LINKS
- STP basic operation http://www.cisco.com/image/gif/paws/10556/spanning_tree1.swf
- STP Variants http://www.ccnpguide.com/ccnp-switch-642-813-spanning-tree-basics/
- STP Good Explain http://ciscoiseasy.blogspot.com/2010/10/lesson-20-spanning-tree-protocol.html
- STP Port priority http://astorinonetworks.com/2011/06/30/spanning-tree-port-priority/
TERMINOLOGY
STP - Spanning Tree ProtocolSpanning Tree Protocol Overview
STA - Spanning Tree Algorithm (to determine which ports need to be blocked)
BPDU - Bridge Protocol Data Unit (deafult = sent every 2 seconds)
BID - Bridge ID = Bridge Priority(default on Cisco is 32768) + Bridge MAC address
ROOT Bridge - Bridge with best (lowest) BID
Nonroot bridge - All bridges in network that are not ROOT Bridge
Path Cost - is primarly used to determine which port become ROOT Port on each nonroot switch in a STP topology (determined by bandwidth of a link). Best is lowest (more bandwidth wins).
ROOT Port - Link directly connected to the ROOT Bridge, or the shortest path to ROOT Bridge.
Designated port - determined as having the best (lowest) cost. Marked as "F" - forwarding.
NonDesignated port - one with higher cost that designated port. Put in Blocking mode (non forwarding).
Forwarding port - port that forward frames.
Blocked port - port that in order to prevent loops will not forward frames, but will always listen to frames.
Convergence - when all ports on bridges and switches have transitioned to either forwarding or blocking modes.
The term STP convergence refers to the process by which the switches collectively realize that something has changed in the LAN topology, so the switches might need to change which ports block and which ports forward.
* One ROOT Bridge per network
* One ROOT Port per nonroot bridge
* One Designated port per segment
Spanning Tree Protocol is a protocol designed to help make a loop free environment on redundantly connected Cisco switches.
In a hierarchical design redundancy is achieved at the distribution and core layers by adding extra hardware and cabling.
Legacy STP is IEEE 802.1D STP
NOTICE!
Bridges and switches are functionally the same devices. Both terms are interchangeably.
By default, Cisco switches use IEEE 802.1d, not RSTP (802.1w), with a Cisco-proprietary feature called Per-VLAN Spanning Tree Plus (PVST+).
PVST+ (often abbreviated as simply PVST today) creates a different instance of STP for each VLAN.
Layer 2 Problems Caused by Not Using STP in Redundant LANs
- Broadcast storms - The forwarding of a frame repeatedly on the same links, consuming significant parts of the links’ capacities
- MAC table instability - The continual updating of a switch’s MAC address table with incorrect entries, in reaction to looping frames, resulting in frames being sent to the wrong locations
- Multiple frame transmission - A side effect of looping frames in which multiple copies of one frame are delivered to the intended host, confusing the host
What IEEE 802.1d Spanning Tree Does
STP prevents loops by placing each bridge/switch port in either a Forwarding State or a Blocking State.
STP is enabled on all switches (by default).
STP determines which ports should be in a forwarding state or blocking state. A redundant link will only be used if a primary link failure occurs.
Loops can occur because layer 2 frames do not have a TTL. Without STP redundant networks would have endless loops. A broadcast storm occurs when many broadcast frames are caught in a loop consuming all possible bandwidth.
Redundancy protects the network from a single point of failure. STP ensures there is only one logical path between all destinations.
STP uses the Spanning Tree Algorithm to determine which ports need to be blocked. A single switch is designated as the Root Bridge and the STA uses this as the focal point for making decisions.
STP uses BPDU’s to communicate information between switches. Each BPDU contains a BID that identifies the switch. Each BID contains a priority value, sending MAC address, and an extended system ID.
All switches participating in STP exchange BPDU frames to determine which switch has the lowest bridge ID (BID) on the network. The switch with the lowest BID automatically becomes the root bridge for the STA calculations.
The STA uses both path and port cost when determining which path to leave unblocked. STA chooses the lowest path cost if there are more than one path.
STP CONVERGENCE - STP uses three criteria to choose whether to put an interface in Forwarding State:
1) STP elects a root switch. STP puts all working interfaces on the root switch in Forwarding State.
2) Switches select root port (can be only one for each non-root Switch). Each nonroot switch considers one of its ports to have the least administrative cost between itself and the root switch. STP places this least-root-cost interface, called that switch’s root port (RP), in Forwarding State.
