MX250 RSTP

nadalfan1984
Here to help

MX250 RSTP

I'm having a hard time understanding how the MX250's handle and participate RSTP.  Since Meraki runs RSTP, to my knowledge, any physical loop will be blocked regardless of VLAN configuration (unlike PVST in Cisco).  So does the MX250 just forward all BPDUs to all connected LAN interfaces?  My assumption is as follows. 

 

Note: All ports are forwarding unless there is an X specified for the link in the diagram

 

- Agg1 switch is the root switch in the topology so all connected interfaces go designated/forwarding

- Agg1 BPDU is sent out on port 22 to Agg2 & port 24 to MX250-1

- MX250-1 forwards Agg1 BPDU out of all LAN ports

- Agg2 now receives Agg1 BPDU on port 24 from MX250-1 and then blocks the connection since it already has a better path to Agg1 (root).

- I don't understand how all 3 connections from Dist2 to MX250-1 are in the forwarding state?  If all BPDUs are being blindly forwarded by the MX250-1 (similar to a hub) then two of the connections would end up going to backup port state.

 

Anyways, I'm very confused!  Any help would be much appreciated!

 

 

 

IMG_1340.jpg

7 REPLIES 7
BrechtSchamp
Kind of a big deal

MX doesn't participate in STP! It will just forward all your BPDUs. So make sure whatever STP algorithm you use is configured correctly on (all) the switches.

 

Source:

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

 

You didn't mention what switches you use but if it's Cisco traditional, they will indeed build spanning-trees per VLAN so the states of the ports depend on how your trunks are configured.

 

MS does support RSTP. If you're interconnecting Cisco traditional switches with Meraki MS keep in mind the following:

This is a Cisco proprietary protocol on Catalyst/Nexus switches that is compatible with Spanning tree (802.1D) and RSTP (802.1w). It is important to note however that because Rapid-PVST is a multi-VLAN spanning tree protocol, in order for the MS series switches to participate in spanning tree a spanning tree instance must be running on VLAN 1 of all switches and VLAN 1 is allowed on all trunk ports running Rapid-PVST so that BPDUs are seen by the Meraki switches in the topology.  In this configuration, the MS series switches should never be the STP Root Bridge.

Source:

https://documentation.meraki.com/MS/Deployment_Guides/Advanced_MS_Setup_Guide 

All switches are Meraki


@BrechtSchamp wrote:

MX doesn't participate in STP! It will just forward all your BPDUs. So make sure whatever STP algorithm you use is configured correctly on (all) the switches.

 

Source:

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

 

You didn't mention what switches you use but if it's Cisco traditional, they will indeed build spanning-trees per VLAN so the states of the ports depend on how your trunks are configured.

 

MS does support RSTP. If you're interconnecting Cisco traditional switches with Meraki MS keep in mind the following:

This is a Cisco proprietary protocol on Catalyst/Nexus switches that is compatible with Spanning tree (802.1D) and RSTP (802.1w). It is important to note however that because Rapid-PVST is a multi-VLAN spanning tree protocol, in order for the MS series switches to participate in spanning tree a spanning tree instance must be running on VLAN 1 of all switches and VLAN 1 is allowed on all trunk ports running Rapid-PVST so that BPDUs are seen by the Meraki switches in the topology.  In this configuration, the MS series switches should never be the STP Root Bridge.

Source:

https://documentation.meraki.com/MS/Deployment_Guides/Advanced_MS_Setup_Guide 


 

 

I understand that the MX250 doesn't participate in STP I apologize for wording it wrong. My question more less relates to the transmission of the BPDUs. I don't understand how three separate links coming from Distribution 2 are in the forwarding state. If all BPDUs are forwarded from each switch then I don't understand how two of the ports wouldn't be in the blocking state since we are using all Meraki switches using RSTP which causes a Common Spanning Tree. In fact, when I do a packet capture on the MX LAN interfaces the only RSTP traffic I see is from the root switch. So does the MX250 only forward BPDUs from the root? Thanks

Actually, I think the capture only contains BPDU's from the root switch because it's the only one sending BPDU's. Once Agg2 receives a BPDU from Agg1 via whichever path, it knows it's not root so it stops sending BPDU's. That's part one of the STP process. Determining the root bridge.

 

Now for the second part the port states. You have to imagine the MX not altering anything in the BPDU's but just forwarding it out of all ports. If you look at it from that point of view you'll see that the switchports will receive lots of duplicate BPDU's due to MX's flooding. In those cases tie breakers will be used to determine root ports. After that, for all segments designated ports will be defined. All other ports will be set to blocking.

 

I would indeed be surprised if none of the three ports connecting the Dist 2 to the MX (26, 27, 28) are put in blocking, as with the MX not blocking ports either, that would mean multiple loops.

 

What I would do is draw out the full schematic, put the port statusses on it and see what the topology looks like. See if you can find any loops. If you can, double check your port settings. Make sure all have rstp enabled on all switchports and switches.


@BrechtSchamp wrote:

Actually, I think the capture only contains BPDU's from the root switch because it's the only one sending BPDU's. Once Agg2 receives a BPDU from Agg1 via whichever path, it knows it's not root so it stops sending BPDU's. That's part one of the STP process. Determining the root bridge.

 

Now for the second part the port states. You have to imagine the MX not altering anything in the BPDU's but just forwarding it out of all ports. If you look at it from that point of view you'll see that the switchports will receive lots of duplicate BPDU's due to MX's flooding. In those cases tie breakers will be used to determine root ports. After that, for all segments designated ports will be defined. All other ports will be set to blocking.

 

I would indeed be surprised if none of the three ports connecting the Dist 2 to the MX (26, 27, 28) are put in blocking, as with the MX not blocking ports either, that would mean multiple loops.

 

What I would do is draw out the full schematic, put the port statusses on it and see what the topology looks like. See if you can find any loops. If you can, double check your port settings. Make sure all have rstp enabled on all switchports and switches.


 

Thanks for the response but that isn't correct.  RSTP neighbors receive on root ports and send on designated ports.  I verified this with wireshark and labeled the sending BPDUs in the topology as in accordance with that in a fully converged topology.  You are thinking of traditional STP. 

 

As for the switches, all have RSTP on.  Agg1 has 0 priority and Agg2 4096.  The distribution switches are default priority.  I have already checked port status for all switches and indicated the state in the diagram by marking the blocked ports with an x. 

Hmm you're right sorry. If I find some time I will do some testing of my own.


@BrechtSchamp wrote:

Hmm you're right sorry. If I find some time I will do some testing of my own.


Awesome!  Will be anxious to see what you find.  Thanks!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels