Professional Documents
Culture Documents
Rapid Spanning Tree Protocol (RSTP) Deployment Guidelines for Converged Networks Revision 01
Abstract: The following Application Note was written to help business partners and systems engineers with conguring Rapid Spanning Tree Protocol (RSTP) loop avoidance for converged networks. This conguration can be generalized and applied to most converged networks from various IP PBX vendors in order to provide loop avoidance and prevent end-user cabling errors from taking down voice, video and data application services.
Table of Contents
1. Introduction 1.1. Loop Avoidance and Spanning Tree Protocol 2. Conguring RSTP 2.1. STP Domains and Modes 2.2. STP Domain Modes for Converged Networks 2.3. Encapsulation and Default-Encapsulation 2.4. STPD Default-Encapsulation for Converged Networks 2.5. Participating Ports and VLANs 2.6. Adding Ports and VLANs in Converged Networks 2.7. Link-Type and Converged Networks 2.8. Bridge-Priority 2.9. Auto-Bind 3. Sample RSTP Congurations 3.1 Single Core Switch Conguration 3.1.1. NJCore1 Switch Conguration 3.1.2. IDF1 Switch Conguration 3.1.3. IDF2 Switch Conguration 3.2. Dual Aggregation Switch Conguration 3.2.1. NJAgg1 Switch Conguration 3.2.2. NJAgg2 Switch Conguration 3.2.3. IDF1 Switch Conguration 3.2.4. IDF2 Switch Conguration 4. Verication Steps for Sample Congurations 4.1. Single Core Switch Conguration 4.1.1. Verify IDF1 Switch Conguration 4.1.2. Verify IDF2 Switch Conguration 4.2. Dual Aggregation Switch Conguration 4.2.1. Verify IDF1 Switch Conguration 4.2.2. Verify IDF2 Switch Conguration 5. Basic RSTP Deployment Checklist 6. Conclusion 6.1. Hardware and Software Versions Tested 7. Additional References 3 3 4 4 6 6 7 7 8 9 10 10 10 10 11 12 13 14 15 16 17 18 19 19 19 20 21 22 23 24 24 24 25
1. Introduction
Layer 2 loops can occur in converged network environments, sometimes even with Spanning Tree Protocol (STP) enabled. Most loops are accidental, but they can cripple voice and data communication services across entire segments. Spanning tree is disabled on all Extreme Networks switches by default. Operating a network without any type of loop avoidance mechanism like STP or other alternative technique can be problematic even in loop-free topologies. These deployment guidelines explain how to enable Rapid Spanning Tree Protocol (RSTP) in order to eliminate the majority of Layer 2 loops in converged network environments. The two sample congurations represent eld proven cases that provide loop-free operation at the network edge, closest to end users. Two sample congurations described in this Application Note: 1. Single Core, Two IDF Switches 2. Dual Aggregation with Virtual Router Redundancy Protocol (VRRP), Two IDF Switches
Loop Formed
IP Telephone Loop
Switch-to-Switch Loop
5361-01
Blocking
Loop Avoided
Blocking
Blocking
Loop Avoided
IP Telephone Loop
Switch-to-Switch Loop
5362-01
There is a fourth type of loop that occurs less frequently, but it can be just as troublesome. If a user attaches an adjacent device to the network that has a loop the outcome can be catastrophic to voice, video and data communications. To help avoid the occurrence of this possible loop, Extreme Networks introduced the edge-safeguard feature for edge ports. The edge-safeguard feature will detect the presence of an adjacent looped device and software disable the port to avoid a network interruption. See Figure 3.
2. Conguring RSTP
The following sections outline the fundamentals necessary to successfully congure and enable RSTP on Extreme Networks ExtremeXOS switch for a converged network environment.
