Scaling Networks [ CH3 ] - cisco academy

Breaking

Monday, February 4, 2019

Scaling Networks [ CH3 ]

3.0.1.1 Introduction

Network redundancy is a key to maintaining network reliability. Multiple physical links between devices provide redundant paths. The network can then continue to operate when a single link or port has failed. Redundant links can also share the traffic load and increase capacity.
Multiple paths need to be managed so that Layer 2 loops are not created. The best paths are chosen, and an alternate path is immediately available should a primary path fail. The Spanning Tree Protocol is used to create one path through the Layer 2 network.
This chapter focuses on the protocols used to manage these forms of redundancy. It also covers some of the potential redundancy problems and their symptoms.

3.0.1.2 Class Activity - Stormy Traffic

It is your first day on the job as a network administrator for a small- to medium-sized business. The previous network administrator left suddenly after a network upgrade took place for the business.
During the upgrade, a new switch was added. Since the upgrade, many employees complain that they are having trouble accessing the Internet and servers on your network. In fact, most of them cannot access the network at all. Your corporate manager asks you to immediately research what could be causing these connectivity problems and delays.
So you take a look at the equipment operating on your network at your main distribution facility in the building. You notice that the network topology seems to be visually correct and that cables have been connected correctly, routers and switches are powered on and operational, and switches are connected together to provide backup or redundancy.
However, one thing you do notice is that all of your switches’ status lights are constantly blinking at a very fast pace to the point that they almost appear solid. You think you have found the problem with the connectivity issues your employees are experiencing.
Use the Internet to research STP. As you research, take notes and describe:
  • Broadcast storm
  • Switching loops
  • The purpose of STP
  • Variations of STP
Complete the reflection questions that accompany the PDF file for this activity. Save your work and be prepared to share your answers with the class.

3.1.1.1 Redundancy at OSI Layers 1 and 2

The three-tier hierarchical network design that uses core, distribution, and access layers with redundancy, attempts to eliminate a single point of failure on the network. Multiple cabled paths between switches provide physical redundancy in a switched network. This improves the reliability and availability of the network. Having alternate physical paths for data to traverse the network makes it possible for users to access network resources, despite path disruption.
Click the Play button in Figure 1 to view an animation about redundancy.
  • PC1 is communicating with PC4 over a redundant network topology.
  • When the network link between S1 and S2 is disrupted, the path between PC1 and PC4 is automatically adjusted by the Spanning Tree Protocol (STP) to compensate for the disruption.
  • When the network connection between S1 and S2 is restored, the path is then readjusted by STP to route traffic directly from S2 to S1 to get to PC4.
For many organizations, the availability of the network is essential to supporting business needs; therefore, the network infrastructure design is a critical business element. Path redundancy provides the necessary availability of multiple network services by eliminating the possibility of a single point of failure.
Note: The OSI Layer 1 redundancy is illustrated using multiple links and devices, but more than just physical planning is required to complete the network setup. For the redundancy to work in a systematic way, the use of OSI Layer 2 protocols, such as STP, is also required.
Redundancy is an important part of the hierarchical design for preventing disruption of network services to users. Redundant networks require the addition of physical paths, but logical redundancy must also be part of the design. However, redundant paths in a switched Ethernet network may cause both physical and logical Layer 2 loops.
Logical Layer 2 loops may occur due to the natural operation of switches, specifically, the learning and forwarding process. When multiple paths exist between two devices on a network, and there is no spanning tree implementation on the switches, a Layer 2 loop occurs. A Layer 2 loop can result in the three primary issues listed in Figure 2.

3.1.1.2 Issues with Layer 1 Redundancy: MAC Database Instability

Ethernet frames do not have a time to live (TTL) attribute. As a result, if there is no mechanism enabled to block continued propagation of these frames on a switched network, they continue to propagate between switches endlessly, or until a link is disrupted and breaks the loop. This continued propagation between switches can result in MAC database instability. This can occur due to broadcast frames forwarding.
Broadcast frames are forwarded out all switch ports, except the original ingress port. This ensures that all devices in a broadcast domain are able to receive the frame. If there is more than one path for the frame to be forwarded out of, an endless loop can result. When a loop occurs, it is possible for the MAC address table on a switch to constantly change with the updates from the broadcast frames, which results in MAC database instability.
Click the Play button in the figure to view the animation. When the animation pauses, read the text to the left of the topology. The animation will continue after the short pause.
In the animation:
  • PC1 sends a broadcast frame to S2. S2 receives the broadcast frame on F0/11. When S2 receives the broadcast frame, it updates its MAC address table to record that PC1 is available on port F0/11.
  • Because it is a broadcast frame, S2 forwards the frame out all ports, including Trunk1 and Trunk2. When the broadcast frame arrives at S3 and S1, the switches update their MAC address tables to indicate that PC1 is available out port F0/1 on S1 and out port F0/2 on S3.
  • Because it is a broadcast frame, S3 and S1 forward the frame out all ports, except the ingress port. S3 sends the broadcast frame from PC1 to S1. S1 sends the broadcast frame from PC1 to S3. Each switch updates its MAC address table with the incorrect port for PC1.
  • Each switch forwards the broadcast frame out all of its ports, except the ingress port, which results in both switches forwarding the frame to S2.
  • When S2 receives the broadcast frames from S3 and S1, the MAC address table is updated with the last entry received from the other two switches.
This process repeats over and over again until the loop is broken by physically disconnecting the connections that are causing the loop or powering down one of the switches in the loop. This creates a high CPU load on all switches caught in the loop. Because the same frames are constantly being forwarded back and forth between all switches in the loop, the CPU of the switch must process a lot of data. This slows down performance on the switch when legitimate traffic arrives.
A host caught in a network loop is not accessible to other hosts on the network. Additionally, due to the constant changes in the MAC address table, the switch does not know out of which port to forward unicast frames. In the example above, the switches will have the incorrect ports listed for PC1. Any unicast frame destined for PC1 loops around the network, just as the broadcast frames do. More and more frames looping around the network eventually creates a broadcast storm.

