Transcription
Spanning-Tree ProtocolLAN DesignSpanning Tree Protocol (IEEE 802.1D 1998),Rapid STP (IEEE 802.1D 2004), Cisco PVST , MSTPSTP Tuning – LAN Network Design
Agenda Spanning Tree Protocol (STP)–––– IntroductionDetailsConvergenceSome more detailsRapid Spanning Tree Protocol (RSTP)Cisco PVST, PVST Multiple Spanning Tree Protocol (MSTP)Spanning Tree Tuning – LAN Design 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.02
Problem Description We want redundant links in bridged networks But transparent bridging cannot deal withredundancy– Broadcast storms and other problems Solution: STP (Spanning Tree Protocol)– Allows for redundant paths– Ensures non-redundant active paths Invented by Radia Perlman as general "mesh-totree" algorithm Only one purpose:cut off redundant paths with highest costs 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.03
AlgorhymeI think that I shall never seea graph more lovely than a treea graph whose crucial propertyis loop-free connectivity.A tree which must be sure to spanso packets can reach every lan.first the root must be selectedby ID it is elected.least cost paths to root are traced,and in the tree these paths are place.mesh is made by folks like me;bridges find a spanning tree.Radia Perlman 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.04
STP in Action (1)No Broadcast Storm1DA Broadcastaddress or notexistent hostaddress23 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.05
STP in Action (2)Bridge Failure – New STP Topology1DA Broadcastaddress or notexistent hostaddress243 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.06
Agenda Spanning Tree Protocol (STP)–––– IntroductionDetailsConvergenceSome more detailsRapid Spanning Tree Protocol (RSTP)Cisco PVST, PVST Multiple Spanning Tree Protocol (MSTP)Spanning Tree Tuning – LAN Design 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.07
Spanning Tree Protocol Takes care that there is always exact only oneactive path between any 2 stations Implemented by a special communicationprotocol between the bridges– Using BPDU (Bridge Protocol Data Unit) frames withMAC-multicast address as destination address Three important STP parameters determine theresulting tree topology in a meshed network:– Bridge-ID– Interface-Cost– Port-ID 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.08
Parameters for STP1 Bridge Identifier (Bridge ID)– Consists of a priority number and the MAC-address of abridge Bridge-ID Priority# (2 Byte) MAC# (6 Byte)– Priority number may be configured by the networkadministrator Default value is 32768– Lowest Bridge ID has highest priority– If you keep default values The bridge with the lowest MAC address will have the highestpriority 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.09
Parameters for STP2 Port Cost (C)– Costs in order to access local interface– Inverse proportional to the transmission rate– Default cost 1000 / transmission rate in Mbit/s With occurrence of 1Gbit/s Ethernet the rule was slightly adapted May be configured to a different value by the networkadministrator Port Identifier (Port ID)– Consists of a priority number and the port number Port-ID port priority#.port# Default value for port priority is 128 Port priority may be configured to a different value by the networkadministrator 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.010
Comparison Table For Port Costs:Speed 200000(129032 ?)(32154 ?)200002000 Also different cost values might be used– See recommendations in the IEEE 802.1D-2004 standard to complywith RSTP and MSTP– 802.1D-2004 operates with 32-bit cost values instead of 16-bit 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.011
