Disable STP on LTM4200V ver 11.2.1
We are implementing a pair of new F5 LTMs in our environment. In our test lab we are cross connecting a 802.1q trunked interface from each cluster member to two separate Cisco switches. In the event of a single link failure on the the LTM we wish to have the redundant connection immediately available. However, it appears that Spanning Tree is running on the LTM, thus preventing us from a fast failover scenario. In this environment we have no need for the LTM to participate in spanning-tree, and want to disable it.
See attached diagram.
Even though our Cisco switch config enables port-fast for a trunk on this interface, something on the LTM is over-riding this setting and placing redundant ports into Blocking mode. Take a look at these configs:
Switch1 link to LTM-A
interface GigabitEthernet0/6
description dg-p-ltm-4200a 1.1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160
switchport mode trunk
speed 1000
duplex full
spanning-tree portfast trunk
end
Switch1 link to LTM-B
interface GigabitEthernet0/7
description dg-p-ltm-4200b 1.1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160
switchport mode trunk
speed 1000
duplex full
spanning-tree portfast trunk
end
Switch2 link to LTM-A
interface FastEthernet0/36
description dg-p-ltm-4200a 1.2
switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160
switchport mode trunk
duplex full
spanning-tree portfast trunk
end
Switch2 link to LTM-B
interface FastEthernet0/37
description dg-p-ltm-4200b 1.2
switchport trunk allowed vlan 2,6,7,10,12,64,126,127,160
switchport mode trunk
duplex full
spanning-tree portfast trunk
end
Here is the spanning tree output for VLAN6:
Switch1
mm-lab-F5Web-switch1show spanning-tree vlan 6
VLAN0006
Spanning tree enabled protocol ieee
Root ID Priority 49158
Address 000d.bc11.6b00
Cost 3004
Port 6 (GigabitEthernet0/6)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49158 (priority 49152 sys-id-ext 6)
Address 0015.6290.5900
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/6 Root FWD 3004 128.6 P2p
Gi0/7 Altn BLK 3004 128.7 P2p
Gi0/18 Desg FWD 3004 128.18 P2p Edge
Gi0/19 Desg FWD 3004 128.19 P2p Edge
Gi0/32 Desg FWD 3004 128.32 P2p Edge
Gi0/48 Altn BLK 3004 16.48 P2p
Switch2
mm-lab-F5Web-switch2show spanning-tree vlan 6
VLAN0006
Spanning tree enabled protocol ieee
Root ID Priority 49158
Address 000d.bc11.6b00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49158 (priority 49152 sys-id-ext 6)
Address 000d.bc11.6b00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/18 Desg FWD 3019 128.18 Edge P2p
Fa0/19 Desg FWD 3019 128.19 Edge P2p
Fa0/36 Desg FWD 3019 128.36 P2p
Fa0/37 Desg FWD 3019 128.37 P2p
Gi0/1 Desg FWD 3004 128.49 P2p
Based on the switch config (spanning-tree portfast trunk), Switch1 port G0/7 should not ever be placed in BLOCKING mode. I have tried several IOS revisions and have had the config verified by Cisco.
Note that ports 18 and 19 on both switches are 802.1q trunks connected to Checkpoint firewalls with the SAME spanning-tree portfast trunk configs. As you can see, they are properly marked as Edge P2P ports while the LTM ports are NOT.
Debugs on the switches also clearly show BPDUs coming in from the LTM interfaces, which is not what I expect to see:
The LTMs are definitely sending BPDUs (THE FIREWALLS NOT)
02:09:18: STP: VLAN0006 rx BPDU: config protocol = ieee, packet from GigabitEthernet0/6 , linktype SSTP , enctype 3, encsize 22
02:09:18: STP: enc 01 00 0C CC CC CD 00 0D BC 11 6B 24 00 32 AA AA 03 00 00 0C 01 0B
02:09:18: STP: Data 0000000000C006000DBC116B0000000000C006000DBC116B0080240000140002000F00
02:09:18: STP: VLAN0006 Gi0/6:0000 00 00 00 C006000DBC116B00 00000000 C006000DBC116B00 8024 0000 1400 0200 0F00
02:09:18: STP(6) port Gi0/6 supersedes 0
02:09:18: STP: VLAN0006 rx BPDU: config protocol = ieee, packet from GigabitEthernet0/7 , linktype SSTP , enctype 3, encsize 22
02:09:18: STP: enc 01 00 0C CC CC CD 00 0D BC 11 6B 25 00 32 AA AA 03 00 00 0C 01 0B
02:09:18: STP: Data 0000000000C006000DBC116B0000000000C006000DBC116B0080250000140002000F00
02:09:18: STP: VLAN0006 Gi0/7:0000 00 00 00 C006000DBC116B00 00000000 C006000DBC116B00 8025 0000 1400 0200 0F00
02:09:18: STP(6) port Gi0/7 supersedes 0
The only other BPDUs come from the Lab switch 2, which is correct.
02:09:18: STP: VLAN0006 rx BPDU: config protocol = ieee, packet from GigabitEthernet0/48 , linktype SSTP , enctype 3, encsize 22
02:09:18: STP: enc 01 00 0C CC CC CD 00 0D BC 11 6B 31 00 32 AA AA 03 00 00 0C 01 0B
02:09:18: STP: Data 0000000000C006000DBC116B0000000000C006000DBC116B0080310000140002000F00
02:09:18: STP: VLAN0006 Gi0/48:0000 00 00 00 C006000DBC116B00 00000000 C006000DBC116B00 8031 0000 1400 0200 0F00
02:09:18: STP(6) port Gi0/48 supersedes 0