bitmindframes

Bitmindframes Study guides

Spanning Tree Protocol & Layer 2 Redundency.

Layer 2 redundency improves network availability with alternative network paths.
A simple path can be disrupted with little impact.
Redundency is achieved at the distribution & core through additional hardware & alternate paths.
Each Access Layer switch is connected to 2 different Distribution Layer switches.
Each Distribution Layer switch is connected to 2 Core Layer switches.
Spanning Tree Protocol is enabled by default.
Spanning Tree Protocol puts some ports into forwarding & others in blocking.
This prevents Layer 2 switching loops. Spanning Tree Protocol uses a redundant link if the primary fails.

LAYER 2 LOOPS

When multiple paths exist & Spanning Tree Protocol has been disabled a Layer 2 loop can occur. Because Ethernet frames do not have a TTL like IP packets Spanning Tree Protocol is used to prevent these loops.
As a result Layer 2 frames can bounce from switch to switch forever(or until interrupted).
Broadcasts are forwarded out all ports,except incoming.

Duplicate unicast frames
Unicast frames sent onto a looped topology can result in duplicate frames arriving at destination device.
Many upper layer protocols are not designed to recognize or cope with duplicate frames.
This wont cripple the network but it does significantly impact performance on your network.

LOOPS IN CUBICLE
Some users may have a personal hub in their office to connect multi devices.
Since this is often beyond the control of the admin,loops can be created that propogate through the network.

SPANNING TREE ALGORITHM
Spanning Tree Protocol was developed to address the previous issues.
It ensures there is only 1 logical path between destinations.
It does this by intentionally blocking redundant paths.
A blocked port prevents traffic but allows special frames(BDPU) that are used by STP to prevent loops.
The physical paths still exist to provide redundancy,but are disabled to prevent the loops.
If cable or switch fails STP recalculates the paths & unblocks the necessary ports.

STA ALGORITHM
The STA determines which ports are blocked.
The STA elects a single switch as root bridge & uses it as the reference point for all path calculations. In the election process all switches exchange BPDU frames to determine which switch has the lowest Bridge id (BID).
The switch with the lowest BID becomes the root bridge.
Each BPDU contains a BID identifying the source switch.
BID= priority value,MAC,extended ID

The path costs are calculated by adding port cost values along a given path.
STA chooses the path with the lowest path cost.
After STA determines which paths are available, it configures ports into distinct port roles.

ELECTING THE ROOT BRIDGE
Every spanning tree instance has a root bridge.
It serves as a refrence point for all calculations.
All switches in the domain participate in the election.
After a switch reboots it sends out BPDU every 2 secs.
Initially each switch identifies itself as the root bridge.
If the root ID from a received BPDU is lower than the BID on the receiving switch, the receiver updates its root ID.
The switch forwards new BPDU with the lower root ID.
Eventually the switch with the lowest BID ends up being identified as the root bridge for the spanning tree instance.

BEST PATHS TO ROOT BRIDGE
After electing the root the STA starts determining the best paths to root from all destinations
The path info is determined by adding up port costs from each destination to the root.
Port costs are defined by speed.
The values have already been changed to accommodate the newer 10GB Ethernet & may change again in future.
Port cost is configured:
SW1(config-if)#spanning-tree cost #

To verify port cost & path cost:
SW1#show spanning-tree detail
The cost Field = total cost to root

BPDU FIELDS
The 1st 4 fields identify STP,version,type & status.
The next 4 fields identify the root & cost to the root.
The last 4 fields are timer fields that determine how often BPDU are sent & how long the info is retained.

BPDU are sent every 2 secs by default.
Each switch maintains info about BID,Root ID & path costs.
When switches receive a BPDU frame they update the root ID and path cost if required.
After a RID has been updated to identify a new root bridge, all BPDU sent from that switch show the new RID and cost.
As BPDU pass between other switches the cost is continually udated to indicate the total. Each switch in the tree uses its path cost to identify the best possible path to the root bridge.

