Multiple Spanning Tree (MST)

very nice.

can you please share an example from “real world networks” , why someone would use MSTP ?

Is is common to see in real life networks ?

Thanks in advance
Abhishek

Abhishek,
In large networks where there are high numbers of VLANs, it would be very common to see MST. The reason is efficiency. Let’s say you have 100 VLANs. With RSTP, each one of those VLANs is going to have its own root bridge, its own RSTP flooding domain, with separate BPDUs. The question becomes, “why do we need 100 possible different topologies?” In real life, even with a high number of switches, it is unlikely you would need more than 5-6 separate topologies (meaning, I want my root bridge for topology A over here, while the root bridge for topology B is somewhere else, etc).

The whole reason for MST is to cut down the 100 topologies in our example, down to just a few. This is done by mapping groups of VLANs together that require the same topology. The resource and complexity reduction by going from 100 topologies to, say, 5 is significant.

Many Thanks Andrew. it clears most of the doubts , except when you said :

  1. With RSTP, each one of those VLANs is going to have its own root bridge

Can I also say :- “With R-PVST, each one of those VLANs is going to have its own root bridge” becuase with VLAN we will actually use PVST .

  1. “This is done by mapping groups of VLANs together that require the same topology”

So what characteristics of a network would decide that which VLANs should part of same topology from SpanningTree Point of view.?

Best Regards
Abhishek

  1. You are correct. Cisco doesn’t implement a pure RSTP. It is technically R-PVST+, so I was using RSTP as shorthand for that.

  2. This is purely a traffic flow / business decision. For example, if you have two divisions, say, Sales and Marketing that each have their own VLANs, and you want to make sure that traffic between those VLANs flows over as few links as possible, it would be best to group those two together with a common root.

Hey Rene,

Regarding the IST or MST instance 0:

Let’s assume I have a vlan that is production ready and used by several users. It is not mapped to a separate instance, so it falls under IST 0. Is this a problem, or a best practice no no?

Would it affect the vlan or STP in any way, or is it just not the best design?

Thanks,

Patrick

Hey Patrick,
As you know, putting VLANs into Instance 0 is the default behavior of MST. Although there is not any serious issue in doing this, it is generally considered best practice to define explicitly separate instances for vlans. There are at least two reasons for this:

  1. Allowing numerous vlans to remain as part of the default instance potentially loses some of the benefits of MST - namely ensuring that blocked links in one instance will be utilized by another.

  2. Avoiding fate sharing. Let’s say you have traffic that is extremely time sensitive–it could be VOIP or financial transactions, etc, that are in a particular VLAN. Now let’s say this vlan remains part of the default Instance 0 where there are several over VLANs. Should something happen in one of these other vlans (let’s say you had an end-user port that was mistakenly not defined as edge, so it flaps) that may cause an STP recalculation, it might adversely affect your time-sensitive traffic. For this reason, critical data should be defined in its own instance so as to become as isolated as possible from events triggered by unrelated vlans/instances.

Ryne
If I put all the VLANs to MST0 (default MST) and not create any instance, would it count as reliable topology?

Shraddha,
Doing what you suggest is possible in that it would work (if that is what you mean by “reliable”), but Cisco doesn’t recommend doing this. Read my comment immediately above yours for more information.

19 posts were merged into an existing topic: Multiple Spanning Tree (MST)

I work on Brocade mostly and some Cisco. So on Brocade they actually do have a RSTP. I got confused because I was looking for it on my VIRL switches version 15 and could not find it.

I have to say reading the forum post on some of these topics is just as educational as the actual lesson. I have the CCNP INE series I use along with this and of course the howtonetwork CCNP Switching/Routing/Troubleshooting/101 labs books you recommended.

between those three resources GNS3, cisco VIRL, and working in Global environment as well I feel I am really learning. My favorite though is this website. it may not always go into quite the technical detail in the lessons as say INE but I will sometimes finish INE videos and none of it makes sense then I come here and read and things are laid out much better, and I can actually understand and get things more straight in my thinking process.