3.1.1.3 Issues with Layer 1 Redundancy: Broadcast Storms

A broadcast storm occurs when there are so many broadcast frames caught in a Layer 2 loop that all available bandwidth is consumed. Consequently, no bandwidth is available for legitimate traffic and the network becomes unavailable for data communication. This is an effective denial of service (DoS).
A broadcast storm is inevitable on a looped network. As more devices send broadcasts over the network, more traffic is caught in the loop and consumes resources. This eventually creates a broadcast storm that causes the network to fail.
There are other consequences of broadcast storms. Because broadcast traffic is forwarded out every port on a switch, all connected devices have to process all the broadcast traffic that is being flooded endlessly around the looped network. This can cause the end device to malfunction because of the processing requirements needed to sustain such a high traffic load on the NIC.
Click the Play button in the figure to view an animation of a broadcast storm. When the animation pauses, read the text to the right of the topology. The animation will continue after the short pause.
In the animation:
  • PC1 sends a broadcast frame out onto the looped network.
  • The broadcast frame loops between all the interconnected switches on the network.
  • PC4 also sends a broadcast frame out onto the looped network.
  • The PC4 broadcast frame gets caught in the loop between all the interconnected switches, just like the PC1 broadcast frame.
  • As more devices send broadcasts over the network, more traffic is caught in the loop and consumes resources. This eventually creates a broadcast storm that causes the network to fail.
  • When the network is fully saturated with broadcast traffic that is looping between the switches, new traffic is discarded by the switch because it is unable to process it.
A broadcast storm can develop in seconds because devices connected to a network are regularly sending out broadcast frames, such as ARP requests. As a result, when a loop is created, the switched network is quickly brought down.

3.1.1.4 Issues with Layer 1 Redundancy: Duplicate Unicast Frames

Broadcast frames are not the only type of frames that are affected by loops. Unknown unicast frames sent onto a looped network can result in duplicate frames arriving at the destination device. An unknown unicast frame is when the switch does not have the destination MAC address in its MAC address table and must forward the frame out all ports, except the ingress port.
Click the Play button in the figure to view an animation about this issue. When the animation pauses, read the text to the right of the topology. The animation will continue after the short pause.
In the animation:
  • PC1 sends a unicast frame destined for PC4.
  • S2 does not have an entry for PC4 in its MAC table. In an attempt to find PC4, it floods the unknown unicast frame out all switch ports, except the port that received the traffic.
  • The frame arrives at switches S1 and S3.
  • S1 has a MAC address entry for PC4, so it forwards the frame out to PC4.
  • S3 has an entry in its MAC address table for PC4, so it forwards the unicast frame out Trunk3 to S1.
  • S1 receives the duplicate frame and forwards the frame out to PC4.
  • PC4 has now received the same frame twice.
Most upper-layer protocols are not designed to recognize duplicate transmissions. In general, protocols that make use of a sequence-numbering mechanism assume that the transmission has failed and that the sequence number has recycled for another communication session. Other protocols attempt to hand the duplicate transmission to the appropriate upper-layer protocol to be processed and possibly discarded.
Layer 2 LAN protocols, such as Ethernet, do not include a mechanism to recognize and eliminate endlessly looping frames. Some Layer 3 protocols implement a TTL mechanism that limits the number of times a Layer 3 networking device can retransmit a packet. Layer 2 devices do not have this mechanism, so they continue to retransmit looping traffic indefinitely. STP, a Layer 2 loop-avoidance mechanism, was developed to address these problems.
To prevent these issues from occurring in a redundant network, some type of spanning tree must be enabled on the switches. Spanning tree is enabled, by default, on Cisco switches to prevent Layer 2 loops from occurring.

3.1.2.1 Spanning Tree Algorithm: Introduction

Redundancy increases the availability of the network topology by protecting the network from a single point of failure, such as a failed network cable or switch. When physical redundancy is introduced into a design, loops and duplicate frames occur. Loops and duplicate frames have severe consequences for a switched network. The Spanning Tree Protocol (STP) was developed to address these issues.
STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop. A port is considered blocked when user data is prevented from entering or leaving that port. This does not include bridge protocol data unit (BPDU) frames that are used by STP to prevent loops. Blocking the redundant paths is critical to preventing loops on the network. The physical paths still exist to provide redundancy, but these paths are disabled to prevent the loops from occurring. If the path is ever needed to compensate for a network cable or switch failure, STP recalculates the paths and unblocks the necessary ports to allow the redundant path to become active.
Click the Play button in Figure 1 to view STP in action.
In the example, all switches have STP enabled:
  • PC1 sends a broadcast out onto the network.
  • S2 is configured with STP and has set the port for Trunk2 to a blocking state. The blocking state prevents ports from being used to forward user data, which prevents a loop from occurring. S2 forwards a broadcast frame out all switch ports, except the originating port from PC1 and the port for Trunk2.
  • S1 receives the broadcast frame and forwards it out all of its switch ports, where it reaches PC4 and S3. S3 forwards the frame out the port for Trunk2 and S2 drops the frame. The Layer 2 loop is prevented.
Click the Play in Figure 2 to view STP recalculation when a failure occurs.
STP prevents loops from occurring by configuring a loop-free path through the network using strategically placed "blocking-state" ports. The switches running STP are able to compensate for failures by dynamically unblocking the previously blocked ports and permitting traffic to traverse the alternate paths.
Up to now, we have used the term Spanning Tree Protocol and the acronym STP. The usage of the Spanning Tree Protocol term and the STP acronym can be misleading. Many professionals generically use these to refer to various implementations of spanning tree, such as Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP). In order to communicate spanning tree concepts correctly, it is important to refer to the particular implementation or standard in context. The latest IEEE documentation on spanning tree (IEEE-802-1D-2004) says, "STP has now been superseded by the Rapid Spanning Tree Protocol (RSTP)."The IEEE uses "STP" to refer to the original implementation of spanning tree and "RSTP" to describe the version of spanning tree specified in IEEE-802.1D-2004. In this curriculum, when the original Spanning Tree Protocol is the context of a discussion, the phrase “original 802.1D spanning tree” is used to avoid confusion. Since the two protocols share much of the same terminology and methods for the loop-free path, the primary focus will be on the current standard and the Cisco proprietary implementations of STP and RSTP.
Note: STP is based on an algorithm invented by Radia Perlman while working for Digital Equipment Corporation, and published in the 1985 paper "An Algorithm for Distributed Computation of a Spanning Tree in an Extended LAN.”