BRIDGE ID FIELDS
The BID contains 3 separate fields

1.BRIDGE PRIORITY

A value that can be used to influence root election. To ensure a switch root, set priority lower than the rest of the switches. The default priority on cisco switches is 32768 .

Priority range = 1- 65536. 1 is the highest priority

2. EXTENDED SYSTEM ID
Can be ommited in certain configurations.
Early STP was not designed for vlans.
This field contains the VLAN id.
Reduces the # of bits available for priority, so the increments for the priority change from 1 to 4096.

3.MAC ADDRESS
If switches have the same priority & extSID the switch with the lowest MAC has the lowest BID.
With default configs the MAC is then the deciding factor.
This can lead to an unpredictable root bridge.
It’s recommended that the desired switch be given a lower priority.
Also ensures that the addition of switches to your network does not trigger a new election.

CONFIG & VERIFY BID
There are 2 ways to change priority.
SW1(config)#spanning-tree vlan vlan-id root primary
Sets priority to 24576 or the next 4096 increment below the lowest priority detected on network.
For backup use:
SW1(config)#spanning-tree vlan vlanID root secondary

SW1(config)#spanning-tree vlan vlanID priority value
This gives more precise control over the priority in increments of 4096 up to 65536

Verify bridge port:
SW1#Show spanning-tree

PORT ROLES
The location of the root in the topology determines how port roles are calculated.
There are 4 distinct port roles that ports are auto config for during the STP process.

ROOT port
Exists on all non root-port bridges but only 1 per switch

DESIGNATED PORTS
Exist on root & non root switches.
On root bridges all ports are designated ports.
On non root switch a designated port is the port that receives & forwards frames toward the root as needed.
Only 1 designated port allowed per segment.
If multiple switches exist on the same segment an election determines the designated switch & port.
Designated ports are capable of populating mac table.

NON-DESIGNATED PORT
A port that is blocked.
Does not forward data & does not populate mac table.
For some variants of STP this is called an alternate port.

DISABLED PORT
A port that is administratively down.
Does not participate in STP.

The port with the lowest cost to the root is the root port.
All non root bridges have a single root port.
When 2 ports have the same cost to the root the switch uses the port priority then port ID to break the tie.
Port ID is appended to the port priority.

Configure ROOT priority
Configure port priority:

SW(config-if)#spanning-tree port-priority #
Port priority range: 0 - 240 (increments of 16)
DEFAULT = 128

PORT ROLE DECISIONS
After root ports are picked,STP assigned designated & non-designated roles.
The root switch sets all ports to the designated role.
Every LAN segment must have one designated port.
When 2 non-root switches are connected, one port is a DP & one is non-DP.
Generally the switch with the lower BID gets the DP.
However the 1st priority is the lowest path cost to root bridge & only if port costs are equal, is the BID used.

VERIFY PORT ROLES & AUTHORITY
SW#show spanning-tree

After booting each port transitions through 5 states & 3 BPDU timers.
If a port were to immediately start forwarding it could temporarily create a loop.

PORT STATES

DISABLED is also included but does not participate in STP or forward frames.

BPDU TIMERS
The time a port stays in each state depends on BPDU timers.
Timers determine STP performance & state changes.

HELLO TIME
FORWARD DELAY
MAXIMUM AGE

After STP ports transition through their states they stabilize to forward or blocking.
If the topology changes a port temp goes to listening & learning for a period called "forward delay interval".
This allows adequate time for convergence in a network with a switch diameter of 7.
A 7-switch diameter is the largest that STP permits because of convergence times.
It recommened that BPDU timers not be adjusted.
Adjusting the spanning tree diameter on the root to a lower value auto adjusts the timer.

