Quản trị mạng - Chapter 5: Spanning tree protocol

Chapter 5 - Spanning Tree Protocol CCNA Exploration 4.0 Học viện mạng Bách Khoa - Website: www.bkacad.com 2 Objectives • Explain the role of redundancy in a converged network. • Summarize how STP works to eliminate Layer 2 loops in a converged network. • Explain how the STP algorithm uses three steps to converge on a loop-free topology. • Implement rapid PVST+ in a LAN to prevent loops between redundant switches. Học viện mạng Bách Khoa - Website: www.bkacad.com 3 Redundancy Redundancy in a hierarchical network • Layer 2 redundancy improves the availability of the network by implementing alternate network paths by adding equipment and cabling. Học viện mạng Bách Khoa - Website: www.bkacad.com 4 Redundancy Examine a redundant design • In a hierarchical design, redundancy is achieved at the distribution and core layers through additional hardware and alternate paths through the additional hardware. Học viện mạng Bách Khoa - Website: www.bkacad.com 5 Redundancy Examine a redundant design Học viện mạng Bách Khoa - Website: www.bkacad.com 6 Redundancy Examine a redundant design Học viện mạng Bách Khoa - Website: www.bkacad.com 7 Redundancy Examine a redundant design Học viện mạng Bách Khoa - Website: www.bkacad.com 8 Redundancy Examine a redundant design Học viện mạng Bách Khoa - Website: www.bkacad.com 9 Types of Traffic Types of traffic (Layer 2 perspective) 1. Known Unicast: Destination addresses are in Switch Tables 2. Unknown Unicast: Destination addresses are not in Switch Tables 3. Multicast: Traffic sent to a group of addresses 4. Broadcast: Traffic forwarded out all interfaces except incoming interface. Unknown Unicast Học viện mạng Bách Khoa - Website: www.bkacad.com 10 Issues with Redundancy A redundant switched topology (STP disabled) may cause: 1. Layer 2 Loops 2. Broadcast Storms 3. Duplicate Unicast Frames 4. MAC address table instability Học viện mạng Bách Khoa - Website: www.bkacad.com 11 Issues with Redundancy Layer 2 Loops • When multiple paths exist between two devices on the network and STP has been disabled on those switches, a Layer 2 loop can occur. Học viện mạng Bách Khoa - Website: www.bkacad.com 12 Issues with Redundancy Broadcast Storms • A broadcast storm occurs when there are so many broadcast frames caught in a Layer 2 loop that all available bandwidth is consumed. Học viện mạng Bách Khoa - Website: www.bkacad.com 13 Issues with Redundancy Duplicate Unicast Frames • Unicast frames sent onto a looped network can result in duplicate frames arriving at the destination device. Học viện mạng Bách Khoa - Website: www.bkacad.com 14 Issues with Redundancy • Incorrectly learn the MAC address Học viện mạng Bách Khoa - Website: www.bkacad.com 15 Real-world Redundancy Issues Loops in the Wiring Closet • If the network cables are not properly labeled when they are terminated in the patch panel in the wiring closet. Network loops that are a result of accidental duplicate connections in the wiring closets are a common occurrence. Học viện mạng Bách Khoa - Website: www.bkacad.com 16 Real-world Redundancy Issues Loops in the Cubicles Học viện mạng Bách Khoa - Website: www.bkacad.com 17 Prevent loop, storm bordcast? • Enable Spanning Tree Protocol (STP) • STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop. A port is considered blocked when network traffic is prevented from entering or leaving that port. • Block redundant link and auto unblock redundant link when primary link down. Học viện mạng Bách Khoa - Website: www.bkacad.com 18 • STP is a Layer 2 link-management protocol that is used to maintain a loop-free network. • The Spanning-Tree Protocol requires network devices to exchange messages to detect bridging loops, is called a Bridge Protocol Data Unit (BPDU). • BPDUs continue to be received on blocked ports. Spanning-Tree Protocol (STP) Học viện mạng Bách Khoa - Website: www.bkacad.com 19 Spanning-Tree Protocol Học viện mạng Bách Khoa - Website: www.bkacad.com 20 Spanning-Tree Protocol • STP executes an algorithm called Spanning Tree Algorithm (STA). • STA chooses a reference point, called a root bridge, and then determines the available paths to that reference point. – If more than two paths exists, STA picks the best path and blocks the rest • STP calculations make extensive use of 2 key concepts in creating a loop-free topology: 1. Bridge ID 2. Path Cost Học viện mạng Bách Khoa - Website: www.bkacad.com 21 STP Algorithm 1. Root Bridge – The lowest BID 2. Root Ports - Switch ports closest to the root bridge. 3. Designated ports - All non-root ports that are still permitted to forward traffic on the network. 