nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

What can cause BPDU packets

jibbajabba

We had an issue with our vmware infrastructure today where one host went offline. We fond out that the Arista switches shut the ports for his host as a VM sent BPDU packets - causing the spanningtree protection to kick in and disable these ports.

At the same time we installed a new Linux VM which was being prepared as a template. Nothing was installed on the VM, this was a plain CentOS install with all patches and iptables / seliunx disabled.

The times of BPDU packets are exactly the time that particular VM powered on.

Now I am lost - what could cause Linux to send out these packets ? Bear in mind, there was nothing installed, no switch software / NAT / KVM .. this was a plain 6.3 install "out of the box" - only additional packages were GNOME / XServer ...

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

QHalo

Have you deployed from that template before and not had this issue?

jibbajabba

No, this was a fresh VM I intended to turn into a template but didn't get that far. At that point it was a plain VM (not a template yet) sending out that packet for no apparent reason.

QHalo

reading comprehension FTW on my part

I'm doing some googling and not coming up with much but bridged NICs and transparent proxy stuff.

it_consultant

The Arista port must be configured with BPDU guard, which violated the port into a disabled state when it detected BPDUs. I expect it is not the guest that sent the BPDU but the virtual switch in the VMWARE infrastructure. I would disable the BPDU guard on ports plugged into the VMWARE infrastructure since the likelihood of a loop being introduced within the VMWARE infrastructure is pretty low. Or...disable BPDU guard and put the port in 'admin-pt2pt-mac' mode which will allow the switch to "see" the vmware device as a switch. It will still participate in spanning tree but it will learn the port instead of immediately violating the port when it gets a BPDU.

wes allen

I have had to disable spanguard on ports with Ubuntu servers and NIC teaming / dual nics (not sure how the server was set up, I just do the switches).

QHalo

VMware switches don't support Spanning-Tree, so they could never send a BPDU unless it was passed from a VM.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2032597

it_consultant

I didn't know that the vswitch did not participate in STP. I looked it up on VMWARE's website and it looks like you can configure the virtual network to block vm BPDUs. This would solve the OP's issue.

vSphere 5.1 – VDS New Features – BPDU Filter | VMware vSphere Blog - VMware Blogs

jibbajabba

THe VM only had a single NIC and did not do any switching at all.

QHalo

Take a look at my link. It looks like you can disable the ability to send BPDU from a guest via the CLI in 5.0, but it has to be at least that patch level. While the why is way more important, this would at least give you a starting point. Got a test environment at all?

jibbajabba

QHalo wrote: »

Take a look at my link. It looks like you can disable the ability to send BPDU from a guest via the CLI in 5.0, but it has to be at least that patch level. While the why is way more important, this would at least give you a starting point. Got a test environment at all?

Ah yea thanks a lot. Very usefull. One for tomorrow's change control meeting