Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
Back to discussions
Expand all | Collapse all

VSTP load sharing issue

  • 1.  VSTP load sharing issue

    Posted 11-25-2013 09:37

    Hi Everyone,

     

    We have Juniper EX 4200 as core switch at two sites connected Cisco 2960s and Cisco 3560s (access layer switches). For even-numbered VLANs, one Juniper switch is root bridge and for odd-numbered VLANs, other Juniper switch is the root bridge.

     

    We have Cox and Verizon Metro-E links connecting core switches (Juniper EX 4200 at both sites).

     

    I want to do VLAN load sharing using VSTP but somehow it is not working as expected. I want to pass some VLANs through COX and some through Verizon. When there is any issue with Cox, all VLAN traffic pass through Verizon and vice-versa. RSTP is also enabled on both Juniper switches.

     

    I see MAC flapping in log messages on all Cisco access layer switches when I bring up both Metro-E links together. When only Cox is connected, everything works fine. When only Verizon is connected, everything works fine. But when BOTH COX and Verizon are connected, network gets disrupt and I see MAC flapping on all Cisco switches. All cisco switches are running PVST.

     

    Anybody knows what is happening  and why VSTP is not working when both COX and VERIZON Metro-E links are active ?

     



  • 2.  RE: VSTP load sharing issue

    Posted 11-25-2013 16:03

    First thing you could provide is configuration, that would help. Are you running MVRP? Did you set the switches to run forced STP instead of RSTP? If the CISCO's are not running Rapid PVST+ then you should be running forced version stp. There is a little bit more to running CISCO with Juniper in this scenario. Let me check it for  minute. I remember reading it a year ago.

    As you maybe aware Juniper still recommends running MSTP which is better for load balancing. Less traffic.

    Okay, here is the full guide

    http://www.juniper.net/us/en/local/pdf/implementation-guides/8010002-en.pdf

    Here is a situation whic maybe similar issue and the solution. Juniper has an article about it too, but heck if I can find it now

    http://serverfault.com/questions/437894/vlan-trunking-between-juniper-ex-cisco-catalyst-and-cisco-router

    "

    so the problem was that the switch 1 (catalyst) was sending tagged PVST BPDUs over the truck port and because juniper does not understand the PVST BPDUS it treats them as brodcast traffic and flood them to the correspongind vlan, in this case the ports that internonceted the juniper with the downwards cisco switch was set up as an access port(dont ask i was set up like that by another genius) so on the other side of the link the port was marked as incosistent, becuase it received a tagged BPDU.

    so the solution was to create a firewall filter on the EX and bloc the paquets sent to the PVST address 01:00:0c:cc:cc:cd."

    Here is a cookbook that may help with other scenario for you

    http://networktest.com/jnpriop/cookbook.pdf

    here is another juniper which may shed some light too.

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB18291

     



  • 3.  RE: VSTP load sharing issue

    Posted 11-26-2013 04:09

    If I understand you correctly you have one EX4200 at each site connected by two metro ethernet links, and you want to load-share VLANs within each site across both of them?

     

    I would simplify this topology and make the root bridge for the VLANs at each site the switch that is local to the site.

     

    With regards to your metro ethernet providers, I'd hazard a guess to say that neither of them are tunnelling your VSTP/PVSTP PDUs and as a result you're causing a loop/broadcast storm when you connect them both.

     

    You should be able to see this by running "show spanning-tree bridge" on both switches with only one service plugged in.  

     

    If both switches report themselves as root for your VLANs then this is what is happening.

     

    You can also check with "monitor interface traffic <interface plugged into metro ethernet>" and look for incoming STP PDUs.

     

     



  • 4.  RE: VSTP load sharing issue

    Posted 11-26-2013 06:22

    Reply from both experts have clarified the issue. Now i will summarize it.

    1. In default juniper vstp is roughly equivalent to CISCO RapidPVST+, but if the version is forced to STP then  VSTP is more similar to CISCO PVST+

    2. You can only configure 253 vlan in VSTP which further maps to distinct spanning tree topologies

    3. VSTP will not work properly if VLAN information communicated over trunk ports using MVRP because MVRP does not support VSTP

    4. If possible , enable Q-in-Q on links connecting core switches and also get enable tunneling of VSTP

     

     

    Please mark this as accepted solution if it works for you

    A Kudos is a good way of appreciation

     

    Kashif Nawaz

    JNCIP-Sec, JNCIS-Ent,JNCIS-Sec,JNCIA-JUNOS



  • 5.  RE: VSTP load sharing issue

    Posted 12-09-2013 07:19

    Based on Juniper KBs: KB18291 and KB15138, I did the following:

    1. I enabled a common native vlan 50 (and shutdown vlan 1) on all Juniper and Cisco switches and configure the trunk ports where Cisco switches connect to Juniper for native vlan. (This is because Spanning-tree BPDUs are exchanged via Native VLAN between Cisco and Juniper). By default, Cisco native vlan is vlan 1 and there is no native vlan on Juniper. So Juniper does not understand the BPDUs and treats them as broadcast traffic flooding them to the corresponding VLAN. Because of this STP between Cisco and Juniper does not converge.
    2. Changed Cisco Spanning tree mode from PVST to Rapid-PVST (Juniper recommends changing Cisco spanning-tree mode from default - PVST to Rapid-PVST). Rapid-PVST converges well with Juniper spanning tree protocol “VSTP”.
    3. Deleted RSTP protocol statements as per Juniper documentation
    4. Entered vstp interface priority command for VLANs and Native VLAN on Juniper switches

    Now when Cox and Verizon links are up at the same time, I see that some Cisco switches that hang-off to juniper core switches at both sites go down. I also see in Juniper (using command "show ethernet-switching interfaces") that some interfaces where Cisco switches are connected are blocked by STP. Only some Cisco switches and not all get disconnected. I had to unplug the power cord and replug it on all Cisco switches that had the uplink port down to bring them up (because I wasn't able to login to Cisco switches).

