During my CCIE R&S studies (CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1), I have discovered an unexpected behavior of the static port channel: a Layer2 loop! Obviously, in order for that happen, several things must happen.
Suppose to have three switches:
The Ciscozine-ROOT switch, as the word suggest, is the root bridge (priority 4096); the Ciscozine-ROOT_SEC is the “backup root bridge” (priority 8192), while the Ciscozine-SW has the default priority.
Now suppose that:
- the ports on the Ciscozine-ROOT_SEC switch toward Ciscozine-SW have already been bundled in a Port-channel using mode on (without Pagp or Lacp protocol).
- the Ciscozine-SW has no yet configured a port-channel toward Ciscozine-ROOT_SEC; the interfaces are two independent trunks.
What will Spanning-tree do in this case?
- The Ciscozine-ROOT is the root bridge; for that the two interfaces are designated.
- The Ciscozine-ROOT_SEC and Ciscozine-SW interfaces toward Ciscozine-ROOT switch are root port.
And what happen to the interconnection between the Ciscozine-ROOT_SEC and Ciscozine-SW?
Because Port-channel interfaces are treated as single port by STP, only a single BPDU is sent for the entire Port-channel interface, regardless of how many physical links are bundled.
The #1 interface of Ciscozine-ROOT_SEC switch forward BPDUs and its neighbor interface (Ciscozine-SW interface #3) will set the interface to alternate (if it is used RSTP) or blocking (if it is used STP), because the BPDUs sent by Ciscozine-ROOT_SEC are superior, due the sender bridge id (priority 8192).
However, the interface #4 of Ciscozine-SW is not receiving any BPDUs, so becomes “Designated forwarding” and a switching loop is created!
Note: Even though such port (#4) sends BPDUs, they will be ignored by the Ciscozine-ROOT_SEC switch because they are inferior to its own BPDUs.
For these reasons two behaviors can happen:
- STP (802.1D): a permanent switching loop is created!
- RSTP (802.1w): a layer2 loop is created but blocked by the dispute mechanism, a feature of RSTP and MST.
How dispute works? If a switch receives a BPDU that indicates that the neighboring switch is going into a state that it shouldn’t, for instance, if a port receives an inferior BPDU that shows a port becoming designated Learning or Forwarding port (not a root port – an inferior BPDU can indeed be received on a port that should be a root port), then the port will move itself into a discarding state.
In this example, the Dispute mechanism would detect this problem and put the Port-channel to the Discarding state, preventing this loop.
Remember: The STP dispute mechanism doesn’t need to be configured or activated.
Note: The Dispute mechanism is yet another and standardized means to detect a unidirectional link.
For that, it is strongly recommended to use a dynamic negotiation protocol (Pagp or Lacp) to allow switches to negotiate the creation of a Port-channel and verify whether the links are eligible for bundling!
Hi Fabio,great job!
I’am a bit confused with this point. Sorry if you don’t understand my question but my English is poor.
Why would be the ports toward Ciscozine-ROOT_SEC two independent trunks? I think is a misconfiguration. Does it work in a production environment?
I mean, is practical have those two ports by this way or maybe someone deleted the config?, for example
Thanks for your help