CCIE Chapter 3 - Spanning tree
Resources used:
Cisco Press CCNP Self Study BCMSN Official Exam Certification Guide 4th Edition chapter 8, chapter 9, chapter 10, chapter 11
CCIE Routing and Switching Exam Certification Guide 3rd Edition Nov 2007
Spanning tree is designed to stop bridging loops when 2 or more switches are connected together in a mesh or partial mesh like configurations. It does this by placing all but one interconnecting switchports into a blocking state (except for the root bridge)
Spanning tree communications: BPDU
Switches use a layer 2 frame called a BPDU to communicate with each other. Because a switch will not know about other switches within the broadcast domain it cant send a BPDU to them directly it must use a well known mac multicast address (01-80-c2-00-00-00)
Two types of BPDU exist
Configuration BPDU, used for spanning-tree topology computation
Topology change notification (TCN) BPDU, used to announce changes to the spanning tree topology
By default BPDU’s are sent out all switchports at 2 second intervals
STP elections
Root bridge election
An election process is held to determine the root bridge, this is based of lowest Priority(1st choice) and lowest Mac address(2nd choice)
Poor placement of a root bridge can cause layer 2 traffic to flow in-optimally.
Root port election
All non root bridges must figure out the best path to the root bridge, each non root bridge many only have one root port. This is done by choosing the port that receives the lowest cost BPDU plus to cost of the interface that it received the BPDU on. Once the root port is chosen the switch updates the BPDU root path cost and then transmits it out all interfaces every two seconds.
Electing Designated ports
If a switch Receives a BPDU on a non root port that is high in cost then its own cost to the root bridge then the switch will consider this port to be a Designated port. If it receives one that is lower then it will consider the port to be the non-optimal port for that segment and place it in a blocking state.
Spanning tree best path choicein the event of root path cost tie
In the event of a tie the following will be used
Lowest sender bridge ID, the switch with the lowest ID will have its port become the designated port if that is a tie then see the following(id = priority:mac address)
Lowest sender port ID, the switch with the lowest port ID will become the designated port.The port ID value that a switch uses is actually a 16-bit quantity: 8 bits for the port priority and 8 bits for the port number. The port priority is a value from 0 to 255 and defaults to 128 for all ports. The port number can range from 0 to 255 and represents the port’s actual physical mapping
NOTE two or more links might have identicalRoot Path Costs. This results in a tie condition, unless other factors are considered. All tiebreakingSTP decisions are based on the following sequence of four conditions:
1. Lowest Root Bridge ID
2. Lowest Root Path Cost to RootBridge
3. Lowest Sender Bridge ID
4. Lowest Sender Port ID
STP port states
Disabled, the port is admin shutdown or in a disabled state
Blocking, the port is only allowed to listen for BPDU frames, it cannot forward frame, it cannot add mac addresses seen on the port to the mac address table.
Listening, the port is allowed to send and receive BPDU frame, it cannot forward other frames, it cannot add mac addresses to the table. At this point the port has the opportunity to become either a root or designated port, if the port losses it root or designated state it returns to the blocking state
Learning, after the forward delay a switchport can enter the learning state, it can dl all the things it could in the listening state but it can now add mac address to the mac table.
Forwarding state, after another forward delay the port enter the forwarding state, it is now a fully functioning switchport.
STP timers
Hello time, the interval between when the root bridge sends out configurational BPDU’s, the hello timer is configured on the root bridge and is passed down to all other switches. The default for the Hello timer is 2 seconds.
Forward delay, by default it is 15 seconds and is how long a switchport is in the listening and then learning states ( so total of 30 seconds)
Max age, the max amount of time that the a switch will store the best seen BPDU before discarding it. If this timer is reached then the switch assumes there as been some kind of topology change so the current BPDU is discarded. The default timer is 20 seconds ( 10 hello timers)
If any of the 3 above timers are to be changed, change them on the root switch only!!!! The default timers are based on the idea that a switching topology is 7 switches in diameter, if your switching topology is bigger then the timers will need to be increased for optimal performance.The network diameter can be configured on the RootBridge switch to more accurately reflect the true size of the physical network. Making that value more accurate reduces the total STP convergence time during a topology change. Cisco also recommends that if changes need to be made, only the network diameter value should be modified on the RootBridge switch. When the diameter is changed, the switch calculates new values for all three timers automatically.