STP Parameter Example (1)LAN 2C 10B-ID 45C 10B-ID 57C 10B-ID 42C 05LAN 5C 05C 05C 10B-ID 83C 05LAN 1C 10LAN 3 2016, D.I. Lindner / D.I. HaasC 05B-ID 97Spanning-Tree Details, v6.0C 05LAN 412
Spanning Tree Algorithm Summary Select the root bridge– Bridge with the lowest Bridge Identifier Select the root ports– By computation of the shortest path from any non-root bridge to theroot bridge– Root port points to the shortest path towards the root Select one designated bridge for every LAN segmentwhich can be reached by more than one bridge– Bridge with lowest root path costs on the root port side– Corresponding port on other side is called designated port Set the designated and root ports in forwarding state Set all other ports in blocking state 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.013
STP Parameter Example (2)LAN 2C 10RootBridgeRoot PortC 10B-ID 45Designated PortC 10B-ID 42C 10 Designated PortLAN 5Root Port 2016, D.I. Lindner / D.I. HaasB-ID 57C 05DesignatedBridgeDesignated PortC 05B-ID 83Root PortC 05LAN 1LAN 3Root PortC 05C 10Designated BridgeDesignated Bridgefor LAN 3for LAN 4B-ID 97Designated Port C 05C 05 Designated Port LAN 4Spanning-Tree Details, v6.014
BPDU Format Each bridge sends periodically BPDUs carried inEthernet multicast frames– Hello time default: 2 seconds Contains all information necessary for building SpanningTreeProt.IDProt.Vers.BPDUTypeFlagsRoot ID(R-ID)2 Byte 1 Byte 1 Byte 1 Byte8 ByteThe Bridge Iregard as root 2016, D.I. Lindner / D.I. HaasRoot Bridge ID Port ID MsgMaxHello Fwd.Path(O-ID)(P-ID)AgeAgeTime DelayCosts(RPC)4 Byte 8 Byte 2 Byte 2 Byte 2 Byte 2 Byte 2 ByteThe total cost I seetoward the rootSpanning-Tree Details, v6.0My own ID15
BPDU Fields in Detail (1)– Protocol Identifier:– 0000 (hex) for STP 802.1D– Protocol Version:– 00 (hex) for version 802.1D (1998)– 02 (hex) for version 802.1D (2004) - RSTP– BPDU Type:– 00 (hex) for Configuration BPDU– 80 (hex) for Topology Change Notification (TCN) BPDU– Root Identifier:– 2 bytes for priority (default 32768)– 6 bytes for MAC-address– Root Path Costs in binary representation:– range 1-65535– Bridge Identifier:– Structure like Root Identifier 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.016
BPDU Fields in Detail (2)– Port Identifier:– 1 byte priority (default 128)– 1 byte port number– Message Age (range 1-10s):– Age of Configuration BPDU– Transmitted by root-bridge initially using zero value, each passingon (by designated bridge) increases this number– Max Age (range 6-40s):– Aging limit for information obtained from Configuration BPDU– Basic parameter for detecting idle failures (e.g. root bridge dead)– Default 20 seconds– Hello Time (range 1-10s):– Time interval for generation of periodic Configuration BPDUs by rootbridge– Default 2 seconds 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.017
BPDU Fields in Detail (3)– Forward Delay (range 4-30s):– Time delay for putting a port in the forwarding state– Default 15 seconds– That actually means:– 15 seconds LISTENING for allowing STP topology toconverge after a topology change– plus– 15 seconds LEARNING to fill the empty MAC address tablewith locally seen MAC addresses in order to avoid floodingfor any local MAC addresses– After that the ports are set to forwarding– Hello Time, Max Age, Forward Delay are specified byRoot-Bridge– Maximum Bridge Diameter Maximum number of bridges between any two end systems is 7using default values for hello time, forward delay and max age 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.018
