Chapter 4. Ethernet and system networking concepts
4.1 Ethernet
4.1.10 Spanning Tree Protocol
Spanning Tree Protocol (STP) provides Layer 2 loop prevention and is commonly in different forms, such as existing STP, Rapid STP (RSTP), Multiple STP (MSTP), and VLAN STP (VSTP). RSTP is a common default STP. This form provides faster convergence times than STP. However, some existing networks require the slower convergence times that basic STP provides.
The operation of Spanning Tree Protocol
STP uses Bridge Protocol Data Unit (BPDU) packets to exchange information with other switches. BPDUs send out hello packets at regular intervals to exchange information across bridges and detect loops in a network topology.
•L ink aggregation: Multiple phys ical links combined to operate as a s ingle larger
logical link. (L AC P – IE E E 802.3ad)
•S ingle s es s ion typically s ent over s ingle phys ical link
•H as hing algorithm us ed to s elect trans mis s ion link
Two types of BPDUs are available:
Configuration BPDUs
These BPDUs contain configuration information about the transmitting switch and its ports, including switch and port MAC addresses, switch priority, port priority, and port cost.
Topology Change Notification (TCN) BPDUs
When a bridge must signal a topology change, it starts to send TCNs on its root port. The designated bridge receives the TCN, acknowledges it, and generates another one for its own root port. The process continues until the TCN reaches the root bridge.
STP uses the information that is provided by the BPDUs in several ways: To elect a root bridge, identify root ports for each switch, identify designated ports for each physical LAN segment, and prune specific redundant links to create a loop-free tree topology. All leaf devices calculate the best path to the root device. The devices place their ports in blocking or forwarding states that are based on the best path to the root. The resulting tree topology provides a single active Layer 2 data path between any two end stations.
Rapid Spanning Tree Protocol
RSTP provides better reconvergence time than the original STP. RSTP identifies certain links as
point to point
. When a point-to-point link fails, the alternate link can make the transition to the forwarding state.An RSTP domain has the following components:
Root port The “best path” to the root device.
Designated port Indicates that the switch is the designated bridge for the other switch that is connecting to this port.
Alternate port Provides an alternate root port.
Backup port Provides an alternate designated port.
RSTP was originally defined in the IEEE 802.1w draft specification and later incorporated into the IEEE 802.1D-2004 specification.
Multiple Spanning Tree Protocol
Although RSTP provides faster convergence time than STP, it still does not solve a problem inherent in STP. This inherent issue is that all VLANs within a LAN must share the same spanning tree. To solve this problem, we use MSTP to create a loop-free topology in networks with multiple spanning-tree regions.
In an MSTP region, a group of bridges can be modeled as a single bridge. An MSTP region contains multiple spanning-tree instances (MSTIs). MSTIs provide different paths for different VLANs. This functionality facilitates better load sharing across redundant links.
An MSTP region can support up to 64 MSTIs, and each instance can support 1 - 4094 VLANs. MSTP was originally defined in the IEEE 802.1s draft specification and later incorporated into the IEEE 802.1Q-2003 specification.
VLAN Spanning Tree Protocol
With VSTP, switches can run one or more STP or RSTP instances for each VLAN on which VSTP is enabled. For networks with multiple VLANs, VSTP enables more intelligent tree spanning. This level of tree spanning is possible because each VLAN can have interfaces that are enabled or disabled depending on the paths that are available to that specific VLAN.
Chapter 4. Ethernet and system networking concepts 73
By default, VSTP runs RSTP, but you cannot have both stand-alone RSTP and VSTP running simultaneously on a switch. VSTP can be enabled for up to 253 VLANs.
Bridge Protocol Data Unit (BPDU) protection
BPDU protection can help prevent STP misconfigurations that can lead to network outages. Receipt of BPDUs on certain interfaces in an STP, RSTP, VSTP, or MSTP topology, can lead to network outages.
BPDU protection is enabled on switch interfaces that are connected to user devices or on interfaces on which no BPDUs are expected, such as edge ports. If BPDUs are received on a protected interface, the interface is disabled and stops forwarding the frames.
Loop protection
Loop protection increases the efficiency of STP, RSTP, VSTP, and MSTP by preventing ports from moving into a forwarding state that might result in a loop opening in the network.
A blocking interface can transition to a forwarding state in error if the interface stops receiving BPDUs from its designated port on the segment. Such a transition error can occur when there is a hardware error on the switch or software configuration error between the switch and its neighbor.
When loop protection is enabled, the spanning tree topology detects root ports and blocked ports and ensures that both keep receiving BPDUs. If a loop protection-enabled interface stops receiving BPDUs from its designated port, it reacts as it might react to a problem with the physical connection on this interface. It does not transition the interface to a forwarding state, but instead transitions it to a loop-inconsistent state. The interface recovers and then transitions back to the spanning-tree blocking state as soon as it receives a BPDU.
You must enable loop protection on all switch interfaces that have a chance of becoming root or designated ports. Loop protection is the most effective when it is enabled in the entire switched network. When you enable loop protection, you must configure at least one action (alarm, block, or both).
An interface can be configured for either loop protection or root protection, but not for both.
Root protection
Root protection increases the stability and security of STP, RSTP, VSTP, and MSTP by limiting the ports that can be elected as root ports. A root port that is elected through the regular process has the possibility of being wrongly elected. A user bridge application that is running on a PC can also generate BPDUs and interfere with root port election. With root protection, network administrators can manually enforce the root bridge placement in the network.
Root protection is enabled on interfaces that should not receive superior BPDUs from the root bridge and should not be elected as the root port. These interfaces become designated ports and are typically on an administrative boundary. If the bridge receives superior STP BPDUs on a port that has root protection enabled, that port transitions to a root-prevented STP state (inconsistency state), and the interface is blocked. This blocking prevents a bridge that should not be the root bridge from being elected the root bridge. After the bridge stops receiving superior STP BPDUs on the interface with root protection, the interface returns to a listening state. This state is followed by a learning state and ultimately back to a forwarding state. Recovery back to the forwarding state is automatic.
When root protection is enabled on an interface, it is enabled for all of the STP instances on that interface. The interface is blocked only for instances for which it receives superior
BPDUs. Otherwise, it participates in the spanning tree topology. An interface can be configured for either root protection or loop protection, but not for both.