Cisco VLAN/VTP Issues?

C

civic00typer

Gawd
Joined
Dec 5, 2003
Messages
517
A little background on my infrastructure: I have 3 VMware ESX Servers, each with a 2 channel port group setup as a trunk on a 2-member 3570G stack. There is a VTP server upstream on a core switch, however we allow only a certain number of VLANs through the upstream trunk to the core switches, 300-305. VMware is setup with 6 different networks with VLAN tags. The management interface on each server is setup on a private IP address range... all hosts are connected to one of the two switches in the stack.

Now the problem: When I drop the port channel connect to the upstream core switches, it appears to affect communication within my VMware cluster. The hosts are unable to communication with each other, even though they are on the same subnet. I tried dropping the management VLAN from the trunk to the core, and still had the same results. The HA component was failing, as it could not communicate with other hosts on the same subnet (which are plugged into the same switch stack).


Question: How could the change of an upstream trunk to the core switch affect my port channels? I would expect communication between the hosts to remain online... as they are on the same subnet and do not need to leave the switch stack to communicate between hosts. Suggestions?
 
How much time have you waited? It could be some STP weirdness. Shouldn't be an issue if they're all on the same switch/stack, but it's the only thing I can think of.

Edit: NJ beat me.:/
 
spanning-tree calculations will run before transitioning to forwarding... but can't see how that affects local switch traffic between two ESX hosts. The truck PG that is connected to ESX does not go down when I shutdown the uplink or remove the VLAN in question from the uplink truck. However, I can't contact hosts on the same subnet... here is my configuration for the interfaces in question:

interface Port-channel1
description VSS Port-Channel (UPLINK)
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 300-305
switchport mode trunk
switchport nonegotiate
ip dhcp snooping trust

interface Port-channel11
description CHIP_ESXi_TITANIA_PG
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 300-305
switchport mode trunk
switchport nonegotiate



If I change the truck allowed vlan to 301-305 on PO1 and my VMware service console is on VLAN 300, my traffic will not make it out of the switch. I would expect that ports configured on VLAN 300 within the same switch would be able to communicate without issue. However, that is not the case. Even if I just pull and re-insert the cables on the uplink interfaces, the connections will continue between two hosts on the same subnet (same switch) but will drop for 30 seconds or so while spanning tree calcs are running (??) on the uplink interfaces. Any ideas?
 
Add "spanning-tree portfast trunk" to your trunk configs to the vSphere hosts.
 
Yep. Sounds like you're causing a topology change and not allowing enough time for convergence.
 
Please explain, when you bring up a trunk port with STP enabled, it will cause all other truck ports to enter into a STP calc?
 
Yep. Whenever STP detects a change it's going to block those trunk ports for a bit. That's why you add the portfast trunk to any connections going to a vSphere host.
 
civic00typer said:
Please explain, when you bring up a trunk port with STP enabled, it will cause all other truck ports to enter into a STP calc?
Click to expand...

Because the switch is waiting to see if you just made a loop. It's detecting a topology change.
 
Can this topology change be triggered by adding/removing a VLAN from a trunk connected to an upstream switch? I was under the impression that the link that was shut will have to go through STP calculations, but not all other truck ports. Does this affect access ports without portfast setup?
 
You must log in or register to reply here.
Back
Top