning Tree Protocol (MSTP) extends STP and the Rapid Spanning Tree Protocol (RSTP) and is backwards compatible with both versions.
With MSTP, each spanning tree instance can include one or more VLANs. It applies a separate, per-instance forwarding topology which uses RSTP for rapid convergence. When a port belongs to multiple VLANs, it may be blocked in one spanning tree instance, but forwarding in another instance. This provides multiple forwarding paths for data traffic and achieves load-balancing across the network. In contrast to PVST, MSTP reduces the switch’s CPU load to a moderate level by aggregating multiple VLANs in a single spanning tree instance. MSTP provides fast convergence in the case of a switch, port, or link failure.
The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the single point of failure inherent in an environment that uses statically configured default routes. VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IP addresses associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic fail-over in the forwarding responsibility if the Master become unavailable. Any of the virtual router's IP addresses on a LAN can then be used as the default first hop router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host.
When configured properly, this solution ensures that all redundant links are used and that the VRRP routers can share default gateway duties. Combining MSTP and VRRP protocols into your network design achieves a balanced, redundant, and highly available network solution.
| Description | Cisco Switches | HP Switches |
|---|---|---|
| A port that belongs to a unique VLAN and is untagged. | access mode | untagged |
| A port that carries multiple VLANs using 802.1q tags. | trunk mode | tagged |
| Aggregated links to support additional bandwidth and link redundancy. | etherchannel or channel-group | trunk-group |
| Configuration item | Cisco Switches | HP Switches |
|---|---|---|
| untagged VLAN traffic | switchport mode access switchport access VLAN | untagged |
| tagged VLAN traffic | switchport trunk encapsulationswitchport mode trunkswitchport allowed VLAN | tagged |
| aggregated links | channel-group | trunk (trk) |
| Port Type | RSTP and MSTP Path Cost |
|---|---|
10Mbps | 2,000,000 |
100 Mbps | 200,000 |
1Gbps | 20,000 |
Optimum for laptop. 10Gbps | 2,000 |
Cisco switches reduce the path costs on aggregated links. For example on the 3750 switch, the path cost on an etherchannel group with two gigabit links is 10,000. One gigabit link is 20,000. HP Switches do not reduce path cost on aggregated links.
Tables 37 and 38 list equipment and specified software version for each switch in this scenario. It’s a good practice to download the latest software for each switch that will participate in MSTP.
HP equipment S/W version
| HP Equipment | S/W Version |
|---|---|
| HP Switch 8200zl | K.12.30 or greater |
| HP Switch 5400zl | K.12.02 or greater |
| HP Switch 4202vl-48G | L.10.24 or greater |
| HP Switch 2900-48G | T.12.03 or greater |
| HP Switch 2810-48G | N.10.09 or greater |
| HP Switch 3400cl-48G | M.10.30 or greater |
Cisco equipment S/W version
| Cisco Equipment | S/W Version |
|---|---|
| 3550 | IOS 12.2(25)SED |
| 3750 | IOS 12.2(25)SEC2 |
Upgrade all switches to the latest software version.
Ensure that the MST configuration on all switches match exactly. The name, revision, and instance VLAN mappings must be identical on all switches participating in MSTP.
Configure all trunks on Cisco switches as 802.1Q (dot1q) trunks.
Be sure to configure all edge ports. If you don’t, you will see a lot of topology changes. In this configuration no edge ports are configured.
All backbone ports (switch to switch links) must be members of all VLANs to insure your network supports all of the forwarding paths necessary for the desired connectivity. All ports connecting one switch to another within a region and one switch to another between regions should be configured as members of all VLANs configured in the region.
Never connect LAGs before they’re configured. This will create loops in your network and cause an unstable environment.
Network scenario with spanning tree configurations
MST Instance 1 shows which ports are forwarded and which ports are blocked for the following VLAN scenarios listed in VLAN scenarios:
VLAN scenarios
| Location | 8200A Instance 1 | 8200A VRRP Configuration | 8200B VRRP Configuration | 8200B Instance 2 | 8200A VRRP Configuration | 8200B VRRP Configuration |
|---|---|---|---|---|---|---|
| IDF 1 | 3,4,5 | Master | Backup | 7,8,9 | Backup | Master |
| IDF 2 | 23,24,25 | Master | Backup | 27,28,29 | Backup | Master |
| IDF 3 | 33,34,35 | Master | Backup | 37,38,39 | Backup | Master |
| IDF 4 | 43,44,45 | Master | Backup | 47,48,49 | Backup | Master |
The network design strategy is to configure VLANs based on location. This will help isolate problems quickly on the network.
