Module 3 - Spanning-Tree Protocol.pdf

(1)

www.hanoictt.com

Spanning-Tree

Protocol

H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N

Overview

(2)

www.hanoictt.com

STP concepts

• STP is a loop-prevention protocol

• STP allows L2 devices to communicate with each other to discover physical loops in the network.

• STP specifies an algorithm that L2 devices can use to create a loop-free logical topology.

• STP creates a tree structure of loop-free leaves and branches that spans the entire Layer 2 network.

H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1

H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N

Broadcast loops

• Broadcasts and Layer 2 loops can be a dangerous combination. • Ethernet frames have no TTL field

• After an Ethernet frame starts to loop, it will probably continue until someone shuts off one of the switches or breaks a link.

(3)

www.hanoictt.com

• The switches will flip flop the bridging table entry for Host A (creating extremely high CPU utilization).

Assume no SPT on

switches and host B has

been removed

Spanning-Tree Protocol Operation (IEEE 802.1D)

• The purpose of STP is to avoid and eliminate loops in the network by negotiating a loop-free path through a root bridge.

• STP determines where the are loops and blocks links that are redundant. – Ensures that there will be only one active path to every destination.

• STP executes an algorithm called STA.

• STA chooses a reference point, called a root bridge, and then determines the available paths to that reference point.

(4)

www.hanoictt.com

STP Concepts: Bridge ID

• Bridge ID (BID) is used to identify each bridge/switch.

• The BID is used in determining the center of the network known as the root

bridge.

• Bridge Priority is usually expressed in decimal format and the MAC address in

the BID is usually expressed in hexadecimal format.

• Lowest Bridge ID is the root.

• If all devices have the same priority, the bridge with the lowest MAC address

becomes the root bridge

STP Concepts: Path Cost

• Bridges use the concept of cost to evaluate how close they are to other bridges.

• This will be used in the STP development of a loop-free topology .

• Originally, 802.1d defined cost as 1000/bandwidth of the link in Mbps, cost of

10Mbps link = 100 or 1000/10 and so on… but it has been changed later due to

faster switches

<= 10Gb

> 10Gb

(5)

www.hanoictt.com

• On a CatOS switch, the first number is 6 bits and the second number is 10 bits.

On an IOS-based switched, both numbers are 8 bits

• Lower Port IDs are preferred over higher Port IDs in the STP decision

• The Port Priority is a configurable STP parameter (unlike the Port Number). The

values range from

0 to 255

on an IOS-based switch, with a default value of

128 .

Port Number is from 0 to 2

8

_{= 256}

IOS

switch

16 bit

8 bit

Four-Step STP Decision Sequence

• When creating a loop-free topology, STP always uses the same

four-step decision sequence:

Four

Four-

-Step decision Sequence

Step decision Sequence

Step 1 - Lowest BID

Step 2 - Lowest Path Cost to Root Bridge

Step 3 - Lowest Sender BID

Step 4 - Lowest Port ID

• Bridges use

C

onfiguration

BPDU

s during this four-step process.

• We will assume all BPDUs are configuration BPDUs until otherwise

(6)

www.hanoictt.com

STP decisions and BPDU exchanges

• When a bridge first becomes active, all its ports send BPDUs every 2 seconds (the default Hello Time). if a port hears about a BPDU from another bridge that is more attractive (use four-step sequence above) than the BPDU it has been sending, the local port stops sending BPDUs. If the more-attractive BPDU stops arriving from a neighbor for 20 seconds (the default Max Age), the local port resumes sending BPDUs. Max Age is the time it takes for the best BPDU to time out.

• Bridges save a copy of only the best BPDU seen on every port. • Only the lowest value BPDU is saved.

• When making this evaluation, it considers all of the BPDUs received on the port, as well as the BPDU that would be sent on that port.

• If the new BPDU (or the locally generated BPDU) is more attractive, the old value is replaced. • Bridges send configuration BPDUs until a more attractive BPDU is received.

Information inside a

BPDU

STP decisions and BPDU exchanges

• After a Root Bridge is decided, configuration BPDUs are only sent by the Root

Bridge. All other bridges must forward or relay the BPDUs, adding their own

Sender Bridge IDs to the message.)

As the Root Path

Cost travels along,

other switches can

modify its value to

make it cumulative.

(7)

www.hanoictt.com

converge on a loop-free topology:

– Step 1 Elect one Root Bridge

– Step 2 Elect Root Ports

– Step 3 Elect Designated Ports

Cat-A

Cat-B

Cat-C

Cost=19 Cost=19 Cost=19 1/1 1/2 1/1 1/1 1/2 1/2

Root

Bridge

(8)

www.hanoictt.com

STP Convergence

Step 1 Elect one Root Bridge

• When the network first starts, all bridges are announcing a chaotic mix of

BPDUs.

• All bridges immediately begin applying the four-step sequence decision process.

• Switches need to elect a single Root Bridge.

• Switch with the lowest BID wins!

• Note: Many texts refer to the term “highest priority” which is the “lowest” BID

value.

• This is known as the “Root War.”

STP Convergence

Step 1 Elect one Root Bridge

All 3 switches have the same default

Bridge Priority

value of

32,768

(9)

www.hanoictt.com

H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N BPDU 802.3 Header

Destination: 01:80:C2:00:00:00 Mcast 802.1d Bridge group Source: 00:D0:C0:F5:18:D1

LLC Length: 38

802.2 Logical Link Control (LLC) Header

Dest. SAP: 0x42 802.1 Bridge Spanning Tree Source SAP: 0x42 802.1 Bridge Spanning Tree Command: 0x03 Unnumbered Information

802.1 - Bridge Spanning Tree Protocol Identifier: 0 Protocol Version ID: 0

Message Type: 0 Configuration Message Flags: %00000000

Root Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0 Cost Of Path To Root: 0x00000000 (0)

Bridge Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0 Port Priority/ID: 0x80/ 0x1D

Message Age: 0/256 seconds (exactly 0 seconds) Maximum Age: 5120/256 seconds (exactly 20 seconds) Hello Time: 512/256 seconds (exactly 2 seconds) Forward Delay: 3840/256 seconds (exactly 15 seconds)

STP Convergence

(10)

www.hanoictt.com

• At the beginning, all bridges assume they are the center of the universe and

declare themselves as the Root Bridge, by placing its own BID in the Root BID

field of the BPDU.

