Saturday, October 22, 2011

Best Practices Part 1 - Layer 2 Spanning-Tree

The topology depicted in the diagrams is used to help demonstrate data flow during failure and to provide discussion around best practices and may not be necessarily be configured as optimal as possible. The examples below will provide alternate technical solutions that follow best practice guidelines.

Topology Image



Normal Data Path Flow

 Data Path Flow Root Fail




Data Path Flow-Access Trunk Fail

Data Path Flow Router Fail





Spanning-Tree mode Rapid-PVST (802.1w) or MST (802.1s) - This will show more about load balancing techniques leveraging each of these technologies in "Layer 2 Spanning-Tree Best Practices Part-2" Deterministic blocked ports - in this example we know exactly which ports are going to be blocked by STP. All redundant connections to the secondary root bridge will be blocked. Cisco also recommends that you do not exceed STP diameter of seven hops. Ensure that you hard configure your Root and Secondary Root bridges. Ensure that you only allow required VLAN's over the trunks to ensure you are not running unnecessary STP instances.

Features to leverage include:
Access Layer
-portfast
-bdpuguard
-disable DTP
-loopguard
-etherchannel Guard

Distribution Layer
-root and secondary root placement
-root guard
-disable DTP
-etherchannel Guard

Leverage EtherChannel to reduce the number of ports that need to transition from blocking to forwarding state when leveraging multiple links.

EtherChannel Ports
-EtherChannel Guard



Example:
Access Switch
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 61440
spanning-tree portfast bpduguard default
spanning-tree loopguard default

interface gig x/x
description Link-to-RootBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonegotiate

interface gig x/x
description Link-to-SecondaryBridge
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate

interface gig x/x
description Link-to-Server
switchport mode access
switchport access vlan 10
switchport nonnegotiate
spanning-tree portfast

Distribution Switch
spanning-tree etherchannel guard misconfig
spanning-tree mode rapid-pvst
spanning-tree priority vlan 1-4094 0
spanning-tree portfast bpduguard default

interface gig x/x
description Link-to-AccessSwitch
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11
switchport nonnegotiate
spanning-tree guard root

interface port-channel 1
description Link-to-SecondaryRoot
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
switchport nonegotiate
spanning-tree guard root

interface gig x/x
description Link-to-SecondaryRoot-1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
spanning-tree guard root
switchport nonegotiate
channel-group 1 mode active

interface gig x/x
description Link-to-SecondaryRoot-2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,11,12,13,14
spanning-tree guard root
switchport nonegotiate
channel-group 1 mode active

No comments:

Post a Comment