Friday, 6 January 2017

SPANNING TREE PROTOCOL


SPANNING TREE PROTOCOL
Switching Loops:
A Layer-2 switch belongs to only one broadcast domain, and will forwardboth broadcasts and multicasts out every port but the originating port.When a switching loop is introduced into the network, a destructivebroadcast storm will develop within seconds. A storm occurs whenbroadcasts are endlessly forwarded through the loop. Eventually, the stormwill choke off all other network traffic.Consider the following example:
Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP) was developed to prevent the broadcaststorms caused by switching loops. STP was originally defined in IEEE802.1D.Switches running STP will build a map or topology of the entire switchingnetwork. STP will identify if there are any loops, and then disable or blockas many ports as necessary to eliminate all loops in the topology.A blocked port can be reactivated if another port goes down. This allowsSTP to maintain redundancy and fault-tolerance.STP switches exchange Bridge Protocol Data Units (BPDU’s) to build thetopology database. BPDU’s are forwarded out all ports every two seconds,to a dedicated MAC multicast address of 0180.c200.0000.
Building the STP topology is a multistep convergence process:
• A Root Bridge is elected
Root ports are identified
Designated ports are identified
• Ports are placed in a blocking state as required, to eliminate loops.
The Root Bridge serves as the central reference point for the STP topology.STP was originally developed when Layer-2 bridges were still prevalent,and thus the term Root Bridge is still used for nostalgic reasons. It is alsoacceptable to use the term Root Switch, though this is less common.Once the full topology is determined, and loops are eliminated, the switchesare considered converged.STP is enabled by default on all Cisco switches, for all VLANs.
Electing an STP Root Bridge:
The first step in the STP convergence process is electing a Root Bridge,
which is the central reference point for the STP topology. As a best practice,the Root Bridge should be the most centralized switch in the STP topology.A Root Bridge is elected based on its Bridge ID, comprised of twocomponents in the original 802.1D standard:
• 16-bit Bridge priority
• 48-bit MAC address
The default priority is 32,768, and the lowest priority wins. If there is a tiein priority, the lowest MAC address is used as the tie-breaker.
Identifying Root Ports:
The second step in the STP convergence process is to identify root ports.The root port of each switch has the lowest root path cost to get to the Root Bridge.Each switch can only have one root port. The Root Bridge cannot have aroot port, as the purpose of a root port is to point to the Root Bridge.Path cost is a cumulative cost to the Root Bridge, based on the bandwidth ofthe links. The higher the bandwidth, the lower the path cost:
Bandwidth           Cost
4 Mbps                 250
10 Mbps               100
16 Mbps               62
45 Mbps               39
100 Mbps             19
155 Mbps             14
1 Gbps                 4
10 Gbps               2
Identifying Designated Ports:
The third step in the STP convergence process is to identify designated
ports. A single designated port is identified for each network segment. Thisport is responsible for forwarding BPDUs and frames to that segment.If two ports are eligible to become the designated port, then there is a loop.One of the ports will be placed in a blocking state to eliminate the loop.Similar to a root port, the designated port is determined by the lowestcumulative path cost leading the Root Bridge. A designated port will neverbe placed in a blocking state, unless there is a change to the switchingtopology and a more preferred designated port is elected.
Note: A port can never be both a designated port and a root port.
Ports on the Root Bridge are never placed in a blocking state. Thus, the twoports off of SwitchA will automatically become designated ports.Remember, very network segment must have one designated port,regardless if a root port already exists on that segment.