3.1.2.2 Spanning Tree Algorithm: Port Roles

IEEE 802.1D STP and RSTP use the Spanning Tree Algorithm (STA) to determine which switch ports on a network must be put in blocking state to prevent loops from occurring. The STA designates a single switch as the root bridge and uses it as the reference point for all path calculations. In the figure, the root bridge (switch S1) is chosen through an election process. All switches that are participating in STP exchange BPDU frames to determine which switch has the lowest bridge ID (BID) on the network. The switch with the lowest BID automatically becomes the root bridge for the STA calculations.
Note: For simplicity, assume until otherwise indicated that all ports on all switches are assigned to VLAN 1. Each switch has a unique MAC address associated with VLAN 1.
A BPDU is a messaging frame exchanged by switches for STP. Each BPDU contains a BID that identifies the switch that sent the BPDU. The BID contains a priority value, the MAC address of the sending switch, and an optional extended system ID. The lowest BID value is determined by the combination of these three fields.
After the root bridge has been determined, the STA calculates the shortest path to the root bridge. Each switch uses the STA to determine which ports to block. While the STA determines the best paths to the root bridge for all switch ports in the broadcast domain, traffic is prevented from being forwarded through the network. The STA considers both path and port costs when determining which ports to block. The path costs are calculated using port cost values associated with port speeds for each switch port along a given path. The sum of the port cost values determines the overall path cost to the root bridge. If there is more than one path to choose from, STA chooses the path with the lowest path cost.
When the STA has determined which paths are most desirable relative to each switch, it assigns port roles to the participating switch ports. The port roles describe their relation in the network to the root bridge and whether they are allowed to forward traffic:
  • Root ports - Switch ports closest to the root bridge in terms of overall cost to the root bridge. In the figure, the root port selected by STP on S2 is F0/1, the link between S2 and S1. The root port selected by STP on S3 is F0/1, the link between S3 and S1. Root ports are selected on a per-switch basis.
  • Designated ports - All non-root ports that are still permitted to forward traffic on the network. In the figure, switch ports (F0/1 and F0/2) on S1 are designated ports. S2 also has its port F0/2 configured as a designated port. Designated ports are selected on a per-segment basis based on the cost of each port on either side of the segment and the total cost calculated by STP for that port to get back to root bridge. If one end of a segment is a root port, then the other end is a designated port. All ports on the root bridge are designated ports.
  • Alternate and backup ports - Alternate ports and backup ports are in discarding or blocking state to prevent loops. In the figure, the STA configured port F0/2 on S3 in the alternate role. Port F0/2 on S3 is in the blocking state. Alternate ports are selected only on links where neither end is a root port. Notice in the figure that only one end of the segment is blocked. This allows for a faster transition to the forwarding state when necessary. (Blocking ports only come into play when two ports on the same switch provide redundant links through the network.)
  • Disabled ports - A disabled port is a switch port that is shut down.
Note: The port roles displayed are those defined by RSTP. The role originally defined by the 802.1D STP for alternate and backup ports was non-designated.

3.1.2.3 Spanning Tree Algorithm: Root Bridge

As shown in Figure 1, every spanning tree instance (switched LAN or broadcast domain) has a switch designated as the root bridge. The root bridge serves as a reference point for all spanning tree calculations to determine which redundant paths to block.
An election process determines which switch becomes the root bridge.
Figure 2 shows the BID fields. The BID is made up of a priority value, an extended system ID, and the MAC address of the switch. The bridge priority value is automatically assigned, but can be modified. The extended system ID is used to specify a VLAN ID or a multiple spanning tree protocol (MSTP) instance ID. The MAC address field initially contains the MAC address of the sending switch.
All switches in the broadcast domain participate in the election process. After a switch boots, it begins to send out BPDU frames every two seconds. These BPDUs contain the switch BID and the root ID.
The switch with the lowest BID will become the root bridge. At first, all switches declare themselves as the root bridge. Eventually, the switches exchange BPDUs, and agree on one root bridge.
As the switches forward their BPDU frames, adjacent switches in the broadcast domain read the root ID information from the BPDU frames. If the root ID from a BPDU received is lower than the root ID on the receiving switch, then the receiving switch updates its root ID, identifying the adjacent switch as the root bridge. However, it may not be an adjacent switch. It could be any other switch in the broadcast domain. The switch then forwards new BPDU frames with the lower root ID to the other adjacent switches. Eventually, the switch with the lowest BID ends up being identified as the root bridge for the spanning tree instance.
There is a root bridge elected for each spanning tree instance. It is possible to have multiple distinct root bridges for different sets of VLANs. If all ports on all switches are members of VLAN 1, then there is only one spanning tree instance. The extended system ID includes the VLAN ID, and plays a role in how spanning tree instances are determined.
The BID consists of a configurable bridge priority number and a MAC address. Bridge priority is a value between 0 and 65,535. The default is 32,768. If two or more switches have the same priority, the switch with the lowest MAC address will become the root bridge.
Note: The reason the bridge priority value in Figure 1 displays 32,769 instead of the default value of 32,768 is because STA algorithm also adds the default VLAN number (VLAN 1) to the priority value.