3) Switches select designated ports. Many switches can attach to the same Ethernet segment. The switch with the lowest administrative cost from itself to the root bridge, as compared with the other switches attached to the same segment, is placed in Forwarding State. The lowest-cost switch on each segment is called the designated bridge, and that bridge’s interface, attached to that segment, is called the designated port (DP).
4) Block non-root and non-designated port
Switch ports using STP have three modes or simply disabled:
1. Root port – non-blocking port closest to the Root Bridge (not on root bridge)
2. Designated port – non-blocking port that is not a root port (on root bridge all ports designated)
3. Non-designated port – blocking port
4. Disabled port – is a port that is administratively shut down, these do not participate in STP
Spanning-Tree Port States (IEEE 802.1D )
State Forward Frames? Learns MACs? Transitory or Stable State?
Blocking No No Stable
Listening No No Transitory
Learning No Yes Transitory
Forwarding Yes Yes Stable
Disabled No No Stable
- Disabled - The port in this state does not participate in the STP operation (it is shut down).
- Blocking - The port does NOT forward any Ethernet frames, does NOT accept any Ethernet frames (discards arriving frames), does NOT learn any MAC addresses. However, the port DOES process BPDU frames received from a neighboring switch. If the port transitions to this state (blocking), it can stay blocked for 20 seconds by default (max_age).
- Listening - The port in this state CAN send and receive the BPDU frames. However, the port in this state does NOT learn any MAC addresses, and does NOT forward or process incoming frames either. All Ethernet frames are being discarded. The computation of loop free topology takes place in this state. If the port transitions to this state (listening), it can stay in this state for 15 seconds by default (forward_delay).
- Learning - The port in this state already knows its role (root port or designated port ) in the STP domain. However, the port will not forward any Ethernet frames yet. It will be learning MAC addresses from the frames arriving at the port in order to populate MAC address table. This helps avoid too much flooding when the port transition to the forwarding state. If the port transitions to this state (learning), it can stay in this state for 15 seconds by default (forward_delay).
- Forwarding - The port in this state will forward all Ethernet frames as per switch operation. Also, the port will process all incoming Ethernet frames and will actively learn MAC addresses from the arriving traffic.
- protocol identifier, version, message type, message age, max time, hello time,forw delay
- flags: STP-802.1D (topol change or topol change ack) or RSTP-802.1w (top change, port state, port role)
- root ID
- root path cost
- bridge id
- port id
Best Paths to the Root Bridge
The path information is determined by summing up the individual port costs (port speed) along the path from the destination to the root bridge.
The STP port cost is simply an integer value assigned to each interface for the purpose of providing an objective measurement that allows STP to choose which interfaces to add to the STP topology.
Link(port) speed | Cost (Revised IEEE Specification)
20 Gbps + 1
10'000 mpbs (10G) 2
1'000 mbps (1G) 4
100 mbps 19
10 mbps 100
Root Bridge Election
BID is made up of a priority value (first to compare) + an extended system ID (VLAN ID) + the MAC address of the switch.
If two bridges have equal priority, then the MAC addresses are compared. (Lowest priority/MAC - best)
“All switches in the broadcast domain participate in the election process. After a switch boots, it sends out BPDU frames containing the switch BID and the root ID every 2 seconds. By default, the root ID matches the local BID for all switches on the network. The root ID identifies the root bridge on the network. Initially, each switch identifies itself as the root bridge after bootup.”
“As the switches forward their BPDU frames, adjacent switches in the broadcast domain read the root ID information from the BPDU frame. If the root ID from the BPDU received is lower than the root ID on the receiving switch, the receiving switch updates its root ID identifying the adjacent switch as the root bridge. Note: It may not be an adjacent switch, but any other switch in the broadcast domain. The switch then forwards new BPDU frames with the lower root ID to the other adjacent switches. Eventually, the switch with the lowest BID ends up being identified as the root bridge for the spanning-tree instance.”
Priority is the main decider of who is to be Root Bridge the switch with the lowest priority will be chosen. If everyone shares an equal priority then the switch with the lowest MAC address becomes Root Bridge.
After the election is complete, only the root switch continues to originate STP Hello BPDU messages.
All Cisco switches by default have the same priority set to 32768.
They can range anywhere from 1 (highest priority) – 65536 (bridge priority in increments of 4096).