MST Instance 1
MST Instance 1 Legend
VLANs that end with 3, 4, and 5 are blocked between 8200B and EAST IDFs. The ports connecting the 8200A and WEST IDFs are forwarding. Only if the active Trunk between the 8200A and WEST IDFs fail will the links between the 8200B and EAST IDFs become active.
MST Instance 2
MST Instance 2 Legend
VLANs that end with 7,8, and 9 are blocked between 8200A and WEST IDFs. The ports connecting the 8200B and EAST IDFs are forwarding. Only if the active Trunk between the 8200B and EAST IDFs fail will the links between the 8200A and WEST IDFs become active.
IST/CST
IST/CST Legend
VLANs that end with 7,8, and 9 are blocked between 8200A and WEST IDFs. The ports connecting the 8200B and EAST IDFs are forwarding. Only if the active Trunk between the 8200B and EAST IDFs fail will the links between the 8200A and WEST IDFs become active.
For consistency purposes configure the IST/CST to Block on the same ports as Instance 1. This way you only have to remember two configurations.
The topology depicted in the diagrams is used to help demonstrate data flow during failure and to provide discussion around best practices and may not be necessarily be configured as optimal as possible. I will provide examples in a series of blogs that will provide alternate technical solutions that follow best practice guidelines.Topology Image
Normal Data Path Flow
Data Path Flow Root Fail
Data Path Flow-Access Trunk Fail
Spanning-Tree mode Rapid-PVST (802.1w) or MST (802.1s) - I will show more about load balancing techniques leveraging each of these technologies in 'Layer 2 Spanning-Tree Best Practices Part-2' Deterministic blocked ports - in this example we know exactly which ports are going to be blocked by STP. All redundant connections to the secondary root bridge will be blocked. Cisco also recommends that you do not exceed STP diameter of seven hops. Ensure that you hard configure your Root and Secondary Root bridges. Ensure that you only allow required VLAN's over the trunks to ensure you are not running unnecessary STP instances.
Features to leverage include:
Access Layer
-portfast
-bdpuguard
-disable DTP
-loopguard
-etherchannel Guard
Distribution Layer
-root and secondary root placement
-root guard
-disable DTP
-etherchannel Guard
Leverage EtherChannel to reduce the number of ports that need to transition from blocking to forwarding state when leveraging multiple links.
EtherChannel Ports
-EtherChannel Guard
Example:
Access Switch
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 61440
spanning-tree portfast bpduguard default
spanning-tree loopguard default
interface gig x/x
description Link-to-RootBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonegotiate
interface gig x/x
description Link-to-SecondaryBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate
interface gig x/x
description Link-to-Server
switchport mode access
switchport access vlan 10
switchport nonnegotiate
spanning-tree portfast
Distribution Switch
spanning-tree etherchannel guard misconfig
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 0
spanning-tree portfast bpduguard default
interface gig x/x
description Link-to-AccessSwitch
switchport trunk encapsulation dot1qswitchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate
spanning-tree guard root
interface port-channel 1
Hp Spanning Tree Best Practices Types
description Link-to-SecondaryRootswitchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
switchport nonegotiate
interface gig x/x
description Link-to-SecondaryRoot-1
switchport trunk encapsulation dot1q
Procurve Spanning Tree
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
switchport nonegotiate
Hp Spanning Tree Best Practices Pdf
channel-group 1 mode activeHp Procurve Spanning Tree Best Practices
interface gig x/x
description Link-to-SecondaryRoot-2
switchport trunk encapsulation dot1q
switchport mode trunk
Hp Spanning Tree Best Practices
switchport trunk allowed vlan 10,11,12,13,14switchport nonegotiate
channel-group 1 mode active
Hp Spanning Tree Best Practices Examples
Optional STP Features