3.1.2.4 Spanning Tree Algorithm: Root Path Cost

When the root bridge has been elected for the spanning tree instance, the STA starts the process of determining the best paths to the root bridge from all destinations in the broadcast domain. The path information, known as the internal root path cost, is determined by summing up the individual port costs along the path from the switch to the root bridge.
Note: Switches send BPDUs, which include the root path cost. This is the cost of the path from the sending switch to the root bridge. When a switch receives the BPDU, it adds the ingress port cost of the segment to determine its internal root path cost.
The default port costs are defined by the speed at which the port operates. As shown in Figure 1, 10 Gb/s Ethernet ports have a port cost of 2, 1 Gb/s Ethernet ports have a port cost of 4, 100 Mb/s Fast Ethernet ports have a port cost of 19, and 10 Mb/s Ethernet ports have a port cost of 100.
Note: As newer and faster Ethernet technologies enter the marketplace, the port cost values may change to accommodate the different speeds available. The non-linear numbers in the table accommodate some improvements to the older Ethernet standard. The values have already been changed to accommodate the 10 Gb/s Ethernet standard. To illustrate the continued change associated with high-speed networking, Catalyst 4500 and 6500 switches support a longer port cost method; for example, 10 Gb/s has a 2000 port cost, 100 Gb/s has a 200 port cost, and 1 Tb/s has a 20 port cost.
Although switch ports have a default port cost associated with them, the port cost is configurable. The ability to configure individual port costs gives the administrator the flexibility to manually control the spanning tree paths to the root bridge.
To configure the port cost of an interface (as shown in Figure 2), enter the spanning-tree cost value command in interface configuration mode. The value can be between 1 and 200,000,000.
In the example, switch port F0/1 has been configured with a port cost of 25 using the spanning-tree cost 25 interface configuration mode command on the F0/1 interface.
To restore the port cost to the default value of 19, enter the no spanning-tree cost interface configuration mode command.
The internal root path cost is equal to the sum of all the port costs along the path to the root bridge (as shown in Figure 3). Paths with the lowest cost become preferred, and all other redundant paths are blocked. In the example, the internal root path cost from S2 to the root bridge S1 over path 1 is 19 (based on the IEEE-specified individual port cost) while the internal root path cost over path 2 is 38. Because path 1 has a lower overall path cost to the root bridge, it is the preferred path. STP configures the redundant path to be blocked, which prevents a loop from occurring.
To verify the port and internal root path cost to the root bridge, enter the show spanning-treecommand (as shown in Figure 4). The Cost field near the top of the output is the internal root path cost, the total path cost to the root bridge. This value changes depending on how many switch ports must be traversed to get to the root bridge. In the output, each interface is also identified with an individual port cost of 19.

Best Path to Root Bridge 



3.1.2.5 Port Role Decisions for RSTP

In the example, switch S1 is the root bridge. Switches S2 and S3 have root ports configured for the ports connecting back to S1.
After STP has determined which switch port serves in the root port role on each switch, STP needs to decide which ports have the designated and alternate roles.
The root bridge automatically configures all of its switch ports in the designated role. Other switches in the topology configure their non-root ports as designated or alternate ports.
Designated ports are configured for all LAN segments. When two switches are connected to the same LAN segment, and root ports have already been defined, the two switches have to decide which port to configure as a designated port and which port remains the alternate port.
The switches on the LAN segment exchange BPDU frames, which contain the switch BID. Generally, the switch with the lower BID has its port configured as a designated port while the switch with the higher BID has its port configured as an alternate port. However, keep in mind that the first priority is the lowest path cost to the root bridge and that the sender’s BID is used only if the port costs are equal.
Each switch determines which port roles are assigned to each of its ports to create the loop-free spanning tree.
Figures 1 through 7 illustrate how port roles are determined.

3.1.2.6 Designated and Alternate Ports

When determining the root port on a switch, the switch compares the path costs on all switch ports participating in the spanning tree. The switch port with the lowest overall path cost to the root bridge is automatically assigned the root port role because it is closest to the root bridge. In a network topology of switches, all non-root bridge switches have a single root port chosen, and that port provides the lowest cost path back to the root bridge.
A root bridge will not have any root ports. All ports on a root bridge will be designated ports. A switch that is not the root bridge of a network topology will have only one root port defined.
The figure shows a topology with four switches. Examining the port roles, port F0/1 on switch S3 and port F0/3 on switch S4 have been selected as root ports because they have the lowest cost path (root path cost) to the root bridge for their respective switches.
S2 has two port ports, F0/1 and F0/2 with equal cost paths to the root bridge. In this case the bridge IDs of the neighboring switches, S3 and S4, will be used to break the tie. This is known as the sender’s BID. S3 has a BID of 24577.5555.5555.5555 and S4 has a BID of 24577.1111.1111.1111. Because S4 has a lower BID, S2’s F0/1 port, the port connected to S4, will be the root port.
Note: The BIDs are not shown in the figure.
Next, designated ports need to be selected on shared segments. S2 and S3 connect to the same LAN segment and therefore; they exchange BPDU frames. STP determines whether S2’s F0/2 port or S3’s F0/2 port will be the designated port for the shared segment. The switch with the lower cost path to the root bridge (root path cost) will have its port selected as the designated port. S3’s F0/2 port has a lower cost path to the root bridge so it will be the designated port for that segment.
S2 and S4 go through a similar process for their shared segment. S4’s F0/1 port has the lower cost path to the root bridge and becomes the designated port on this shared segment.
All STP port roles have been assigned except for S2’s F0/2 port. S2’s F0/1 port has already been selected as the root port for that switch. Because S3’s F0/2 port is the designated port for this segment, S2’s F0/2 port will become an alternate port.
The Designated Port is the port that sends and receives traffic, to and from that segment to the Root Bridge. This is the best port on that segment towards the root bridge. The alternate port will not send or receive traffic on that segment. This is the loop prevention part of STP.