To change the priority of a switch:
a) enter spanning-tree vlan vlanid
b) set an exact priority value spanning-tree vlan
Default Port Costs
IEEE controls the default settings of port costs. As new technologies appear they can change the values of these ports. Port costs are configurable when an administrator needs to change them.
To change the default values enter the interface configuration mode and execute spanning-tree cost
Issue show spanning-tree to see port costs. Paths with the lowest cost become preferred path (sums up all port costs across destination).
Default Port Priority
When two ports share the same port cost then STP uses the lowest interface number to choose the correct port. By default port priority is set to 128 (it can range from 0 -240). Within the interface configuration mode you can change the priority by issuing
spanning-tree port-priority
Five STP Port States
1. Blocking – non-designated port, receives BPDU’s but does not forward frames
2. Listening – port is receiving BPDU’s and sending them as it prepares to go active
3. Learning – prepares to go active as it learns MAC addresses
4. Forwarding – forwards data frames and BPDU’s in active topology
5. Disabled – administratively shut down, does not receive or send BPDU’s
Cisco PortFast Technology
On access switches an access port will not connect to another switch PortFast technology allows the port to go automatically from blocking to forwarding without any STP delays. This also allows DHCP to work better when a PC is sending a DHCP request while the port is only listening. BPDU Guard is also available which will disable the port if it receives a BPDU (implies a switch was connected to port even though it was designed for access port).
To configure PortFast enter the interface configuration mode and execute spanning-tree portfast. View the running-config to confirm setting.
STP Convergence
1. Elect root bridge (Switch with lowest BID)
BID format priority.base-mac-address
a. Lowest Priority (default is 32768), can be set only in increments of 4096: 0, 4096, 8192...
b. Lowest MAC address
2. Elect single root port (on every non-root bridge)
The root port is the port on that bridge that is closest to the root bridge.
a. Lowest total cost to reach root bridge
b. Lowest Bridge ID of the designated switch (the neighbor that sends BPDUs)
b. Lowest Port ID (known also as port priority) of the sender
c. Lowest Port ID on which the BPDU arrives
F0/1 has a default port priority = 128.1
F0/2 has a default port priority = 128.2
128 - configurable port priority value and
.1 is the port ID.
3. Elect designated and non-designated ports
The designated port on each LAN segment is the switch port that advertises the lowest-cost Hello onto a LAN segment.
a. Lowest cost to reach the root switch
b. Lowest sending BID
A switch considers a root bridge no longer available if after 20 seconds (default) it has not received any BPDU’s, this time is referred to as the max age time and it set to allow 10 BDPU’s to fail before removing the root bridge.
STP Topology Changes
STABLE STP TOPOLOGY
Summarizes operations when nothing is currently changing in the STP topology:
1. The root creates and sends a Hello BPDU, with a cost of 0, out all its working interfaces (those in a Forwarding State).
2. The nonroot switches receive the Hello on their root ports. After changing the Hello to list their own bridge ID as the sender’s BID, and listing that switch’s root cost, the switch forwards the Hello out all designated ports.
3. Steps 1 and 2 repeat until something changes.
The root switch sends a new Hello BPDU every 2 seconds by default.
STP TOPOLOGY CHANGE
When a switch ceases to receive the Hellos, something has failed, so the switch reacts and starts the process of changing the spanning-tree topology.
For various reasons, the convergence process requires the use of three timers:
- Hello (The time period between Hellos created by the root) every 2 second default
- Max Age (Time which switch should wait, after ceasing to hear Hellos, before trying to change the STP topology, 10 Hello = 20 seconds default
- Forward Delay (Delay that occurs when an interface changes from Blocking State to Forwarding State), 15 seconds
STP moves an interface from Blocking to Listening, then to Learning, and then to Forwarding State.
Wait 15 seconds each in Listening and Learning States on interface + Max Age, resulting in a 50-second convergence delay
When a topology change occurs on a switch the switch sends a special BPDU (TCN – Topology Change Notification) to it’s designated bridge (bridge closer to root bridge). This bridge responds with a TCA, which is just a simple BPDU containing the new updated info. It also sends it’s own TCN to the next designated bridge or root bridge, whichever it may be.
Once the root bridge has received the information it sends out a BPDU to all switches with the correct change.
STP Security
The Cisco features:
- BPDU Guard disabling a port if any BPDUs are received on the port. (s an access port and never connected to another switch),
- BPDU Filter - will ignore in/out BPDUs. So you COULD end up with a loop in your network. Way not cool.