Port ID:
When electing root and designated ports, it is possible to have a tie in bothpath cost and Bridge ID.Port ID is used as the final tiebreaker, and consists of two components:
 4-bit port priority
 12-bit port number, derived from the physical port number
By default, the port priority of an interface is 128, and a lower priority ispreferred. If there is a tie in priority, the lowest port number is preferred.The port number is a fixed value, but port priority can be changed on a perinterfacebasis:
Switch(config)# int gi2/11
Switch(config-if)# spanning-tree vlan 101 port-priority 32
Versions of STP:
There are three flavors of the original 802.1D version of STP:
Common Spanning Tree (CST)
Per-VLAN Spanning Tree (PVST)
Per-VLAN Spanning Tree Plus (PVST+)
CST utilizes a single STP instance for all VLANs, and is sometimes referredto as mono spanning tree. All CST BPDU’s are sent over the native VLANon a trunk port, and thus are untagged.PVST employs a separate STP instance for each VLAN, improvingflexibility and performance. PVST requires trunk ports to use ISLencapsulation. PVST and CST are not compatible.The enhanced PVST+ is compatible with both CST and PVST, and supportsboth ISL and 802.1Q encapsulation. PVST+ is the default mode on manyCisco platforms.
STP has continued to evolve over time. Modern extensions of STP will becovered later in this guide:
Rapid Spanning Tree Protocol (RSTP)
Multiple Spanning Tree (MST)
STP Configuration:
STP is enabled by default on all Cisco switches, for all VLANs and ports.PVST+ is the default STP mode on most modern Cisco platforms, allowingeach VLAN to run a separate STP instance.STP can be disabled. This should be done with caution - any switching loopwill result in a broadcast storm.
To disable STP for an entire VLAN:
Switch(config)# no spanning-tree vlan 101
A range of VLANs can be specified:
Switch(config)# no spanning-tree vlan 1 – 4094

STP can also be disabled on a per-port basis, for a specific VLAN:
Switch(config)# interface gi2/23
Switch(config-if)# no spanning-tree vlan 101

The switch with the lowest Bridge ID is elected as the Root Bridge. The
priority can be adjusted from its default of 32,768, to increase the likelihoodthat a switch is elected as the Root Bridge.Priority can be configured on a per-VLAN basis. Remember that the prioritymust be in multiples of 4,096 when extended system IDs are enabled:
SwitchA(config)# spanning-tree vlan 101 priority 8192

A switch can be indirectly forced to become the Root Bridge for a specific
VLAN:
SwitchA(config)# spanning-tree vlan 101 root primary

The root primary parameter automatically lowers the priority to 24,576. Ifanother switch has a priority lower than 24,576, the priority will be lowered to 4,096 less than the current Root Bridge.STP does not technically support a backup Root Bridge. However, the rootsecondary command can increase the likelihood that a specified switch willsucceed as the new Root Bridge in the event of a failure:
SwitchB(config)# spanning-tree vlan 101 root secondary

The root secondary parameter in the above command automatically lowersthe switch’s priority to 28,672.

STP Port States:
As STP converges the switching topology, a switch port will progressthrough a series of states:
Blocking
Listening
Learning
Forwarding

Initially, a switch port will start in a blocking state:
• A blocking port will not forward frames or learn MAC addresses.
• A blocking port will still listen for BPDUs from other switches, tolearn about changes to the switching topology.
A port will then transition from a blocking to a listening state:
• The switch must believe that the port will not be shut down toeliminate a loop. In other words, the port may become a root ordesignated port.
• A listening port will not forward frames or learn MAC addresses.
• A listening port will send and listen for BPDUs, to participate in theelection of the Root Bridge, root ports, and designated ports.
• If a listening port is not elected as a root or a designated Port, it willtransition back to a blocking state.
If a listening port is elected as a root or designated port, it will transition to a
learningstate:
• A port must wait a brief period of time, referred to as the forwarddelay, before transitioning from a listening to learning state.
• A learning port will continue to send and listen for BPDUs.
• A learning port will begin to add MAC addresses to the CAM table.
• However, a learning port cannot forward frames quite yet.Finally, a learning port will transition to a forwarding state:
• A port must wait another forward delay before transitioning from
learning to forwarding.
• A forwarding port is fully functional – it will send and listen forBPDUs, learn MAC addresses, and forward frames.
• Root and designated ports will eventually transition to a forwardingstate.
STP Timers:
Switches running STP exchange BPDUs to build and converge the topology
database. There are three timers that are crucial to the STP process:
Hello timer
Forward delay timer
Max age timer
The hello timer determines how often switches send BPDUs. By default,
BPDUs are sent every 2 seconds.
The forward delay timer determines how long a port must spend in both aLearning and listening state:
• Introducing this delay period ensures that STP will have enough timeto detect and eliminate loops.
• By default, the forward delay is 15 seconds.
• Because a port must transition through two forward delays, the totaldelay time is 30 seconds.
The max age timer indicates how long a switch will retain BPDU information from a neighbour switch, before discarding it:
• Remember that BPDUs are sent every two seconds.By default, the max age timer is 20 seconds.
To manually adjust the three STP timers for a specific VLAN:
Switch(config)# spanning-tree vlan 101 hello-time 10
Switch(config)# spanning-tree vlan 101 forward-time 20
Switch(config)# spanning-tree vlan 101 max-age 40