3.1.2.7 802.1D BPDU Frame Format

The spanning tree algorithm depends on the exchange of BPDUs to determine a root bridge. A BPDU frame contains 12 distinct fields that convey the path and priority information used to determine the root bridge and the paths to the root bridge.
Click the BPDU fields in Figure 1 to see more detail.
  • The first four fields identify the protocol, version, message type, and status flags.
  • The next four fields are used to identify the root bridge and the root path cost to the root bridge.
  • The last four fields are all timer fields that determine how frequently BPDU messages are sent and how long the information received through the BPDU process is retained.
Figure 2 shows a BPDU frame that was captured using Wireshark. In the example, the BPDU frame contains more fields than previously described. The BPDU message is encapsulated in an Ethernet frame when it is transmitted across the network. The 802.3 header indicates the source and destination addresses of the BPDU frame. This frame has a destination MAC address of 01:80:C2:00:00:00, which is a multicast address for the spanning tree group. When a frame is addressed with this MAC address, each switch that is configured for spanning tree accepts and reads the information from the frame. All other devices on the network disregard the frame.
In the example, the root ID and the BID are the same in the captured BPDU frame. This indicates that the frame was captured from a root bridge. The timers are all set to the default values.

3.1.2.8 802.1D BPDU Propagation and Process

Each switch in the broadcast domain initially assumes that it is the root bridge for a spanning tree instance, so the BPDU frames that are sent contain the BID of the local switch as the root ID. By default, BPDU frames are sent every two seconds after a switch is booted. The default value of the Hello timer specified in the BPDU frame is two seconds. Each switch maintains local information about its own BID, the root ID, and the root path cost.
When adjacent switches receive a BPDU frame, they compare the root ID from the BPDU frame with the local root ID. If the root ID in the received BPDU is lower than the local root ID, the switch updates the local root ID and the ID in its BPDU messages. These messages indicate the new root bridge on the network. If the local root ID is lower than the root ID received in the BPDU frame, the BPDU frame is discarded.
The distance to the root bridge is indicated by the root path cost in the BPDU. The ingress port cost is then added to the root path cost in the BPDU to determine the internal root path cost from this switch to the root bridge. For example, if the BPDU was received on a Fast Ethernet switch port, the root path cost in the BPDU would be added to the ingress port cost of 19 for a cumulative internal root path cost. This is the cost from this switch to the root bridge.
After a root ID has been updated to identify a new root bridge, all subsequent BPDU frames sent from that switch contain the new root ID and updated root path cost. That way, all other adjacent switches are able to see the lowest root ID identified at all times. As the BPDU frames pass between other adjacent switches, the path cost is continually updated to indicate the total path cost to the root bridge. Each switch in the spanning tree uses its path costs to identify the best possible path to the root bridge.
The following summarizes the BPDU process:
Note: Bridge priority is the initial deciding factor when electing a root bridge. If the bridge priorities of all the switches are the same, the device with the lowest MAC address becomes the root bridge.
1. In Figure 1, each switch identifies itself as the root bridge. S2 forwards BPDU frames out all switch ports.
2. In Figure 2, when S3 receives a BPDU from switch S2, S3 compares its root ID with the BPDU frame it received. The priorities are equal, so the switch is forced to examine the MAC address portion to determine which MAC address has a lower value. S2 has a lower MAC address value, so S3 updates its root ID with the S2 root ID. At that point, S3 considers S2 as the root bridge.
3. In Figure 3, S1 compares its root ID with the one in the received BPDU frame, it identifies its local root ID as the lower value, and discards the BPDU from S2.
4. In Figure 4, S3 sends out its BPDU frames, and the root ID contained in the BPDU frame is that of S2.
5. In Figure 5, S2 receives the BPDU frame, and it discards it after verifying that the root ID in the BPDU matched its local root ID.
6. In Figure 6, S1 discards the BPDU frame received from S3 because S1 has a lower priority value in its root ID.
7. In Figure 7, S1 sends out its BPDU frames.
8. In Figure 8, S3 identifies the root ID in the BPDU frame as having a lower value and, therefore, updates its root ID values to indicate that S1 is now the root bridge.
9. In Figure 9, S2 identifies the root ID in the BPDU frame as having a lower value and, therefore, updates its root ID values to indicate that S1 is now the root bridge.