STP Convergence

Step 1 Elect one Root Bridge

STP Convergence

(11)

www.hanoictt.com

• Now that the Root War has been won, switches move on to selecting Root

Ports.

• A bridge’s Root Port is the port closest to the Root Bridge.

• Bridges use the cost to determine closeness.

• Every non-Root Bridge will select one Root Port!

• Specifically, bridges track the Root Path Cost, the cumulative cost of all links to

the Root Bridge.

Step 1

• Cat-A sends out BPDUs, containing a Root Path Cost of 0.

• Cat-B receives these BPDUs and adds the Path Cost of Port 1/1 to the Root Path Cost contained in the BPDU.

Step 2

• Cat-B add Root Path Cost 0 PLUS its Port 1/1 cost of 19 = 19

Cat-A

Cat-B

Cat-C

Cost=19 Cost=19 Cost=19 1/1 1/2 1/1 1/1 1/2 1/2 Root Bridge BPDU Cost=0 BPDU Cost=0 BPDU Cost=0+19=19 BPDU Cost=0+19=19

(12)

www.hanoictt.com

Step 3

• Cat-B uses this value of 19 internally and sends BPDUs with a Root Path Cost of 19 out Port 1/2.

Step 4

• Cat-C receives the BPDU from Cat-B, and increased the Root Path Cost to 38 (19+19). (Same with Cat-C sending to Cat-B.)

Cat-A

Cat-B

Cat-C

Cost=19 Cost=19 Cost=19 1/1 1/2 1/1 1/1 1/2 1/2 Root Bridge BPDU Cost=0 BPDU Cost=0 BPDU Cost=19 BPDU Cost=19 BPDU Cost=19 _BPDU Cost=38 (19=19) BPDU Cost=38 (19=19) BPDU Cost=19 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N Step 5

• Cat-B calculates that it can reach the Root Bridge at a cost of 19 via Port 1/1 as

Cat-A

Cat-B

Cat-C

Cost=19 Cost=19 Cost=19 1/1 1/2 1/1 1/1 1/2 1/2 Root Bridge BPDU Cost=0 BPDU Cost=0 BPDU Cost=19 BPDU Cost=19 BPDU Cost=38 (19=19) BPDU Cost=38 (19=19)

Root Port

The costs increment

as BPDUs are received

on a port, not as they

are sent out of the port

(13)

www.hanoictt.com

• The loop prevention part of STP becomes evident during this step, electing

designated ports.

• A Designated Port functions as the single bridge port that both sends and receives

traffic to and from that segment and the Root Bridge.

• Each segment in a bridged network has

one

Designated Port, chosen

based on cumulative Root Path Cost to the Root Bridge.

• The switch containing the Designated Port is referred to as the Designated Bridge

for that segment.

• To locate Designated Ports, lets take a look at each segment.

• Root Path Cost, the cumulative cost of all links to the Root Bridge.

• Segment 1: A:1/1 has a Root Path Cost = 0 (after all it is the Root Bridge) and Cat-B:1/1 has a Root Path Cost = 19.

• Segment 2: A:1/2 has a Root Path Cost = 0 (after all it is the Root Bridge) and Cat-C:1/1 has a Root Path Cost = 19.

• Segment 3: Cat-B:1/2 has a Root Path Cost = 19 and Cat-C:1/2 has a Root Path Cost = 19. It’s a tie!

Cat-A

Cat-B

Cat-C

Cost=19 Cost=19 Cost=19 1/1 1/2 1/1 1/1 1/2 1/2 Root Bridge

Root Port

Segment 1

Segment 2

Segment 3

Root Path Cost = 0 Root Path Cost = 0

Root Path Cost = 19

(14)

www.hanoictt.com

Segment 1

• Because Cat-A:1/1 has the lower Root Path Cost it becomes the Designate Port for Segment 1.

Segment 2

• Because Cat-A:1/2 has the lower Root Path Cost it becomes the Designate Port for Segment 2.

Cat-A

Cat-B

Cat-C

Root Port

Segment 1

Segment 2

Segment 3

Root Path Cost = 19 _{Root Path Cost = 19}

Designated Port

Segment 3

• Both Cat-B and Cat-C have a Root Path Cost of 19, a tie!

Cat-A

Cat-B

Cat-C

Root Port

Segment 1

Segment 2

Segment 3

(15)

www.hanoictt.com

All port on

Root bridge will

Be designated port

Segment 3 (continued)

• 1) All three switches agree that Cat-A is the Root Bridge, so this is a tie. • 2) Root Path Cost for both is 19, also a tie.

• 3) The sender’s BID is lower on Cat-B, than Cat-C, so Cat-B:1/2 becomes the Designated Port for Segment 3.

• Cat-C:1/2 therefore becomes the non-Designated Port for Segment 3.

Cat-B

Cat-C

Cost=19

1/1 1/1

1/2 1/2

Root Port

Segment 3

Designated Port

32,768.BB-BB-BB-BB-BB-BB

32,768.CC-CC-CC-CC-CC-CC

Designated Port

Non-Designated Port

Port Cost/Port ID

• If the path cost and bridge IDs are equal (as in the case of parallel links), the

switch goes to the port priority as a tiebreaker.

