Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree

    Note: This example uses Junos OS for SRX Series devices with support for the Enhanced Layer 2 Software (ELS) configuration style. For ELS details, see Getting Started with Enhanced Layer 2 Software.

    SRX Series devices provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Loop protection increases the efficiency of STP, RSTP, and MSTP by preventing interfaces from moving into a forwarding state that would result in a loop opening up in the network.

    This example describes how to configure loop protection for an interface on a SRX Series device in an RSTP topology:

    Requirements

    This example uses the following software and hardware components:

    • Junos OS Release 15.1X49-D70 or later
    • Three SRX Series devices in an RSTP topology

    Before you configure the interface for loop protection, be sure you have:

    • RSTP operating on the devices.

    Overview

    A loop-free network in spanning-tree topologies is supported through the exchange of a special type of frame called bridge protocol data unit (BPDU). Peer STP applications running on the device interfaces use BPDUs to communicate. Ultimately, the exchange of BPDUs determines which interfaces block traffic (preventing loops) and which interfaces become root ports and forward traffic.

    A blocking interface can transition to the forwarding state in error if the interface stops receiving BPDUs from its designated port on the segment. Such a transition error can occur when there is a hardware error on the device or software configuration error between the device and its neighbor. When this happens, a loop opens up in the spanning tree. Loops in a Layer 2 topology cause broadcast, unicast, and multicast frames to continuously circle the looped network. As a device processes a flood of frames in a looped network, its resources become depleted and the ultimate result is a network outage.

    Caution: An interface can be configured for either loop protection or root protection, but not for both.

    In this example, they are configured for RSTP and create a loop-free topology. Interface ge-0/0/6 is blocking traffic between device 3 and device 1; thus, traffic is forwarded through interface ge-0/0/7 on device 2. BPDUs are being sent from the root bridge on device 1 to both of these interfaces.

    This example shows how to configure loop protection on interface ge-0/0/6 to prevent it from transitioning from a blocking state to a forwarding state and creating a loop in the spanning-tree topology.

    A spanning-tree topology contains ports that have specific roles:

    • The root port is responsible for forwarding data to the root bridge.
    • The alternate port is a standby port for the root port. When a root port goes down, the alternate port becomes the active root port.
    • The designated port forwards data to the downstream network segment or device.

    This configuration example uses an RSTP topology. However, you also can configure loop protection for MSTP topologies at the [edit protocols mstp ] hierarchy level.

    Configuration

    To configure loop protection on an interface:

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    set protocols rstp interface ge-0/0/6 bpdu-timeout-action block

    Step-by-Step Procedure

    To configure loop protection:

    1. Configure interface ge-0/0/6 on device 3:
      [edit protocols rstp]
      user@host# set interface ge-0/0/6 bpdu-timeout-action block

    Results

    Check the results of the configuration:

    user@host> show configuration protocols rstp
    interface ge-0/0/6 {
    bpdu-timeout-action {
    block;
    }
    }

    Verification

    To confirm that the configuration is working properly, perform these tasks:

    Displaying the Interface State Before Loop Protection Is Triggered

    Purpose

    Before loop protection is triggered on interface ge-0/0/6, confirm that the interface is blocking.

    Action

    Use the operational mode command:

    user@host> show spanning-tree interface
    Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/1     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/2     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/3     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/4     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/5     128:518      128:518  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/6     128:519        128:2  16384.00aabbcc0348     20000  BLK    ALT 
[output truncated]

    Meaning

    The output from the operational mode command show spanning-tree interface shows that ge-0/0/6 is the alternate port and in a blocking state.

    Verifying That Loop Protection Is Working on an Interface

    Purpose

    Verify the loop protection configuration on interface ge-0/0/6. RSTP has been disabled on interface ge-0/0/4 on device 1. This will stop BPDUs from being sent to interface ge-0/0/6 and trigger loop protection on the interface.

    Action

    Use the operational mode command:

    user@host> show spanning-tree interface
    Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/1     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/2     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/3     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/4     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/5     128:518      128:518  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/6     128:519      128:519  32768.0019e2503f00     20000  BLK    DIS (Loop-Incon)
[output truncated]

    Meaning

    The operational mode command show spanning-tree interface shows that interface ge-0/0/6 has detected that BPDUs are no longer being forwarded to it and has moved into a loop-inconsistent state. The loop-inconsistent state prevents the interface from transitioning to a forwarding state. To clear the BPDU error, issue the operational mode command clear error bpdu interface on the device. The interface recovers and transitions back to its original state as soon as it receives BPDUs.

     

    Related Documentation

     

    Modified: 2017-03-02

    Previous Page Next Page