[an error occurred while processing this directive] [an error occurred while processing this directive]

Example: Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree on EX Series Switches

EX Series switches provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Loop protection increases the efficiency of STP, RSTP, and MSTP by preventing interfaces from moving into a forwarding state that would result in a loop opening up in the network.

This example describes how to configure loop protection for an interface on an EX Series switch in an RSTP topology:

Requirements

This example uses the following hardware and software components:

  • JUNOS Release 9.1 or later for EX Series switches
  • Three EX Series switches in an RSTP topology

Before you configure the interface for loop protection, be sure you have:

  • RSTP operating on the switches.

Note: By default, RSTP is enabled on all EX Series switches.

Overview and Topology

A loop-free network in spanning-tree topologies is supported through the exchange of a special type of frame called bridge protocol data unit (BPDU). Peer STP applications running on the switch interfaces use BPDUs to communicate. Ultimately, the exchange of BPDUs determines which interfaces block traffic (preventing loops) and which interfaces become root ports and forward traffic.

A blocking interface can transition to the forwarding state in error if the interface stops receiving BPDUs from its designated port on the segment. Such a transition error can occur when there is a hardware error on the switch or software configuration error between the switch and its neighbor. When this happens, a loop opens up in the spanning tree. Loops in a Layer 2 topology cause broadcast, unicast, and multicast frames to continuously circle the looped network. As a switch processes a flood of frames in a looped network, its resources become depleted and the ultimate result is a network outage.

Caution: An interface can be configured for either loop protection or root protection, but not for both.

Three EX Series switches are displayed in Figure 1. In this example, they are configured for RSTP and create a loop-free topology. Interface ge-0/0/6 is blocking traffic between Switch 3 and Switch 1; thus, traffic is forwarded through interface ge-0/0/7 on Switch 2. BPDUs are being sent from the root bridge on Switch 1 to both of these interfaces.

This example shows how to configure loop protection on interface ge-0/0/6 to prevent it from transitioning from a blocking state to a forwarding state and creating a loop in the spanning-tree topology.

Figure 1: Network Topology for Loop Protection

Image g020150.gif

Table 1 shows the components that will be configured for loop protection.

Table 1: Components of the Topology for Configuring Loop Protection on EX Series Switches

Property

Settings

Switch 1

Switch 1 is the root bridge.

Switch 2

Switch 2 has the root port ge-0/0/7.

Switch 3

Switch 3 is connected to Switch 1 through interface ge-0/0/6.

A spanning-tree topology contains ports that have specific roles:

  • The root port is responsible for forwarding data to the root bridge.
  • The alternate port is a standby port for the root port. When a root port goes down, the alternate port becomes the active root port.
  • The designated port forwards data to the downstream network segment or device.

This configuration example uses an RSTP topology. However, you also can configure loop protection for STP or MSTP topologies at the [edit protocols (mstp | stp)] hierarchy level.

Configuration

To configure loop protection on an interface:

CLI Quick Configuration

To quickly configure loop protection on interface ge-0/0/6:


[edit]
set protocols rstp interface ge-0/0/6 bpdu-timeout-action block

Step-by-Step Procedure

To configure loop protection:

  1. Configure interface ge-0/0/6 on Switch 3:

    [edit protocols rstp]
    user@switch# set interface ge-0/0/6 bpdu-timeout-action block

Results

Check the results of the configuration:

user@switch> show configuration protocols rstp
interface ge-0/0/6.0 {
bpdu-timeout-action {
block;
}
}

Verification

To confirm that the configuration is working properly, perform these tasks:

Displaying the Interface State Before Loop Protection Is Triggered

Purpose

Before loop protection is triggered on interface ge-0/0/6, confirm that the interface is blocking.

Action

Use the operational mode command:


Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/5.0     128:518      128:518  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/6.0     128:519        128:2  16384.00aabbcc0348     20000  BLK    ALT 
[output truncated]

Meaning

The output from the operational mode command show spanning-tree interface shows that ge-0/0/6.0 is the alternate port and in a blocking state.

Verifying That Loop Protection Is Working on an Interface

Purpose

Verify the loop protection configuration on interface ge-0/0/6. RSTP has been disabled on interface ge-0/0/4 on Switch 1. This will stop BPDUs from being sent to interface ge-0/0/6 and trigger loop protection on the interface.

Action

Use the operational mode command:


Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
ge-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
ge-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/5.0     128:518      128:518  32768.0019e2503f00     20000  FWD    DESG 
ge-0/0/6.0     128:519      128:519  32768.0019e2503f00     20000  BLK    DIS (Loop-Incon)
[output truncated]

Meaning

The operational mode command show spanning-tree interface shows that interface ge-0/0/6.0 has detected that BPDUs are no longer being forwarded to it and has moved into a loop-inconsistent state. The loop-inconsistent state prevents the interface from transitioning to a forwarding state. The interface recovers and transitions back to its original state as soon as it receives BPDUs.


Published: 2009-07-28

[an error occurred while processing this directive]