• Lowest port priority wins (all ports set to 32).

• You can set the priority from 0 – 63.

• If all ports have the same priority, the port with the lowest port number forwards

frames.

Assume path cost and port

priorities are default (32). Port ID

used in this case. Port 0/1 would

forward because it’s the lowest.

0/1 0/2

(16)

www.hanoictt.com

• Recall that switches go through three steps for their initial convergence:

STP Convergence

Step 1 Elect one Root Bridge

Step 2 Elect Root Ports

Step 3 Elect Designated Ports

• Also, all STP decisions are based on a the following predetermined

sequence:

Four

Four-

-Step decision Sequence

Step decision Sequence

Step 1 - Lowest BID

Step 2 - Lowest Path Cost to Root Bridge

Step 3 - Lowest Sender BID

Step 4 - Lowest Port ID

STP Convergence

Recap

Example:

• A network that contains 15 switches and 146 segments (every switchport is a

unique segment) would result in:

– 1 Root Bridge

– 14 Root Ports

– 146 Designated Ports

STP Convergence

Recap

(17)

www.hanoictt.com

Spanning-Tree Port States

Blocked

:

• All ports

start in blocked mode

in order to prevent the bridge from creating a bridging

loop.

• Port are listening (receiving) BPDUs. Does not transmit BPDUs

• No user frame data is being sent/received.

• The port

stays in a blocked state

if Spanning Tree determines that

there is a better path

to the root bridge

.

• May take a port up to

20 seconds

to transition out of this state (

max age

). - coming soon.

• Receives and responds to network management messages but does not transmit them

(18)

www.hanoictt.com

Spanning-Tree Port States

Listen

:

• The port transitions from the blocked state to the listen state

• Attempts to learn whether there are any other paths to the root bridge

• Listens to frames (

sending and receiving BPDUs

)

• Port is not sending or receive user data

• Listens for a period of time called the

forward delay (default 15 seconds).

• Ports that lose the Designated Port election become non-Designated Ports and drop

back to Blocking state.

• Receives and responds to network management messages

Spanning-Tree Port States

Non-Designated Ports

(19)

www.hanoictt.com

Learn

:

• The learn state is very similar to the listen state, except that the port can add

information it has learned to its address table.

• Gathering information, such as the source VLANs of data frames. The Learning

state reduces the amount of flooding required when data forwarding begins.

• Adds addresses to MAC Address Table

• Still not allowed to send or receive user data

• Learns for a period of time called the

forward delay (default 15 seconds)

• Receives and responds to network management messages

Spanning-Tree Port States

Forward

:

• The port can

send and receive user data

.

• Adds addresses to MAC Address Table

• Receives and responds to network management messages

• A port is placed in the forwarding state if:

– There are no redundant links

or

(20)

www.hanoictt.com

Spanning-Tree Port States

• Disabled

: The port is shutdown.

Results of BPDU exchange

• A root port for each switch and a designated port for each segment is selected.

– These ports provide the best path from the switch to the root switch (usually

the lowest-cost path).

– These ports are put in the forwarding mode.

• Ports that will not be forwarding are placed in the blocked state.

– These ports will continue to

receive

BPDU information but will not be

allowed to

send or receive

data.

If a bridge thinks it is the Root Bridge immediately after

booting or in the absence of BPDUs for a certain period of

time, the port transitions into the Listening state to determine

the active topology

(21)

www.hanoictt.com

H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N Disabled or

Down Blocking Learning

Listening Forwarding 1 2 2 2 2 3 4 4 4 5 5 6 7

Standard States Cisco Specific States

(1) Port enabled or initialized (6) PortFast (2) Port disabled or failed (7) Uplink Fast (3) Port selected as Root or Designated Port

(4) Port ceases to be a Root or Designated Port (5) Forwarding timer expires

(22)

www.hanoictt.com

STP Timers

Forward Delay Timer

• The default value of the forward delay (15 seconds) was originally

derived assuming a maximum network size of

7 bridge hops

, a

maximum of

three lost BPDUs

, and a

hello-time

interval of

2 seconds

.

• The Forward Delay timer also controls the

bridge table age-out period

after a change in the active topology.

• Forward delay is used to determine the length of:

– Listening state

(23)

www.hanoictt.com

Max Age Timer

• Max Age is the time that a bridge stores a BPDU before discarding it.

• Each port saves a copy of the best BPDU it has seen.

• If the device sending this best BPDU fails, it may take 20 seconds a

switch transits the connected port to Listening.

STP Timers

Modifying Timers

• Do not change the default timer values without careful consideration.

• Modify the STP timers only from the root bridge

• The BPDUs contain three fields where the timer values can be passed

from the root bridge to all other bridges in the network.

(24)

www.hanoictt.com

STP Timer Example

• It can take 30-50 seconds for a switch to adjust to a

change in topology depends on the failure is on direct

or indirect link.

Example

(25)

www.hanoictt.com

Hub

• Cat-B:1/2 fails. Cat-C has no immediate notification because it’s still receiving a link

from the hub. Cat-C notices it is not receiving BPDUs from Cat-B. 20 seconds (max

age) after the failure, Cat-C ages out the BPDU that lists Cat-B as having the DP for

segment 3. This causes Cat-C:1/2 to transition into the Listening state in an effort to

become the DP.

