Does Cumulus Linux support the MSTP?


Does Cumulus Linux support the MSTP?
If it does, how to configure, manage, and monitor it?

15 replies

Userlevel 5
Currently we do not have this as a configurable option. Depending on the bridge driver we do support STP, RSTP, PVST and PVRST. The VLAN-aware bridge mode only currently supports RSTP. While the Broadcom chip supports MSTP, in our setup it will fry the processor. However, interoperability with MSTP networks can be accomplished using PVRSTP or PVSTP.

Hi Scott,

What is the vlan-aware bridge mode? Does the bridge module in the linux belong to this mode?
As we know, Cumulus Linux makes use of the mstpd (http://sourceforge.net/projects/mstpd/) to provide the spanning tree function, so can I manually configure it for Linux Bridge?

Thanks,
LiHongguang
Userlevel 5
LiHongguang,

Here is the documentation about the PVSTP/PVRSTP. It details the communication as discussed here.

http://docs.cumulusnetworks.com/display/CL25/Spanning+Tree+and+Rapid+Spanning+Tree

Let me know if you have any more questions.

Userlevel 4
Hey Li Hongguang,

Linux bridges have two modes traditional, e.g. the default and vlan-aware. The traditional has no concept of VLANs and acts like router-on-a-stick using sub-interfaces. The vlan-aware bridge mode allows thousands of VLANs in a single bridge which is more like incumbent vendors. Here is a comparison KB:
https://support.cumulusnetworks.com/hc/en-us/articles/204909397-Comparing-Traditional-Bridge-Mode-to...
Thanks!
Gents,
I'm finding articles that appear to contradict one another when it comes to the support of mstp. Even when reloading the networking service I see a reference to mstp:

cumulus@cumulus-sw1$ sudo service networking reloadReloading network interfaces configuration...Invalid argument pvrst: expecting one of stp, rstp, mstp

Can you comment again on the support for MSTP? A couple of other areas where I'd appreciate your input:

1. I'd like to use Vlan-aware because of the simplicity and the ability to scale past 200 vlans. However, I would like at some point in the near future to take advantage of VxLAN. Is there a roadmap for Vlan-aware and VxLAN?

2. Cumulus PVRST requires the native Vlan to be 1. We already have an established native Vlan which is not 1. Re configuring the native vlan in an entire environment is not feasible at this time. Will PVSRT ever support the ability to manipulate the native vlan?

Thanks for your time,
Mike.

Userlevel 4

1. I'd like to use Vlan-aware because of the simplicity and the ability to scale past 200 vlans. However, I would like at some point in the near future to take advantage of VxLAN. Is there a roadmap for Vlan-aware and VxLAN?

It is on the roadmap, contact sales@cumulusnetworks.com for more information (we will get you in touch with your local CSE/Account Exec)

2. Cumulus PVRST requires the native Vlan to be 1. We already have an established native Vlan which is not 1. Re configuring the native vlan in an entire environment is not feasible at this time. Will PVSRT ever support the ability to manipulate the native vlan?

PVRST is done with the bridge in traditional mode (e.g. not vlan-aware mode) It has no concept of VLANs, just tags and no tags (this is how linux networking works... bridge with subinterface tags). Can you provide a config example of what you are talking about? The native vlan has to be the untagged VLAN, which is any layer 2 domain that is not tagged.
I've provided our current interfaces config file at the bottom of this post. Just to give you a little background, our current setup is the following:

Cumulus MLAG pair --> Cisco4500x access switch

The SVIs would live on the Cumulus pair and an L2 port-channel is created to the downlink 4500x. The port-channel itslef is working fine and in fact if I leave the 4500x in its default rapid-pvst state the trunk comes up and passes before eventually going err-disabled.

I believe the inconsistency is the native vlan so that's the path I'm taking at this point. I haven't gone so far as to take a packet capture yet but the Cumulus documentation states specifically that the native vlan must be 1.

When connected to a switch that has a native VLAN configuration, the native VLAN must be configured to be VLAN 1 only.