BPDU Fields in Detail (4)– Flags (a "1" indicates the function):– Bit 8 . Topology Change Acknowledgement (TCA)– Bit 1 . Topology Change (TC)– Used in TCN BPDUs for signaling topology changes– TCN Topology Change Notification– The bridge recognizing the topology change sends a TCN BPDU on the––––root port until a CONF BPDU with TCA is received on its root portBridge one hop closer to the root passes TCN BPDU on towards the rootbridge and acknowledges locally to the initiating bridge by usage ofCONF BPDU with TCAWhen the root bridge is reached a flushing of all bridging table istriggered by the root bridge by usage of CONF BPDUs with TC and TCAsetNow the new location (port) can be dynamically relearned by the actualuser trafficNote: In case of a topology change the MAC addresses should changequickly to another port of the corresponding bridging table(convergence) in order to avoid forwarding of frames to the wrong port/direction and not waiting for the natural timeout of the dynamic entry 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.019
BPDU MAC Addresses / LLC DSAP-SSAP Bridges use for STP-communication:– Multicast address:0180 C200 0000 hex0180 C200 0001 to 0180 C200 000F are reserved0180 C200 0010 hex All LAN Bridges Management Group Address– Note : All addresses in Ethernet canonical format– The DSAP/SSAP of LLC header42 hex Bridge Spanning Tree Protocol 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.020
Selection of Root BridgeR-ID 42RPC 0O-ID 42P-ID 1C 10 Port 1C 10 Port 1B-ID 42R-ID 42RPC 0O-ID 42P-ID 2C 10 Port 2R-ID 45RPC 0O-ID 45P-ID 1C 05B-ID 45R-ID 45RPC 0O-ID 45P-ID 2B-ID 57C 10 Port 2R-ID 83RPC 0O-ID 83P-ID 2C 05C 05B-ID 83R-ID 57RPC 0O-ID 57P-ID 1R-ID 83RPC 0O-ID 83P-ID 1C 05C 10R-ID 97RPC 0O-ID 97P-ID 1 2016, D.I. Lindner / D.I. HaasB-ID 97C 05 C 05Spanning-Tree Details, v6.0R-ID 97RPC 0O-ID 97P-ID 221
Root Bridge Selected,Triggers RPC CalculationR-ID 42RPC 0O-ID 42P-ID 1C 10R-ID 42RPC 0O-ID 42P-ID 2B-ID 45C 10 Port 1B-ID 42C 05B-ID 57C 10C 05Root BridgeC 05C 10 Port 2B-ID 83C 05C 10B-ID 97C 05 C 05 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.022
Root Port Selection based on RPC (1)R-ID 42RPC 0O-ID 42P-ID 1C 10 Port 1B-ID 42R-ID 42RPC 0O-ID 42P-ID 2C 10 RPC 10R-ID 42RPC 10O-ID 45P-ID 2B-ID 45C 05B-ID 57C 10R-ID 42RPC 5O-ID 57P-ID 2C 05RPC 0C 05C 10 Port 2R-ID 42RPC 5O-ID 83P-ID 1R-ID 42RPC 10O-ID 97P-ID 3 2016, D.I. Lindner / D.I. HaasRPC 5C 10B-ID 83C 05RPC 10B-ID 97C 05 C 05Spanning-Tree Details, v6.0RPC 5R-ID 42RPC 10O-ID 97P-ID 223
Root Port Selection based on RPC (2)R-ID 42RPC 0O-ID 42P-ID 1C 10 Port 1C 10 Root Port Root Port C 05R-ID 42RPC 10O-ID 45P-ID 2B-ID 45C 10B-ID 42R-ID 42RPC 0O-ID 42P-ID 2C 05C 05C 10 Port 2R-ID 42RPC 5O-ID 83P-ID 1R-ID 42RPC 10O-ID 97P-ID 3 2016, D.I. Lindner / D.I. HaasB-ID 57R-ID 42RPC 5O-ID 57P-ID 2B-ID 83C 05 Root PortC 10Root PortB-ID 97C 05 C 05Spanning-Tree Details, v6.0R-ID 42RPC 10O-ID 97P-ID 224
Designated Bridge Selection(based on O-ID)R-ID 42RPC 0O-ID 42P-ID 1C 10B-ID 45C 10 Port 1R-ID 42RPC 5O-ID 57P-ID 2C 05C 05C 10 Port 2R-ID 42RPC 5O-ID 83P-ID 1R-ID 42RPC 10O-ID 97P-ID 3 2016, D.I. Lindner / D.I. HaasB-ID 57C 10B-ID 42R-ID 42RPC 0O-ID 42P-ID 2DesignatedBridge C 05C 10B-ID 97C 05 C 05Spanning-Tree Details, v6.0B-ID 83C 05R-ID 42RPC 10O-ID 97P-ID 225
Final TopologyRPC 10R-ID 42RPC 0O-ID 42P-ID 1C 10 Root Port Root Port C 05C 10 Port 1 Designated PortB-ID 42R-ID 42RPC 0O-ID 42P-ID 2RPC 5B-ID 45B-ID 57R-ID 42RPC 5O-ID 57P-ID 2Designated Port C 05RPC 0DesignatedBridgeC 10 Port 2 Designated PortRPC 5B-ID 83C 05 Root PortR-ID 42RPC 10O-ID 97P-ID 3 2016, D.I. Lindner / D.I. HaasC 10Root PortB-ID 97C 05 C 05Spanning-Tree Details, v6.0R-ID 42RPC 10O-ID 97P-ID 226