X Fails

Not seeing BPDU from Cat-B

Ages out BPDU and goes into Listening mode

Hub

• Because Cat-C:1/2 now offers the most attractive access from the Root

Bridge to this link, it eventually transitions all the way into Forwarding

mode. In practice this will take 50 seconds (20 max age + 15 Listening +

15 Learning) for Cat-C:1/2 to take over after the failure of Cat-B:1/2.

X Fails

Listening Mode

Forwarding Mode

Indirect

link failure

50s to take

(26)

www.hanoictt.com

Hub

• Because Cat-C:1/1 fails, Cat-C immediately knows, no need to wait 20 seconds

for the old information to age out

• Port-1/2 on Cat-C immediately goes into Listening mode in an attempt to

become the new Root Port (STP convergence time = 15 Listening + 15

Learning)

X Fails

Listening Mode

Forwarding Mode

Direct link

failure

30s to take

BPDU format

• IEEE 802.1D Spanning-Tree Protocol BPDU frame

• Cisco Spanning-Tree Protocol BPDU frame

• The Frame Control field is always 01.

• The Destination field indicates the destination address as specified in the

Bridge Group Address

table. For IEEE Spanning-Tree Protocol BPDU frames, the address is 0x800143000000.

• The Source Address field indicates the base

MAC address used by the switch

. For Cisco

Spanning-Tree Protocol BPDU frames, the

multicast bit is set

to indicate the presence of a

Routing Information Field (

RIF

) in the header.

(27)

www.hanoictt.com

Message Type (1 byte)

Flags (1 byte)

Root ID (8 bytes)

Cost to Root (4 bytes)

Bridge ID (8 bytes)

Port ID (2 bytes)

Message Age (2 bytes)

Maximum Age (2 bytes)

Hello Time (2 bytes)

Forward Delay (2 bytes)

• Message Type (1 byte): Determines whether

this is a Configuration BPDU or TCN BPDU

• Flags (1 byte): Used with topology changes.

Used with TCN BPDUs (see later)

• Root BID (8 bytes): Indicates current Root

Bridge on the network, includes:

• Bridge Priority (2 bytes)

• Bridge MAC Address (6 bytes)

• Known as the Bridge Identifier of the

Root Bridge

Spanning Tree BPDU

Protocol Identifier (2 bytes)

Version (1 byte)

Message Type (1 byte)

Flags (1 byte)

Root ID (8 bytes)

Cost to Root (4 bytes)

Bridge ID (8 bytes)

Port ID (2 bytes)

Message Age (2 bytes)

Maximum Age (2 bytes)

Hello Time (2 bytes)

Forward Delay (2 bytes)

• Root Path Cost (Cost to Root) (4 bytes):

Cumulative cost of the path from the bridge

sending the BDPU to the Root Bridge

indicated in the Root ID field. Cost is based

on bandwidth.

• (Sender’s) Bridge ID (8 bytes): Bridge ID

sending the BDPU

– 2 bytes: Bridge Priority

– 6 bytes: MAC Address

• Port ID (2 bytes): Port on bridge sending

BDPU, including Port Priority value.

(28)

www.hanoictt.com

Spanning Tree BPDU

Protocol Identifier (2 bytes)

Version (1 byte)

Message Type (1 byte)

Flags (1 byte)

Root ID (8 bytes)

Cost to Root (4 bytes)

Bridge ID (8 bytes)

Port ID (2 bytes)

Message Age (2 bytes)

Maximum Age (2 bytes)

Hello Time (2 bytes)

Forward Delay (2 bytes)

• Message Age (2 bytes): The Message Age

field indicates the amount of time that has

elapsed since the root sent the configuration

message on which the current configuration

message is based. Age of BDPU, encoded in

256ths of a second.

• Maximum Age (2 bytes): When BDPU

should be discarded (default 20 sec)

• Hello Time (2 bytes): How often BDPU’s are

to be sent (default 2 sec)

• Forward Delay (2 bytes): How long bridge

should remain in listening and learning states

(default 15 sec)

Spanning Tree BPDU

Protocol Identifier (2 bytes)

Version (1 byte)

Message Type (1 byte)

Flags (1 byte)

Root ID (8 bytes)

Cost to Root (4 bytes)

Bridge ID (8 bytes)

Port ID (2 bytes)

Message Age (2 bytes)

Maximum Age (2 bytes)

Hello Time (2 bytes)

The Flags field includes one of the following:

A Topology change (TC) bit, which signals a

topology change, and signifies this BPDU

as a Topology Change Notification (TCN)

BPDU. Without this bit set, the BPDUs are

Configuration BPDUs.

(29)

www.hanoictt.com

reached

are still listed in the MAC address table.

• Because these addresses are in the table, the switch will attempt to forward

frames to devices it cannot reach.

STP Topology Changes

• The STP change process requires the switch to clear the table faster in order to get rid

of unreachable physical addresses.

• If a switch detects a change, it can send a Topology Change Notification (TCN) BPDU

out its root port.

– The topology change BPDU is forwarded to the root switch, and from there, is

propagated throughout the network.

• TCN does not start a STP recalculation

.

• TCN causes:

TCA

,

TC

, Root Bridge sets TC in CBPDU for a

period of time

=

Forward Delay + Max Age

• A bridge receiving a TC message from the Root Bridge will use the Forward Delay

timer (

15 seconds

) to

age out entries

in the address table (until no more TC

received). This allows the device to age out entries faster than the normal

5-minute default so that stations no longer available are aged out faster.

(30)

www.hanoictt.com

Understanding Spanning-Tree Protocol Topology Changes

http://www.cisco.com/warp/public/473/17.html

• Remember that a TCN does not start a STP recalculation. This fear comes from the fact

that TCNs are often associated with unstable STP environments;

TCNs are a

consequence of this, not a cause

. The

TCN

only has an

impact on the aging time

; it will

not change the topology nor create a loop.

