802.1s – Multiple Spanning Tree – Regions

I’m not going into the basics of 802.1s as there is plenty of documentation showing that. The main point of this blog is to see how the actual regions work.

For this blog I’ll be using the following topology:

I’ve created vlan 10, 20, 30, 40, 50, 60, 70, 80, 90, and 100 on all devices. VTP is OFF. I have created int vlan 10 and int vlan 30 on each switch, with addressing like so: 10.10.10.x and 30.30.30.x (x being the switch number) This will allow us to test connectivity.

I’ve got the following config on all these switches:

spanning-tree mode mst
!
spanning-tree mst configuration
 name mellowd
 revision 1
 instance 1 vlan 10, 30, 70
 instance 2 vlan 20, 40, 50

Any vlan not associated with an instance is automatically associated with instance 0. We can check this:

SW1#show span mst con
Name      [mellowd]
Revision  1     Instances configured 3

Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-9,11-19,21-29,31-39,41-49,51-69,71-4094
1         10,30,70
2         20,40,50
-------------------------------------------------------------------------------

MST considers switches to be in the same region, as long as their vlan to instance mapping, name, and revision match. If any one of these are different, they are in different regions. As they all currently match, let’s have a look at the spanning tree:

SW2#sh span mst 0

##### MST0    vlans mapped:   1-9,11-19,21-29,31-39,41-49,51-69,71-4094
Bridge        address 001c.f903.d580  priority      32768 (32768 sysid 0)
Root          address 0012.daf2.c300  priority      32768 (32768 sysid 0)
              port    Fa0/23          path cost     0
Regional Root address 0012.daf2.c300  priority      32768 (32768 sysid 0)
                                      internal cost 200000    rem hops 19
Operational   hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured    hello time 2 , forward delay 15, max age 20, max hops    20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/20           Altn BLK 200000    128.22   P2p
Fa0/23           Root FWD 200000    128.25   P2p

SW2 is showing SW1 as the root of MST 0. It also shows up as the regional root. I’ll expand on that a bit more later. The ports are both point-to-point. We can expand on the actual spanning-tree interface to see that:

SW2#sh span mst interface  fa0/23

FastEthernet0/23 of MST0 is root forwarding
Edge port: no             (default)        port guard : none        (default)
Link type: point-to-point (auto)           bpdu filter: disable     (default)
Boundary : internal                        bpdu guard : disable     (default)
Bpdus sent 9, received 399

Instance Role Sts Cost      Prio.Nbr Vlans mapped
-------- ---- --- --------- -------- -------------------------------
0        Root FWD 200000    128.25   1-9,11-19,21-29,31-39,41-49,51-69
                                     71-4094
1        Root FWD 200000    128.25   10,30,70
2        Root FWD 200000    128.25   20,40,50

You’ll notice the Boundry shows as internal.

Let’s take a look at the tree from SW4’s perspective for vlan 10:

SW4#sh span vlan 10

MST1
  Spanning tree enabled protocol mstp
  Root ID    Priority    32769
             Address     0012.daf2.c300
             Cost        200000
             Port        21 (FastEthernet0/21)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0017.0e23.d380
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/20              Desg FWD 200000    128.20   P2p
Fa0/21              Root FWD 200000    128.21   P2p
Fa0/22              Altn BLK 200000    128.22   P2p
Fa0/24              Desg FWD 200000    128.24   P2p

Vlan 10 and vlan 30 are part of the same MST instance. They share the same tree. If you manually prune certain vlans off certain links, this can spell disaster in an MST set up. Let’s check if SW4 has connectivity to SW1’s vlan 10 and vlan 30 interfaces:

SW4#ping 10.10.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
SW4#ping 30.30.30.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.30.30.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

fa0/21 is currently the root port. If I prune vlan 30 off that link, it will NOT use the alternative port. In PVST+ it will, since the spanning-tree for vlan 30 will recalculate

interface FastEthernet0/21
 switchport trunk allowed vlan 1-29,31-4094

SW4#ping 30.30.30.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.30.30.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW4#ping 10.10.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

vlan 30 traffic is now getting black-holed, while vlan 10 still works. I’ll remove the prune to move onto the next.

Now let’s say we add another vlan mapping to SW2. We create vlan 110 and map it to instance 2. What happens?