     

    Can someone figure out what is happening ?



  • 6.  RE: VSTP load sharing issue

    Posted 12-09-2013 14:50

    Can you post your configuration and a diagram along with the output of "show spanning-tree bridge" and "show spanning-tree interface"?



  • 7.  RE: VSTP load sharing issue

    Posted 12-10-2013 09:43
      |   view attached

    Please find the file attached (config.zip) that has: 1) Diagram 2) Site1-Show spanning-tree bridge 3) Site1-Show spanning-tree interface 4) Site2-Show spanning-tree bridge 5) Site2-Show spanning-tree interface

     

    Juniper at Site 1 is root for VLANs: 20, 23, 24, 26, 28, 29, 201, 203, 215, 222, 223, 230, 231, 233, 234 and 236

    Juniper at Site 2 is root for VLANs: 22, 200, 202, 204, 205, 216, 224, 231, 232, 235

    Cisco switch at Site 2 has become root bridge for Native vlan 50.

     

     

    Following configuration exists on Cisco Trunk ports connecting to Juniper Core switches:

    =========

    For Eg:

    int gi0/1

    switchport mode trunk

    switchport trunk encapsulation dot1q (wherever required)

    switchport trunk native vlan 50

     

     

    Following configuration exists on Juniper core switch Trunk ports connecting to Cisco switches at SITE-1:

    ========

    For Eg:

    set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode trunk vlan members [ 20 22 23 24 26 28 29 201 203 215 216 222 223 230 231 233 234 235 236 ]

    set interfaces ge-0/0/3 unit 0 family ethernet-switching native-vlan-id 50

     

     

    Following configuration exists on Juniper core switch Trunk ports connecting to Cisco switches at SITE-2:

    =========

    For Eg:

    set interfaces ge-0/0/4 unit 0 family ethernet-switching port-mode trunk vlan members [ 20 22 23 24 26 28 29 200 201 202 203 204 205 215 216 224 231 232 234 235 236 ]

    set interfaces ge-0/0/4 unit 0 family ethernet-switching native-vlan-id 50

     

    Following configuration exists on Trunk ports that connect Juniper switches at both sites via Metro-E links (same configuration exists on all 4 trunk ports at both sites connecting Cox and Verizon):

    =======

    set interfaces ge-0/1/2 unit 0 family ethernet-switching port-mode trunk vlan members [ 20 22 23 24 26 28 29 201 203 215 216 231 234 235 236 ]

    set interfaces ge-0/1/2 unit 0 family ethernet-switching native-vlan-id 50

     

    Attachment(s)

    zip
    config.zip   184 KB 1 version


  • 8.  RE: VSTP load sharing issue

    Posted 12-12-2013 08:37

    Can someone help please ?



  • 9.  RE: VSTP load sharing issue

    Posted 12-16-2013 02:44

    Hi starcity,

     

     

    The only thing I can suggest is that Verizon may not be forwarding your STP BPDUs.  When you bring up that link, you (probably) create a loop that will never be blocked, and the ensuing broadcast storm knocks off the other switches.

     

    This should be easy to spot:

     

    Plug in the Verizon interface

    Run show spanning-tree interface ge-x/x/x  (port Verizon is plugged into) on both Juniper switches.  Confirm it is in state DESG on both sides - this means the loop is not being blocked (and you're probably not getting BPDUs across the metro link)

    Run monitor interface traffic and look at the PPS figures for the two metro ports - you'll probably notice them shooting up sky high.

     

     



  • 10.  RE: VSTP load sharing issue

    Posted 03-31-2014 13:49

    Cox was already connected before and after bringing up VERIZON link, some Cisco switches (not all) at both sites went down (off) until the Verizon link was disconnected from Juniper and power cord in Cisco switches were disconnected and reconnected.  

     

    When COX and VERIZON both were connected, I remember using command "show ethernet-switching interfaces ge-0/1/1", that showed "blocked by STP" under Blocking state for interface connected to Verizon link.

     

    I haven't tried anything since 25-nov-2013. Just checking if anyone can figure out what else is happening.



  • 11.  RE: VSTP load sharing issue

    Posted 04-01-2014 12:15

    Someone please help. Does Q-in-Q tunneling help in this case ?



  • 12.  RE: VSTP load sharing issue

    Posted 05-07-2014 03:10

    No - rapid spanning-tree will ignore VLANs, and will still be sent natively.  Usually MetroEthernet services are configured to specifically filter traffic bound for the spanning-tree destination MAC address. 



  • 13.  RE: VSTP load sharing issue

    Posted 06-05-2014 13:52

    I am planning to change the STP protocol from VSTP to "MSTP" on Juniper so that it can support vlan load balancing across COX and VERIZON metro-ethernet links and it does not block one Metro-E link when both are connected.

     

    Do I need to make any change on Cisco switches ? Cisco switches are configured with RPVST+.

     

    Does anyone know about this ?



  • 14.  RE: VSTP load sharing issue

    Posted 06-10-2014 04:13

    Both VSTP and MSTP should support VLAN load-balancing (though in different ways).  

     

    In Junos, you can also support both MSTP and VSTP simultaneously, but to answer your question - PVST+ and MSTP are compatible, but for best results, you should have a common protocol deployed.



  • 15.  RE: VSTP load sharing issue
    Best Answer

    Posted 09-09-2014 11:47

    Instead of going through VSTP-MSTP route, I decided to use LACP. LACP configuration is working with two different metro-e links.