Port StatesStart here(topology changed)BlockingListeningLearningGive STP timeto convergePopulate bridgingtable for that newtopologyForwarding At each time, a port is in one of the following states:– Blocking, Listening, Learning, Forwarding, or Disabled Only Blocking or Forwarding are final states (for enabled ports) Transition states– 15 s Listening state is used to converge STP– 15 s Learning state is used to learn MAC addresses for the new topology Therefore it lasts 30 seconds until a port is placed in forwardingstate 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.027
Agenda Spanning Tree Protocol (STP)–––– IntroductionDetailsConvergenceSome more detailsRapid Spanning Tree Protocol (RSTP)Cisco PVST, PVST Multiple Spanning Tree Protocol (MSTP)Spanning Tree Tuning – LAN Design 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.028
STP Error Detection The root bridge generates (triggers)– Every 1-10 seconds (hello time interval) a ConfigurationBPDU to be received on the root port of every other bridgeand carried on through the designated ports– Bridges which are not designated are still listening to suchmessages on blocked ports If triggering ages out two scenarios are possible– Root bridge failure A new root bridge will be selected based on the lowest Bridge-IDand the whole spanning tree may be modified– Designated bridge failure If there is an other bridge which can support a LAN segment thisbridge will become the new designated bridge 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.029
STP Convergence Time – Failure atDesignated BridgeLAN 2C 10RPRPB-ID 45C 10C 10B-ID 42B-ID 57BPLAN 5C 10C 05DPBPC 05C 05B-ID 83C 05RPLAN 1B-ID 97LAN 3LAN 4 Time max age (20 sec) to be waited until new STP istriggered 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.030
STP Convergence Time – Failure atDesignated Bridge – New TopologyLAN 2C 10RPC 10C 10B-ID 45C 10B-ID 42C 10LAN 1C 05RPB-ID 57BPLAN 5NewDesignatedBridge forLAN 5DPC 05B-ID 83C 05RPRPC 5 !!!B-ID 97LAN 3LAN 4 Convergence time max age (20 sec) 2 * forward delay(15 sec Listening 15 sec Learning) 50 sec 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.031
STP Convergence Time – Failure of RootBridgeLAN 2C 10RPRPB-ID 45C 10C 10B-ID 42B-ID 57BPLAN 5C 10C 05DPBPC 05C 05B-ID 83C 05RPLAN 1RPLAN 3DPB-ID 97Bridge 2DPLAN 4 Time max age (20 sec) 2*forward delay (15 secListening 15 sec Learning) 50 sec 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.032
STP Convergence Time – Failure of RootBridge – New TopologyLAN 2C 10New RouteBridgeDPRPB-ID 45C 10Port-ID 1 !!!B-ID 57DPLAN 5C 05BPRPC 05Port-ID 2C 05B-ID 83C 05DPLAN 1RPLAN 3DPB-ID 97DPLAN 4 Time max age (20 sec) 2*forward delay (15 secListening 15 sec Learning) 50 sec 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.033
STP Convergence Time – Failure of RootPortLAN 2MAC DRPMAC AMAC AC 10B-ID 57DPRouteBridgeB-ID 42C 10LAN 1LAN 5NewDesignatedBridge forLAN 5BPC 05C 05C 05MAC AB-ID 83C 05RPB-ID 97LAN 3LAN 4 Time max age (20 sec) has not to be waited until newSTP is triggered 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.034
STP Convergence Time – Failure of RootPort - Interruption of Connectivity D- ALAN 2Filtering forMAC A untilentry ages outC 10RouteBridgeB-ID 42MAC AMAC DMAC AdataDAL2B-ID 57RPLAN 5C 10C 05MAC ADPB-ID 83C 05RPLAN 1B-ID 97LAN 3LAN 4 Convergence Time 2*forward delay (15 sec Listening 15 sec Learning) 30 sec 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.035
STP Convergence Time – Failure of RootPort – Topology Change Notification (TCN)LAN 2MAC DMAC AB-ID 57C 10RPRouteBridgeB-ID 42C 10LAN 5MAC ATCN to flush MAC entriesin Bridging TableLAN 1MAC AB-ID 83RPB-ID 97LAN 3 2016, D.I. Lindner / D.I. HaasLAN 4Spanning-Tree Details, v6.036