Then the icing on the cake is reading forum post like this and getting extra goodies that are real world viable.

Great post!

2 Likes

Andrew,

(P.S anyone reading this might want to read from bottom up I figured it out but don’t know for sure why it works the way it does)

I was going through Cisco CCNP Switch Simplified and a lab lesson did not work for me. Its the very second lab at the end of the book

Basically they setup MST on DLS1 and DLS2 and then have change configuration on IST 0 so that its the root and they use that as a tool to explain how you have to understand how the IST works because changing priority on the others would not be seen by the switches outside the of the internal MST.

they basically have vlan 100 on ALS1 with SVI for the 192.168.100.0 255.255.255.0 network and setup a default-gateway pointing to DLS1 which has SVI for both VLAN 100 and VLAN 200 and SVI for each, (note DLS2 is setup the same way and ALS2 is setup like ALS1 except for VLAN 200 and has SVI for 192.168.200.0 255.255.255.0 network)

anyway they have you setup ip routing on both the distribution switches.

then they want you to ping from VLAN 100 on ALS1 switch to ALS2 switch which is VLAN 200.

So ping from 192.168.100.254 to 192.168.200.254 I have my configuration setup perfectly like they asked but I cannot ping.

I am using CISCO VIRL.

now here is the funny thing. I set this up in Boson Simulator which runs different IOS(edited: Boson has older switches that had to have layer three turned on to work not automatic like CISCO VIRL) version it works. I can ping. I set this up in Cisco VIRL it does not work.

below is cisco VIRL configs:

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname DLS1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
vtp domain HARD
vtp mode transparent
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name DLS1-REGION
instance 1 vlan 100, 200
!
spanning-tree mst 0 priority 0
!
vlan internal allocation policy ascending
!
vlan 100,200
!
!
!
!
interface GigabitEthernet0/0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
interface Vlan200
ip address 192.168.200.1 255.255.255.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
banner exec ^C

.
.
.
.
.
.

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname DLS2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
vtp domain HARD
vtp mode transparent
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name DLS2-REGION
revision 5
instance 3 vlan 100, 200
!
!
vlan internal allocation policy ascending
!
vlan 100,200
!
!
interface GigabitEthernet0/0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
!
interface Vlan100
ip address 192.168.100.2 255.255.255.0
!
interface Vlan200
ip address 192.168.200.2 255.255.255.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
.
.

.
.
.
.

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname ALS1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
vtp domain HARD
vtp mode transparent
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 100
!
!
!
!
interface GigabitEthernet0/0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
!
interface Vlan100
ip address 192.168.100.254 255.255.255.0
!
ip default-gateway 192.168.100.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
.
.

.
.
.
.

version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname ALS2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
media-type rj45
negotiation auto
!
interface Vlan200
ip address 192.168.200.254 255.255.255.0
!
ip default-gateway 192.168.200.2
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C

I redid the labs over a couple times and each time CISCO VIRL will not allow me to ping and I figured maybe something to do with arp table or the different version???

Boson is programmed but boson is good about working on basic stuff and simple commands for each of ccnp topics which makes me think its something going on with cisco VIRL

boson:
I was going to add the Boson configs but I cannot figure out how to copy and paste them lol… does not seem to be an option for that.

I will say they are the exact same minus uses fast Ethernet ports instead of gigabit. also uses version 15.b if that means anything.

I will post some other misc stuff below from CISCO VIRL just in case:

DLS1#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset up up
Vlan100 192.168.100.1 YES manual up up
Vlan200 192.168.200.1 YES manual up up
DLS1#show vlan brief

VLAN Name Status Ports


1 default active Gi0/0
100 VLAN0100 active
200 VLAN0200 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
DLS1#show int trunk

Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/2 1-4094

Port Vlans allowed and active in management domain
Gi0/1 1,100,200
Gi0/2 1,100,200

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,100,200
Gi0/2 1,100,200
DLS1#

.

