Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree

    The QFX Series products provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Loop protection increases the efficiency of STP, RSTP, and MSTP by preventing interfaces from moving into a forwarding state that would create a loop in the network.

    This example describes how to configure loop protection for an interface for the QFX Series in an RSTP topology:

    Requirements

    This example uses the following hardware and software components:

    • Junos OS Release 11.1 or later for the QFX Series
    • Three switches in an RSTP topology

    Note: By default, RSTP is enabled for the QFX Series.

    Overview and Topology

    A loop-free network in spanning-tree topologies is supported through the exchange of a special type of frame called a bridge protocol data unit (BPDU). Peer STP applications running on the switch interfaces use BPDUs to communicate. Ultimately, the exchange of BPDUs determines which interfaces block traffic (preventing loops) and which interfaces become root ports and forward traffic.

    A blocking interface can transition to the forwarding state in error if the interface stops receiving BPDUs from its designated port on the segment. Such a transition error can occur when there is a hardware error on the switch or software configuration error between the switch and its neighbor. When this happens, a loop appears in the spanning tree. Loops in a Layer 2 topology cause broadcast, unicast, and multicast frames to continuously circle the looped network. As a switch processes a flood of frames in a looped network, its resources become depleted, and the ultimate result is a network outage.

    Note: An interface can be configured for either loop protection or root protection, but not for both.

    Three switches are displayed in Figure 1. In this example, they are configured for RSTP and create a loop-free topology. Interface xe-0/0/6 is blocking traffic between Switch 3 and Switch 1; thus, traffic is forwarded through interface xe-0/0/7 on Switch 2. BPDUs are being sent from the root bridge on Switch 1 to both of these interfaces.

    This example shows how to configure loop protection on interface xe-0/0/6 to prevent it from transitioning from a blocking state to a forwarding state and creating a loop in the spanning-tree topology.

    Figure 1: Network Topology for Loop Protection

    Network Topology for Loop
Protection

    Table 1 shows the components that will be configured for loop protection.

    Table 1: Topology for Configuring Loop Protection on the QFX Series

    Components

    Settings

    Switch 1

    Switch 1 is the root bridge.

    Switch 2

    Switch 2 has the root port xe-0/0/7.

    Switch 3

    Switch 3 is connected to Switch 1 through interface xe-0/0/6.

    A spanning-tree topology contains ports that have specific roles:

    • The root port is responsible for forwarding data to the root bridge.
    • The alternate port is a standby port for the root port. When a root port goes down, the alternate port becomes the active root port.
    • The designated port forwards data to the downstream network segment or device.

    This configuration example uses an RSTP topology. However, you can also configure loop protection for STP or MSTP topologies at the [edit protocols (mstp | stp)] hierarchy level.

    Configuration

    CLI Quick Configuration

    To quickly configure loop protection on interface xe-0/0/6:

    [edit]
    set protocols rstp interface xe-0/0/6 bpdu-timeout-action block

    Step-by-Step Procedure

    To configure loop protection:

    1. Configure interface xe-0/0/6 on Switch 3:
      [edit protocols rstp]
      user@switch# set interface xe-0/0/6bpdu-timeout-action block

    Results

    Check the results of the configuration:

    user@switch> show configuration protocols rstp
    interface xe-0/0/6.0 {
    bpdu-timeout-action {
    block;
    }
    }

    Verification

    To confirm that the configuration is working properly, perform these tasks:

    Displaying the Interface State Before Loop Protection Is Triggered

    Purpose

    Before loop protection is triggered on interface xe-0/0/6, confirm that the interface is blocked.

    Action

    Display the interface state and role before applying root protection:

    Spanning tree interface parameters for instance 0
    
    Interface    Port ID    Designated      Designated         Port    State  Role
                             port ID        bridge ID          Cost
    xe-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
    xe-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
    xe-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
    xe-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
    xe-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
    xe-0/0/5.0     128:518      128:518  32768.0019e2503f00     20000  FWD    DESG 
    xe-0/0/6.0     128:519        128:2  16384.00aabbcc0348     20000  BLK    ALT 
    [output truncated]
    

    Meaning

    The output from the operational mode command show spanning-tree interface shows that xe-0/0/6.0 is the alternate port and is blocked.

    Verifying That Loop Protection Is Working on an Interface

    Purpose

    Verify that the loop protection configuration on interface xe-0/0/6. RSTP has been disabled on interface xe-0/0/4 on Switch 1. This stops BPDUs from being sent to interface xe-0/0/6 and triggering loop protection on that interface.

    Action

    Display the interface state and role after applying root protection:

    Spanning tree interface parameters for instance 0
    
    Interface    Port ID    Designated      Designated         Port    State  Role
                             port ID        bridge ID          Cost
    xe-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
    xe-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
    xe-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
    xe-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
    xe-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
    xe-0/0/5.0     128:518      128:518  32768.0019e2503f00     20000  FWD    DESG 
    xe-0/0/6.0     128:519      128:519  32768.0019e2503f00     20000  BLK    DIS (Loop-Incon)
    [output truncated]
    

    Meaning

    The operational mode command show spanning-tree interface shows that interface xe-0/0/6.0 has detected that BPDUs are no longer being forwarded to it and has moved into a loop-inconsistent state. The loop-inconsistent state prevents the interface from transitioning to a forwarding state. The interface recovers and transitions back to its original state as soon as it receives BPDUs.

    Modified: 2017-09-13