4. Non-designated ports - All ports configured to be in a blocking state to prevent loops. Học viện mạng Bách Khoa - Website: www.bkacad.com 22 The Root Bridge • Every spanning-tree instance (switched LAN or broadcast domain) has a switch designated as the root bridge. The root bridge serves as a reference point for all spanning-tree calculations to determine which redundant paths to block. Lowest Bridge ID value is the root ! Học viện mạng Bách Khoa - Website: www.bkacad.com 23 Extra: The Root Bridge • The root bridge maintains the stability of the forwarding paths between all switches for a single STP instance. • A spanning tree instance is when all switches exchanging BPDUs and participating in spanning tree negotiation are associated with a single root. – If this is done for all VLANs, it is called a Common Spanning Tree (CST) instance. – There is also a Per VLAN Spanning Tree (PVST) implementation that provides one instance, and therefore one root bridge, for each VLAN. Học viện mạng Bách Khoa - Website: www.bkacad.com 24 Bridge ID (BID) Học viện mạng Bách Khoa - Website: www.bkacad.com 25 Bridge ID (BID) • For each Network, the switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. • The BID is made up of a priority value, an extended system ID, and the MAC address of the switch. Học viện mạng Bách Khoa - Website: www.bkacad.com 26 Bridge ID (BID) Học viện mạng Bách Khoa - Website: www.bkacad.com 27 Bridge ID (BID) Priority-based decision • The default value for the priority of all Cisco switches is 32768. • The priority range is between 1 and 65536; therefore, 1 is the highest priority. Học viện mạng Bách Khoa - Website: www.bkacad.com 28 Bridge ID (BID) MAC Address-based decision Học viện mạng Bách Khoa - Website: www.bkacad.com 29 Configure and Verify the BID Học viện mạng Bách Khoa - Website: www.bkacad.com 30 Configure and Verify the BID Học viện mạng Bách Khoa - Website: www.bkacad.com 31 Best Paths to the Root Bridge • When the root bridge has been designated for the spanning-tree instance, the STA starts the process of determining the best paths to the root bridge from all destinations in the broadcast domain. Học viện mạng Bách Khoa - Website: www.bkacad.com 32 Best Paths to the Root Bridge Học viện mạng Bách Khoa - Website: www.bkacad.com 33 Best Paths to the Root Bridge • Each bridge advertises the spanning tree path cost in the BPDU. This spanning tree path cost is the cumulative cost of all the links from the root bridge to the switch sending the BPDU. • In Figure, switch Y receives a BPDU from the root bridge (switch X) on its switch port on the Fast Ethernet segment, and another BPDU on its switch port on the Ethernet segment. – The root path cost in both cases is 0. – The local path cost on the Fast Ethernet switch port is 19, while the local path cost on the Ethernet switch port is 100. Học viện mạng Bách Khoa - Website: www.bkacad.com 34 Bridge Protocol Data Unit (BPDU) • The BPDUs are transmitted in one direction from the root switch, and each switch sends configuration BPDUs to communicate and to compute the STP topology. Học viện mạng Bách Khoa - Website: www.bkacad.com 35 BPDU Field Format • 802.3 Header – Destination: 01:80:C2:00:00:00 Mcast 802.1d Bridge group – Source: 00:D0:C0:F5:18:D1 – LLC Length: 38 • 802.2 Logical Link Control (LLC) Header – Dest. SAP: 0x42 802.1 Bridge Spanning Tree – Source SAP: 0x42 802.1 Bridge Spanning Tree – Command: 0x03 Unnumbered Information • 802.1 - Bridge Spanning Tree – Protocol Identifier: 0 – Protocol Version ID: 0 – Message Type: 0x00 Configuration Message – Flags: 00000000 – Root Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0 – Cost Of Path To Root: 0x00000000 (0) – Bridge Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0 – Port Priority/ID: 0x80/ 0x1D – Message Age: 0/256 seconds (exactly 0 seconds) – Maximum Age: 5120/256 seconds (exactly 20 seconds) – Hello Time: 512/256 seconds (exactly 2 seconds) – Forward Delay: 3840/256 seconds (exactly 15 seconds) Học viện mạng Bách Khoa - Website: www.bkacad.com 36 Extra: BPDU Field Format • 802.1d uses 2 types of BPDUs: – A configuration BPDU, used for initial STP configuraion. Type field=0x00 – A topology change notification (TCN) BPDU used for topology changes. Type field=0x80 Học viện mạng Bách Khoa - Website: www.bkacad.com 37 Extra: BPDU Field Format Học viện mạng Bách Khoa - Website: www.bkacad.com 38 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 39 The BPDU Process • When the network first starts, all bridges are announcing a chaotic mix of BPDUs. Học viện