DLS2#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset up up
Vlan100 192.168.100.2 YES manual up up
Vlan200 192.168.200.2 YES manual up up
DLS2#show vlan brief

VLAN Name Status Ports


1 default active Gi0/0
100 VLAN0100 active
200 VLAN0200 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
DLS2#show int trunk

Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1 1-4094
Gi0/2 1-4094

Port Vlans allowed and active in management domain
Gi0/1 1,100,200
Gi0/2 1,100,200

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,100,200
Gi0/2 1,100,200
DLS2#

.

ALS1#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/1 unassigned YES unset up up
Vlan100 192.168.100.254 YES manual up up
ALS1#show vlan bri

VLAN Name Status Ports


1 default active Gi0/0
100 VLAN0100 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
ALS1#show int trunk

Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1 1-4094

Port Vlans allowed and active in management domain
Gi0/1 1,100

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,100
ALS1#

.

ALS2#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/1 unassigned YES unset up up
Vlan200 192.168.200.254 YES manual up up
ALS2#show vlan brief

VLAN Name Status Ports


1 default active Gi0/0
200 VLAN0200 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
ALS2#show int trunk

Port Mode Encapsulation Status Native vlan
Gi0/1 auto n-802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1 1-4094

Port Vlans allowed and active in management domain
Gi0/1 1,200

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1,200
ALS2#

.

ALS1#ping 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
.!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/5/7 ms
ALS1#ping 192.168.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:

Success rate is 0 percent (0/5)
ALS1#

.

DLS1#ping 192.168.100.254 source 192.168.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.200.1

Success rate is 0 percent (0/5)
DLS1#ping 192.168.100.254 so
DLS1#ping 192.168.100.254 source 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/10 ms
DLS1#

.

DLS2#ping 192.168.100.254 source 192.168.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.2
!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/7 ms
DLS2#ping 192.168.100.254 source 192.168.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.200.2

Success rate is 0 percent (0/5)
DLS2#

.

I think I will cry if SVI are not working correctly on CISCO VIRL as that is a primary ability of switching. if an SVI is setup and routing enabled it should be able to access data from both VLAN 100 and VLAN 200.

I know sometimes the problem is a return route meaning it can get somewhere but does not know its way back
but that should not be the case here in my thinking… for example:

  1. I ping DLS1 from ALS1
  2. ALS1 does not know this 192.168.200.1 address so what does it do?
  3. it sends the address to its default-gateway to figure out.
  4. Once the packet is pushed over to DLS1 the switch sees that IP belongs to itself.
  5. Also even on top of that it has the routes in its routing table!!!

Gateway of last resort is not set

  192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.100.0/24 is directly connected, Vlan100
L 192.168.100.1/32 is directly connected, Vlan100
192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.200.0/24 is directly connected, Vlan200
L 192.168.200.1/32 is directly connected, Vlan200
DLS1#

am I missing something here?

Also that Boson works re-affirmed that thinking but I just want to figure out if this is truly glitch with Cisco VIRL or if I am having a stupid moment or missing something that has to do with new switch model.

Cisco VIRL switches do about everything even this access is still layer three and had routing table see below:

ALS1#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

  192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.100.0/24 is directly connected, Vlan100
L 192.168.100.254/32 is directly connected, Vlan100
ALS1#

OMG that was it… I just figured it out by accident. I thought what the heck why not just for the hex of it turn off IP Routing on the access switch… I was thinking even though I didn’t know why that perhaps it having a routing table was making it not send off packet to DG or something crazy…

see below:

ALS1(config)#no ip routing
ALS1(config)#end
ALS1#ping 192.168.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/205/1007 ms
ALS1#

.