In the Cisco world you can easily manipulate the native vlan to be any number. This can present a problem for non Cisco switches since they generally assume that vlan1 is the native vlan and thus where untagged bpdu frames should end up.

In regards to MSTP, can you confirm that it is still unsupported? Below is our current interfaces config:

cumulus@cumulus-sw1$ cat /etc/network/interfaces# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5), ifup(8)
#
# Please see /usr/share/doc/python-ifupdown2/examples/ for examples
#
#

# The loopback network interface
auto lo
iface lo inet loopback
address 169.254.1.1/32

# The primary network interface
auto eth0
iface eth0 inet dhcp

auto swp1
iface swp1
mstpctl-portadminedge yes
mstpctl-bpduguard yes

auto swp32
iface swp32
address 2.1.1.1/30
mtu 9214

auto swp47
iface swp47
address 10.45.87.162/30
mtu 9214

auto swp48
iface swp48
address 10.45.87.166/30
mtu 9214

auto peerlink
iface peerlink
bond-slaves swp45 swp46
bond-mode 802.3ad
bond-miimon 100
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-xmit-hash-policy layer3+4

auto peerlink.4094
iface peerlink.4094
address 1.1.1.1
netmask 255.255.255.252
clagd-priority 4096
clagd-peer-ip 1.1.1.2
clagd-backup-ip 2.1.1.2
clagd-sys-mac 48:0f:cf:ff:00:01

# Cisco 4500x (mcallagy)
auto downlink1
iface downlink1
bond-slaves swp17 swp18
bond-mode 802.3ad
bond-miimon 100
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-xmit-hash-policy layer3+4
clag-id 1

auto br1
iface br1
bridge-ports glob swp1-2
bridge-stp on
mstpctl-maxage 20
mstpctl-maxhops 20
mstpctl-txholdcount 6
mstpctl-treeprio 32768

# SVI for LAG to 4500x
auto vlan100
iface vlan100
bridge-ports downlink1.100
address 3.1.1.1/24
bridge-stp on
mstpctl-treeprio 8192

# Native Vlan
auto vlan1
iface vlan1
bridge-ports downlink1.1
bridge-stp on
mstpctl-treeprio 8192

Userlevel 5
Currently MSTP is still unsupported. It is on the roadmap. In the mean time there is the availability of PVST on Linux Bridges.


https://docs.cumulusnetworks.com/display/DOCS/Spanning+Tree+and+Rapid+Spanning+Tree#SpanningTreeandRapidSpanningTree-PVST/PVRST
Hi there,

Reading the above seems to also suggest that PVRST isn't available using vlan-aware bridges. Is this true or have I mis-understood?

Userlevel 5
Correct it is done with traditional Linux bridges.
This may be a little off topic but I'm noticing that my MLAG pair is sending different mac addresses down to my L2 Cisco switch. The Cisco switch is complaining about a channel misconfig and this is what is taking the port-channel down after a short period of time.

When I look at the MLAG switches they are each sourcing bpdus from the mac address of their actual hardware port instead of their CLAG mac. This is most assuredly causing issues for the Cisco switch because he is seeing bdpus coming from two different mac on a port-channel that is supposed to lead back to one logical switch.

Thoughts?
Userlevel 4
Make sure you are setting the "clagd-sys-mac" parameter in the CLAG/MLAG configuration. This dictates the MAC address used by LACP for bond formation. See some of the examples in our documention here --> https://docs.cumulusnetworks.com/disp...
Any update regarding the MSTP support?
Userlevel 3
Hi Roy,
Assuming you are referring to IEEE 802.1s (Multiple Spanning Tree), we only support the CIST currently, which is essentially just the same as 802.1w (Rapid Spanning Tree). This is an upstream package, and it looks like the multiple instances code is being worked on now. It looks like it is still being tested, and we are looking at rebasing the MSTPD in Cumulus Linux, but it will not be until 4.0, and I am not sure we will support multiple-instances initially.

Reply