FB DISCUSSIONS: LOOP DETECTION IN STP


———————————————————————————————
A BIG ONE: How to First Detect & Then Troubleshoot Loop in STP ?
———————————————————————————————

Like· · · 826 
  •  
    Lovkesh Wadhwa if there is a loop, you will face high utilisation on switch as well as routers connected to it. Hosts connected also face slowness.

    if a loop is detected, you can remove it by shutting down the interface and then apply various methods like loopguard, udld guard etc.

  •  
    Anubhav Srivastava Lovkesh : Bro, but how do we know that high cpu or slowness is due to loop ? Are loop messages availabes in syslog or something ?
    •  
      Lovkesh Wadhwa If STP is running, there are little or no chance of loop occurance but sometimes due in fibre, tx or rx fails and then the chances of loop increases. In order to avoid it, we can use loop guard or udld guard.
    •  
      Lovkesh Wadhwa yes, you will also get loop msgs in syslog. Although i haven’t see it but studied somewhere
    •  
      Anubhav Srivastava i think enable loop/bpdu guards on all distribution/access layer switches
    •  
      Anubhav Srivastava Will syslog also the interface for the loop ?
    •  
      Cisco Sahil A very simple scenario: There is no UDLD Failure, whereas someone connected the uplink cable back to the same device, by mistake, what should be the approach ?
    •  
      Cisco Sahil Another Scenario: there is some issue in the BPDU communication on the blocked port, so blocked port might comes up & cause loop. Again approach to detect ?
      •  
        Arpan Sarkar was on a severity 1 issue, you will see these logs in the switch:
        Sep 16 02:00:12.776 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe00
        in vlan 169 is flapping between port Po1 and port Gi1/0/19
        Sep 16 02:00:13.153 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan
        169 is flapping between port Po1 and port Gi2/0/19
        Sep 16 02:00:27.967 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe00 in vlan
        169 is flapping between port Po1 and port Gi1/0/19
        Sep 16 02:00:28.169 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan
        169 is flapping between port Po1 and port Gi2/0/19
        you will see mac-address flapping within multiple interfaces. Well seems correct time I logged in
      •  
        Arpan Sarkar The switch will be somekind of unreachable type, will response too slow, if you check the sh proc cpu will have a very high utilisation count.
      •  
        Parmbir Singh Randhawa Arpan Sarkar the logs you posted seems to be MAC move issue.. is the port gi1/0/19 and gi 2/0/19 in po1
      •  
        Arpan Sarkar yes, they both are in po1. and juniper ISG firewall is connected to it. There was a certain loop in between the those irrespective of being in port-channel. Cisco said that there is a bug which make this happen, else rules of stp breaks in a port-channel. After upgrading the ios it worked.
        •  
          Amitabh Dey Again a nice question Sumit … Thanx
          •  
            Amitabh Dey The Fastest way to detect this High Link Utilization which may be one of the causes of this Loop is the command cat# show catalyst6000 traffic-meter

            traffic meter = 13% Never cleared
            peak = 14% reached at 12:08:57 CET Fri Oct 4 2002 which means if the peak traffic level is say 20 % and the current traffic level is 19% reflected by the traffic meter It tells that the switch is working on unusually high load which may suggest that there is a LOOP … ( but friends this command is not supported on Catalyst 4000 Switch , mostly used in Cat 6000 6500 series ) The 2nd step ) CHECK WHICH Interfaces are causing this LOOP by issuing the command cat# show interface | include line|\/sec The output will be smthng like this GigabitEthernet2/2 is up, line protocol is down
            5 minute input rate 0 bits/sec, 0 packets/sec
            5 minute output rate 0 bits/sec, 0 packets/sec
            GigabitEthernet2/3 is up, line protocol is up
            5 minute input rate 99765230 bits/sec, 24912 packets/sec
            5 minute output rate 0 bits/sec, 0 packets/sec
            GigabitEthernet2/4 is up, line protocol is up
            5 minute input rate 1000 bits/sec, 27 packets/sec
            5 minute output rate 101002134 bits/sec, 25043 packets/sec
            GigabitEthernet2/5 is administratively down, line protocol is down
            5 minute input rate 0 bits/sec, 0 packets/sec
            5 minute output rate 0 bits/sec, 0 packets/sec
            GigabitEthernet2/6 is administratively down, line protocol is down
            5 minute input rate 0 bits/sec, 0 packets/sec Some interfaces will have Rate = 0 bits/sec , 0 packets /sec but some interfaces will have huge numerical value as U can see in the output Gi2/3 , Gi 2/4 etc … These are the ports with highest link utilization and these are the ones which are causing the loop Now 3rd Step ) How to Break the Loop — Solution very easy — simply Shutdown or disconnect the involved ports …. By this we have broken Stopped the Loop — PROOF — U will immediately see the Traffic Utilization coming back to the normal level … U can use the same previous command …. BUT BUT BUT 

            • This does not troubleshoot the whole issue … Its true the loop has been broken and the switch has come back to its normal Operation But The main Cause of the LOOP has not been resolved Yet …. This is a very difficult process and very Long to explain ….. SO FRIENDS SOMETIME LATER I shall explain … I have to go now …. Sorry … Sometime later …………………………. Anyways thanx Sumit for the wonderful Question …. Have a nice day
            •  
              Sajad Wani @sumit , how to detect and truubleshoot it
            •  
              Abhishek Mehta Friends can this be also the reason . Correct me if i am wrng. We can also idntify the loop by capturing the traffic on saturated link and to determine wether duplicate pakckets are propagating or not. If all the user in a specific bridging domain connectivity issue at same time a loop cn be a reasn.
              Hsrp may complain of duplicate ip address if loop causes to see its own packets.

              Other common message is constant flapping of mac address between interfaces. because in stable netwrk mac do not flap. We cn check for port utilization. Or a simple solution is to disable port that is providing redundancy.

            •  
              Lovkesh Wadhwa Yes, these are also the reason of loop
            •  
              Sumit Sharma Arpan Sarkar .. bro .. rite .. In ether channel, one more scenario, if ports at one device are considering themselves as a single logical port in STP, but on the other device ports are not considering themselves as single logical port. What will happen in this scenario ?

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s