Question

5 Nutanix Nodes with two Cisco Nexus 9K cores Networking Best Practice

  • 11 December 2020
  • 2 replies
  • 1280 views
S

I am connecting 5 Nutanix Nodes to two Cisco Nexus 9K cores.

The MGMT ports are connected to TOR FEX then 1-10 Gig Fibre to Core1 and 1-10 Gig Fibre to Core2 from each node. All 10 are VPC ports in trunk mode, switchport trunk native vlan # with spanning-tree port type edge trunk.

My question is, I found a Nutanix article #000002455 for Cisco Nexus Recommended Pratices and they state you should add to the configuration spanning-tree bpduguaard enable and spanning-tree bpdufilter enable.

Cisco says they dont recommend these spanning-tree settings.

Who is right?

2 replies

S

Thank you for your reply, my confusion was Cisco did not recommend using the spanning-tree settings and Nutanix did.

In the end I went with Nutanix’s recommendation and added both guard and filter on each port (per-host)

Alona
Rank
Userlevel 6
Badge +5

Hi ScooterHanson,

 

When choosing to follow vendor best practices and recommendations it is important to keep in mind the reasoning behind them, I think.

What a BPDU guard is for basically is isolating the environment from the port that has received a BPDU frame while it should not have.

BPDU filter ignores the BPDU frames received on the port.

Cisco:

BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.

Caution Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the switch and network operation.

Nutanix KB-2455:

consider enabling BDPU Filter and Guard either globally, or on a per-interface basis.
This ensure the mitigation of spanning tree issues on a per-host basis.
A potential issue would be an administrator or a user bringing up a virtual router or similar workload inside a VM, and injecting BDPUs into the network from a host interface.

Enabling BPDU guard on the ports facing Nutanix cluster seems like a reasonable thing to do to me.

What’s your take on it? Which part of it confuses you?

Reply


Terms & Conditions