STP Behaviour in VPC
STP Behaviour in VPC
STP Behavior in vPC:
vPC system is created to avoid the STP blocked ports and hence provide the loop free layer -2 topology.
In vPC STP provide the following function:
- Protect the Layer 2 network by detection and breaking any loops before vPC configuration
- Provides the loop free path for non-vPC attached device
- Manages the loop when vPC is added or removed
While doing the STP configuration, it is recommend to configure the same parameter both side.
- STP mode (RPVST or MST)
- STP region configuration for MST
- Enable/disable state per VLAN
- Bridge Assurance setting
- STP Port type setting (Enable or Disable edge port type by default on all access ports)
- Loop Guard settings (Enable or Disable loop guard by default on all ports)
- BPDU Guard settings (Enable or Disable BPDU guard by default on all edge ports)
- BPDU filter settings ((Enable or Disable BPDU filter by default on all edge ports)
- STP Port type setting (edge, network or normal)
- Loop Guard (enabled or disabled)
- Root Guard (enabled or disabled)
- BPDU Filter
- BPDU Guard
If any of the parameter is misconfigured then type 1 consistency error is detected and we have already learned that what happened when type-1 consistency error occurs.
vPC and STP BPDU Flow:
Even though vPC is configured on both Peer- device , STP still runs and BPDU are still processed.In vPC system ,the primary switch will process and reply for BPDU and it is the primary switch which will send the STP Root Bridge information to all switches which are part of vPC system.Whenever any secondary role vPC device received any BPDU from access switches, it is proxies towards to vPC Primary vPC peer device.
Both vPC member ports on both peer device always share same STP port state.
While configuring the STP on vPC system the following recommendation must be taken in to consideration.
- Always define the vPC domain as STP root for all VLAN in that domain (configure aggregation vPC peer devices as STP root primary and STP root secondary)
- Enforce this rule by implementing STP root guards on vPC peer devices ports connected to another L2 switch.
When user configures the port-channel as vPC peer-link (adding keyword “vpc peer-link”), the system automatically turns on Bridge Assurance on the link. Bridge Assurance is a STP extension that protects L2 network from any unidirectional link event caused by physical cable failure or adjacent switch control plane failure.