- Root Guard disable port where new rogue switch tries to become the root switch. ( ignore the superior BPDU, but the switch also disables the interface)
- Loop Guard - If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / learning / forwarding state. Without the loop guard feature, the port assumes the designated port role. The port moves to the STP forwarding state and creates a loop.
- PortFast allows a switch to immediately place a port in Forwarding State when the port becomes physically active, bypassing any choices about the STP topology and bypassing the Listening and Learning States. However, the only ports on which you can safely enable PortFast are ports on which you know that no bridges, no switches, or other STP-speaking devices are connected.
PortFast is most appropriate for connections to end-user devices.
Rapid STP (IEEE 802.1w)
RSTP (802.1w) works just like STP (802.1d) in several ways:
■ It elects the root switch using the same parameters and tiebreakers.
■ It elects the root port on nonroot switches with the same rules.
■ It elects designated ports on each LAN segment with the same rules.
■ It places each port in either Forwarding or Blocking State, although RSTP calls the Blocking State the Discarding State.
• Cisco-proprietary enhancements to 802.1D, such as UplinkFast and BackboneFast, are not compatible with RSTP.
• RSTP (802.1w) supersedes STP (802.1D) while retaining backward compatibility. Much of the STP terminology remains, and most parameters are unchanged. In addition, 802.1w is capable of reverting back to 802.1D to interoperate with legacy switches on a per-port basis. For example, the RSTP spanning-tree algorithm elects a root bridge in exactly the same way as 802.1D.
• RSTP keeps the same BPDU format as IEEE 802.1D, except that the version field is set to 2 to indicate RSTP, and the flags field uses all 8 bits.
• RSTP is able to actively confirm that a port can safely transition to the forwarding state without having to rely on any timer configuration.
The overriding reason is convergence. STP takes a relatively long time to converge (50 seconds with the default settings).
RSTP can achieve much faster convergence in a properly configured network, times are typically less than 10 seconds (sometimes in as little as a few hundred milliseconds).
RSTP :
- only has to wait 3*Hello (default 6 seconds),
- eliminates the forward delay (default 15 seconds) time in both Listening States,
- eliminates the forward delay (default 15 seconds) time in both Learning States.
Enable RSTP
SW1(config)# spanning-tree mode rapid-pvst
RSTP Link and Edge Types
RSTP characterizes the types of physical connectivity:
■ Link-type point-to-point (full-duplex), sw-to-sw
■ Link-type shared (half-duplex), sw-to-hub
■ Edge-type (portfast), user pc, server
 |
| RSTP port types |
RSTP Port States
RSTP has only three port states:
- discarding (STP blocking, listening, disabled),
- learning (STP learning),
- forwarding (STP forwarding).
RSTP Port Roles
Both STP (802.1d) and RSTP (802.1w) use the concepts of port states and port roles.
RSTP add three new port roles:
- disabled role, refers to shutdown interfaces,
- backup port (it is non-designated) - applies only when a single switch has two links to the same segment (collision domain)
- alternate port (it is non-designated) - role identifies a switch’s best alternative to its current RP. (A port on a switch that receives a suboptimal BPDU) (is blocked)
RSTP Convergence
Under stable conditions, every switch independently generates and sends Hello BPDUs, rather than only changing and forwarding the Hellos sent by the root switch.
The main changes with RSTP’s version of the STA occur when changes occur in the network.
- Edge-Type Behavior and PortFast
RSTP improves convergence for edge-type connections by immediately placing the port in Forwarding State when the link is physically active.
- Link-Type Shared
RSTP doesn’t do anything differently from STP on link-type shared links.
However, because most of the links between switches today are not shared, but are typically full-duplex point-to-point links, it doesn’t matter.
- Link-Type Point-to-Point
RSTP improves convergence over full-duplex links between switches—the links that RSTP calls “link-type point-to-point.”
The first improvement made by RSTP over these types of links relates to how STP uses MaxAge. So RSTP recognizes a lost path to the root much more quickly.
RSTP removes the need for Listening State and reduces the time required for Learning State by actively discovering the network’s new state.