Can someone explain why? I can guess at it and say because they are acting like routers just like a router we need routes for everything either static or dynamic such as OSPF, or EIGRP. However, I am guessing and I don’t really know as I am just trying to find some rationale logic to make sense of this crap!!!

edited: I did find the following link and while its not super granular it seems to confirm the reason:

some cisco specific stuff:

and this one:

ah my world is all happy again till the next time!!! =)

I am big time CISCO VIRL user so l will make tip to turn off IP routing on the switches as that’s the default on the switches.

@wilder7bc

No problem, I moved your reply to another category :smile:

When IP routing is enabled, your router or switch will build a routing table and forwards IP packets by doing a lookup in the routing table. The ip default-gateway command is ignored when routing is enabled. You have two options:

* Disable IP routing with no ip routing

or

* Add a default route

hii
I have a question about MSTP
imagine we have lots of locations with access switches and each access switch has 1 connection to each core switch(in total 2 connections), we are using MSTP just instance 0.
we have 100 VLAN’s but not every VLAN is being used in any location.
the question is why for MSTP all VLANS must be defined in every location(even if some VLANs are not being used in that location) and why our trunk links to the core switches must be configured to allowed all VLANs.
thanks in advance

Hello Mehran

In order for MSTP to function correctly, all the VLANs that will participate in an MSTP instance must be configured on all the participating Switches and all trunks within the instance must include all of those VLANs. MSTP will only converge if this is the case.

What MSTP is doing essentially is replacing the “one BPDU per VLAN” that will be sent from the switches with “one BPDU per instance” where the instance “groups” the VLANs together. So, if an MSTP instance is dealing with VLANs 10 through to 19, then only one BPDU will be sent for that group of VLANs. In order for that to work, trunks must include all of those VLANs and switches must be configured with all of those VLANs, otherwise, the information found within these BPDUs that are received by each switch will not be “syncrhonised” with the information on the switches themselves.

This is the case when you have only ONE MSTP instance for ALL VLANs. If you have “lots of locations” as you say with 100 VLANs, its a good idea to split up the single MSTP instance into multiple instances.

I hope this has been helpful!

Laz

I have a question about CIST Regional Roots.

In this diagram, it shows a Regional Root in MSTI 1 as being a non-boundary switch. Is this possible?

An INE page states it should be a boundary device:

Only a boundary switch could be elected as the CIST Regional Root, and this is the switch with the lowest cost to reach the CIST Root.

Hello Chris

First of all, according to Cisco terminology, we have a CIST Regional Root and the CIST Root. There is no CST Root as indicated in the above topology. However, I have seen some typos in Cisco’s documentation where they state CST Root instead of CIST Root. Anyway, this is a detail.

Cisco states the following:

If the CIST root is in the region, the CIST regional root is the CIST root. Otherwise, the CIST
regional root is the closest switch to the CIST root in the region. The CIST regional root acts as a
root bridge for the IST.

The situation in the diagram you sent is the latter described above. The CIST root is not in the region, therefore the CIST Regional Root is the closest switch to the CIST root in the region. This by definition means that the CIST Regional Root must be a boundary switch.

The above excerpt has been taken from page 1-7 of the following Cisco documentation:

I hope this has been helpful!

Laz

1 Like

hello,

can you please tell What will happen when a MST switch connects with a switch running PVST+ ?

Hi Laz,
Do you have an example of mst inter region operation and comfogiration

Rafael

Hello Pinki

MST is backwards compatible with PVST+. When an MST switch is connected to PVST+, it is connected by what is known as the Common Spanning Tree (CST) which is just another name for the original STP standard. PVST+ switches in turn see the entire MST region as a single switch.

I hope this has been helpful!

Laz

Hello Rafael

This Cisco documentation is quite useful when it comes to configuration of MST including inter-region operation and configuration.

https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/b_consolidated_3850_3se_cg_chapter_01001010.html

Take a look at the section titled “Operations Between MST Regions”.

I hope this has been helpful!

Laz