Our controllers also act as switches

If you create redundant links in a network, all switches need to either participate actively in RSTP/MSTP or to pass xSTP BPDUs unchanged (many dumb, unmanaged switches do).

Any switch filtering BPDUs without participating in xSTP can cause undetected bridge loops, bringing down your network.

Also, you indicate multiple VLANs without explaining how they are routed. When you don’t want the controllers in different VLANs to communicate with each other, the router is exactly the place to filter the traffic. You could use a layer-3 switch with ACLs or a firewall with an according ruleset.

Every component is within the same network 192.168.1.0/24

That isn’t possible. Multiple VLANs mandate different IP subnets in order to enable routing. If you simply bridge two VLANs together they become one.

If the xSTP problem is sorted out, you could forget about different VLANs, put everything in a single subnet, and filter traffic between controllers on the intermediate switches (requires ACLs).

i’m not sure what you mean by independent or bridged?

Independent ports are just that – they use different MAC addresses and you can assign different IP addresses. Your Our controllers also act as switches answers that question – they are bridged.

As far as I know the controller ports are running RSTP.

You need to make sure. Usually there’s at least some configuration for RSTP. At least, make sure the connected switch ports receive BPDUs from the controller ports.

RSTP interoperates nicely with MSTP (with MSTP’s CIST). Unless you configure multiple MSTP instances, it “just works”.

One general catch with RSTP and at least a potential one with MSTP is expecting full VLAN connectivity with redundant links that carry different VLANs.

RSTP is entirely VLAN agnostic. If you e.g. have two redundant links, one dedicated for VLAN 10, the other for VLAN 20, RSTP always blocks one of those link – interrupting one of your VLANs. The solution is to use full VLAN trunks, so connectivity is ensured with one link blocked. I think this is what’s currently happening.

MSTP works the same way by default. However, it allows you to create multiple MSTP instances (MSTIs) and group your VLANs into those instances. Each instance creates its own spanning tree, so using different bridge/port priorities with the instances, you can arrange your trees so that traffic flows are as desired. Very often, that kind of configuration is not at all trivial.

Of course, with any kind of STP, you need to choose your root bridge (and failover root bridge) carefully by setting their priority to e.g. 0 and 1. If you leave that unconfigured, chances are that one of the controller becomes root, rendering traffic flows less optimal.

I think your best approach is to forget about VLANs and use RSTP/MSTP CIST to manage your redundant links. Most likely, traffic flows will not be optimal, but depending on the application that might not even be noticeable.

Leave a Reply

Your email address will not be published. Required fields are marked *