• The number or the

rate of topology changes is not an issue

in itself. The problem is to

know what the topology change means. A healthy network can experience a high rate of

topology change. Nevertheless, ideally, a topology change would be related to a

significant event in the network like a server going up or down or a link transitioning. This

can be achieved by enabling portfast on ports that are going up and down as part of

their normal operation.

Hub

• Host-D is communicating with Host-E, via Cat-B, while Cat-B:1/2 fails. As discussed earlier, Cat-C:1/2 takes over as the DP in 50 seconds. However, without TCN BPDUs, the data traffic continues to be be sent to Cat-B for another 4 minutes and 10 seconds. Why? Prior to the failure notice the MAC Address

X Fails

Listening Mode

Forwarding Mode

Host D DD-DD Host E EE-EE

Hub

DD-DD 1/1 EE-EE 1/2 DD-DD 1/1 EE-EE 1/1 DD-DD 1/1 EE-EE 1/1

(31)

www.hanoictt.com

Hub

• One option is to wait for the normal timeout of this entry in the MAC Address Table, which is 300 seconds (5 minutes). (This is where we got the 4 minutes and 10 seconds, plus 50 seconds for the STP timers.) A better solution is for switches to send out TCN BPDUs when there is a change in the forwarding state of a port, so switches age out their MAC Address Tables from 300 seconds to 15 seconds (Forward Delay). Doesn’t flush MAC Address Table, just accelerates the aging process. Devices that continue to speak for that 15 seconds will remain in the table. All other frames are flooded until the switch learns otherwise.

X Fails

Listening Mode

Forwarding Mode

Host E EE-EE DD-DD 1/1 EE-EE 1/2 DD-DD 1/1 EE-EE 1/1 EE-EE 1/1

TCN BPDU

DD-DD 1/1 EE-EE 1/2 EE-EE 1/2

Config BPDU (TC)

DD-DD 1/1 EE-EE 1/1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N

A Bridge originates a TCN BPDU in two conditions:

1. It transitions a port into Forwarding state and it has at lease one Designated

Port or Root Port.

2. It transitions a port from either Forwarding or Learning states to the Blocking

state.

• On bridges with Designated Ports accept and process TCN BPDUs.

• The Root Bridge will send out Configuration BPDUs

(32)

www.hanoictt.com

TCN BPDU

• Much simpler than a Configuration BPDU.

• Only three fields, Protocol ID, Version, and Type (TCN).

Type (TCN)

STP Enhancements

• Enhancements of the IEEE 802.1D specification have been developed in an

attempt to speed up STP alternate path selection because in L3 environment

protocols such as OSPF and EIGRP are able to provide an alternate path in less

time.

• It would be advantageous to decrease STP convergence time and reduce the

length of the disruption (while convergence)

– PortFast

– UplinkFast

– BackboneFast

(33)

www.hanoictt.com

Access

layer

seconds after the cable is plugged in)

• If a loop is detected and PortFast is enabled, the port is transitioned to the Blocking state. PortFast begins only when the port first initializes. If the port is forced into the Blocking state for some reason and later needs to return to the Forwarding state, the usual Listening and Learning processes are performed

• The PortFast feature gives immediate end-station access and the safety net of STP (STP is needed for redundancy) H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N

STP Enhancements: UplinkFast

• UplinkFast is a Catalyst feature that accelerates the choice of a new Root Portwhen a link or switch fails or when STP reconfigures itself

• The Root Port transitions to the Forwarding state immediately without going through the Listening and Learning states,

• UplinkFast also limits the burst of multicast traffic by reducing the max-update-rate. For IOS the default for this parameter is 150 packets per second.

• It easy for the local switch to update its bridging table of MAC addresses to point to the new uplink. However, UplinkFast also provides a mechanism for the local switchto notifyother upstream switches that stations downstream (or on toward the access layer) can be reached over the newly activated uplink.

• This action is accomplished by sending dummy multicast frames todestination 0100.0ccd.cdcdfrom source addresses of the stations in the Content-Addressable Memory (CAM) table. These multicast frames are sent out at a rate specified by the max-update-rate parameter in packets per second. The default is 150 packets per second (pps), but the rate can range from 0 to 65,535 pps. If the value is 0, no dummy multicasts are sent.

(34)

www.hanoictt.com

STP Enhancements: UplinkFast

• Switches receiving these dummy multicast frames immediately update their bridge table entries for each source MAC address to use the new port, allowing the switches to begin using the new path almost immediately.

• In the event that connectivity on the original Root Port is restored, the switch waitsfor a period equal to twice the Forward Delay time plus 5seconds before transitioning the port to the Forwarding state in order to allow the neighbor port time to transition through the Listening and Learning states to the Forwarding state.

Use in

Access

layer not

backbone

This change takes

approximately 1

to 5 seconds.

(block to forward

state)

STP Enhancements: BackboneFast

• BackboneFast is a Catalyst feature that is initiated when a Root Port or blocked porton a switch receives inferior BPDUsfrom its Designated Bridge. An inferior BPDU identifies one switch as both the Root Bridge and the Designated Bridge. When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed. That is, the Designated Bridge has lost its connection to the Root Bridge. Under STP rules, the switch ignores inferior BPDUs for the configured Max Age(the default is 20s).

• The role of BackboneFastis essentially to shorten this 20-seconddelay by:

– Actively identify alternative path to root bridge by use protocol Root Link Query – RLQ is a kind of ping for the root on a non-designated port and allowed to quickly

confirm if the BPDU stored on a port is still valid or needs to be discarded.

– Age out (shorten Max Age timer) on port receiving inferior BPDU (adapt to new topology) or recalculate STP

(35)

www.hanoictt.com

• BackboneFast purpose is short-circuiting the Max Age Timer when needed. Although

this function shortens the time a switch waits to detect a Root Path failure, ports

still

must go through full-length Forward Delay Timer intervals during the Listening and

Learning states

• While PortFast and UplinkFast enable immediate transitions,

BackboneFast

can only

reduce the maximum convergence delay

from 50 to 30

seconds.