STP Defaults and Configuration Options
SW-4500#sh spanning-tree vlan 999
VLAN0999
Spanning tree enabled protocol ieee
Root ID Priority 33767
Address 0012.daa3.6a00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33767 (priority 32768 sys-id-ext 999)
Address 0012.daa3.6a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi4/1 Desg FWD 4 128.193 P2p
Gi4/5 Desg FWD 4 128.197 P2p
SW-4500#sh spanning-tree root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- ------ ----- --- --- ----------------
VLAN0001 4096 001e.f741.8d00 60004 2 20 15 Gi7/6
VLAN0004 4096 001e.f741.8d00 40019 2 20 15 Gi7/22
VLAN0092 32860 0012.daa3.6a00 0 2 20 15
VLAN0093 32861 0012.daa3.6a00 0 2 20 15
VLAN0097 4096 001e.f741.8d00 40004 2 20 15 Gi7/6
SW1(config)# ! changes the base priority to 24679 (24,576 + 3 for VLAN)
SW1(config)# spanning-tree vlan 3 root primary
SW1(config)# ! changes the base priority to 28672
SW1(config)# spanning-tree vlan 3 root secondary
EtherChannel
EtherChannel - is a Cisco-proprietary feature in which up to eight parallel Ethernet segments between the same two devices, each using the same speed, can be combined to act as a single link for forwarding and Spanning Tree Protocol logic.
IEEE 802.1ad - The IEEE standard for the functional equivalent of the Cisco-proprietary EtherChannel.
LACP (Link Aggregation Control Protocol) - Within the IEEE specification the Link Aggregation Control Protocol (LACP) provides a method to control the bundling of several physical ports together to form a single logical channel. LACP allows a network device to negotiate an automatic bundling of links by sending LACP packets to the peer (directly connected device that also implements LACP).
In addition to the IEEE link aggregation substandards, there are a number of proprietary aggregation schemes including:
- Cisco's EtherChannel and Port Aggregation Protocol,
- AVAYA's Multi-Link Trunking, Split Multi-Link Trunking, Routed Split Multi-Link Trunking and Distributed Split Multi-Link Trunking,
- Huawei's "EtherTrunk".
Most high-end network devices support some kind of link aggregation, and software-based implementations – such as the *BSD lagg package, Linux' bonding driver, Solaris' dladm etc. – also exist for many operating systems.
The switches treat the EtherChannel as a single interface with regard to the frame-forwarding process as well as for STP.
EtherChannel also provides more network bandwidth. All trunks in an EtherChannel are either forwarding or blocking, because STP treats all the trunks in the same EtherChannel as one trunk. When an EtherChannel is in Forwarding State, the switches load-balance traffic over all the trunks, providing more bandwidth.
Configuring EtherChannel
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fa 0/16
SW1(config-if)#channel-group 1 mode on
SW1(config)#int fa 0/17
SW1(config-if)#channel-group 1 mode on
SW1(config-if)#^Z
00:32:27: STP: VLAN0001 Po1 -> learning
00:32:42: STP: VLAN0001 Po1 -> forwarding
Verify
SW1#sh spanning-tree vlan 3
VLAN0003
Spanning tree enabled protocol ieee
Root ID Priority 28675
Address 0019.e859.5380
Cost 12
Port 72 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28675 (priority 28672 sys-id-ext 3)
Address 0019.e86a.6f80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
Fa0/11 Desg FWD 19 128.11 P2p
Po1 Root FWD 12 128.72 P2p
SW1#show etherchannel 1 summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------
1 Po1(SU) - Fa0/16(P) Fa0/17(P)
The channel-group command allows for configuring an interface to always be in a port channel (using the on keyword) or to be dynamically negotiated with the other switch using the auto or desirable keywords.
If negotiated, an EtherChannel is formed. If not, the ports can be used without forming an EtherChannel, with STP blocking some interfaces.
DSW1(config-if)#channel-group 1 mode ?The use of the auto and desirable parameters can be deceiving.
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
If you configure auto on both switches, the EtherChannel never comes up! The auto keyword tells the switch to wait for the other switch to start the negotiations. As long as one of the two switches is configured with desirable, the EtherChannel can be successfully negotiated.
“port-channel” or “Po”
Because STP treats the EtherChannel as one link, the switch needs some way to represent the entire EtherChannel. The 2960 IOS uses the term “Po,” short for “port channel,” as a way to name the EtherChannel. (EtherChannel is sometimes called port channel.) For example, near the end of the example, the show etherchannel 1 summary command references Po1, for port channel/EtherChannel 1 .
No comments :
Post a Comment