SW2#sh span mst configuration
Name      [mellowd]
Revision  1     Instances configured 3

Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-9,11-19,21-29,31-39,41-49,51-69,71-109,111-4094
1         10,30,70
2         20,40,50,110
-------------------------------------------------------------------------------

If I now check the MST0:

SW2#sh span mst 0

##### MST0    vlans mapped:   1-9,11-19,21-29,31-39,41-49,51-69,71-109
                               111-4094
Bridge        address 001c.f903.d580  priority      32768 (32768 sysid 0)
Root          address 0012.daf2.c300  priority      32768 (32768 sysid 0)
              port    Fa0/23          path cost     200000
Regional Root this switch
Operational   hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured    hello time 2 , forward delay 15, max age 20, max hops    20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/20           Altn BLK 200000    128.22   P2p Bound(RSTP)
Fa0/23           Root FWD 200000    128.25   P2p Bound(RSTP)

The ports have changed from P2p to PtP Bound(RSTP). Let’s take a look at the actual root port again:

SW2#sh span mst interface  fa0/23

FastEthernet0/23 of MST0 is root forwarding
Edge port: no             (default)        port guard : none        (default)
Link type: point-to-point (auto)           bpdu filter: disable     (default)
Boundary : boundary       (RSTP)           bpdu guard : disable     (default)
Bpdus sent 5, received 61

Instance Role Sts Cost      Prio.Nbr Vlans mapped
-------- ---- --- --------- -------- -------------------------------
0        Root FWD 200000    128.25   1-9,11-19,21-29,31-39,41-49,51-69
                                     71-109,111-4094
1        Mstr FWD 200000    128.25   10,30,70
2        Mstr FWD 200000    128.25   20,40,50,110

The boundry now shows up as boundry. These switches now consider themselves to be in different regions. All that has changed is we have added another vlan to instance 2. The name and revision is still the same, but remember all 3 have to match. As this is a boundry, they actually run rapid spanning tree between them.

A single region will present itself as a single bridge with multiple links to another switch. This means you could have 100 switches in an MST region connected with multiple links to a single 802.1d-2004 switch. That 802.1d-2004 will assume that all these links go to a single bridge.

If you connect multiple MST regions together, each region will have their own regional root, but they will see the best regional root as the actual root. You can check this on SW2:

SW2#sh span mst 0 detail

##### MST0    vlans mapped:   1-9,11-19,21-29,31-39,41-49,51-69,71-109
                               111-4094
Bridge        address 001c.f903.d580  priority      32768 (32768 sysid 0)
Root          address 0012.daf2.c300  priority      32768 (32768 sysid 0)
              port    Fa0/23          path cost     200000
Regional Root this switch

SW2 sees SW1 as the root bridge, but sees itself as the root of it’s own region. In order for multiple-region MST to work, the overall root bridge has to be in an MST region. If we make SW3 a non-MST bridge, and lower it’s priority to 0, it won’t work:

Sw3
spanning-tree mode rapid-pvst
!
spanning-tree vlan 1-4094 priority 0

I immediately get this error on SW4:

%SPANTREE-2-PVSTSIM_FAIL: Blocking root port Fa0/24: Inconsitent inferior PVST BPDU received on VLAN 10, claiming root 10:0017.0e23.a800

If you check the spanning-tree now:

SW4#sh span mst 0 | include Fa0/24
              port    Fa0/24          path cost     200000
Fa0/24           Root BKN*200000    128.24   P2p Bound(PVST) *PVST_Inc

SW4 has blocked this port. This means no traffic can get to SW3:

SW4#ping 10.10.10.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

If I remove the priority on SW3, all goes back to normal:

%SPANTREE-2-PVSTSIM_OK: PVST Simulation inconsistency cleared on port FastEthernet0/24.

SW4#sh span mst 0 | include Fa0/24
Fa0/24           Desg FWD 200000    128.24   P2p Bound(PVST) *PVST_Inc
SW4#ping 10.10.10.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Conclusions:

  • Vlan to instance mappings, revision, and instance name need to match in order for switches to be in the same region
  • Vlans do not actually need to be created, or even allowed over trunks in order to be mapped to an instance. The essential part of the vlan id to instance mapping
  • If any one of the above doesn’t match, switches are in different regions and will run RSTP between them
  • Manually pruning vlans can lead to black-holing of traffic
  • If running multiple regions with legacy switches, always ensure one of the MST switches is actually the root (just use priority 0)

© 2009-2020 Darren O'Connor All Rights Reserved -- Copyright notice by Blog Copyright