• When used, BackboneFast (Cisco proprietary) should be enabled on all switches in

the network because BackboneFast requires the use of the RLQ Request and Reply

mechanism to inform switches of Root Path stability.

• The RLQ protocol is active only when BackboneFast is enabled on a switch. By

default,BackboneFast is disabled.

(36)

www.hanoictt.com

802.1w Rapid Spanning-Tree Protocol

• Rapid Spanning-Tree Protocol (RSTP; IEEE 802.1w) can be seen as an

evolution of the 802.1D

• RSTP performs better than Cisco's proprietary extensions without any

additional configuration

• 802.1w is also capable of reverting back to 802.1D in order to

interoperate with legacy bridges on a per-port basis

(37)

www.hanoictt.com

• There is now a real feedback mechanism that takes place between

RSTP-compliant bridges

• New concepts:

– Edge ports (Cisco PortFast feature)

– Link type

Edge

port

directly transition to forwarding becomes a normal spanning treeport Connec t to end station Connec_{t to sw} itch

Link

type

directly transition to forwarding Shared link, work as normal Point to point Connec_{t to HU} B

Link type identify automatically:

Full duplex => P-t-P

Half duplex => shared link

Today, most links are operating in full-duplex

mode makes them candidates for rapid transition

to forwarding.

(38)

www.hanoictt.com

RSTP port roles

Blocking port Port blocked by receiving more useful BPDUs from another bridge Port blocked by receiving more useful BPDUs from the same bridge it is on

uplink fast usage (Cisco)

REALLY alternate path to the root bridge

RSTP port roles

• The spanning-tree algorithm (STA) determines the role of a port based on Bridge Protocol Data Units (BPDUs)

• RSTP calculates the final topology for the spanning tree using exactly the same criteria as 802.1D.

• The name blocking is used for the discarding state in Cisco implementation.

Port role

is determined by RTSP but its

current state

may

different

.

E.g. a port to be

designated

role but its current state is

blocking

.

(This will typically happen for very short periods of time, it simply

means that this port is in a transitory state towards designated

forwarding)

(39)

www.hanoictt.com

Message Type (1 byte)

Flags (1 byte)

Root ID (8 bytes)

Cost to Root (4 bytes)

Bridge ID (8 bytes)

Port ID (2 bytes)

Message Age (2 bytes)

Maximum Age (2 bytes)

Hello Time (2 bytes)

Forward Delay (2 bytes)

The implication of this is that

legacy bridges

must

drop

this

new BPDU

. This property

makes it

easy for an 802.1w bridge to detect

legacy bridges

connected to it.

www.hanoictt.com

A few changes have been introduced by RSTP to the BPDU format. Only two flags,

Topology Change (TC) and TC Acknowledgment (TCA), were defined in 802.1d, however

RSTP now uses all six remaining bits of the flag byte

RSTP BPDU Format

Port + status

Spanning Tree BPDU

Protocol Identifier (2 bytes) Version (1 byte) Message Type (1 byte)

Flags (1 byte) Root ID (8 bytes) Cost to Root (4 bytes)

Bridge ID (8 bytes) Port ID (2 bytes) Message Age (2 bytes) Maximum Age (2 bytes)

Hello Time (2 bytes) Forward Delay (2 bytes)

(40)

www.hanoictt.com

A few changes have been introduced by RSTP to the BPDU format. Only two flags,

Topology Change (TC) and TC Acknowledgment (TCA), were defined in 802.1d, however

RSTP now uses all six remaining bits of the flag byte

RSTP BPDU Format

RSTP uses an interactive process so that two

neighboring switches can negotiate state

changes. Some BPDU bits are used to flag messages

during this negotiation.

Synchronization

• RSTP handles the complete STP convergence of the network as a propagation of handshakes over point-to-point links. When a switch needs to make an STP decision, a handshake is made with the nearest neighbor. After that is successful, the handshake sequence is moved to the next switch and the next, as an ever-expanding wave moving toward the network’s edges.

• During each handshake sequence, a switch must take measures to be completely sure it will not introduce a bridging loop before moving the handshake out. This is done through a synchronization process.

•A port is in-sync if it meets either of the following criteria:

•It is in a Blocking state (which means discarding, in a stable

(41)

www.hanoictt.com

Nonedge portsbegin in the Discardingstate. After BPDUs are exchanged between the switch and its neighbor, the Root Bridge can be identified. If a port receives a superior BPDU from a neighbor, that port becomes the Root Port. • For each nonedge port, the switch

exchanges a proposal-agreement handshake to decide the state of each end of the link. Each switch assumes that its port should become the Designated Port for the segment, and a proposal message (a Configuration BPDU) is sent to the neighbor suggesting this.

If a designated discarding port does not receive an

agreement after having sent a proposal, it slowly

transitions to the x1, falling back to the traditional

802.1D Listening-Learning sequence (remote bridge

does not understand RSTP BPDUs, or if the remote

bridge port is blocking)

(42)

www.hanoictt.com

A bridge now

sends a BPDU

with its current information

every <hello-time> seconds

(2 by

default), even if it does not receive any from the root bridge (not simply relayed anymore).

BPDUs

are now used as a

keep-alive mechanism

between bridges. A bridge considers

that it has

lost connectivity

to its direct neighboring root or designated bridge if it

misses

three BPDUs

in a row. ==>

quick failure detection, detected even much faster in case

of physical link failures

New BPDU handling: not relay BPDU, faster

aging of information

New BPDU handling: accepting inferior BPDUs

• The IEEE 802.1w committee decided to incorporate a backbone fast mechanism into RSTP. When a bridge receives inferior information from its designated or Root Bridge, it immediately accepts it and replaces the one previously stored.