Topology changes
To announce a change in the active network topology, switches send a TCN BPDU
A topology change occurs when a switch either moves a port into the Forwarding state or moves
a port from the Forwarding or Learning states into the Blocking state. In other words, a port on an
active switch comes up or goes down. The switch sends a TCN BPDU out its RootPort. the TCN BPDU carries no data about the change but informs recipients only that a change has occurred. If port fast is enabled then the switch wont sent a TCN in the event of a topology change.
The switch continues sending TCN BPDUs every Hello Time interval until it gets an acknowledgment
from its upstream neighbor. As the upstream neighbors receive the TCN BPDU, they propagate it on
toward the RootBridge and send their own acknowledgments. When the RootBridge receives the
TCN BPDU, it also sends out an acknowledgment. However, the RootBridge sets the Topology
Change flag in its Configuration BPDU, which is relayed to every other bridge in the network. This
is done to signal the topology change and cause all other bridges to shorten their bridge table aging
times from the default (300 seconds) to the Forward Delay value (default 15 seconds). This causes the switches to flush there mac tables after 15 seconds which will stop bridge corruption and the incorrect forwarding of frames.
However, any stations that are actively communicating during this time are kept in
the bridge table. This condition lasts for the sum of the Forward Delay and the Max Age (default
15 + 20 seconds).
Types of spanning tree
CST (common spanning tree) only one spanning tree for all vlans, BPDU flow over the native vlan. Least load on the switch, but you cant do balancing of vlans over redundant links. Is an open STP standard.
PVST (per vlan spanning tree) one spanning tree instance per vlan, only works with ISL, not interoperable with CST
PVST+ ( per vlan spanning tree plus) one spanning tree instance per vlan and can communicat with PVST and CST directly.
Link BandwidthSTP Cost
4 Mbps 250
10 Mbps 100
16 Mbps 62
45 Mbps 39
100 Mbps 19
155 Mbps 14
622 Mbps 6
1 Gbps 4
10 Gbps 2
Port fast , moves a port into the forwarding state, loop protection is still running so if a loop is detected the port is placed in the blocking state. TCN’s aren’t sent in the event of a port state change
Uplinkfast, in the event of a root port failure the switchport with the port with next lowest BPDU(it would be in a blocking state) is automatically made the root port bypassing the listening/learning. When turned on it is for the entire switch and all vlans. Uplink fast will automatically send spoofed frames to a multicast destination (0100.0ccd.cdcd) with a source of each directly connected mac address to allow for quick population of mac addresses into the upstream switch.max-update-rate sets pps for this.
Backbone fastdetects if a switch starts receiving inferior BPDU’s (bridge ID). Normally a switch will have to wait for the max age timer to expire ( 20 seconds) before looking at a more preferred path to the root bridge.
Detecting alternative paths to the RootBridge also involves an interactive process with other
bridges. If the local switch has blocked ports, BackboneFast begins to use the Root Link Query
(RLQ) protocol to see if upstream switches have stable connections to the RootBridge.
First, RLQ Requests are sent out. If a switch receives an RLQ Request and either is the Root
Bridge or has lost connection to the Root, it sends an RLQ Reply. Otherwise, the RLQ Request is
propagated on to other switches until an RLQ Reply can be generated. On the local switch, if an
RLQ Reply is received on its current RootPort, the path to the RootBridge is intact and stable. If
it is received on a nonroot port, an alternative Root Path must be chosen. The Max Age timer
immediately is expired so that a new RootPort can be found.
If extended system-id is used ( it is on by default in most cases) then STP priority goes up in lots of 4096.
the reason to use extended system-id is if the switch is unable to support the required amount of mac addresses needed for its own STP instances ( each vlan needs a different mac address) extended system-id uses the vlan number and the mac address to create as many unique mac addresses for STP as needed.
The spanning tree root primary command can be used to automatically try make the switch the root bridge, this how ever can fail if the already existing root bridge has a priority less then 4096 or 4096 + vlan if extended-id is being used. To get around this the admin must manually config the stp instance with a priority if 0.
Protecting Spanning tree
Root guard, - config on a switchport, if a BPDU is detected on the port and it is more desirable then the current root the switch will put the port into root-inconstancy STP state. In this state the switch will only listen to incoming PBDU’s
BPDU guard - automatically puts a port that it is configured on it to an error disable state. It is automatically applied when portfast is enabled.
