STP Instances

[scrimmy]

I get the following message when attempting to add a vlan to a Cisco 3560 switch
"2836: .gmt/bst: Platform limit of 128 STP instances exceeded. No instance created for VLAN213 (port Po1). "

Then in the running config the following is added:

no spanning-tree vlan 213

Do you get an STP instance for each active vlan per trunked port?
So if you have 20 vlans and 5 trunked ports, you have 100 STP instances?
Is there a command that will show the current number of STP instances on the switch?

thanks in advance



Model SW Version SW Image
----- ---------- ----------
WS-C3560G-48TS 12.2(46)SE C3560-IPBASEK9-M

 

[vipergg]

It is per vlan spanning tree but if there are only 20 vlans on the switch it should not give you that message. That being said if you are running client/server where you have more than 128 vlans defined on the server and you have not " manually restricted" what vlans are allowed across the trunk then the client will allocate a spanning tree instance for every vlan even if the vlan is not used on that switch .

 

[scrimmy]

I have checked number of vlans on the switch

show vlan summary
Number of existing VLANs : 127
Number of existing VTP VLANs : 127
Number of existing extended VLANs : 0

Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 1
Po2 on 802.1q trunking 1

Port Vlans allowed on trunk
Po1 1-4094
Po2 1-4094

So with 127 VLAN's and two ports trunking - does this mean I have 254 STP instances running?

 

[Belushi]

No, you just have 127 instances of STP enabled on the switch. This is a known issue with 3560/3750 series Cisco switches. It is a hardware limitation which just goes to show that these series switches were built for the access layer of the network for the most part.

The fix for this is to enable a different spanning tree protocol such as MST (802.1s) which will map many spanning trees to instances. You could have all 127 spanning tree mapped to 1 single isntance. It may be beneficial if all of the spanning trees would re-converge the same way upon link failure regardless. You could also use MST to invoke many spanning tree efficiencies plus it uses Rapid-Per Vlan spanning tree as it's underlying protocol. The problem though is that MST is a little bit confusing at first and should be run on all siwtches in the spanning tree domain.

 

[scrimmy]

Thanks for the info

I guess I've got a bit of reading to do on implementing MST.

Our core is a pair of Cisco 6509's - is there a similar limitation on STP instances on these and is there a command to show how many STP instances are active?

 

[vipergg]

I doubt you need all 127 vlans on the 3560 . On your connecting links manually prune any vlans that are not needed on either side of that link . On the etherchannel links on both sides add "switchport trunk allowed vlan X " where X is the vlans you "need" running across that link which I doubt is all 127 vlans . Are you running vtp client/server mode ? show vtp status " . If you manually prune like this it should then allow you to create your new vlan . We have used this in the past in a client/server area that had like 80 vlans created and we wanted to put a 2950 on which is limited to 64 STP instances and this worked fine .

 

[Belushi]

I can think of one very good reason why you may need that amount of vlans....VMWare. VMWare servers usually need trunk connections and often times those connections could require lots of vlans depending on the number of VMWare guests configured on them.

 

[baddos]

127 vlans for a couple of vmware machines sounds excessive to me.

 

[Belushi]

Excessive, possibly you haven't seen some of the larger environments? Lets say we aggregate links so each VMWare machine gets 2 links aggregated into 1. That could give you 24 virtual links to 24 machines. Each machine could in essence handle many VMWare isntances. It is totally possible to go over 127 vlans. I do aggree it is not extremely likely, but very possible.

Generally you shouldn't be using a 3560 as an access layer switch for devices such as VMWare, I was just throwing it out there as a possibility because some people do it.

 

[baddos]

If you had so many virtual systems needing so many different broadcast domains on a 24 or 48 port switch, then my hat is off to you for making it all work.

What is more likely is what vipergg said, in that that switch is receiving so many vlans from the core switch/switches when it really doesn't need them since it only has a fraction of it on it's own ports.

 

[burtsbees]

Though I agree with baddos and viper as far as what is likely happening, I do have a few customers with the number of vlans up there for their VMWare environments. I am not too privy on VMWare myself, I admit, but is this really out of the question? I do think Belushi brings up a good point and should be considered. Just my thoughts...

Burt

 

[scrimmy]

I looked through the VLAN's we are using and a lot of them are historic.
I have reduced the number of VLANs to below the 127 limit and now it's all fine.

Many thanks for the help