Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

8365 VSX; CX 10.13 and spanning tree; not passing data

This thread has been viewed 33 times
  • 1.  8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 04:57 AM

    I cannot pass data in lag42, 

    What is : "Loop-Inc" ??

    Core# sh spanning-tree vlan 11

    VLAN11
    Spanning tree status : Enabled Protocol: RPVST
      Root ID    Priority   : 32768
                 MAC-Address: 02:01:00:00:01:00
                 This bridge is the root
                 Hello time(in seconds):2  Max Age(in seconds):20
                 Forward Delay(in seconds):15

      Bridge ID  Priority  : 32768
                 MAC-Address: 02:01:00:00:01:00
                 Hello time(in seconds):2  Max Age(in seconds):20
                 Forward Delay(in seconds):15

    Port          Role           State      Cost           Priority   Type       BPDU-Tx    BPDU-Rx    TCN-Tx     TCN-Rx
    ------------ -------------- ---------- -------------- ---------- ---------- ---------- ---------- ---------- ----------

    lag42          Disabled       Loop-Inc   400            64         P2P        8          4          0          2
    lag256       Designated     Forwarding 1              64         P2P        421868     421866     4          2

    Number of topology changes    : 3
    Last topology change occurred : 246644 seconds ago

    anyone ?



    ------------------------------
    Steinar
    ------------------------------


  • 2.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 05:11 AM

    Can you share the interface config of lag42, please? Is there a Spanning-Tree speakter (e.g. switch) behind lag42?

     

    Regards,

    Thomas






  • 3.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 05:34 AM

    interface lag 42 multi-chassis
        description MC Lag 
        no shutdown
        no routing
        vlan trunk native 11
        vlan trunk allowed 11-12
        lacp mode active
        hash l4-src-dst
        lacp rate fast
        loop-protect
        loop-protect vlan 11-12
        spanning-tree loop-guard
        spanning-tree root-guard

    interface lag 25
        description trunk to 8365
        no shutdown
        no routing
        vlan trunk native 11
        vlan trunk allowed 11-12
        lacp mode active
        hash l4-src-dst
        loop-protect
        loop-protect vlan 11-12

    I see I have omitted the two last line:
    spanning-tree loop-guard
    spanning-tree root-guard

    ??

    But that has been the general LAG setting there



    ------------------------------
    Steinar
    ------------------------------



  • 4.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 06:06 AM

    Thanks.

     

    Why are you using loop-guard on the root-bridge? This seems to be the root cause of this behavior. Loop-guard is only meaningful on switches where you may have non-designated ports. On a root-bridge this is not the case by definition.

    Try removing the config and see what happens.

     

    If it still blocks, please share "show loop-protect" output.

     

    Regards,

    Thomas

     

     






  • 5.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 06:16 AM

    Thanks, i try

    but do you mean on both sides ?

    and back to the core question:

    What is : "Loop-Inc" ??

    ------------------------------
    Steinar
    ------------------------------



  • 6.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 06:44 AM

    But there is more !,

    The same setting's in two other corresponidg lag#/port#-pair, works !!

    with different transceiver only. (not active simultaneously)

    Only lag 42 !

    Core# sh spanning-tree inconsistent-ports


    VLAN ID      Blocked Port   Reason
    ------------ -------------- ------------
    11         lag42          Loop Guard
    12         lag42          Loop Guard

    even with interface down:!

    show loop-protect (both sides)

    Interface lag42
      Loop-protect enabled        : Yes
      Loop-Protect enabled VLANs  : 11-12
      Action on loop detection    : TX disable
      Loop detected count         : 0
      Loop detected               : No
      Interface status            : down

    Interface lag25
      Loop-protect enabled        : Yes
      Loop-Protect enabled VLANs  : 11-12
      Action on loop detection    : TX disable
      Loop detected count         : 0
      Loop detected               : No
      Interface status            : down



    ------------------------------
    Steinar
    ------------------------------



  • 7.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 07:24 AM

    Could you please check the number of BPDUs you receive on the "two other corresponding" LAGs? I assume there is a difference. LAG42 does not receive (m)any BPDUs. I assume the numbers of the other LAGs are either 0 (BPDU-rx) or very high (depending on the time the interfaces are already up). Can you confirm?




  • 8.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Nov 27, 2023 07:22 AM

    I would say, although I found no evidence in any documentation, "loop-inc" means that you triggered the loop-guard in STP (Loop-Inc --> loop inconsistency). If loop-guard is active and BPDUs used to be received but are not received anymore, it triggers. This is to to avoid possible loops if suddenly, for whatever reason, BPDUs are not generated anymore on the other switch connected to this port. 

    Could you please share your topology to discuss about the best settings for STP?




  • 9.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Dec 08, 2023 05:38 AM

    I had to delete the lag, before spanning tree blocking gave way,

    i recreated the lag, and then it didn't come back, can't be right



    ------------------------------
    Steinar
    ------------------------------



  • 10.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Dec 08, 2023 06:32 AM

    Well, if my theory is correct that it was loop-guard, this requires that at least one BPDU arrived at the port/lag and then stopped arriving. That's exactly what triggers this function: Receiving BPDUs and then suddenly not anymore. So if you killed the lag, recreated it and so far no BPDU arrived, this will continue working. If ever BPDUs arrive and later on not anymore, you will most likely end up in the same situation. So better think about why you have loop-guard configured and whether this is meaningful.

     

    Regards,

    Thomas

     






  • 11.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Dec 08, 2023 06:58 AM

    But should any situation be life long, even after cables/transceivers/trafic/(reboot) are removed ?

     

    = Steinar Grande =

     






  • 12.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Dec 15, 2023 03:08 AM
    Would you agree on this?, for a general setting, in mixed edge switch,
    connecting to endpoints, clients like servers/PC, and trunked switches (with multiple VLANs)?
     
    Client/servers/access-ports: bpdu-guard; tcn-guard, loop protect
    Uplink/switches/trunked[vlan]: loop-guard


    ------------------------------
    Steinar
    ------------------------------



  • 13.  RE: 8365 VSX; CX 10.13 and spanning tree; not passing data

    Posted Dec 15, 2023 05:46 AM

    Hi Stainar

     

    On Edge Ports, I usually have admin-edge and bpdu-guard enabled. Tcn-guard does in combination with bpdu-guard not make much sense as a TCN would be sent as a BPDU. Moreover, I would better avoid the (excessive) generation of TCNs instead of guarding against them by setting up edge ports properly (e.g. configure them as admin-edge). Loop-protect is an additional protection which makes sense in most cases.

     

    On links to STP-enabled networking components (uplinks / downlinks / crosslinks), you may enable loop-guard but need to be careful that this only makes sense on links where you expect BPDUs to be arriving. Otherwise, you may encounter the problems you described earlier. On root-bridges I also would not activate loop-guard but only root-guard. Root-guard is meaningful on links where STP priority of the peer is worse (e.g. higher number).

     

    Regards,

    Thomas