MSTP with multiple instances - Yea or Nay

notverypunny

So, I'm looking at various ways to cleanup the nitty gritty IT stuff that users don't see and something that's been in place since before I came on-board is the STP / MSTP setup.

Looking at how things used to be setup, it made a certain degree of sense as there were 2 core switches (HP 3800 series) and each one was the root for an instance. We've since moved to one modular core (HP 5400 series), so it's the root for all instances.

My main concern at the moment is that we've since added several vlans into the mix that aren't part of either instance and if I'm going to have to update and propagate a new STP config would it be simpler / better to just put all VLANs into a single instance and be done with it?

Thoughts / pros / cons?

1337

What does your network topology look like?

scottalanmiller

Are the VLANs needed? What are they for?

notverypunny

@scottalanmiller said in MSTP with multiple instances - Yea or Nay:

Are the VLANs needed? What are they for?

Traffic isolation / functional separation / security. Servers / Management / endpoints / VDI / Wifi / telephony etc etc etc

Dashrender

@notverypunny said in MSTP with multiple instances - Yea or Nay:

@scottalanmiller said in MSTP with multiple instances - Yea or Nay:

Are the VLANs needed? What are they for?

Traffic isolation / functional separation / security. Servers / Management / endpoints / VDI / Wifi / telephony etc etc etc

One would ask if any of those are needed today?
Functional separation I could see if you have two desperate networks but need to use a single ethernet fabric. I have that, my Guest WiFi has it's own firewall and own internet connection, yet we share the APs. it's on it's on VLAN with no routes between prod and guest.

But on the prod side, in a LANLess world, is that really needed? Of course, few of us likely actually have LANLess set ups.

notverypunny

@Dashrender said in MSTP with multiple instances - Yea or Nay:

@notverypunny said in MSTP with multiple instances - Yea or Nay:

@scottalanmiller said in MSTP with multiple instances - Yea or Nay:

Are the VLANs needed? What are they for?

Traffic isolation / functional separation / security. Servers / Management / endpoints / VDI / Wifi / telephony etc etc etc

One would ask if any of those are needed today?
Functional separation I could see if you have two desperate networks but need to use a single ethernet fabric. I have that, my Guest WiFi has it's own firewall and own internet connection, yet we share the APs. it's on it's on VLAN with no routes between prod and guest.

But on the prod side, in a LANLess world, is that really needed? Of course, few of us likely actually have LANLess set ups.

Skimming through the LANLess explanation @travisdh1 posted a while back, I think we're somewhat a mashup of it and segmentation. Some of the VLANs in question are end-point only and as such the security isn't as tight as the ones that are used in the server-room / data center functions. If I were designing something from scratch, LANLess would certainly be something to consider, but since this is far from a new build, I doubt I could start to justify the headaches that changing VLANs and IP addressing would entail.

To come back around to my initial question, can anyone point me to any pros / cons with regards to having multiple instances of spanning tree given that we no longer have 2 devices acting as root bridges?