The timer values are measured in seconds, and the above represents themaximum possible value for each timer.

Improving STP Convergence:
In many environments, a 30 second outage for every topology change isunacceptable. Cisco developed three proprietary features that improve STPconvergence time:
PortFast
UplinkFast
BackboneFast+
PortFast
Powering on or off a workstation will cause TCNs to reach the RootBridge, which will send out configuration BPDUs in response. Because theswitching topology did not technically change, no outage will occur.However, all switches will reduce the CAM aging timer to 15 seconds, thuspurging MAC addresses from the table very quickly. This will increaseframe flooding and reduce the efficiency and performance.Portfast is disabled by default.
To enable PortFast on a switch port:
Switch(config)# int gi1/14
Switch(config-if)# spanning-tree portfast
PortFast can also be globally enabled for all interfaces:
Switch(config)# spanning-tree portfast default
UplinkFast
UplinkFast allows a blocking port to be held in a standby state. If the rootport fails, the blocking port can immediately transition to a forwarding state.Thus, UplinkFast improves convergence time for direct failures in the STPtopology.Uplink Fast is disabled by default, and must be enabled globally for allVLANs on the switch:
Switch(config)# spanning-tree uplinkfast
BackboneFast:
UplinkFast provides faster convergence if a directly-connected port fails. Incontrast, BackboneFast provides improved convergence if there is anindirect failure in the STP topology.BackboneFast is a global command, and should be enabled on every switch:
Switch(config)# spanning-tree backbonefast
Protecting STP:
Cisco implemented three mechanisms to protect the STP topology:
Root Guard
BPDU Guard
BPDU Filtering
All three mechanisms are configured on a per-port basis, and are disabled by
default.
Root Guard:

Root Guard prevents an unauthorized switch from advertising itself as aRoot Bridge. If a BPDU superior to the Root Bridge is received on a portwith Root Guard enabled, the port is placed in a root-inconsistent state.Root Guard is enabled on a per-port basis, and is disabled by default:
Switch(config)# interface gi1/14
Switch(config-if)# spanning-tree guard root

To view all ports that have been placed in a root-inconsistent state:
Switch# show spanning-tree inconsistent ports

BPDU Guard:
BPDU Guard can be used in conjunction withPortFast. Under normal circumstances, a port with PortFast enabled shouldnever receive a BPDU, as it is intended only for hosts.BPDU Guard should be enabled on any port with PortFast enabled. It isdisabled by default, and can be enabled on a per-interface basis:
Switch(config)# interface gi1/14
Switch(config-if)# spanning-tree bpduguard enable
If BPDU Guard is enabled globally, it will only apply to PortFast ports:
Switch(config)# spanning-tree portfast bpduguard default

An interface can be manually recovered from an errdisable state byperforming a shutdown and then no shutdown:
Switch(config)# interface gi1/14
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
BPDUs will still be sent out ports enabled with BPDU Guard.
BPDU Filtering:

BPDU Filtering prevents BPDUs from being sent out a port, and must be
enabled in conjunction with PortFast.If BPDU Filtering is enabled globally, it will only apply to PortFast ports:
Switch (config) # spanning-tree portfast bpdufilter default
To enable BPDU Filtering on a per-interface basis:
Switch (config)#interface gi1/15
Switch (config-if) # spanning-tree bpdufilter enable
Per-VLAN Spanning Tree (PVST) Load Balancing:

