Saturday, October 31, 2020

Looking for advice on spanning tree configuration when connecting with someone else's network

Hi all,

We rent a rack in the datacenter and have a fairly simple setup with a pair of ToR switches connecting to the servers. We currently use RPVST+ as spanning-tree mode. Currently however, no settings are made with regards to the spanning tree priority. Everything runs on default. We get the occasional topology change message, but it hasn't given us any noticable issues.

We are having some growth however and are now looking at renting a second rack. I've been reading up a lot on best practices since we have a "new chance" with the new rack and I would like to do it right. This post has been very informative on that: https://www.reddit.com/r/networking/comments/7rguqi/about_stp/

Since we are so small we do not have separate core/spine switches. It's just two racks with ToR switches and two cables in between the racks that we can configure with LACP for redundancy so we can do communication between the two racks. I realize this is not ideal but budget unfortunately at this point does not allow for setting up a network in a spine/leaf model. This is something I'm also still reading up on and I think if we grow further to a third/fourth/etc... rack we would need to build something like that since otherwise we cannot really scale well, but at the moment it is not possible.

Above some context on what we are running now... Now my actual question is: I am unable to find what the best practices are when connecting to another network. I have two concrete examples:

  1. The uplink ports to the internet will be redundantly connected through LACP and the uplink is on a tagged vlan. However of course "behind" this port on the ISP side are a whole bunch of routers/switches/etc... to connect to the internet and I would assume they all have their own spanning-tree priorities and configurations that I am unaware of. How do I ensure that does not conflict with my own configuration, i.e. the ISP networking becoming the spanning-tree topology root? Should it be an "edge" port? Should it have bpduguard? Or other setting?

  2. Somewhat similar to the above; we also have some connections to other racks in the datacenter. Sometimes this will be a LACP connection, sometimes just a single cable to a switch with a tagged VLAN. These other racks are outside of my control and are being ran by a completely different organization. Of course their switches also have their own spanning tree configuration I know nothing about. We just use those connections to access a few IP-addresses over a direct line instead of having to do that through the WAN link. I tend to think they should be configured as "edge" port with bpduguard but the cisco docs suggest otherwise:

Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION

Could anyone suggest what is the best practice for these type of connections?

Thank you!



No comments:

Post a Comment