STP Disadvantages Active paths are always calculated from the root, but theactual information flow of the network may use otherpaths– Note: network-manager can control this via Bridge Priority, Path Costsund Port Priority to achieve a certain topology under normal operation– Hence STP should be designed to overcome plug and play behaviorresulted by default values Redundant paths cannot be used for load balancing– Redundant bridges may be never used if there is no failure of thecurrently active components– For remote bridging via WAN the same is true for redundant WANlinks Convergence time between 30 and 50 seconds– Note: in order to improve convergence time Rapid Spanning TreeProtocol has been developed (802.1D version 2004) 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.037
Agenda Spanning Tree Protocol (STP)–––– IntroductionDetailsConvergenceSome more detailsRapid Spanning Tree Protocol (RSTP)Cisco PVST, PVST Multiple Spanning Tree Protocol (MSTP)Spanning Tree Tuning – LAN Design 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.038
Usage for a Port-ID The Port-ID is only used as last tie-breaker Typical situation in highly redundant topologies:Multiple links between each two switches– Same BID and Costs announced on each link– Only local Port-ID can choose a single linkRoot BridgeBID 00-00:00-ca-fe-ba-be-77Root Path Cost 0gi0/1Both links areidentical but gi0/1has a lower Port-IDso I will use thatlinkgi0/2BID 00-00:00-ca-fe-ba-be-77Root Path Cost 0 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.039
Importance of details Many people think STP is a simple thing – untilthey encounter practical problems in realnetworks Important Details–––––STP State MachineBPDU format detailsTCN mechanismRSTPMSTP 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.040
Note: STP is a port-based algorithm Only the root-bridge election is done on thebridge-level All other processing is port-based– To establish the spanning tree, each enabled port is eitherforwarding or blocking– Additionally two transition states have been defined 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.041
STP State Machine: Port Transition RulesRemainedDesignated or RootPort for more than15 secondsThe three STPsteps areperformed there20s aging overNondesignated PortTransition StatesBuilding TopologyBlockingBuilding Bridging TableListeningFinally startssending andreceivingStill remainedDesignated or RootPortLearningRoot Port orDesignated PortForwardingPort disabledor failsLost DesignatedPort electionDisabledLink comes upAdministratively downAdditional 15 seconds learning state inorder to reduce amount of floodingwhen forwarding beginsPort ceases to be a Root or Designated PortCisco: PortFastCisco: UplinkFast STP is completely performed in the Listening state Default convergence time is 30-50 s Timer tuning: Better don't do it !––––Blocking ports still receive BPDUs (but don‘t send)20s aging, (15 15)s transition timeOnly modify timers of the root bridgeDon't forget values on supposed backup root bridge802.1d defines port roles and states:Port RolesPort isteningLearningForwarding 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.042
Example with L2 SwitchesThree steps to create spanning tree:1.2.3.Elect Root Bridge (Each L2-network has exactly one Root Bridge)Elect Root Ports (Each non-root bridge has exactly one Root Port)Elect Designated Ports (Each segment has exactly one Designated Port)To determine root port and designated port:1.2.3.Determine lowest (cumulative) Path Cost to Root BridgeDetermine lowest Bridge IDDetermine lowest Port IDDesignatedPortBID 1:MAC ADesignatedPortACost 19 Root PortCost 19 Root PortBID 100:MAC BHas lower Bridge-ID than C,therefore B becomes DesignatedBridge (i. e. has Designated Port forthis segment) 2016, D.I. Lindner / D.I. HaasBCost 38DesignatedPortSpanning-Tree Details, v6.0FE: Cost 19Cost 19Cost 19CBID 200:MAC CCost 38NondesignatedPort - Blocked43