3.1.2.9 Extended System ID

The bridge ID (BID) is used to determine the root bridge on a network. The BID field of a BPDU frame contains three separate fields:
  • Bridge priority
  • Extended system ID
  • MAC address
Each field is used during the root bridge election.
Bridge Priority
The bridge priority is a customizable value that can be used to influence which switch becomes the root bridge. The switch with the lowest priority, which implies the lowest BID, becomes the root bridge because a lower priority value takes precedence. For example, to ensure that a specific switch is always the root bridge, set the priority to a lower value than the rest of the switches on the network. The default priority value for all Cisco switches is the decimal value 32768. The range is 0 to 61440 in increments of 4096. Valid priority values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected. A bridge priority of 0 takes precedence over all other bridge priorities.
Extended System ID
Early implementations of IEEE 802.1D were designed for networks that did not use VLANs. There was a single common spanning tree across all switches. For this reason, in older Cisco switches, the extended system ID could be omitted in BPDU frames. As VLANs became common for network infrastructure segmentation, 802.1D was enhanced to include support for VLANs, which required that the VLAN ID be included in the BPDU frame. VLAN information is included in the BPDU frame through the use of the extended system ID. All newer switches include the use of the extended system ID by default.
As shown in Figure 1, the bridge priority field is 2 bytes or 16-bits in length. 4-bits are used for the bridge priority and 12-bits are used for the extended system ID, which identifies the VLAN participating in this particular STP process. Using these 12 bits for the extended system ID reduces the bridge priority to 4 bits. This process reserves the rightmost 12 bits for the VLAN ID and the far left 4 bits for the bridge priority. This explains why the bridge priority value can only be configured in multiples of 4096, or 2^12. If the far left bits are 0001, then the bridge priority is 4096. If the far left bits are 1111, then the bridge priority is 61440 (= 15 x 4096). The Catalyst 2960 and 3560 Series switches do not allow the configuration of a bridge priority of 65536 (= 16 x 4096) because it assumes use of a 5th bit that is unavailable due to the use of the extended system ID.
The extended system ID value is a decimal value added to the bridge priority value in the BID to identify the priority and VLAN of the BPDU frame.
When two switches are configured with the same priority and have the same extended system ID, the switch having the MAC address with the lowest value, expressed in hexadecimal, will have the lower BID. Initially, all switches are configured with the same default priority value. The MAC address is then the deciding factor as to which switch is going to become the root bridge. To ensure that the root bridge decision best meets network requirements, it is recommended that the administrator configure the desired root bridge switch with a lower priority. This also ensures that the addition of new switches to the network does not trigger a new spanning tree election, which can disrupt network communication while a new root bridge is being selected.
In Figure 2, S1 has a lower priority than the other switches. Therefore, it is preferred as the root bridge for that spanning tree instance.
When all switches are configured with the same priority, as is the case with all switches kept in the default configuration with a priority of 32768, the MAC address becomes the deciding factor as to which switch becomes the root bridge, as shown in Figure 3.
Note: In the example, the priority of all the switches is 32769. The value is based on the 32768 default priority and the VLAN 1 assignment associated with each switch (32768+1).
The MAC address with the lowest hexadecimal value is considered to be the preferred root bridge. In the example, S2 has the lowest value for its MAC address and is, therefore, designated as the root bridge for that spanning tree instance.

Instructions 

Drag the RSTP port role names to their appropriate switch ports in the topology. Port role names may be used more than once.


3.2.1.1 Types of Spanning Tree Protocols

Several varieties of spanning tree protocols have emerged since the original IEEE 802.1D.
The varieties of spanning tree protocols include:
  • STP - This is the original IEEE 802.1D version (802.1D-1998 and earlier) that provides a loop-free topology in a network with redundant links. Common Spanning Tree (CST) assumes one spanning tree instance for the entire bridged network, regardless of the number of VLANs.
  • PVST+ - This is a Cisco enhancement of STP that provides a separate 802.1D spanning tree instance for each VLAN configured in the network. The separate instance supports PortFast, UplinkFast, BackboneFast, BPDU guard, BPDU filter, root guard, and loop guard.
  • 802.1D-2004 - This is an updated version of the STP standard, incorporating IEEE 802.1w.
  • Rapid Spanning Tree Protocol (RSTP) or IEEE 802.1w - This is an evolution of STP that provides faster convergence than STP.
  • Rapid PVST+ - This is a Cisco enhancement of RSTP that uses PVST+. Rapid PVST+ provides a separate instance of 802.1w per VLAN. Each separate instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard.
  • Multiple Spanning Tree Protocol (MSTP) - This is an IEEE standard inspired by the earlier Cisco proprietary Multiple Instance STP (MISTP) implementation. MSTP maps multiple VLANs into the same spanning tree instance. The Cisco implementation of MSTP is MST, which provides up to 16 instances of RSTP and combines many VLANs with the same physical and logical topology into a common RSTP instance. Each instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard.
A network professional, whose duties include switch administration, may be required to decide which type of spanning tree protocol to implement.

3.2.1.2 Characteristics of the Spanning Tree Protocols

These are characteristics of the various spanning tree protocols. The italicized words indicate whether the particular spanning tree protocol is Cisco-proprietary or an IEEE standard implementation:
  • STP - Assumes one IEEE 802.1D spanning tree instance for the entire bridged network, regardless of the number of VLANs. Because there is only one instance, the CPU and memory requirements for this version are lower than for the other protocols. However, because there is only one instance, there is only one root bridge and one tree. Traffic for all VLANs flows over the same path, which can lead to suboptimal traffic flows. Because of the limitations of 802.1D, this version is slow to converge.
  • PVST+ - A Cisco enhancement of STP that provides a separate instance of the Cisco implementation of 802.1D for each VLAN that is configured in the network. The speed of convergence is similar to the original STP. The separate instance supports PortFast, UplinkFast, BackboneFast, BPDU guard, BPDU filter, root guard, and loop guard. Port roles are defined the same as they are with RSTP. Creating an instance for each VLAN increases the CPU and memory requirements, but allows for per-VLAN root bridges. This design allows the spanning tree to be optimized for the traffic of each VLAN. Convergence of this version is similar to the convergence of 802.1D. However, convergence is per-VLAN.
  • RSTP (or IEEE 802.1w) - An evolution of spanning tree that provides faster convergence than the original 802.1D implementation. This version addresses many convergence issues, but because it still provides a single instance of STP, it does not address the suboptimal traffic flow issues. To support that faster convergence, the CPU usage and memory requirements of this version are higher than those of CST, but less than those of Rapid PVST+.
  • Rapid PVST+ - A Cisco enhancement of RSTP that uses PVST+. It provides a separate instance of 802.1w per VLAN. The separate instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard. This version addresses the convergence issues and the suboptimal traffic flow issues. However, this version has the highest CPU and memory requirements.
  • MSTP - The IEEE 802.1s standard, and was inspired by the earlier Cisco proprietary MISTP implementation. To reduce the number of required STP instances, MSTP maps multiple VLANs that have the same traffic flow requirements into the same spanning tree instance.
  • MST - The Cisco implementation of MSTP, which provides up to 16 instances of RSTP (802.1w) and combines many VLANs with the same physical and logical topology into a common RSTP instance. Each instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard. The CPU and memory requirements of this version are less than those of Rapid PVST+ but more than those of RSTP.
Cisco switches running IOS 15.0 or later, run PVST+ by default. This version incorporates many of the specifications of IEEE 802.1D-2004, such as alternate ports in place of the former non-designated ports. However, the switches must be explicitly configured for rapid spanning tree mode in order to run the rapid spanning tree protocol.