• E.g. Bridge C still knows the root is alive and well and immediately sends a BPDU to Bridge B containing information about the root bridge. As a result, Bridge B stops sending its own BPDUs and accepts the port leading to Bridge C as its new root port.

(43)

www.hanoictt.com

• Only

non-edge

ports moving to the Forwarding statecause a topology change. This means that a loss of connectivity is not considered as a topology change any more, contrarily to 802.1D (that is, a port moving to blocking does no longer generates a TC)

• When a RSTP bridge detects a topology change, the following happens:

– It starts the TC While timer with a value equal to twice the hello time for all its non-edge designated ports and its root port if necessary.

– It flushes the MAC addresses associated with all these ports.

• Note:

As long as the TC While timer is running on a port, the BPDUs sent out of that port have the TC bit set. BPDUs are also sent on the root port while the timer is active.

RSTP topology change

• Topology Change Propagation - when a bridge receives a BPDU with the TC bit

set from a neighbor, the following happens:

– It clears the MAC addresses learnt on all its ports except the one that

received the topology change.

– It starts the TC While timer and sends BPDUs with TC set on all its

designated ports and root port (RSTP no longer uses the specific TCN

BPDU, unless a legacy bridge needs to be notified).

(44)

www.hanoictt.com

RSTP topology change

• The TC propagation is now a one step process.

• In fact, the initiator of the topology change is flooding this information throughout the network (as opposed to 802.1D where only the root could do so).

This mechanism is

much

faster

than the 802.1D

equivalent. There is no need

to wait for the root bridge to

be notified and then maintain

the topology change state for

the whole network for <max

age plus forward delay>

seconds.

In

just a few seconds

(a small

multiple of hello times), most

of the entries in the CAM

tables of the entire network

(VLAN) are flushed. This

approach results in potentially

more temporary flooding, but

on the other hand, it clears

potential stale information

that prevents rapid

connectivity restitution.

Fallback of RSTP

• Because RSTP distinguishes its BPDUs from 802.1D BPDUs, it can

coexist

with

switches still using

802.1 D. Each

port

attempts to

operate

according to the STP BPDU

that is received

.

• For example, when an 802.1D BPDU (version 0) is received on a port, that port begins

to operate according to the 802.1D rules. However, each port has a measure that locks

the protocol in use for the duration of the migration delay timer. This keeps the protocol

type from flapping or toggling during a protocol migration. After the timer expires, the

port is free to change protocols if needed.

RSTP detects a neighbor failure in

three Hello intervals (default

6 seconds

), vs. the Max Age Timer

interval (default

20 seconds

) for

(45)

www.hanoictt.com

defines a single instance of Spanning Tree for all VLANs. CST BPDUs are

transmitted over the native VLAN (VLAN 1) as untagged frames Î

no capability

for load balancing

.

• Per-VLAN spanning tree (PVST) is a

Cisco-proprietary

implementation

requiring ISL

trunk encapsulation

. PVST runs a separate instance of STP for each VLAN.

Load

balancing is possible

over redundant links when the

links are assigned to different

VLANs.

PVST pros and cons

• Reduces the overall size of the spanning tree topology

• Improves scalability and decreases convergence time

• Provides faster recovery and better reliability

• Utilization of switches (such as CPU load) to support spanning tree maintenance for multiple VLANs • Utilization of bandwidth on trunk links

to support BPDUs for each VLAN

• PVST+is a Cisco-proprietary STP mode that allows CST and PVST to exist on the same network.

In networks where PVST and CST coexist,

interoperability problems

occur.

Each requires a different trunking method,

so

BPDUs will never be exchanged

(46)

www.hanoictt.com

PVST+

• PVST+ provides support for 802.1Q trunksand the mapping of multiple spanning trees to the single spanning tree of non-Cisco 802.1Q switches.

• PVST+ is automatically enabled on Catalyst 802.1Q trunks. It runs one instance of STP per VLAN when Catalyst switches are connected by 802.1Q trunks.

• PVST+ is the default Spanning-Tree Protocol used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs on Catalyst 4000 and 6000 family switches.

Mono spanning tree (MST) is the

spanning tree implementation used

by non-Cisco 802.1Q switches.

One instance of STP is responsible

for all VLAN traffic

One to o ne ST P O ne_T SP (M ST ) to on e S TP of_P V ST + (C ST₎ H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N

MISTP Mode, the need of Multiple Spanning Tree

• Multiple Spanning Tree (MST) is a new IEEE standard inspired from the Cisco proprietary Multiple Instances Spanning Tree Protocol (MISTP) implementation

PVST+ Case, 1000 STP instancesfor only two different final logical topologies

802.1q Case, 1 STP instances

No load balancingis possible

MST Case, 2 STP instances AND load balancing

(47)

www.hanoictt.com

Root Switch propagates the information associated with that instance of MISTP to all other switches in the network.

• There is only one BPDUfor each MISTP instance, so there is less over-headin the network, a VLAN can be mapped to only a single MISTPinstance.

• MISTP discards any PVST+ BPDUsit sees.

• MISTP-PVST+is (Catalyst 4000 and 6000) needed to allow interoperability between PVST+ and MISTP

MST (

802.1s

), Multiple Spanning Tree not

Mono Spanning Tree

• MST is specified in IEEE 802.1s, an amendment to IEEE 802.1Q. MST extends the IEEE 802.1w rapid spanning tree (RST)

• Cisco implementation of MST is backward compatible with 802.1D STP, 802.1w (RSTP), and the Cisco PVST+ architecture.