Components of the Bridge-ID2 BytesOld:Priority4 BitsNew:Default: 32768Priority6 BytesLowest MAC Address12 BitsExtended System ID6 BytesLowest MAC AddressTypically derived fromBackplane orSupervisor moduleTo allow distinct BIDs per VLAN asused byMSTP or Cisco per VLAN-STP The recent 802.1D-2004 standard requires only 4-bits for priorityand 12 bits to distinguish multiple STP instances– Typically used for MSTP, where each set of VLANs has its own STPtopology Therefore, ascending priority values are 0, 4096, 8192, – Typically still configured as 0, 1, 2, 3 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.044
Detailed BPDU FormatBytesA TCN-BPDU onlyconsists of these 3fields !!!When firstbooted,Root-ID BIDIf value increases,then the originatingbridge lostconnectivity to RootBridge Predetermined by root bridge Affect convergence time Misconfigurations cause loopsProtocol ID2Always zeroVersion1Always zeroMessage Type1Configuration (0x00) or TCN BPDU (0x80)Flags1LSB Topology change flag (TC), MSB TC Ack flag (TCA)Root ID8Who is Root Bridge?Root Path Cost4How far away is Root Bridge?Bridge ID8ID of bridge that sent this BPDUPort ID2Port-ID of sending bridge (unique: Port1/1 0x8001, 1/2 0x8002, .)Message Age2Time since Root generated this BPDUMaximum Age 202BPDU is discarded if older than this value (default: 20 seconds)Hello Time 22Broadcast interval of BPDUs (default: 2 seconds)Forward Delay 152Time spent in learning and listening states (default: 15 seconds) BPDUs are sent in 802.3 frames––DA 01-80-C2-00-00-00LLC has DSAP SSAP 0x42 ("the answer") Configuration BPDUs–Originated by Root Bridge periodically (2 sec Hello Time), flow downstream 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.045
Topology Change Notification (TCN) Special BPDUs, used as alert by any bridge– Flow upstream (through Root Port)– Only consists of the first three standard header fields!– It is transported as TCN BPDU Sent upon– Transition of a port into Forwarding state and at least one DesignatedPort exists– Transition of a port into Blocking state (from either Forwarding orLearning state) Sent until acknowledged by TC Acknowledge (TCA)– Which is actually a Conf BPDU from the upstream bridge 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.046
Topology Change Notification (TCN) Only the Designated Ports of upstream bridgesprocesses TCN-BPDUs and send TC-Ack (TCA)downstream Finally the Root Bridge receives the TC and sendsConfiguration BPDUs with the TC and TCA flag set to 1( TCA) downstream for (Forward Delay Max Age 35)seconds– This instructs all bridges to reduce the default bridging table aging(300 s) to the current Forward Delay value (15 s)– Thus bridging tables can adapt to the new topology 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.047
Cisco Port Fast Optimizes switch ports connected to end-station devices– Usually, if PC boots, NIC establishes L2-link, and switch port goesfrom Disabled Blocking Listening Learning Forwarding state .30 seconds!!! Port Fast allows a port to immediately enter theForwarding state– STP is NOT disabled on that port! Port Fast only works once after link comes up!– If port is then forced into Blocking state and later returns intoForwarding state, then the normal transition takes place!– Ignored on trunk ports Alternatives:– Disable STP (often a bad idea)– Use a hub in between switch port is always active 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.048