mạng Bách Khoa - Website: www.bkacad.com 40 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 41 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 42 The BPDU Process The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 43 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 44 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 45 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 46 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 47 The BPDU Process Học viện mạng Bách Khoa - Website: www.bkacad.com 48 Port Roles Học viện mạng Bách Khoa - Website: www.bkacad.com 49 Port Roles 1. Root Port – The root port exists on non-root bridges and is the switch port with the best path to the root bridge. 2. Designated Port – The designated port exists on root and non-root bridges. – For root bridges, all switch ports are designated ports. – For non-root bridges, a designated port is the switch port that receives and forwards frames toward the root bridge as needed. – Only one designated port is allowed per segment. 3. Non-designated Port – The non-designated port is a switch port that is blocked, so it is not forwarding data frames and not populating the MAC address table with source addresses. – A non-designated port is not a root port or a designated port. 4. Disabled Port – The disabled port is a switch port that is administratively shut down. A disabled port does not function in the spanning-tree process. Học viện mạng Bách Khoa - Website: www.bkacad.com 50 Configure Port Priority • The port priority values range from 0 - 240, in increments of 16. The default port priority value is 128. Học viện mạng Bách Khoa - Website: www.bkacad.com 51 • If all ports have the same priority, the port with the lowest port number forwards frames. • (config-if)# spanning-tree port-priority {number} Configure Port Priority (config-if)# spanning-tree port-priority {number} Học viện mạng Bách Khoa - Website: www.bkacad.com 52 Port Role Decisions Học viện mạng Bách Khoa - Website: www.bkacad.com 53 Port Role Decisions Học viện mạng Bách Khoa - Website: www.bkacad.com 54 Port Role Decisions Học viện mạng Bách Khoa - Website: www.bkacad.com 55 Port Role Decisions Học viện mạng Bách Khoa - Website: www.bkacad.com 56 Port Role Decisions Học viện mạng Bách Khoa - Website: www.bkacad.com 57 Port Role Decisions Học viện mạng Bách Khoa - Website: www.bkacad.com 58 Port Role Decisions Học viện mạng Bách Khoa - Website: www.bkacad.com 59 Port Roles - Summary Học viện mạng Bách Khoa - Website: www.bkacad.com 60 STP Port States and BPDU Timers Port States 1. Blocking - The port is a non-designated port and does not participate in frame forwarding. The port receives BPDU frames to determine the location and root ID of the root bridge switch and what port roles each switch port should assume in the final active STP topology. 2. Listening - STP has determined that the port can participate in frame forwarding according to the BPDU frames that the switch has received thus far. At this point, the switch port is not only receiving BPDU frames, it is also transmitting its own BPDU frames and informing adjacent switches that the switch port is preparing to participate in the active topology. 3. Learning - The port prepares to participate in frame forwarding and begins to populate the MAC address table. The port is still sending and receiving BPDUs. 4. Forwarding - The port is considered part of the active topology and forwards frames and also sends and receives BPDU frames. 5. Disabled - The Layer 2 port does not participate in spanning tree and does not forward frames. The disabled state is set when the switch port is administratively disabled. Học viện mạng Bách Khoa - Website: www.bkacad.com 61 STP Port States and BPDU Timers • If a bridge thinks it is the Root Bridge immediately after booting or in the absence of BPDUs for a certain period of time, the port transitions into the Listening state. Học viện mạng Bách Khoa - Website: www.bkacad.com 62 STP Port States and BPDU Timers Học viện mạng Bách Khoa - Website: www.bkacad.com 63 STP Port States and BPDU Timers • The BPDU timers not be adjusted directly because the values have been optimized for the seven-switch diameter. • Adjusting the spanning-tree diameter value on the root bridge to a lower value automatically adjusts the forward delay and maximum age timers proportionally for the new diameter. Học viện mạng Bách Khoa - Website: www.bkacad.com 64 Extra: BPDU Timers • Hello timer: Determines how often root bridge sends configuration BPDUs. The default is 2 seconds. • Maximum Age (Max Age): Tells the bridge how long to keep ports in the blocking state before listening. The default is 20 seconds. • Forward Delay (Fwd Delay): Determines how long to stay in the listening state before going to the learning state, and how long to stay in the learning state before forwarding. The default is 15 seconds. Học viện mạng Bách Khoa - Website: www.bkacad.com 65 Extra: STP Timers Học viện mạng Bách Khoa - Website: www.bkacad.com 66 STP Port States and BPDU Timers Cisco PortFast Technology • PortFast is a Cisco technology. When a switch port configured with PortFast is configured as an access port, that port transitions from blocking to forwarding state immediately, bypassing the typical STP listening and learning states. Học viện mạng Bách Khoa - Website: www.bkacad.com 67 STP Convergence All STP decisions are based on a the following predetermined sequence: Four-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port ID Học viện mạng Bách Khoa - Website: www.bkacad.com 68 STP Convergence • The STP algorithm uses three simple steps to converge on a loop-free topology. • Switches go through three steps for their initial convergence: STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports • All STP decisions are based on a the following predetermined sequence: Four-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port ID Học viện mạng Bách Khoa - Website: www.bkacad.com 69 STP Convergence STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 70 Step 1. Elect one Root Bridge Học viện mạng Bách Khoa - Website: www.bkacad.com 71 Step 1. Elect one Root Bridge Học viện mạng Bách Khoa - Website: www.bkacad.com 72 Step 1. Elect one Root Bridge • Verify Root Bridge Election Học viện mạng Bách Khoa - Website: www.bkacad.com 73 STP Convergence STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 74 Step 2. Elect Root Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 75 Step 2. Elect Root Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 76 Step 2. Elect Root Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 77 Step 2. Elect Root Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 78 Step 2. Elect Root Ports Verify the Root Port Học viện mạng Bách Khoa - Website: www.bkacad.com 79 STP Convergence STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 80 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 81 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 82 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 83 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 84 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 85 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 86 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 87 Step 3. Electing Designated Ports and Non-Designated Ports Học viện mạng Bách Khoa - Website: www.bkacad.com 88 Step 3. Electing Designated Ports and Non-Designated Ports Verify DP and Non-DP Học viện mạng Bách Khoa - Website: www.bkacad.com 89 STP Topology Change • Topology change notification (TCN) • Topology change acknowledgement (TCA) • Topology change (TC) designated bridge In legacy STP, TCNs were generated for any active port that was not configured for PortFast. Học viện mạng Bách Khoa - Website: www.bkacad.com 90 STP Topology Change • When the Root Bridge receives the (upstream) topology-change message (TCN BPDU), it sends out Configuration BPDUs to indicate that a topology change is occurring (using the low-order bit in the Flag field). – The Root Bridge sets the topology change in the configuration for a period of time equal to the sum of the Forward Delay and Max Age parameters (20s+15s= 35s) • A bridge receiving a (downstream) topology change configuration message from the Root Bridge will use the Forward Delay timer (15 seconds) to age out entries in the address table. – This allows the device to age out entries faster than the normal 5- minute default so that stations no longer available are aged out faster. – The bridge continues this process until it no longer receives topology change configuration messages from the Root Bridge. Học viện mạng Bách Khoa - Website: www.bkacad.com 91 STP (802.1D) Enhancements • UplinkFast is an access-layer STP solution that provides fast failover when the root port or root switch fails. • BackboneFast is a distribution and access-layer STP solution that provides fast convergence in the network for indirect link failures. • PortFast is an access-layer STP solution that causes a port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. Học viện mạng Bách Khoa - Website: www.bkacad.com 92 Extra: PortFast • When a device is connected to a port, the port