3.2.1.3 Overview of PVST+

The original IEEE 802.1D standard defines a CST that assumes only one spanning tree instance for the entire switched network, regardless of the number of VLANs. A network running CST has these characteristics:
  • No load sharing is possible. One uplink must block for all VLANs.
  • The CPU is spared. Only one instance of spanning tree must be computed.
Cisco developed PVST+ so that a network can run an independent instance of the Cisco implementation of IEEE 802.1D for each VLAN in the network. With PVST+, it is possible for one trunk port on a switch to block for a VLAN while forwarding for other VLANs. PVST+ can be used to implement Layer 2 load balancing. The switches in a PVST+ environment require greater CPU process and BPDU bandwidth consumption than a traditional CST implementation of STP because each VLAN runs a separate instance of STP.
In a PVST+ environment, spanning tree parameters can be tuned so that half of the VLANs forward on each uplink trunk. In the figure, port F0/3 on S2 is the forwarding port for VLAN 20, and F0/2 on S2 is the forwarding port for VLAN 10. This is accomplished by configuring one switch to be elected the root bridge for half of the VLANs in the network, and a second switch to be elected the root bridge for the other half of the VLANs. In the figure, S3 is the root bridge for VLAN 20 and S1 is the root bridge for VLAN 10. Multiple STP root bridges per VLAN increases redundancy in the network.
Networks running PVST+ have these characteristics:
  • Optimum load balancing can result.
  • One spanning tree instance for each VLAN maintained can mean a considerable waste of CPU cycles for all the switches in the network (in addition to the bandwidth that is used for each instance to send its own BPDU). This will only be problematic if a large number of VLANs are configured.

3.2.2.2 Port States and PVST+ Operation

STP facilitates the logical loop-free path throughout the broadcast domain. The spanning tree is determined through the information learned by the exchange of the BPDU frames between the interconnected switches. To facilitate the learning of the logical spanning tree, each switch port transitions through five possible port states and three BPDU timers.
The spanning tree is determined immediately after a switch is finished booting up. If a switch port transitions directly from the blocking state to the forwarding state without information about the full topology during the transition, the port can temporarily create a data loop. For this reason, STP introduces five port states. PVST+ uses the same five port states. The figure describes the port states that ensure no loops are created during the creation of the logical spanning tree:
  • Blocking - The port is an alternate port and does not participate in frame forwarding. The port receives BPDU frames to determine the location and root ID of the root bridge switch and which port roles each switch port should assume in the final active STP topology.
  • Listening - Listens for the path to the root. STP has determined that the port can participate in frame forwarding according to the BPDU frames that the switch has received. The switch port receives BPDU frames, transmits its own BPDU frames, and informs adjacent switches that the switch port is preparing to participate in the active topology.
  • Learning - Learns the MAC addresses. The port prepares to participate in frame forwarding and begins to populate the MAC address table.
  • Forwarding - The port is considered part of the active topology. It forwards data frames and sends and receives BPDU frames.
  • Disabled - The Layer 2 port does not participate in spanning tree and does not forward frames. The disabled state is set when the switch port is administratively disabled.
Note that the number of ports in each of the various states (blocking, listening, learning, or forwarding) can be displayed with the show spanning-tree summary command.
For each VLAN in a switched network, PVST+ performs four steps to provide a loop-free logical network topology:
Step 1. Elects one root bridge - Only one switch can act as the root bridge (for a given VLAN). The root bridge is the switch with the lowest bridge ID. On the root bridge, all ports are designated ports (no root ports).
Step 2. Selects the root port on each non-root bridge - PVST+ establishes one root port on each non-root bridge for each VLAN. The root port is the lowest-cost path from the non-root bridge to the root bridge, which indicates the direction of the best path to the root bridge. Root ports are normally in the forwarding state.
Step 3. Selects the designated port on each segment - On each link, PVST+ establishes one designated port for each VLAN. The designated port is selected on the switch that has the lowest-cost path to the root bridge. Designated ports are normally in the forwarding state, and forwarding traffic for the segment.
Step 4. The remaining ports in the switched network are alternate ports - Alternate ports normally remain in the blocking state, to logically break the loop topology. When a port is in the blocking state, it does not forward traffic, but it can still process received BPDU messages.

3.2.2.3 Extended System ID and PVST+ Operation

In a PVST+ environment, the extended system ID ensures each switch has a unique BID for each VLAN.
For example, the VLAN 2 default BID would be 32770 (priority 32768, plus the extended system ID of 2). If no priority has been configured, every switch has the same default priority and the election of the root bridge for each VLAN is based on the MAC address. Because the bridge ID is based on the lowest MAC address, the switch chosen to be root bridge might not be the most powerful or the most optimal switch.
There are situations where the administrator may want a specific switch selected as the root bridge. This may be for a variety of reasons, including:
  • the switch is more optimally located within the LAN design in regards to the majority of traffic flow patterns for a particular VLAN;
  • the switch has higher processing power, or;
  • the switch is simply easier to access and manage remotely.
To manipulate the root-bridge election, assign a lower priority to the switch that should be selected as the root bridge for the desired VLAN(s).