Cisco Uplink Fast (1) Accelerates STP to converge within 1-3 seconds– Cisco patent– Marks some blocking ports as backup uplink Typically used on access layer switches– Only works on non-root bridges– Requires some blocked ports– Enabled for entire switch (and not for individual VLANs) 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.049
Cisco Uplink Fast (2): The Problem When link to root bridge fails, STP requires (atleast) 30 seconds until alternate root portbecomes activeBPDUBackup rootRootBPDUBPDURoot Port 2016, D.I. Lindner / D.I. Haasg0/1g0/1 blockedSpanning-Tree Details, v6.050
Cisco Uplink Fast (3): Idea When a port receives a BPDU, we know that it has a path to the rootbridge– Put all root port candidates to a so-called "Uplink Group" Upon uplink failure, immediately put best port of Uplink group intoforwarding state– There cannot be a loop because previous uplink is still downBPDUBackup rootRootBPDUBPDURoot Portg0/1g0/1 Immediately placed in forwarding stateAccess Switch withUplink Fast 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.051
Cisco Uplink Fast (4):Incorrect Bridging Tables But upstream bridges still require 30 s to learn newtopology Bridging table entries in upstream bridges may beincorrectMAC B isat g1/3Packet forMAC BPacket forMAC Bg1/3MAC Ag3/17g0/1forwaring stateMAC B 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.052
Cisco Uplink Fast (5):Actively Correct Tables Uplink Fast corrects the bridging tables of upstream bridges Sends 15 multicast frames (one every 100 ms) for each MACaddress in its bridging table (i. e. for each downstream hosts)– Using SA MAC: All other bridges quickly reconfigure their tables; deadlinks are no longer used– DA 01-00-0C-CD-CD-CD, flooded throughout the networkMAC B isat g3/17DA 01-00-0C-CD-CD-CDSA MAC BPacket forMAC Bg1/3MAC APacket forMAC Bg3/17DA 01-00-0C-CD-CD-CDSA MAC BMAC B 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.053
Cisco Uplink Fast (6):Additional Details When broken link becomes up again, Uplink Fast waits until traffic isseen– That is, 30 seconds plus 5 seconds to support other protocols to converge (e.g. Etherchannel, DTP, ) Flapping links would trigger uplink fast too often which causes toomuch additional traffic– Therefore the port is "hold down" for another 35 seconds before Uplink Fastmechanism is available for that port again Several STP parameters are modified automatically– Bridge Priority 49152 (don't want to be root)– All Port Costs 3000 (don't want to be designated port) 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.054
Cisco Backbone Fast (1) Complementary to Uplink Fast Safes 20 seconds when recovering from indirectlink failures in core area– Issues Max Age timer expiration– Reduce failover performance from 50 to 30 seconds– Cannot eliminate Forwarding Delay Should be enabled on every switch! 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.055
Cisco Backbone Fast (2):The Problem Consider initial situation Note that blocked port (g0/1) always remembers"best seen" BPDU – which has best ( lowest)Root-BIDBPDU: Root has BID RRootBID RBackup rootBID BBPDU: Root has BID RBPDU: Root has BID RRoot Portg0/1g0/1BID A 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.056
Cisco Backbone Fast (3):The Problem (cont.) Now backup-root bridge looses connectivity to rootbridge and assumes root role Port g0/1 does not see the BPDUs from the originalroot bridge any more But for MaxAge 20 seconds, any inferior BPDU isignoredBackup rootBID BRootBID RBPDU: Root has BID BBPDU: Root has BID RRoot Portg0/1g0/1BID A 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.0No, Iremember abetter BPDU57