normally enters the spanning tree Listening state. When the Forward Delay timer expires, the port enters the Learning state. When the Forward Delay timer expires a second time, the port is transitioned to the Forwarding or Blocking state. • When PortFast is enabled on a switch or trunk port, the port is immediately transitioned to the Forwarding state. As soon as the switch detects the link, the port is transitioned to the Forwarding state (less than 2 seconds after the cable is plugged in). (config-if)# spanning-tree portfast (config)# spanning-tree portfast default Enable portfast by default on all access ports Học viện mạng Bách Khoa - Website: www.bkacad.com 93 Extra: PortFast Học viện mạng Bách Khoa - Website: www.bkacad.com 94 Extra: UplinkFast • STP UplinkFast accelerates the choice of a new Root Port when a link or switch fails or when STP reconfigures itself. The Root Port transitions to the Forwarding state immediately without going through the Listening and Learning states, as it would with the usual STP process. • UplinkFast also limits the burst of multicast traffic by reducing the max-update-rate. For IOS the default for this parameter is 150 packets per second. • This change takes approximately 1 to 5 seconds (config)# spanning-tree uplinkfast Học viện mạng Bách Khoa - Website: www.bkacad.com 95 • Disable UplinkFast • Enable UplinkFast Extra: UplinkFast Học viện mạng Bách Khoa - Website: www.bkacad.com 96 • CAM Table Update Switch A begins to flood dummy packets with the different MAC addresses that it has in its CAM table as a source. Extra: UplinkFast Học viện mạng Bách Khoa - Website: www.bkacad.com 97 Extra: BackboneFast • BackboneFast is a Catalyst feature that is initiated when a Root Port or Blocked port on a switch receives inferior BPDUs from its Designated Bridge. An inferior BPDU identifies one switch as both the Root Bridge and the Designated Bridge. When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed. That is, the Designated Bridge has lost its connection to the Root Bridge. Under STP rules, the switch ignores inferior BPDUs for the configured Max Age (the default is 20 seconds). • This switchover takes approximately 30 seconds, twice the Forward Delay time if the default Forward Delay time of 15 seconds is set. This saves up to 20 seconds. (config)# spanning-tree backbonefast Học viện mạng Bách Khoa - Website: www.bkacad.com 98 Extra: BackboneFast Học viện mạng Bách Khoa - Website: www.bkacad.com 99 Other Example Học viện mạng Bách Khoa - Website: www.bkacad.com 100 PVST+, RSTP and Rapid PVST+ Học viện mạng Bách Khoa - Website: www.bkacad.com 101 Cisco and STP Variants Học viện mạng Bách Khoa - Website: www.bkacad.com 102 Cisco and STP Variants Học viện mạng Bách Khoa - Website: www.bkacad.com 103 Cisco and STP Variants Học viện mạng Bách Khoa - Website: www.bkacad.com 104 PVST+ • Cisco developed PVST+ so that a network can run an STP instance for each VLAN in the network. And Creating different STP root switches per VLAN creates a more redundant network. • With PVST+, more than one trunk can block for a VLAN and load sharing can be implemented. Học viện mạng Bách Khoa - Website: www.bkacad.com 105 PVST+ • PVST+ Bridge ID • The following provides more details on the PVST+ fields: – Bridge priority - A 4-bit field carries the bridge priority – Extended system ID - A 12-bit field carrying the VID for PVST+. – MAC address - A 6-byte field with the MAC address of a single switch. Học viện mạng Bách Khoa - Website: www.bkacad.com 106 PVST+ Học viện mạng Bách Khoa - Website: www.bkacad.com 107 Default Switch Configuration • The table shows the default spanning-tree configuration for a Cisco Catalyst 2960 series switch. Notice that the default spanning-tree mode is PVST+. Học viện mạng Bách Khoa - Website: www.bkacad.com 108 Configure PVST+ Học viện mạng Bách Khoa - Website: www.bkacad.com 109 Configure PVST+ Học viện mạng Bách Khoa - Website: www.bkacad.com 110 RSTP What is RSTP? • RSTP (IEEE 802.1w) is an evolution of the 802.1D standard. RSTP can achieve much faster convergence in a properly configured network, sometimes in as little as a few hundred milliseconds. If a port is configured to be an alternate or a backup port it can immediately change to a forwarding state without waiting for the network to converge. Học viện mạng Bách Khoa - Website: www.bkacad.com 111 RSTP • The immediate consideration with STP is convergence time. Depending on the type of failure, it takes anywhere from 30 to 50 seconds to converge the network. • RSTP helps with convergence issues that plague legacy STP. • RSTP has additional features similar to UplinkFast and BackboneFast that offer better recovery at Layer 2. • RSTP is proactive and therefore negates the need for the 802.1D delay timers. • RSTP (802.1w) supersedes 802.1D, while still retaining backward compatibility. Much of the 802.1D terminology remains, and most parameters are unchanged. In addition, 802.1w is capable of reverting back to 802.1D to interoperate with legacy switches on a per-port basis. • Because the RSTP and Cisco-proprietary enhancements are functionally similar, features such as UplinkFast and BackboneFast are not compatible with RSTP. Học viện mạng Bách Khoa - Website: www.bkacad.com 112 RTSP BPDU • RSTP (802.1w) uses type 2, version 2 BPDUs, so an RSTP bridge can communicate 802.1D on any shared link or with any switch running 802.1D. – Because BPDUs are used as a keepalive mechanism, 3 consecutively missed BPDUs indicate lost connectivity between a bridge and its neighboring root or designated bridge. Học viện mạng Bách Khoa - Website: www.bkacad.com 113 Extra: Examining the RSTP BPDU • RSTP sends BPDUs and populates the flag byte in a slightly different manner than 802.1D: – An RSTP bridge sends a BPDU with its current information every hello time period (2 seconds by default), even if it does not receive any BPDUs from the root bridge. – Protocol information can be immediately aged on a port if hellos are not received for three consecutive hello times or if the max age timer expires. – Because BPDUs are now used as a keepalive mechanism, three consecutively missed BPDUs indicate lost connectivity between a bridge and its neighboring root or designated bridge. This fast aging of the information allows quick failure detection. • Unlike in legacy STP, each switch generates its own BPDUs regardless if it hears BPDUs from the root. • In legacy STP, BPDUs were only generated by the root and propagated throughout the spanning tree domain. As a result, when a switch did not receive a configuration BPDU, it did not know where the failure occurred. • In RSTP mode, the switch needs to worry only about its immediate neighbors. Học viện mạng Bách Khoa - Website: www.bkacad.com 114 Edge Ports • Ports not participating in spanning tree are called edge ports. • The edge port concept is already well known to Cisco spanning tree users, as it basically corresponds to the PortFast feature. • All ports directly connected to end stations cannot create bridging loops in the network. Therefore, the edge port directly transitions to the forwarding state, and skips the listening and learning stages. Unlike PortFast, an RSTP edge port that receives a BPDU loses its edge port status immediately and becomes a normal spanning-tree port. The edge port immediately becomes a non-edge port if a BPDU is heard on the port. Học viện mạng Bách Khoa - Website: www.bkacad.com 115 Extra: Explaining Edge Ports • Unlike PortFast, an edge port that receives a BPDU loses its edge port status immediately and becomes a normal spanning tree port. When a switch with an edge port receives a BPDU, it generates a TCN. Học viện mạng Bách Khoa - Website: www.bkacad.com 116 Link Types • Non-edge ports are categorized into 2 link types: 1. point-to-point 2. shared. • The link type is automatically derived from the duplex mode of a port. A port that operates in full−duplex is assumed to be point−to−point, while a half−duplex port is considered as a shared port by default. • RSTP can only achieve rapid transition to the forwarding state on edge ports and on point−to−point links. • Non-edge ports participate in the spanning tree algorithm and only non-edge ports generate topology changes (TCs) on the network when transitioning to forwarding state. TCs are not generated for any other RSTP states. Học viện mạng Bách Khoa - Website: www.bkacad.com 117 Extra: Describing RSTP Link Types • Root ports do not use the link type parameter. Root ports are able to make a rapid transition to the forwarding state as soon as the port is in sync. • In addition, alternate and backup ports do not use the link type parameter in most cases. • Designated ports make the most use of the link type parameter. Rapid transition to the forwarding state for the designated port occurs only if the link type parameter indicates a point-to-point link. Học viện mạng Bách Khoa - Website: www.bkacad.com 118 RSTP Port States • RSTP provides rapid convergence following a failure or during re-establishment of a switch, switch port, or link. • An RSTP topology change causes a transition in the appropriate switch ports to the forwarding state through either explicit handshakes