Hi Guys,
Even if you have STP or MSTP or SEP or RRPP inside your layer 2 network, managing faults is always challenging. Failures often transform to layer 2 loops which severely impacts the business. Some time ago I had an engineering case and I would like to share the story with you. So let’s start.
Working environment is very simple. We have a single RRPP ring deployed like below.
SW3 (master RRPP related configuration)
#
vlan batch 2 to 4094
#
stp disable
#
rrpp enable
#
#
stp region-configuration
instance 1 vlan 2 to 4094
active region-configuration
#
rrpp domain 1
control-vlan 4091
protected-vlan reference-instance 1
ring 1 node-mode t primary-port XGigabitEthernet0/0/2 secondary-port XGigabitEthernet0/0/1 level 0
ring 1 enable
#
interface XGigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp disable
#
interface XGigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp disable
#
-----------------------------------------------------------------------------------------------------------------------------------------
SW1, SW2, SW4 and SW5 RRPP related configuration.
#
vlan batch 2 to 4094
#
stp disable
#
rrpp enable
#
stp region-configuration
instance 1 vlan 2 to 4094
active region-configuration
#
rrpp domain 1
control-vlan 4091
protected-vlan reference-instance 1
ring 1 node-mode transit primary-port XGigabitEthernet0/0/2 secondary-port XGigabitEthernet0/0/1 level 0
ring 1 enable
#
interface XGigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp disable
#
interface XGigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
stp disable
#
What do you think it will happen if we deploy this configuration? It will successfully break the loop and avoid any broadcast storm? Apparently this configuration will guaranty a loop free domain, but we didn’t consider one point.
VLAN 1, default vlan, is not protected. Even If we didn’t explicitly configured, as you can see below, VLAN 1 is contained by all interfaces, because is the default vlan, which cannot be deleted and does not need to be created.
--------------------------------------------------------------------------------
1 common UT:GE0/0/2(D) GE0/0/3(D) GE0/0/4(U) GE0/0/5(D)
GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D)
GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D)
GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D)
GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/22(D)
GE0/0/23(U) GE0/0/24(D) XGE0/0/1(U) XGE0/0/2(D)
#
vlan batch 2 to 4094
#
stp region-configuration
instance 1 vlan 2 to 4094
In this situation, broadcast storm might occur on vlan1 causing equipments to overload and disrupt traffic on other vlans, including control-vlan 4091, so hello control packets will be loss and RRPP ring will become unstable. You don’t to experience this.
You have two solutions:
1. 1. Adjust region configuration to include vlan 1.
#
stp region-configuration
instance 1 vlan 1 to 4094
2. #
2. 2. Remove vlan 1 from trunks.
#
interface XGigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2 to 4094
stp disable
#
That’s all, hope to find this case useful.