PVST and PVST+ employ a separate STP instance for each VLAN. This
Provides superior flexibility over CST, which only supports a single STPinstance for all VLANs.Consider the following example:
However, this is inefficient, as the potential bandwidth of the blocked port isUnavailable for any VLAN. In contrast, PVST supports load balancingVLANs across the switching topologyPVST runs a separate instance for each VLAN, allowing a port to enter ablocking state only for that specific VLAN. This provides both redundancyand more efficient use of available bandwidth.

Rapid Spanning Tree Protocol (RSTP):
In modern networks, a 30 to 50 second convergence delay is unacceptable. Enhancements were made to the original IEEE 802.1D standard to addressthis. The result was 802.1w, or Rapid Spanning Tree Protocol (RSTP).RSTP is similar in many respects to STP:
• BPDUs are forwarded between switches
• A Root Bridge is elected, based on the lowest Bridge ID.
• Root and designated ports are elected and function identically to STP.
RSTP defines four port roles:
Root Port – Port on each switch that has the best path cost to the RootBridge. A switch can only have one root port.
Alternate Port – Backup root port that has a less desirable path cost
Designated Port – Non-root port that represents the best path cost foreach network segment to the Root Bridge.
Backup Port – Backup designated port that has a less desirable pathcost.
802.1D STP supported five port states, while RSTP supports three:
Discarding
Learning
Forwarding

Initially, a switch port starts in a discarding state:
• A discarding port will not forward frames or learn MAC addresses.
• A discarding port will listen for BPDUs.
• Alternate and backup ports will remain in a discarding state.
RSTP does not need a listening state. Instead, if a port is elected as a root or
Designated port, it will transition from discarding to a learning state:
• A learning port will begin to add MAC addresses to the CAM table.
• However, a learning port cannot forward frames quite yet.
Finally, a learning port will transition to a forwarding state:
• A forwarding port is fully functional – it will send and listen forBPDUs, learn MAC addresses, and forward frames.
• Root and designated ports will eventually transition to a forwardingstate.


Multiple Spanning Tree (MST):

Earlier in this guide, three versions of 802.1D STP were described:
CST utilizes a single STP instance for all VLANs.
PVST and PVST+ employ a separate STP instance for each VLAN.
PVST and PVST+ are more efficient, and allow STP to load balanceVLANs across links. This comes at a cost – maintaining a separate STPinstance for each VLAN adds overhead to the CPU and memory on a switch.Multiple Spanning Tree (MST), defined in IEEE 802.1s, allows a groupof VLANs to be mapped to an STP instance.Each MST instance (MSTI) builds its own RSTP topology database,including electing its own Root Bridge. A VLAN can only be assigned to
oneinstance.MST further separates the STP topology into regions. All switches in aregion must be configured with identical MST parameters:
• 32-byte configuration name
• 16-bit revision number
VLAN-to-instance mapping database
If two switches are configured with different MST parameters, they belongto different MST regions.
The Internal Spanning Tree (IST) is responsible for maintaining thetopology for the entire region and all of the MSTIs. Only the IST can sendand receive BPDUs, and encapsulates the MSTI information within a BPDUas an MST record (M-record).The IST is always mapped to instance 0
To enable MST globally on a switch:
Switch(config)# spanning-tree mode mst

Changes to MST parameters must be made from MST configuration mode:
Switch(config)# spanning-tree mst configuration
Switch(config-mst)#

To assign the MST configuration name and revision number:
Switch(config-mst)# name MYMSTNAME
Switch(config-mst)# revision 2

To map VLANs to a specific MST instances:
Switch(config-mst)# instance 2 vlan 1-100
Switch(config-mst)# instance 3 vlan 101-200

To view the changes to the configuration:
Switch(config-mst)# show pending
Thus, to configure a switch as the Root Bridge for MST instance 2:
Switch(config)# spanning-tree mst 2 root primary

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

E-Duke bike launch confirmed