3.2.3.1 Overview of Rapid PVST+

RSTP (IEEE 802.1w) is an evolution of the original 802.1D standard and is incorporated into the IEEE 802.1D-2004 standard. The 802.1w STP terminology remains primarily the same as the original IEEE 802.1D STP terminology. Most parameters have been left unchanged, so users that are familiar with STP can easily configure the new protocol. Rapid PVST+ is the Cisco implementation of RSTP on a per-VLAN basis. An independent instance of RSTP runs for each VLAN.
The figure shows a network running RSTP. S1 is the root bridge with two designated ports in a forwarding state. RSTP supports a new port type. Port F0/3 on S2 is an alternate port in discarding state. Notice that there are no blocking ports. RSTP does not have a blocking port state. RSTP defines port states as discarding, learning, or forwarding.
RSTP speeds the recalculation of the spanning tree when the Layer 2 network topology changes. RSTP can achieve much faster convergence in a properly configured network, sometimes in as little as a few hundred milliseconds. RSTP redefines the type of ports and their state. If a port is configured to be an alternate port or a backup port, it can immediately change to a forwarding state without waiting for the network to converge. The following briefly describes RSTP characteristics:
  • RSTP is the preferred protocol for preventing Layer 2 loops in a switched network environment. Many of the differences were established by Cisco-proprietary enhancements to the original 802.1D. These enhancements, such as BPDUs carrying and sending information about port roles only to neighboring switches, require no additional configuration and generally perform better than the earlier Cisco-proprietary versions. They are now transparent and integrated into the protocol’s operation.
  • Cisco-proprietary enhancements to the original 802.1D, such as UplinkFast and BackboneFast, are not compatible with RSTP.
  • RSTP (802.1w) supersedes the original 802.1D while retaining backward compatibility. Much of the original 802.1D terminology remains and most parameters are unchanged. In addition, 802.1w is capable of reverting back to legacy 802.1D to interoperate with legacy switches on a per-port basis. For example, the RSTP spanning tree algorithm elects a root bridge in exactly the same way as the original 802.1D.
  • RSTP keeps the same BPDU format as the original IEEE 802.1D, except that the version field is set to 2 to indicate RSTP and the flags field uses all 8 bits.
  • RSTP is able to actively confirm that a port can safely transition to the forwarding state without having to rely on a timer configuration.

3.2.3.1 RSTP BPDUs

RSTP uses type 2, version 2 BPDUs. The original 802.1D STP uses type 0, version 0 BPDUs. However, a switch running RSTP can communicate directly with a switch running the original 802.1D STP. RSTP sends BPDUs and populates the flag byte in a slightly different manner than in the original 802.1D:
  • Protocol information can be immediately aged on a port if Hello packets are not received for three consecutive Hello times (six seconds, by default) or if the max age timer expires.
  • BPDUs are used as a keepalive mechanism. Therefore, three consecutively missed BPDUs indicate lost connectivity between a bridge and its neighboring root or designated bridge. The fast aging of the information allows failures to be detected quickly.
Note: Like STP, an RSTP switch sends a BPDU with its current information every Hello time period (two seconds, by default), even if the RSTP switch does not receive BPDUs from the root bridge.
As shown in the figure, RSTP uses the flag byte of version 2 BPDU:
  • Bits 0 and 7 are used for topology change and acknowledgment. They are in the original 802.1D.
  • Bits 1 and 6 are used for the Proposal Agreement process (used for rapid convergence).
  • Bits 2 to 5 encode the role and state of the port.
  • Bits 4 and 5 are used to encode the port role using a 2-bit code.

3.2.3.3 Edge Ports

An RSTP edge port is a switch port that is never intended to be connected to another switch. It immediately transitions to the forwarding state when enabled.
The RSTP edge port concept corresponds to the PVST+ PortFast feature. An edge port is directly connected to an end station and assumes that no switch device is connected to it. RSTP edge ports should immediately transition to the forwarding state, thereby skipping the time-consuming original 802.1D listening and learning port states.
The Cisco RSTP implementation (Rapid PVST+) maintains the PortFast keyword, using the spanning-tree portfast command for edge port configuration. This makes the transition from STP to RSTP seamless.
Figure 1 shows examples of ports that can be configured as edge ports. Figure 2 shows examples of ports that are non-edge ports.
Note: Configuring an edge port to be attached to another switch is not recommended. This can have negative implications for RSTP because a temporary loop may result, possibly delaying the convergence of RSTP.

3.2.3.4 Link Types

The link type provides a categorization for each port participating in RSTP by using the duplex mode on the port. Depending on what is attached to each port, two different link types can be identified:
  • Point-to-Point - A port operating in full-duplex mode typically connects a switch to a switch and is a candidate for a rapid transition to a forwarding state.
  • Shared - A port operating in half-duplex mode connects a switch to a hub that attaches multiple devices.
In the figure, click each link to learn about the link types.
The link type can determine whether the port can immediately transition to a forwarding state, assuming certain conditions are met. These conditions are different for edge ports and non-edge ports. Non-edge ports are categorized into two link types: point-to-point and shared. The link type is automatically determined, but can be overridden with an explicit port configuration using the spanning-tree link-type point-to-point | shared } command. Characteristics of port roles, with regard to link types, include the following:
  • Edge port connections and point-to-point connections are candidates for rapid transition to a forwarding state. However, before the link-type parameter is considered, RSTP must determine the port role.
  • Root ports do not use the link-type parameter. Root ports are able to make a rapid transition to the forwarding state as soon as the port is in sync (receives a BPDU from the root bridge).
  • Alternate and backup ports do not use the link-type parameter in most cases.
  • Designated ports make the most use of the link-type parameter. A rapid transition to the forwarding state for the designated port occurs only if the link-type parameter is set to point-to-point.


We are here to help you!

1 comment: