Huawei华为交换机S5720S-52X-LI-AC STP异常

问题描述

版本信息：v200r011c10spc600+v200r011sph012

组网概述：三层传统网络，汇聚设备为S5720交换机，上行设备为思科交换机。

组网拓扑：不涉及

配置脚本：不涉及

故障现象：某医院一台汇聚S5720交换机重启后，两个对接下行接入S5720交换机的接口STP为异常阻塞状态。

处理过程

现网在10月31日19点左右复现故障现象，下行口GE0/0/48为异常discarding状态。

DaXingSheBeiLou-HuijU>dis stp bri

 VLAN-ID   Port                        Role  STP State     Protection

       1   Eth-Trunk1                  ROOT  FORWARDING    NONE

       1   GigabitEthernet0/0/45       DESI  FORWARDING    NONE

       1   GigabitEthernet0/0/46       DESI  FORWARDING    NONE

       1   GigabitEthernet0/0/48       DESI  DISCARDING    NONE

     160   Eth-Trunk1                  ROOT  FORWARDING    NONE

     160   GigabitEthernet0/0/2        DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/4        DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/8        DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/10       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/11       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/17       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/18       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/28       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/29       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/30       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/34       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/37       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/39       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/44       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/45       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/46       DESI  FORWARDING    NONE

     160   GigabitEthernet0/0/48       DESI  DISCARDING    NONE

现网通过抓包发现，汇聚S5720交换机从上行根桥设备收到的VBST报文的Message Age值在0和1之间频繁变化。

Nov  2 2021 02:44:47.3.1 DaXingSheBeiLou-HuijU VBST/7/PKT:Process 0 VLAN 160 interface Eth-Trunk1 receive Vbst Rstp Packet(Length: 68)

ProtocolVersionID               : 02

BPDUType                        : 02

Flags                           : 3c( DESIGNATED  Learning  Forwarding )

Root Identifier                 : 24576.0023-04ee-be08

Root Path Cost                  : 0

Bridge Identifier               : 24576.0023-04ee-be08

Port Identifier                 : 144.12

Message Age                     : 1

Max Age                         : 20

Hello Time                      : 2

Forward Delay                   : 15

Version 1 Length                : 0

Source agent ID                 : 0

Dest agent ID                   : 0

Sync request flag               : 0

Local sequence number           : 0

Remote sequence number          : 0.

<DaXingSheBeiLou-HuijU>

Nov  2 2021 02:44:48.353.1 DaXingSheBeiLou-HuijU VBST/7/PKT:Process 0 VLAN 160 interface Eth-Trunk1 receive Vbst Rstp Packet(Length: 68)

ProtocolVersionID               : 02

BPDUType                        : 02

Flags                           : 3c( DESIGNATED  Learning  Forwarding )

Root Identifier                 : 24576.0023-04ee-be08

Root Path Cost                  : 0

Bridge Identifier               : 24576.0023-04ee-be08

Port Identifier                 : 144.12

Message Age                     : 0

Max Age                         : 20

Hello Time                      : 2

Forward Delay                   : 15

Version 1 Length                : 0

Source agent ID                 : 0

Dest agent ID                   : 0

Sync request flag               : 0

Local sequence number           : 0

Remote sequence number          : 0.

Max Age通过配置BPDU报文的传输，可保证Max Age在整网中一致。运行STP协议的网络中非根桥设备收到配置BPDU报文后，报文中的Message Age和Max Age会进行比较。当非根桥设备收到的BPDU报文中Message Age值发生变化时，设备上的指定端口（非边缘端口）会重新收敛，发生震荡。

交换机手册中关于Message Age的介绍：

协议规定根桥设备发送的Message Age值为0：

正常情况下设备距离根桥设备路径是稳定的，该字段不会出现变化。该字段变化说明到到根桥设备路径可能发生变化，汇聚交换机STP会因此进行收敛，STP收敛时会将所有非边缘端口进行阻塞。