or a proposal and agreement process and synchronization. • With RSTP, the role of a port is separated from the state of a port. For example, a designated port could be in the discarding state temporarily, even though its final state is to be forwarding. Học viện mạng Bách Khoa - Website: www.bkacad.com 119 RSTP Port Roles • The role is now a variable assigned to a given port. • The root port and designated port roles remain. • The blocking port role is now split into the backup and alternate port roles. • The Spanning Tree Algorithm (STA) determines the role of a port based on Bridge Protocol Data Units (BPDUs). • To keep things simple, the thing to remember about a BPDU is that there is always a way of comparing any two of them and deciding whether one is more useful than the other. • This is based on the value stored in the BPDU and occasionally on the port on which they are received. Học viện mạng Bách Khoa - Website: www.bkacad.com 120 RSTP Port Roles Học viện mạng Bách Khoa - Website: www.bkacad.com 121 Alternate Port • An alternate port provides an alternate path to the root bridge and could therefore replace the root port should it fail. Học viện mạng Bách Khoa - Website: www.bkacad.com 122 Backup Port • A backup port provides redundant connectivity to the same segment and cannot guarantee an alternate connectivity to the root bridge. It was therefore excluded from the uplink group. Học viện mạng Bách Khoa - Website: www.bkacad.com 123 RSTP Proposal or Agreement Process • In IEEE 802.1D STP, when a port has been selected by spanning tree to become a designated port, it must wait two times the forward delay before transitioning the port to the forwarding state. • RSTP significantly speeds up the recalculation process after a topology change, because it converges on a link-by-link basis and does not rely on timers expiring before ports can transition. – Rapid transition to the forwarding state can only be achieved on edge ports and point-to-point links. 5.4.6.3 Học viện mạng Bách Khoa - Website: www.bkacad.com 124 RSTP Proposal or Agreement Process • A port is in-sync if it meets either of the following criteria: – It is in a Blocking state (which means discarding, in a stable topology). – It is an edge port. Học viện mạng Bách Khoa - Website: www.bkacad.com 125 RSTP Proposal or Agreement Process Học viện mạng Bách Khoa - Website: www.bkacad.com 126 RSTP Proposal or Agreement Process Học viện mạng Bách Khoa - Website: www.bkacad.com 127 RSTP Proposal or Agreement Process • Switch A has a path to the root via switch B and switch C. A new link is then created between the root and switch A, and both ports are in designated blocking state until they receive a BPDU from their counterpart. When a designated port is in a discarding or learning state (and only in this case), it sets the proposal bit on the BPDUs it sends out. This is what happens for port P0 of the root bridge. • Switch A sees that the proposal BPDU has a superior path cost. It blocks all non-edge designated ports other than the one over which the proposal-agreement process are occurring. This operation is called sync and prevents switches below A from causing a loop during the proposal-agreement process. Edge ports do not have to be blocked and remain unchanged during sync. • Bridge A sends an agreement that allows the root bridge to put root port P0 in forwarding state. Port P1 becomes the root port for A. Học viện mạng Bách Khoa - Website: www.bkacad.com 128 RSTP Proposal or Agreement Process • Animation 5.4.6.3 Học viện mạng Bách Khoa - Website: www.bkacad.com 129 Configuring rapid PVST+ Học viện mạng Bách Khoa - Website: www.bkacad.com 130 Design STP for Trouble Avoidance Know Where the Root Is • You now know that the primary function of the STA is to break loops that redundant links create in bridge networks. • Generally, choose a powerful bridge in the middle of the network. If you put the root bridge in the center of the network with a direct connection to the servers and routers, you reduce the average distance from the clients to the servers and routers. Học viện mạng Bách Khoa - Website: www.bkacad.com 131 Design STP for Trouble Avoidance • Minimize the Number of Blocked Ports – The only critical action that STP takes is the blocking of ports. A single blocking port that mistakenly transitions to forwarding can negatively impact a large part of the network. – A good way to limit the risk inherent in the use of STP is to reduce the number of blocked ports as much as possible. Học viện mạng Bách Khoa - Website: www.bkacad.com 132 Design STP for Trouble Avoidance