Typically you do not want to adjust the BPDU timers or diameter.
It is possible to adjust both but only diameter should be adjusted & only if ramifications are understood.
To configure network diameter
SW(config)#spanning-tre vlan id root primary diameter #
# = STP diameter

CISCO PORTFAST
Allows access ports to move from blocking to forwarding immediatley bypassing listening & learning.
Used on access ports connected to a single device.
If portfast interface receives a BPDU , STP can put the port into blocking state using BPDU guard.
Portfast supports dhcp. Without portfast a pc can send a dhcp request before the port is forwarding -> no IP.
Use it only to access ports or risk creating a loop.
Configure portfast:
SW(config-if)#spanning-tree portfast
Verify with:
SW#Show run

STP CONVERGENCE
STEP1
ELECTING ROOT BRIDGE

A root election is triggered after a switch boots up, or when a path ailure has been detected.
Initially all ports are blocking for 20 secs.
This prevents loops from occuring before STP has calculated the best paths & config all port roles.
While in blocking ports still send & receive BPDU’s.
STP supports a max diameter of 7 switches end-to-end.
This allows the root election to occur in 14 secs.
BPDU sent every 2 secs based on the hello timer value.
Each switch starts saying its root but as it receives BPDU’s from neighbors it updates the RID.
The switch then includes the new RID in all BPDUs sent out.
The root election ends once the lowest BID = RID of all switches in the broadcast domain.
After the election switches continue to forward BPDU’s.
The max age timer sets out how long to retain configs it stops receiving BPDU’s default =20 secs.
If the timer expires it triggers another root election.

STEP2
ELECT ROOT PORTS
Once the root is determined the stp configures port roles for each port.
The 1st port role to be determined is always root ports. Every switch except root has 1 root port
It is the port with the lowest path cost to the root. Normally path cost alone determines the root port,
However if 2+ ports on a switch have the same path cost to the root, the tie is broken with port priority
The losing port becomes non-designated port to avoid looping. The root port selection happens during the root election. The port role does not wait until a root is selected, so root port may change multiple times during convergence.

STEP3
ELECTING DESIGNATED & NON DESIGNATED PORTS
The remaining ports must be configured as either a designated or non-designated port.
Each segment can only have 1 designated port. When 2 non root ports are connected on the same segment a competition occurs using BPDU’s. A designated port is based on the lowest BID as long as it has the lowest path cost to root. The losing switch configs its ports to be non-designated.
This process happens concurrently with the root bridge election and port designation.
The entire process of electing the root root ports DP’s and non-DP’s happens within 20 sec blocking state.
Based on the 2 sec hello & 7 switch diameter.

STP TOPOLOGY CHANGE NOTIFICATION
When a change is detected the switch notifies the root. The root then broadcasts the info to the whole network. A switch receives config BPDU from the root on its root port. However it never sends BPDU’s toward the root. Instead a topology change notification(TCN) BPDU is used.
To signal a TC a switch sends TCN’s on its root port. A TCN is a simple empty BPDU sent at hello time intervals. The receiving or designated switch ACK’s the TCN by sending back a normal BPDU with the TC ACK bit set. This change continues until the root responds.

These Topology Changes are relayed by every switch & all becomes aware of the Topology Change & reduce their aging time to forward delay. Switches receive TC’s on bth forwarding & blocking ports.
The TC bit is set by the root for a period of max age + forward delay 20+15=35 secs.

EVOLUTION
There are many variants of STP both proprietary & standard

CISCO PROPRIETARY STP

PVST - per vlan STP uses ISL trunking,load balances at L2,Includes backbone fast,uplinkfast & portfast

PVST+ -Supports 802.1q trunking.Includes the portfast enhancements BPDU guard & root guard

RAPID PVST+ -Based on 802.1w standard Includes extensions such as backboneFast & portfast

IEEE STANDARD STP
RSTP -introduced in 1998 as an evolution of 802.1d

MSTP - Enables multiple VLANs on one STP instance reducing resource requirements with many vlans

PVST+
PVST+ can run an stp instance on each vlan.
Supports load sharing but takes more bandwidth since each PVST+ instance sends its own BPDU.
Can tune the STP parameters so half the vlans forward on each trunk.

PVST+ BRIDGE ID
To support PVST+ the BID was modified to carry VLAN ID. Priority field reduced to 4 bits.
A new 12 bit ext-systID field contains the VID. The 6-byte MAC address remains unchanged.