Cisco Backbone Fast (4):The Problem (cont.) Only after 20 seconds port g0/1 enters listening stateagain Finally, bridge A unblocks g0/1 and forwards the betterBPDUs to bridge B Total process lasts 20 15 15 secondsBackup rootBID BRootBID RBPDU: Root has BID RBPDU: Root has BID RRoot Portg0/1g0/1BID A 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.058
Cisco Backbone Fast (5):The Solution If an inferior BPDU is originated from the local segment'sDesignated Bridge, then this probably indicates an indirect failure– (Bridge B was Designated Bridge in our example) To be sure, we ask other Designated Bridges (over our otherblocked ports and the root port) what they think which bridge theroot is– Using Root Link Query (RLQ) BPDU If at least one reply contains the "old" root bridge, we know that anindirect link failure occurred– Immediately expire Max Age timer and enter Listening state 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.059
Other CISCO STP Tuning Options BPDU Guard– Shuts down PortFast-configured interfaces that receive BPDUs, preventing apotential bridging loop Root Guard– Forces an interface to become a designated port to prevent surroundingswitches from becoming the root switch BPDU Filter BPDU Skew Detection– Report late BPDUs via Syslog– Indicate STP stability issues, usually due to CPU problems Unidirectional Link Detection (UDLD)– Detects and shuts down unidirectional links Loop Guard 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.060
Agenda Spanning Tree Protocol (STP)–––– IntroductionDetailsConvergenceSome more detailsRapid Spanning Tree Protocol (RSTP)Cisco PVST, PVST Multiple Spanning Tree Protocol (MSTP)Spanning Tree Tuning – LAN Design 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.061
Introduction RSTP is part of the IEEE 802.1D-2004 standard– Originally defined in IEEE 802.1w– Old STP IEEE 802.1D-1998 is now superseded by RSTP Computation of the Spanning Tree is identical between STP andRSTP– Conf-BPDU and TCN-BPDU still remain– New BPDU type "RSTP" has been added Version 2, type 2 RSTP BPDUs can be used to negotiate port roles on a particular link– Only done if neighbor bridge supports RSTP (otherwise only Conf-BPDUs aresent– Using a Proposal/Agreement handshake Designed to be compatible and interoperable with the traditionalSTP – without additional management requirements 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.062
Major Features BPDUs are no longer triggered by root bridge– Instead, each bridge can generate BPDUs independentlyand immediately (on-demand) Much faster convergence– Few seconds (typically within 1 – 5 seconds) Better scalability– No network diameter limit New port roles and port states– Non-Designated Port role split in Alternate and Backup– Root Port and Designated Port role still remain the same– Port state discarding instead of disabled, learning andblocking 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.063
Port States ComparisonSTP (802.1d)Port StateRSTP (802.1w)Port StateIs Port includedin activeTopology?Is Port learningMAC forwardingforwardingYesYes 2016, D.I. Lindner / D.I. HaasSpanning-Tree Details, v6.064
Backup and Alternate Ports If a port is neither Root Port nor Designated Port– It is a Backup Port – if this bridge is a Designated Bridgefor that LAN– Or an Alternate
– See recommendations in the IEEE 802.1D-2004 standard to comply with RSTP and MSTP – 802.1D-2004 operates with 32-bit cost values instead of 16-bit Speed [Mbit/s] OriginalCost (1000/Speed) 802.1D-1998 802.1D-2004 10 100 100 2000000 100 10 19 200000 155 6 14 (
