Allow BPDU to pass through

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
LRL
Experienced Member
 
Posts: 238
Joined: Sun Nov 23, 2014 4:00 am
Location: Rock Springs, WY
Has thanked: 18 times
Been thanked: 49 times

Allow BPDU to pass through

Sat Oct 08, 2016 4:35 pm

I have a wireless link that we setup for a enterprise client that is using the link as a backup to fiber. The problem is they are passing multiple VLANs over the link and using Cisco PV-RSTP and they wish to configure the root bridge at different sides for different vlans. If I enable RSTP on our netonix it overrides any of the individual vlan STPs.

The setup is as follows: Client building#1----UBNT AC station1-----------UBNT AC AP1---Our Tower------UBNT AC AP2------------UBNT AC Station2-----Client Building#2

The cleint locations do not have direct LOS to each other and hence we're the midway point relay. The APs are way up and we have a WS-6 up on the tower that we use for another one of our APs and we planned to use it to power the two APs for the client and maintain management using a tagged vlan.

I would like to have it setup as follows:

Port5 AP1
Port6 AP2

WS-6 has vlan 4040 defined and both port 5 and 6 are untagged on vlan 4040 and all other vlans or excluded from port 5 and 6. We tag vlan 4040 on port1 (the interface to our router) and then apply a vlan inside vlan 4040 on the router to gain management access. All of this works fine, the issue is the client BPDU's getting ate by the ws-6.

At this point I believe if I can turn port 5 and 6 into a transparent bridge and get the BPDU's passing it will solve the issue. Is there a way to do this?

Thanks,
-LRL

"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Allow BPDU to pass through

Mon Oct 10, 2016 8:44 am

I would try with Q-in-Q for this case to isolate your network (service network) form their network (customer network) so use the Q instead of the U or T at the VLAN configuration. You can use any VLAN of your choice so can leave default VLAN 1 and just use Q at port pointing at building 1 and building 2.

User avatar
LRL
Experienced Member
 
Posts: 238
Joined: Sun Nov 23, 2014 4:00 am
Location: Rock Springs, WY
Has thanked: 18 times
Been thanked: 49 times

Re: Allow BPDU to pass through

Tue Oct 11, 2016 2:37 am

QinQ solves all the issues with PVRSTP on all the tagged vlans, but the native vlan (untagged) still can't pass BPDU packets which causes a loop on vlan1. Generally speaking I believe if STP is turned off for a port BPDU's should just pass through. If that switch isn't doing anything with them then it would be better to pass them on and let a downstream device that may actively participate in the networks spanning-tree use them. Otherwise by the switch stripping them it makes it easier for a loop to occur. In the worse case the originator would gets it's own packet back and prevent the loop it's self.
-LRL

"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson

User avatar
Eric Stern
Employee
Employee
 
Posts: 532
Joined: Wed Apr 09, 2014 9:41 pm
Location: Toronto, Ontario
Has thanked: 0 time
Been thanked: 130 times

Re: Allow BPDU to pass through

Tue Oct 11, 2016 9:56 am

I will look into adding this feature in a future version.

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Allow BPDU to pass through

Tue Oct 11, 2016 3:28 pm

When STP is disable, BPDU should be drop (filter), not pass through. You don't want the customer network to interact with yours, only pass through everything including BPDU.

The service VLAN should encapsulate the customer BPDU just like customer VLANs. BPDU should pass through the service network just like it was a long cable between the 2 customer's sites. Have you try without disabling STP ? Maybe the switch drop BPDU before it's encapsulated if STP is disabled on port.

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Allow BPDU to pass through

Tue Oct 11, 2016 4:22 pm

Just find this out. Maybe vitesse switch include something similar as "protocol tunneling".

If protocol tunneling is not enabled on 802.1Q tunneling ports, remote switches at the receiving end of the service-provider network do not receive the BPDUs and cannot properly run STP, CDP, 802.1X, and VTP.

Source: http://www.cisco.com/c/en/us/td/docs/sw ... tunnel.pdf
Page 9-5

User avatar
LRL
Experienced Member
 
Posts: 238
Joined: Sun Nov 23, 2014 4:00 am
Location: Rock Springs, WY
Has thanked: 18 times
Been thanked: 49 times

Re: Allow BPDU to pass through

Wed Oct 12, 2016 1:55 am

mike99 wrote:When STP is disable, BPDU should be drop (filter), not pass through. You don't want the customer network to interact with yours, only pass through everything including BPDU.

The service VLAN should encapsulate the customer BPDU just like customer VLANs. BPDU should pass through the service network just like it was a long cable between the 2 customer's sites. Have you try without disabling STP ? Maybe the switch drop BPDU before it's encapsulated if STP is disabled on port.


I agree that BPDUs should be confined to the VLAN in which they originated especially in a tagged case like this. The problem when enabling rstp on the switch is there is only one spanning-tree instance supported on the netonix and that causes bleed over to our network.

I'm not sure what model switches the customer is using but I believe our gear is connected to cat4500s running IOS. Unfortunately my contract was to provide this link within these confines and i can't go making changes on their network to support the link.

I did reach a solution, it's messy but works. WS6 to a RB PowerBox and both links into the RB and then I created a software bridge. I still pulled 92Mbps through the link :hurray:

Thanks for the help, I'd never played with QinQ on any of WS till now.
-LRL

"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson

User avatar
LRL
Experienced Member
 
Posts: 238
Joined: Sun Nov 23, 2014 4:00 am
Location: Rock Springs, WY
Has thanked: 18 times
Been thanked: 49 times

Re: Allow BPDU to pass through

Wed Oct 12, 2016 2:03 am

Eric Stern wrote:I will look into adding this feature in a future version.


Thanks for looking at it Eric, I'd be very happy with just a CLI option ;)

I only run into the need when mixing with data center links and topology. Our main AF24HD link between our two data centers had to be dropped right into the nexus 6ks on both sides to overcome the same weirdness. It scares the crap out of me every time we have a lightning storm now!
-LRL

"My reading of history convinces me that most bad government results from too much government." - Thomas Jefferson

Return to Hardware and software issues

Who is online

Users browsing this forum: No registered users and 65 guests