TechLibrary

Navigation

Supported Platforms

Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees

QFX Series products provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Root protection increases the efficiency of STP, RSTP, and MSTP by allowing network administrators to enforce the root bridge placement in the network manually.

This example describes how to configure root protection on an interface for the QFX Series.

Requirements

This example uses the following hardware and software components:

Junos OS Release 11.1 or later for the QFX Series
Four switches in an RSTP topology

Before you configure the interface for root protection, be sure you have:

RSTP operating on the switches.

Note: By default, RSTP is enabled on the QFX Series.

Overview and Topology

Peer STP applications running on switch interfaces exchange a special type of frame called a bridge protocol data unit (BPDU). Switches communicate interface information using BPDUs to create a loop-free topology that ultimately determines the root bridge and which interfaces block or forward traffic in the spanning tree.

You can also see BPDUs generated when you run a bridge application on a device attached to the switch. This can interfere with root port election, which may sometimes lead to the wrong root port being elected through the above process. Root protection allows you to manually enforce the root bridge placement in the network.

To prevent this from happening, enable root protection on interfaces that should not receive more BPDUs from the root bridge and should not be elected as the root port. These interfaces are typically located on an administrative boundary and are designated ports.

When root protection is enabled on an interface:

The interface is blocked from becoming the root port.
Root protection is enabled for all STP instances on that interface.
The interface is blocked only for instances for which it receives more BPDUs. Otherwise, it participates in the spanning-tree topology.

Note: An interface can be configured for either root protection or loop protection, but not for both.

Four switches are displayed in Figure 1. In this example, they are configured for RSTP and create a loop-free topology. Interface xe-0/0/7 on Switch 1 is a designated port on an administrative boundary. It connects to Switch 4. Switch 3 is the root bridge. Interface xe-0/0/6 on Switch 1 is the root port.

This example shows how to configure root protection on interface xe-0/0/7 to prevent it from transitioning to become the root port.

Figure 1: Network Topology for Root Protection

Table 1 shows the components that will be configured for root protection.

Table 1: Topology for Configuring Root Protection on the QFX Series

Component	Settings
Switch 1	Switch 1 is connected to Switch 4 through interface xe-0/0/7.
Switch 2	Switch 2 is connected to Switch 1 and Switch 3. Interface xe-0/0/4 is the alternate port in the RSTP topology.
Switch 3	Switch 3 is the root bridge and is connected to Switch 1 and Switch 2.
Switch 4	Switch 4 is connected to Switch 1. After loop protection is configured on interface xe-0/0/7, Switch 4 sends more BPDUs that trigger loop protection on interface xe-0/0/7.

A spanning-tree topology contains ports that have specific roles:

The root port is responsible for forwarding data to the root bridge.
The alternate port is a standby port for the root port. When a root port goes down, the alternate port becomes the active root port.
The designated port forwards data to the downstream network segment or device.

This configuration example uses an RSTP topology. However, you can also configure root protection for STP or MSTP topologies at the [edit protocols (mstp | stp)] hierarchy level.

Configuration

CLI Quick Configuration

To quickly configure root protection on interface xe-0/0/7, copy the following command and paste it into the switch terminal window:

[edit]
                         set protocols rstp interface xe-0/0/7 no-root-port

Step-by-Step Procedure

To configure root protection:

Configure interface xe-0/0/7:
[edit protocols rstp]

user@switch# set interface xe-0/0/7 no-root-port

Results

Check the results of the configuration:

user@switch> show configuration protocols rstp

interface xe-0/0/7.0 {no-root-port;}

Verification

To confirm that the configuration is working properly, perform these tasks:

Displaying the Interface State Before Root Protection Is Triggered

Purpose

Before root protection is triggered on interface xe-0/0/7, confirm the interface state.

Action

Confirm the state of the interfaces before root protection is configured:

user@switch>                              show spanning-tree interface

Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
xe-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
xe-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
xe-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
xe-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
xe-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
xe-0/0/5.0     128:518        128:2  16384.00aabbcc0348     20000  BLK    ALT  
xe-0/0/6.0     128:519        128:1  16384.00aabbcc0348     20000  FWD    ROOT 
xe-0/0/7.0     128:520      128:520  32768.0019e2503f00     20000  FWD    DESG
[output truncated]

Meaning

The output from the operational mode command show spanning-tree interface shows that xe-0/0/7.0 is a designated port in a forwarding state.

Verifying That Root Protection Is Working on the Interface

Purpose

A configuration change takes place on Switch 4. A lower bridge priority on Switch 4 causes it to send more BPDUs to interface xe-0/0/7. Receipt of more BPDUs on interface xe-0/0/7 triggers root protection. Verify that root protection is operating on interface xe-0/0/7.

Action

Verify that root protection has been configured and is operating correctly:

user@switch>                              show spanning-tree interface

Spanning tree interface parameters for instance 0

Interface    Port ID    Designated      Designated         Port    State  Role
                         port ID        bridge ID          Cost
xe-0/0/0.0     128:513      128:513  32768.0019e2503f00     20000  BLK    DIS  
xe-0/0/1.0     128:514      128:514  32768.0019e2503f00     20000  BLK    DIS  
xe-0/0/2.0     128:515      128:515  32768.0019e2503f00     20000  BLK    DIS  
xe-0/0/3.0     128:516      128:516  32768.0019e2503f00     20000  FWD    DESG 
xe-0/0/4.0     128:517      128:517  32768.0019e2503f00     20000  FWD    DESG 
xe-0/0/5.0     128:518        128:2  16384.00aabbcc0348     20000  BLK    ALT  
xe-0/0/6.0     128:519        128:1  16384.00aabbcc0348     20000  FWD    ROOT 
xe-0/0/7.0     128:520      128:520  32768.0019e2503f00     20000  BLK    DIS (Root—Incon)
[output truncated]

Meaning

The operational mode command show spanning-tree interface shows that interface xe-0/0/7.0 has transitioned to a loop inconsistent state. The loop inconsistent state blocks the interface and prevents it from becoming a candidate for the root port. When the root bridge no longer receives more STP BPDUs from the interface, the interface recovers and transitions back to a forwarding state. Recovery is automatic.

TechLibrary

Supported Platforms

Related Documentation

Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees

Requirements

Overview and Topology

Configuration

CLI Quick Configuration

Step-by-Step Procedure

Results

Verification

Displaying the Interface State Before Root Protection Is Triggered

Purpose

Action

Meaning

Verifying That Root Protection Is Working on the Interface

Purpose

Action

Meaning

Related Documentation

Published: 2014-07-23

Supported Platforms

Related Documentation

Published: 2014-07-23