This post represents the solution and explanation for quiz-19.
Have a look at it to understand the problem.
Quiz Review
This quiz talks about making configuration changes to the MSTP by modifying the vlan to instance mapping. There are 4 switches (Dist-1, Dist-2, Acc-1 and Acc-2), all configured to run MSTP with one region:
- Dist-1 is primary root for MST0 and MST1 and secondary root for MST2
- Dist-2 is primary root for MST2 and secondary root for MST0 and MST1
At this moment, the network engineer
MSTP Review
Before explaining why this happens, let's review some of the characteristics of MSTP:
- MSTP uses the concept of regions = a collection of switches that share the same MSTP configuration
- the following must match for two switches to consider themselves in the same region:
- configuration name
- revision number
- vlan to instance mapping
- switches do not exchange the vlan-to-instance mapping but instead, they compute a hash of this mapping and exchange it between them
- vlans that are not mapped to a specific instance will be automatically in IST / MST 0
Usually you configure a single MSTP Region for your network. Of course, there might be cases when more regions would make more sense, but these are corner cases.
In case that
- the switch with the lowest Bridge ID among all regions will be selected as CIST Root (Common and Internal Spanning Tree)
- the links between the regions are known as boundaries
- switches that contain boundary links are known as boundary switches
- each region will elect a Regional Root based on the lowest external cost toward the CIST Root - only boundary switches are eligible for this election !
One result of the above rules is: between two regions, only one boundary port will be in FWD state - the rest of boundary ports will be in BLOCKING state.
Quiz Explanation
As soon as the junion engineer changes the vlan-to-instance mapping (by moving vlan 200 to instance 2),
The next diagram shows how the ports' state will change for vlans in instance 2 / MST 2, as the engineer made the configuration touching the switching in this order Acc-1 --> Acc-2 --> Dist-1 --> Dist-2:
A continuous ping between two hosts in vlan 150 (mapped to MST2), connected to Acc-1 and Acc-2 respectively, shows that connectivity is lost during re-convergence. The time of impact could be different depending on whether the portfast/edge feature is configured or not on the ports connected to the hosts:
- portfast not enabled - note the 30 sec outage (2x forward delay):
host-2#ping 192.168.150.1 timeout 1 repeat 10000000 Type escape sequence to abort. Sending 10000000, 100-byte ICMP Echos to 192.168.150.1, timeout is 1 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!............................... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- portfast enabled - note the 2 sec outage:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.. !!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Solutions
For the first time since writing quizzes on this website,
The only way to do such configuration changes to the MSTP in production environments is by scheduling a maintenance window approved by all teams impacted.
Of course, not all MST instances are impacted the same: for example, after reconvergence some interfaces could maintain the same status (BLK or FWD) for some instances/vlans but not for other ones.
My point of view is: in networks like the one in diagram with MSTP between Access Layer and Aggregation Layer, you can count how many possible ways/paths exist between the Access Layer and Aggregation Layer (usually equal to the number of uplinks) - and this case (and most of the cases) this number is 2: from access switches to aggregation there are only two uplinks / paths. In this case, with two MST instances you cover all situations. As a result, you map half of the vlans to instance 1 and the other half to instance 2, so that you will never have to change the mapping again.
Remember that it is always a good practice with MSTP to avoid leaving vlans in IST / MST 0 instance (more about this in future quizzes/posts.
In the end of this article, I'm attaching another diagram with the states for vlan 200 (the one that is newly added into production). During the process, this vlan 200 will be mapped to IST / MST 0 in some regions and to MST 2 in others. As you can see from this diagram, the impact on vlan 200 is much less than for vlans 100-199 (MST 2) shown above - this is because most of the times, the same interfaces remain blocked:
Thank you for your comments into the quiz !
Subscribe to this blog to get more interesting quizzes and detailed solutions.
Costi is a network and security engineer with over 10 years of experience in multi-vendor environments. He holds a CCIE Routing and Switching certification and is currently pursuing same expert-level certifications in other areas. He believes that the best way to learn and understand networking topics is to challenge yourself to fix different problems, production-wise or lab-type exams. He also enjoys teaching networking and security technologies, whevever there is an opportunity for it.
Comments
comments powered by Disqus