: : : : :
00049635e5f9 0 3 ---0
Tag Flags Ports Bridge ID Designated Root Rt Port Rt Cost 0000 D----0 800000049635e5f9 0000000000000000 ------0
Total number of STPDs: 1 Flags: (C) Topology Change, (D) Disable, (E) Enable, (R) Rapid Root Failover (T) Topology Change Detected, (M) MSTP CIST, (I) MSTP MSTI
The domain s0 is precongured to automatically bind and protect all ports assigned to the untagged Default VLAN as show in Example 2. You must enable domain s0 if you want to use the precongured settings to implement spanning tree protection. Many customers modify the untagged VLANs assigned to the switch ports, so Extreme Networks leaves s0 disabled in the factory default conguration. This also minimizes the impact of introducing an Extreme Networks switch into an environment that is already running a version spanning tree. Example 2: STPD s0 Default Conguration
NJCore1.10 # show stpd s0 Stpd: s0 Stp: DISABLED Rapid Root Failover: Disabled Operational Mode: 802.1D 802.1Q Tag: (none) Ports: 1,2,3,4,5,6,7,8,9,10, 11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26 Participating Vlans: Default Auto-bind Vlans: Default Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 00:00:00:00:00:00:00:00 RootPathCost: 0 Root Port: ---MaxAge: 0s HelloTime: 0s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 0 Time Since Last Topology Change: 0s
You have the option of modifying domain s0 to protect different combinations of ports and VLANs or you can create a new domain. Example 3 shows how to create a new domain. User dened domain names have a maximum length of 32 characters. Example 3: User Dened Spanning Tree Domain Conguration
* NJCore1.11 # create stpd s1
All Extreme Networks spanning tree domains, including domain s0 and user dened domains use operational mode IEEE 802.1D by default. Example 4 shows a user dened domain. Notice that the user dened domain is disabled with an operational mode of 802.1D. Example 4: User Dened STPD s1 Default Conguration
* NJCore1.12 # show stpd s1 Stpd: s1 Stp: DISABLED Rapid Root Failover: Disabled Operational Mode: 802.1D 802.1Q Tag: (none) Ports: (none) Participating Vlans: (none) Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 00:00:00:00:00:00:00:00 RootPathCost: 0 Root Port: ---MaxAge: 0s HelloTime: 0s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 0 Time Since Last Topology Change: 0s
2009 Extreme Networks, Inc. All rights reserved.
Each STPD instance has three possible modes of operation: IEEE 802.1D Use the 802.1D (dot1d) operational mode for backward compatibility with previous STP versions and for compatibility with third-party switches using IEEE standard 802.1D. When congured in this mode, all rapid conguration mechanisms are disabled. IEEE 802.1w (Rapid Spanning Tree Protocol) Use the 802.1w (dot1w) operational mode for compatibility with RSTP. When congured in this mode, all rapid conguration mechanisms are enabled. IEEE 802.1s (Multiple Instance Spanning Tree Protocol) Use the MSTP (mstp) operational mode for compatibility with MSTP. MSTP is an extension of RSTP and offers the benet of better scaling with fast convergence.
Each port assigned to an STPD has three possible modes of BPDU encapsulation: IEEE 802.1D Use the 802.1D (dot1d) encapsulation mode for backward compatibility with previous STP versions and for compatibility with third-party switches using IEEE standard 802.1D. BPDUs are sent untagged in 802.1D mode. This encapsulation mode supports the following STPD modes of operation: 802.1D, 802.1w, and MSTP. Extreme Multiple Instance Spanning Tree Protocol (EMISTP) Use the EMISTP (emistp) encapsulation mode when connecting with Extreme Networks switches only. BPDUs for each STPD are sent with an 802.1Q tag in EMISTP encapsulation mode. The STPDs running in this mode have a one-to-one relationship with VLANs and send and process packets in EMISTP format. This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w. Per VLAN Spanning Tree (PVST+) Use the PVST+ (pvst-plus) encapsulation mode when connecting to third-party switches running the PVST+ version of STP. BPDUs for each STPD are sent with an 802.1Q tag in PVST+ encapsulation mode. The STPDs running in this mode have a one-to-one relationship with VLANs and send and process packets in PVST+ format. This encapsulation mode supports the following STPD modes of operation: 802.1D and 802.1w.
You can manually specify how the BPDU should be formatted on a per port basis, but this requires that you append the encapsulation mode at the end of the add VLAN and port command. Example 7 shows how a port can be added to the domain with a manually specied BDPU encapsulation mode. Most administrators prefer to use the default-encapsulation to assign the BPDU format to a switch port. Example 7: Add VLAN and Port to Spanning Tree Domain with Encapsulation
* NJCore1.12 # config stpd s1 add vlan data10 ports 1 dot1d
If most switch ports in a spanning tree domain are using the same port encapsulation mode it is easier to change the default-encapsulation and assign the ports. Example 8 shows how a port can inherit the default-encapsulation mode congured for the spanning tree domain by not appending the BPDU encapsulation at the end of an add VLAN and port command. Example 8: Add VLAN and Port to Spanning Tree Domain with Default-Encapsulation
* NJCore1.14 # config stpd s1 default-encapsulation dot1d * NJCore1.15 # config stpd s1 add vlan data10 ports 1
Example 10 shows port 1 and untagged data10 VLAN being added to spanning tree domain s1. Example 11 shows port 1 and untagged data10 VLAN are participating in the domain.
