dynes-deployments - [dynes-deployments] PVST+ and DYNES
Subject: DYNES-Deployments
List archive
- From: "Byron L. Hicks" <>
- To: "" <>
- Subject: [dynes-deployments] PVST+ and DYNES
- Date: Fri, 17 May 2013 15:29:51 -0500
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
- Organization: Lonestar Education and Research Network
Earlier this week, I received a complaint from a network engineer at
Southern Methodist University about receiving the following error on his
border device:
May 16 10:05:05.456: %SPANTREE-SP-2-RECV_PVID_ERR: Received BPDU with
inconsistent peer vlan id 536 on TenGigabitEthernet5/4 VLAN3125.
May 16 10:05:05.456: %SPANTREE-SP-2-BLOCK_PVID_LOCAL: Blocking
TenGigabitEthernet5/4 on VLAN3125. Inconsistent local vlan.
May 16 10:07:18.927: %SPANTREE-SP-2-UNBLOCK_CONSIST_PORT: Unblocking
TenGigabitEthernet5/4 on VLAN3125. Port consistency restored.
After looking back through the emails I get from the LEARN IDC, it looks
like a DYNES signaled VLAN from Vanderbilt. After doing a little
digging, it seems to me that the following is happening:
Vanderbilt is firing up a vlan from Vanderbilt to SMU using DYNES. The
Vanderbilt edge device is probably a Cisco switch of some sort. The
default spanning tree protocol for most Cisco Catalyst switches is
PVST+. Vanderbilt is using vlan 536, and is signalling BPDUs using PVST
or PVST+. PVST+ (and I assume PVST) is a Cisco proprietary protocol.
LEARN can't accept a vlan on 536, so Internet2 translates the vlan to
3125. The Internet2 devices are all Juniper or Brocade, so they don't
play in the PVST world, and just happily send the frame along.
The LEARN DYNES infrastructure is also Juniper MX and EX class devices.
They also just forward the BPDU frame. The SMU edge device sees the
BPDU arriving on the wrong vlan, flags as an inconsistent peer, and puts
the interface into a blocking mode.
This causes a major disruption on the edge device. We will be working
with SMU to add some filtering on the LEARN device, but I wanted to make
people aware of the situation.
In a mixed architecture such as DYNES, ION, or the new AL2S, we should
stick to standards based protocols. Proprietary protocols such as PVST+
can be dangerous and disruptive.
--
Byron Hicks
Lonestar Education and Research Network
office: 972-883-4645
google: 972-746-2549
aim/skype: byronhicks
--
Byron Hicks
Lonestar Education and Research Network
office: 972-883-4645
google: 972-746-2549
aim/skype: byronhicks
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [dynes-deployments] PVST+ and DYNES, Byron L. Hicks, 05/17/2013
- Re: [dynes-deployments] PVST+ and DYNES, Jay Ford, 05/17/2013
- Re: [dynes-deployments] PVST+ and DYNES, Doug Nelson, 05/17/2013
- Re: [dynes-deployments] PVST+ and DYNES, Dale W. Carder, 05/17/2013
- Re: [dynes-deployments] PVST+ and DYNES, Byron L. Hicks, 05/17/2013
- Re: [dynes-deployments] PVST+ and DYNES, Garrison,Nic, 05/17/2013
- Re: [dynes-deployments] PVST+ and DYNES, Byron L. Hicks, 05/17/2013
- Re: [dynes-deployments] PVST+ and DYNES, Jay Ford, 05/17/2013
Archive powered by MHonArc 2.6.16.