Is static port channel a good idea?

During my CCIE R&S studies (CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1), I have discovered an unexpected behavior of the static port channel: a Layer2 loop! Obviously, in order for that happen, several things must happen.

Suppose to have three switches:

Is-static-port-channel-a-good-idea-topology

 

The Ciscozine-ROOT switch, as the word suggest, is the root bridge (priority 4096); the Ciscozine-ROOT_SEC is the “backup root bridge” (priority 8192), while the Ciscozine-SW has the default priority.

Now suppose that:

  • the ports on the Ciscozine-ROOT_SEC switch toward Ciscozine-SW have already been bundled in a Port-channel using mode on (without Pagp or Lacp protocol).
  • the Ciscozine-SW has no yet configured a port-channel toward Ciscozine-ROOT_SEC; the interfaces are two independent trunks.

What will Spanning-tree do in this case?

  • The Ciscozine-ROOT is the root bridge; for that the two interfaces are designated.
  • The Ciscozine-ROOT_SEC and Ciscozine-SW interfaces toward Ciscozine-ROOT switch are root port.

 

And what happen to the interconnection between the Ciscozine-ROOT_SEC and Ciscozine-SW?

Because Port-channel interfaces are treated as single port by STP, only a single BPDU is sent for the entire Port-channel interface, regardless of how many physical links are bundled.

Is-static-port-channel-a-good-idea-bpdu

The #1 interface of Ciscozine-ROOT_SEC switch forward BPDUs and its neighbor interface (Ciscozine-SW interface #3) will set the interface to alternate (if it is used RSTP) or blocking (if it is used STP), because the BPDUs sent by Ciscozine-ROOT_SEC are superior, due the sender bridge id (priority 8192).

Is-static-port-channel-a-good-idea-stp

 

However, the interface #4 of Ciscozine-SW is not receiving any BPDUs, so becomes “Designated forwarding” and a switching loop is created!
Note: Even though such port (#4) sends BPDUs, they will be ignored by the Ciscozine-ROOT_SEC switch because they are inferior to its own BPDUs.

Is-static-port-channel-a-good-idea-loop

For these reasons two behaviors can happen:

  • STP (802.1D): a permanent switching loop is created!
  • RSTP (802.1w): a layer2 loop is created but blocked by the dispute mechanism, a feature of RSTP and MST.
    How dispute works? If a switch receives a BPDU that indicates that the neighboring switch is going into a state that it shouldn’t, for instance, if a port receives an inferior BPDU that shows a port becoming designated Learning or Forwarding port (not a root port – an inferior BPDU can indeed be received on a port that should be a root port), then the port will move itself into a discarding state.
    In this example, the Dispute mechanism would detect this problem and put the Port-channel to the Discarding state, preventing this loop.
    Remember: The STP dispute mechanism doesn’t need to be configured or activated.
    Note: The Dispute mechanism is yet another and standardized means to detect a unidirectional link.

For that, it is strongly recommended to use a dynamic negotiation protocol (Pagp or Lacp) to allow switches to negotiate the creation of a Port-channel and verify whether the links are eligible for bundling!

1 COMMENT

  1. Hi Fabio,great job!
    I’am a bit confused with this point. Sorry if you don’t understand my question but my English is poor.
    Why would be the ports toward Ciscozine-ROOT_SEC two independent trunks? I think is a misconfiguration. Does it work in a production environment?

    I mean, is practical have those two ports by this way or maybe someone deleted the config?, for example

    Thanks for your help

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.