Example 11: Spanning Tree Domain with Port and Untagged Participating VLAN Added
* NJCore1.14 # show stpd s1 Stpd: s1 Stp: ENABLED Rapid Root Failover: Disabled Operational Mode: 802.1W 802.1Q Tag: (none) Ports: 1 Participating Vlans: data10 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 80:00:00:04:96:35:e5:f9 RootPathCost: 0 Root Port: ---MaxAge: 20s HelloTime: 2s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 1 Time Since Last Topology Change: 260s
If you attempt to add a port and tagged VLAN to the spanning tree domain before you have added the port and its untagged VLAN, you will receive an error in the command prompt. The ports untagged VLAN must be added rst, because the 802.1w domain requires an untagged VLAN in order to transmit and receive BPDUs. If you attempt to bind a port and tagged VLAN before you have bound the ports untagged VLAN, the domain will have no way of transmitting or receiving BPDU messages, which is why you see an error condition in Example 12. Example 12: Error Adding Port and Tagged VLAN Only to RSTP Conguration
* NJCore1.5 # create vlan voice11 * NJCore1.6 # config vlan voice11 tag 11 * NJCore1.7 # config vlan voice11 add ports 1 tagged * NJCore1.8 # create stpd s1 * NJCore1.9 # config stpd s1 mode dot1w * NJCore1.10 # config stpd s1 default-encapsulation dot1d * NJCore1.11 # enable stpd s1 * NJCore1.12 # config stpd s1 add vlan voice11 ports 1 Error: Cannot add VLAN voice11 port 1 to STP domain s1
When you add untagged and tagged VLANs in the incorrect order, an error may occur and VLANs will fail to be added to the domain. You must add ports and untagged VLANs to the domain rst.
Example 13: Adding Untagged and Tagged VLANs to an STPD in a Converged Network
* NJCore1.12 # config stpd s1 add vlan data10 ports 1 # must add untagged 1st * NJCore1.13 # config stpd s1 add vlan voice11 ports 1 # must add tagged 2nd
Note: If you remove the port and untagged VLAN from the RSTP domain and you are using dot1d encapsulation, the tagged VLANs will also be removed from the domain. Example 14: Port Data and Voice VLANs Participating in STP Domain s1
* X450a-24t.16 # show stpd s1 Stpd: s1 Stp: ENABLED Rapid Root Failover: Disabled Operational Mode: 802.1W 802.1Q Tag: (none) Ports: 1 Participating Vlans: data10,voice11 Auto-bind Vlans: (none) Bridge Priority: 32768 BridgeID: 80:00:00:04:96:35:e5:f9 Designated root: 80:00:00:04:96:35:e5:f9 RootPathCost: 0 Root Port: ---MaxAge: 20s HelloTime: 2s CfgBrMaxAge: 20s CfgBrHelloTime: 2s Topology Change Time: 35s Topology Change Detected: FALSE Number of Topology Changes: 1 Time Since Last Topology Change: 350s
2.9. Auto-bind
The auto-bind feature allows the domain to automatically add and remove ports and VLANs to the STPD domain using the defaultencapsulation. You should only use auto-bind for VLANs that are to be protected by spanning tree. The auto-bind feature makes STP modications to the switch less error prone, because the switch will automatically adjust the STP bindings according to how the switch VLANs and port are congured.
IP PBX 10.1.1.10/24
10/3
STPD sO mode dot1w Default Encapsulation dot1d Bridge Priority 4096 Ports 21,23 P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
1
DHCPSVR 10.1.1.254/24
Avaya G700
NJCore1
21 22 23 24
100-Full
LAG
LAG
IDF1 1:25
2:25
IDF2
26
25
STPD sO mode dot1w Default Encapsulation dot1d Ports 1:1-1:24,2:1-2:24 type Edge w/Edge-Safeguard Ports 1:25 P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
STPD sO mode dot1w Default Encapsulation dot1d Ports 1-24 type Edge w/Edge-Safeguard Ports 25 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
5364-01
STPD sO mode dot1w Default Encapsulation dot1d Bridge Priority 4096 Ports 21,23,24 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11 VRRP Master
NJAgg1
STPD sO mode dot1w Default Encapsulation dot1d Bridge Priority 8192 Ports 21,23,24 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11 VRRP Backup
NJAgg2
21 23 24
21 23 24
IDF1
1:25
2:26
IDF2
25
26
STPD sO mode dot1w Default Encapsulation dot1d Ports 1:1-1:24,2:1-2:24 type Edge with Safeguard Ports 1:25,2:26 P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
STPD sO mode dot1w Default Encapsulation dot1d Ports 1-24 type Edge with Safeguard Ports 25,26 type P2P Untagged Participating VLAN data10 Tagged Participating VLAN voice11
5365-01
IPPBX 10.1.1.10/24
DHCPSVR 10.1.1.254/24
Avaya G700
10/3 1 100-Full 21
NJCore1
22 23 24
LAG
LAG
1:1
1:2 1:5
1:6
1:7
Data Only
Looped IP Telephone #1
Looped IP Telephone #2
Total Ports: 7 ------------------------- Flags: ---------------------------1: e=Enable, d=Disable 2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master 3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto 4: (Oper. type) b=broadcast, p=point-to-point, e=edge 5: p=proposing, a=agree 6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: i = edgeport inconsistency 8: S = edgeport safe guard active s = edgeport safe guard configured but inactive 9: B = Boundary, I = Internal 10: r = Restricted Role
NJAgg1
21 23 24 21
NJAgg2
23
24
1:1
1:2 1:5
1:6
1:7
Port ID 8001 8002 8003 8004 8005 8006 8007 8019 801a
Designated Bridge 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 80:00:00:04:96:27:fd:1d 00:00:00:00:00:00:00:00 10:00:00:04:96:35:e5:f9 20:00:00:04:96:27:c5:49
6. Conclusion
The sample congurations and recommendations described in this Application Note can be generalized for most customer congurations. The behavior of some features shown, such as edge-safeguard, will operate slightly different in pre-12.x software releases. Layer 2 loops can occur in converged networks, even with STP enabled. By default, Extreme Networks switches have spanning tree disabled. These deployment guidelines explain how to enable RSTP in order to eliminate the majority of Layer 2 loop conditions that end users may accidentally introduce. The three sample congurations represent eld proven cases that can be leveraged to help provide loop-free operation at the network edge, closest to end users.
Table 1:
Qty. Models Tested
2 Summit X450a-24t
License Levels
Core
Software Versions
12.1.2.17-patch1-17 12.1.3.14 12.2.2.11 12.1.2.17-patch1-17 12.1.3.14 12.2.2.11 12.1.2.17-patch1-17 12.1.3.14 12.2.2.11 Release 2.9 Release 2.8.3 Release 2.9 Release 2.8.3 Release 3.0 Release R014x.00.1.731.2 Release 27.27
Summit X250e-24p
Edge
Summit X150-24p
L2-Edge
1 1 2 1 1 1
Avaya 4602SW+ IP Telephone Avaya 4610SW+ IP Telephone Avaya 9640 IP Telephone Avaya S8300B Media Server Avaya G250 Media Servers EPICenter 7.0 SP1 Server
7. Additional References
[1] ExtremeXOS Command Reference Guide, Software Version 12.2.2, Extreme Networks, March 2009, http://www.extremenetworks.com/services/software-userguide.aspx [2] ExtremeXOS Concepts Guide, Software Version 12.2.2, Extreme Networks, March 2009, http://www.extremenetworks.com/services/software-userguide.aspx [3] Newtons Telecom Dictionary 21st Edition, Harry Newton, March 2005, CMP Books
www.extremenetworks.com
Corporate and North America Extreme Networks, Inc. 3585 Monroe Street Santa Clara, CA 95051 USA Phone +1 408 579 2800
Europe, Middle East, Africa and South America Phone +31 30 800 5100
2009 Extreme Networks, Inc. All rights reserved. Extreme Networks, the Extreme Networks logo, EPICenter, ExtremeXOS and Summit are either registered trademarks or trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names and marks are the property of their respective owners. Specications are subject to change without notice. 1779_01 08/09