RSTP
Reconverges faster in 100’s of milliseconds. 802.1W is an evolution of the 802.1d standard.
Most parameters have been left unchanged. Supports a new port type: alternate port.
If a port is configured to be an alternate port it can change to forwarding without waiting for network convergence.
Largely adapted from ciscos enhancements to 802.1d but performs better than ciscos versions.
Requires no additonal config.
Uplinkfast & backbonefast are not compatible with RSTP.
802.1w is backwards compatible with 802.1D.
Same BPDU format except version 2.

RSTP BPDU
802.1w uses type2 version2 BPDUs but works with 802.1d.
Sends BPDU & populates th flags slightly different.
Ages out if 3 hellos not received or max age timer expires.
This faster aging allows failures to be detected quickly.

RSTP FLAGS:
Bits 0&7 are TCN & ACK just like 802.1d.
Bits1&6 are for proposal agreement(rapid converence).
Bits 2&5 encode role & state of originating port the BPDU.
Bits 4&5 encode the port role using a 2 bit code.

EDGE ports
An RSTP edge port is a port that is never intended to connect to another switch.
It is immediately transitions to forwarding when enabled.
Corresponds to portfast.
Skips the time consuming listening & learning states.
These ports do not generate TC’s when the port transitions.
Ciscos RSTP uses portfast.

LINK TYPES
Provides a categorization for each port in RSTP.
Predetermines the role a port plays as it transitions to forward state.
The conditions are different for edge & non-edge ports. Non-edge ports may be point to point or shared.
This is auto determined but can be overwritten. Edge ports & P2P links are candidates for rapid forwarding

Before link type is considered RSTP must determine the port role.
ROOT PORTs- do not use the link type.
ALTERNATE & BACKUP PORTs- do not usually use link type.
Designated Port’s make the most use of link type.
*Rapid transition to forwarding occurs only if type is point to point.

RSTP PORT STATES
A Topology Change causes a transition to forwarding through explicit handshakes OR a proposal agreement. With RSTP the role of a port is seperated from its state.
3 RSTP port states:
Discarding
Learning
Forwarding
In all port states a port accepts & processes BPDU frames.
STP blocking listening & disabled states have been merged into the RSTP discarding state.

The role defines the ultimate purpose of a port & how it handles data frames.
Port roles & states can transition independently.
Creating additional roles allows RSTP to define a standby port before a failure or topology change.
The alternate port moves to forwarding if there is a failure on the designated port for the segment.

RSTP PROPOSAL or AGREEMENT PROCESS
In 802.1d a designated port must wait 2 x forward delay before transitioning to forwarding.
Rstp speeds up because it converges on a link by link basis & does not wait on the timers.
Rapid transition to forwarding only occurs on edge ports & P2P.

KNOW WHERE THE ROOT IS
STP can fail in some specific cases. Troubleshooting it can be very difficult so be proactive.
Often the location of the root is unavailable during trouble. Do not leave it up to the STP to choose root.
Generally use a good bridge in the middle of the network. Putting it in the center reduces the average diameter.

PLANNING FOR STP
Tuning STP parameters is not usually necessary with a hierarchal design & good root placement.
Diagram out each physical loop in the network & which blocked ports break the loops.
This helps identify accidental bridging loops & the cause.
A good way to minimize risks inherent with STP is to reduce the # of blocked ports.

VTP PRUNING
No more than 2 redundant links are needed between nodes.
By default trunks carry all the vlans in the vtp domain.

LAYER3 SWITCHING
L3 switches are able to route at the speed of a switch

**clarifications
Changing stp timers is not recommended.
STP used PORTFAST & RSTP uses PortFast
Commands to establish primary & secondary roots are identical for STP & RSTP.
Because of the format of the BPDU packet RSTP is backwards compatible with STP.

If an RSTP edge port receives a BPDU it:
1.loses its edge port status
2.becomes a regular STP port

BPDU’s are used for:
Keepalives, TCN, ACK’s & proposal Agreements.
Switches that are not running spanning tree still forward the BPDU’s they receive.
RSTP converges on a link by link basis.

Tags: vtp, cisco, switch, router, ip, guides