交换机STP端口会默认启用边缘端口自动探测功能，如果一直没收到过STP报文，自动将端口设置为边缘端口。

汇聚交换机重启时，如果接入交换机先收到汇聚交换机的STP报文，因为汇聚交换机STP优先级高，后续接入交换机不会再发送STP报文给汇聚交换机，这样汇聚交换机有概率会暂时认为接入交换机的端口为边缘端口，这样汇聚交换机STP收敛时候，不会阻塞接入交换机的端口。

实验室通过模拟思科设备发送Message Age变化的STP报文，可以概率性复现出来汇聚设备STP震荡的情况，当汇聚下行口初始协商成边缘端口时，STP端口不会震荡。

<DaXingSheBeiLou-HuijU>dis stp vlan 11 int g 0/0/45                                                                                 

-------[VLAN 11 Global Info][Mode VBST]-------                                                                                      

Bridge ID              :36875.60f1-8a3b-0dd0                                                                                        

Bridge Diameter        :7                                                                                                           

Config Times           :Hello 2s MaxAge 20s FwDly 15s                                                                               

Active Times           :Hello 2s MaxAge 20s FwDly 15s                                                                               

Root ID / RPC          :32779.c444-7d9c-1234 / 4                                                                                    

RootPortId             :128.4089 (XGigabitEthernet2/0/2)                                                                            

Root Type              :Normal                                                                                                      

BPDU-Protection        :Disabled                                                                                                    

STP Converge Mode      :Normal                                                                                                      

Time since last TC     :0 days 12h:29m:57s                                                                                          

Number of TC           :1                                                                                                           

 ----[Port4092(GigabitEthernet0/0/45)][FORWARDING]----                                                                              

 Port Role             :Designated Port                                                                                             

 Port Priority         :128                                                                                                         

 Port Cost(Dot1D)      :Config=Auto / Active=4                                                                                      

 Desg. Bridge/Port     :36875.60f1-8a3b-0dd0 / 128.4092                                                                             

 Port Edged            :Config=Default / Active=Enabled                                                                             

 Point-to-point        :Config=Auto / Active=True                                                                                   

 Port Revert Slow      :Disabled                                                                                                    

 Port Agreement Legacy :Disabled                                                                                                    

 Transit Limit         :6 packets/hello                                                                                             

 Protection Type       :None                                                                                                        

 Port STP Mode         :VBST                                                                                                        

 BPDU Encapsulation    :Config=VBST / Active=VBST                                                                                   

 BPDU Sent             :44853                                                                                                       

          TCN: 0, Config: 0, RST: 44853                                                                                             

 BPDU Received         :0                                                                                                           

          TCN: 0, Config: 0, RST: 0

根因

汇聚交换机上行设备持续发送Message Age变化的STP报文，导致汇聚交换机STP收敛，引起下行口端口阻塞，导致业务受损。

解决方案

1. 汇聚交换机S5720上行设备排查STP报文中的Message Age变化的原因。

2. 将汇聚交换机S5720的下行对接接入设备的接口STP去使能可以临时规避，但接口STP去使能后将不会转发STP报文，如果两台接入交换机下挂网络互连，此时出现的环路将无法实现STP破环。

3. 与PVST、PVST+、Rapid PVST+协议互通的场景推荐使用VBST。VBST在每个VLAN内构建一棵生成树，使不同VLAN内的流量可通过不同的生成树转发。VBST可以简单理解为在每个VLAN上运行一个STP或RSTP协议，不同VLAN之间的生成树完全独立。

建议与总结

与PVST、PVST+、Rapid PVST+协议互通的场景推荐使用VBST。VBST在每个VLAN内构建一棵生成树，使不同VLAN内的流量可通过不同的生成树转发。VBST可以简单理解为在每个VLAN上运行一个STP或RSTP协议，不同VLAN之间的生成树完全独立。