BPDU loop guard – watches to see if blocked ports are receiving PBDU’s, if for some reason these BPDU’s stop loop guard will stop the port from becoming a designated port and the possibility of creating a switching loop. Puts port into pool inconsistency state
UDLD – sends a IDLD frame between switches and expects to see a relay with the remote switches id added. If there is no response there might be a physical issue with the link. UDLD can do one of two things
Normal mode – generate a syslog message but allow the port to continue operation
Aggressive mode – the switchport is put in err-disable state
UDLD only works on fibreoptic medium
BPDU filter - can disable STP on a port, all portfast ports have it on by default
RAPID spanning Tree
RSTP achieves its rapid nature by letting each switch interact with its neighbors through each port.
This interaction is performed based on a port’s role, not strictly on the BPDUs that are relayed
from the RootBridge. After the role is determined, each port can be given a state that determines
what it does with incoming data.
Root port—The one switch port on each switch that has the best root path cost to the root.
This is identical to 802.1D. (By definition, the RootBridge has no root ports.)
■ Designated port—The switch port on a network segment that has the best root path cost to
the root.
■ Alternate port—A port that has an alternative path to the root, different than the path the root
port takes. This path is less desirable than that of the root port. (An example of this is an
access-layer switch with two uplink ports; one becomes the root port, and the other is an
alternate port.)
■ Backup port—A port that provides a redundant (but less desirable) connection to a segment
where another switch port already connects. If that common segment is lost, the switch might
or might not have a path back to the root.
Port states
Discarding—Incoming frames simply are dropped; no MAC addresses are learned. (This
state combines the 802.1D Disabled, Blocking, and Listening states because all three did not
effectively forward anything. The Listening state is not needed because RSTP quickly can
negotiate a state change without listening for BPDUs first.)
■ Learning—Incoming frames are dropped, but MAC addresses are learned.
■ Forwarding—Incoming frames are forwarded according to MAC addresses that have been
(and are being) learned.
BPDUs in RSTP
Use the same BPDU frame but uses the previously un-used message type field to show that it is a BPDU for RSTP.
Hello interval 2 seconds
Age out a device in 6 seconds( 3 missed hellos)
Can talk to STP devices
Port types
Edge port - the same as a port in portfast mode
Root port – the same as a rootport in STP
Point-to-point port – a full duplex port that is connected to another switch, the switches negotiate using handshakes to determine which port is the designated port rather then using BPDU’s
RSTP handles spanning tree convergence as a series of point-to-point hand shake negations. When a switch needs to make an STP decision, a handshake is made with the nearest neighbor. When that is successful, the handshake sequence is moved to the next switch and the next, as an ever-expanding wave moving toward the network’s edges.
Synchronization
To participate in RSTP convergence, a switch must decide the state of each of its ports. Nonedge
ports begin in the Discarding state. After BPDUs are exchanged between the switch and its
neighbor, the RootBridge can be identified. If a port receives a superior BPDU from a neighbor,
that port becomes the root port.
1. If the proposal’s sender has a superior BPDU, the local switch realizes that the sender should
be the designated switch (having the designated port) and that its own port must become
the new root port.
2. Before the switch agrees to anything, it must synchronize itself with the topology.
3. All nonedge ports immediately are moved into the Discarding (blocking) state so that no
bridging loops can form.
4. An agreement message (a configuration BPDU) is sent back to the sender, indicating that the
switch is in agreement with the new designated port choice. This also tells the sender that
the switch is in the process of synchronizing itself.
5. The root port immediately is moved to the Forwarding state. The sender’s port also
immediately can begin forwarding.
6. For each nonedge port that is currently in the Discarding state, a proposal message is sent to
the respective neighbor.
7. An agreement message is expected and received from a neighbor on a nonedge port.
8. The nonedge port immediately is moved to the Forwarding state.
If a handstake on a point-to-point link isn’t replied to then the port must go though the standard STP blocking, listening, learning, forwarding states.
Topology changes
RSTP detects a topology change only when a nonedge port transitions to the Forwarding state.
Changes are detected only so that bridging tables can be updated and corrected as hosts appear first on a
failed port and then on a different functioning port.
Rapid Per-VLAN Spanning Tree Protocol
Same as above but on a per vlan basis
Multiple Spanning Tree Protocol (MST)
MST is built on the concept of mapping one or more VLANs to a single STP instance
MST Regions
In most networks, a single MST region is sufficient, although you can configure more than one
region. Within the region, all switches must run the instance of MST that is defined by the