VTP Pruning • Only switch D1 receives unnecessary broadcast and multicast traffic for VLAN 20, but it is also blocking one of its ports for VLAN 30. • The are three redundant paths between core switch C1 and core switch C2. This redundancy results in more blocked ports and a higher likelihood of a loop. Học viện mạng Bách Khoa - Website: www.bkacad.com 133 Design STP for Trouble Avoidance Manual Pruning • VTP pruning can help, but this feature is not necessary in the core of the network. • Only one port is blocked per VLAN. Học viện mạng Bách Khoa - Website: www.bkacad.com 134 Design STP for Trouble Avoidance What is Layer 3 Switch? • Layer 3 switching means routing approximately at the speed of switching. A router performs two main functions: – It builds a forwarding table. The router generally exchanges information with peers by way of routing protocols. – It receives packets and forwards them to the correct interface based on the destination address. • High-end Cisco Layer 3 switches are now able to perform this second function, at the same speed as the Layer 2 switching function. In the figure: – There is no speed penalty with the routing hop and an additional segment between C1 and C2. – Core switch C1 and core switch C2 are Layer 3 switches. VLAN 20 and VLAN 30 are no longer bridged between C1 and C2, so there is no possibility for a loop. Học viện mạng Bách Khoa - Website: www.bkacad.com 135 Design STP for Trouble Avoidance Use Layer 3 Switching • The design ensures a convergence that is even faster than convergence with STP. – STP no longer blocks any single port, so there is no potential for a bridging loop. – Leaving the VLAN by Layer 3 switching is as fast as bridging inside the VLAN. Học viện mạng Bách Khoa - Website: www.bkacad.com 136 Design STP for Trouble Avoidance Học viện mạng Bách Khoa - Website: www.bkacad.com 137 Troubleshoot STP Operation Học viện mạng Bách Khoa - Website: www.bkacad.com 138 Switch or Link Failure (Animation 5.4.9.1) • For some reason port F0/3 on switch S2 fails to receive BPDUs for the Default max_age time of 20 seconds. Học viện mạng Bách Khoa - Website: www.bkacad.com 139 Switch or Link Failure (Animation 5.4.9.1) • For some reason port F0/3 on switch S2 fails to receive BPDUs for the Default max_age time of 20 seconds. Học viện mạng Bách Khoa - Website: www.bkacad.com 140 Switch or Link Failure • Problem – During normal operation, bridge B is designated on the link B−C. Bridge B sends BPDUs down to C, which is blocking the port. The port is blocked while C sees BPDUs from B on that link. – Now, consider what happens if the link B−C fails in the direction of C. C stops receiving traffic from B, however, B still receives traffic from C. Học viện mạng Bách Khoa - Website: www.bkacad.com 141 Switch or Link Failure • Solution: – Uses Unidirectional Link Detection feature on switch. Học viện mạng Bách Khoa - Website: www.bkacad.com 142 Troubleshoot STP Operation Học viện mạng Bách Khoa - Website: www.bkacad.com 143 PortFast Configuration Error Problem • You typically enable PortFast only for a port or interface that connects to a host. When the link comes up on this port, the bridge skips the first stages of the STA and directly transitions to the forwarding mode. Học viện mạng Bách Khoa - Website: www.bkacad.com 144 PortFast Configuration Error Solution • To prevent this situation, most Catalyst switches that run Cisco IOS software have a feature called BPDU guard. BPDU guard disables a PortFast- configured port or interface if the port or interface receives a BPDU. Học viện mạng Bách Khoa - Website: www.bkacad.com 145 Network Diameter Issues • The conservative default values for the STP timers impose a maximum network diameter of seven. • When a BPDU propagates from the root bridge toward the leaves of the tree, the age field increments each time the BPDU goes though a switch. Eventually, the switch discards the BPDU when the age field goes beyond maximum age. Học viện mạng Bách Khoa - Website: www.bkacad.com 146 Extra: STP Vulnerabilities Học viện mạng Bách Khoa - Website: www.bkacad.com 147 Troubleshoot STP Operation Activity Học viện mạng Bách Khoa - Website: www.bkacad.com 148 Troubleshoot STP Operation Activity Học viện mạng Bách Khoa - Website: www.bkacad.com 149 Lab - Basic Spanning Tree Protocol Học viện mạng Bách Khoa - Website: www.bkacad.com 150 Challenge Lab – Spanning Tree Protocol Học viện mạng Bách Khoa - Website: www.bkacad.com 151 Troubleshooting Spanning Tree Protocol Học viện mạng Bách Khoa - Website: www.bkacad.com 152 Summary Học viện mạng Bách Khoa - Website: www.bkacad.com 153