• 802.1w provides the structure on which the 802.1s feature operates – VLANscan be grouped and associateto spanning tree instances – enables load balancing

– easier to administer and utilize redundant paths – Consistent VLAN instance assignmentson switches – set ofbridgeswith the same MST configurationinformation

– Interconnected bridgesthat have the same MST configurationare called MST regions

(48)

www.hanoictt.com

Load balancing

• Using load sharing, traffic can be divided between the links according

to which VLAN the traffic belongs.

• Load sharing can be configured on trunk ports by using STP

port

priorities

or STP

path costs

.

• For load sharing using STP

port priorities

, both load-sharing links

must be connected to the

same switch

. For load sharing using

STP

path costs

, each load-sharing link can be connected to the

same

switch

or to two

different switches.

Load Sharing Using STP Port Priorities

• Switch_1# configure terminal • Switch_1(config-if)# interface fa0/1

• Switch_1(config-if)# spanning-tree vlan 8 9 10 port-priority 10 • Switch_1(config-if)# end

• Switch_1(config)# interface fa0/2

• Switch_1(config-if)# spanning-tree vlan 3 4 5 6 port-priority 10 • Switch_1# show running-config

• interface FastEthernet0/1 • switchport mode trunk • spanning-tree vlan 8 priority 10 • spanning-tree vlan 9 priority 10 • spanning-tree vlan 10 priority 10 • !

• interface FastEthernet0/2 • switchport mode trunk • spanning-tree vlan 3 priority 10

(49)

www.hanoictt.com

• Switch_1(config-if)# end •

• Switch_1# configure terminal • Switch_1(config)# interface fa0/2

• Switch_1(config-if)# spanning-tree vlan 8 9 10 cost 30

• Switch_1# show running-config • interface FastEthernet0/1 • switchport mode trunk • spanning-tree vlan 2 cost 30 • spanning-tree vlan 3 cost 30 • spanning-tree vlan 4 cost 30 • !

• interface FastEthernet0/2 • spanning-tree vlan 8 cost 30 • spanning-tree vlan 9 cost 30 • spanning-tree vlan 10 cost 30 • !

Switch port tuning using BPDU guard

• The BPDU guard feature was developed to further protect the integrity of switch ports that have PortFast enabled. If any BPDU (whether superior to the current Root or not) is received on a port where BPDU guard is enabled, that port is immediately put into the errdisable state. The port is shutdown in an error condition and must either be manually re-enabled or automatically recovered through the errdisable timeout function.

1

2

Expected root

New root unexpected Switch# configure terminal

Switch(config)# spanning-tree portfast bpduguard Switch(config)# end

Switch# show spanning-tree summary totals Root bridge for: none.

PortFast BPDU Guard is enabled

Etherchannel misconfiguration guard is enabled UplinkFast is disabled

BackboneFast is disabled

Default pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active --- --- --- ---34 VLANs 0 0 0 36 36

(50)

www.hanoictt.com

Switch port tuning using root guard

• Root guard is configured on a per-port basis, and does not allow the port to become a STP root port. This means that the port is always STP-designated, and if there is a better BPDU received on this port, BPDU guard disables the port, rather than taking the BPDU into account and electing a new STP root. • The port will be put in a special STP state (root-inconsistent), which is effectively the same as the

listening state. No traffic will pass through the port in this state. When the superior BPDUs are no longer received, the port will be unblocked again and will go, via STP, into states of listening, learning, and eventually transition to Forwarding state. Recovery is automatic, no human intervention is required.

• Note:

Even the root bridge priority is zero, there is still no guarantee, as there might be a bridge with

priority zero and a lower bridge ID.

1

2

Expected root

New root unexpected Switch(config-if)# spanning-tree guard root

Enough ?

Practice please !!!

(51)

www.hanoictt.com

Enabling and disabling STP, change root Bridge

•The

root switch

for each spanning-tree

instance should be a

backbone

or

distribution

switch

•diameter adjusts

automatically

an

optimal hello time, forward-delay

time, and maximum-age time. The

hello keyword can be used to override

this value manually

•To return the switch to default setting:

config# no spanning-tree vlan

vlan-id root

•Optional:

•spanning-tree vlan vlan-id

hello-time

•spanning-tree vlan vlan-id

forward-time

•spanning-tree vlan vlan-id max-age

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_12/config/spantree.htm#93252

(52)

www.hanoictt.com

Enabling and disabling STP, change root Bridge

•Directly modify the Bridge Priority:

Switch (config)# spanning-tree vlan vlan-id priority bridge-priority

•Let the switch become the Root by automatically choosing a Bridge Priority value:

Switch(config)# spanning-tree vlan vlan-id root {primary | secondary} [diameter

diameter]

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_12/config/spantree.htm#93252

NOTE The spanning-tree vlan vlan-id root is actually a macro executing other switch commands. The actual commands and values produced by the macro will be shown, however. For example, the macro can potentially adjust the four STP values as follows:

Switch(config)#spanning-tree vlan 1 root primary vlan 1 bridge priority set to 24576

vlan 1 bridge max aging time unchanged at 20 vlan 1 bridge hello time unchanged at 2 vlan 1 bridge forward delay unchanged at 15

Be aware that this macro doesn’t guaranteethat the switch will become the Root and maintain that status.

Better

Setting the priority for ports and VLANs

EL SL

•To return the interface to its default

setting, use the no spanning-tree [vlan

vlan-id] port-priority interface

configuration command.

(53)

www.hanoictt.com

setting, use the no spanning-tree [vlan

vlan-id] cost interface configuration

command.

EL SL H A N O I C T T N E T W O R K I N G A C A D E M Y C C N A S e m e s t e r 1 H A N O I C T T N E T W O R K I N G A C A D E M Y C C N P S e m e s t e r 3 - B C M S N