Spanning Tree Protocol

Spanning Tree Protocol

  • There are 3 STP modes for the CCIE EI.
    • Per-VLAN spanning-tree plus (PVST+) protocol is based on the IEEE 802.1D standard and Cisco proprietary extensions (The plus mean, BPDU guard, root guard, loop guard, portfast, etc)
      • Converges slow (30-50 seconds)
      • Default mode on Cisco switches.
      • Uses TCN bit.
        • Port States
          • Disabled
          • Listening
          • Learning
          • Blocking
          • Forwarding
        • Port roles
          • Root Port
          • Designated Port
          • Alternate 

    • Rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol is based on the IEEE 802.1w standard. 
      • Converges in about 1-3 seconds.
      • This is the recommended version.
      • Extremely processor intensive compared to IEEE.
      • Uses TC bit
      • It comes with new BPDU format.
        • Flag TC (Topology Change)
        • Flag TCA (Topology Change Ack)
      • Port States
        • Discarding
        • Learning
        • Forwarding
      • Port roles
        • Root Port
        • Designated Port
        • Alternate
        • Backup

    • MSTP—This spanning-tree mode is based on the IEEE 802.1s standard inspired by Cisco.
      • Based on RPVST+ and relies on it.
      • Reduces overhead significantly.
      • Instance 0 is the default and should always exist.
      • IST is the only instance that can send a receive BPDU.
      • Cisco supports up to 16 instances.
      • Uses new cost values.
      • MST configuration includes three elements.
        • Region name - 32 bytes
        • configuration revision number - 2 bytes
        • Element table which represents the vlan to an instance (mapping)

Configuration

spanning-tree mode mst
spanning-tree mst configuration
 name CCIE
 revision 1
 instance 1 vlan 10, 30
 instance 2 vlan 20, 40

  • STA Broken down
    • Step one - Elect the Root Bridge (RB)
      • Done on per vlan basis
      • The Root Bridge is selected based on two values
        • Bridge priority (0-61440)
        • Mac address
      • There are two different formats for the BRIDGE ID
        • Standard format PRIORITY.MAC (16 bit.48 bit)
        • Extended System ID format PRIORITY.SYSTEMID.MAC (4 bit.12 bit.48 bit)
      • The default priority on Cisco switches is 32,768.
        • It means that you rely in MAC address as the deciding factor for who becomes the root.

    • Step two - Elect the root port (Root)
      • This is done on every switch that is not the root
      • We select the root port based on the path that provides the least cumulative cost to the RB.
      • IEEE has defined path costs for each interface BW.
      • If there are two paths to the RB with the same path cost and the same neighbor, the interface receiving the less priority from the neighbor wins.
      • If there are two paths to the RB with the same path cost through different neighbor, select the path via the neighbor with the lowest BID.

    • Step three - Select all of my designated ports (Desg)
      • Every segment (link between switches) will have one DP.
      • The port on the segment that is connected to the switch with the lowest BD wins. RB always wins
    • Step four - Non designated ports blocking (Altn BLK)
      • Everything else is blocking/discarding.
  • Supported Spanning-Tree Instances
    • In PVST+ or Rapid PVST+ mode, the device or device stack supports up to 128 spanning-tree instances.
    • In MSTP mode, the device or device stack supports up to 64 MST instances. The number of VLANs that can be mapped to a particular MST instance is 512.

  • Spanning-tree interface cost
    • 10 Mbps: 100
    • 100 Mbps: 19
    • 1 Gbps: 4
    • 10 Gbps: 2
    • 25 Gbps: 1
    • 40 Gbps: 1
    • The range is 1 to 200000000

  • Interface priority
    • The range is 0 to 240, in increments of 16 (64 in some old switches). 
    • The default is 128. 
    • Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. 
    • All other values are rejected. 
    • The lower the number, the higher the priority.
    • Configuration - interface (spanning-tree vlan 20-25 port-priority 0)

  • Device Priority of a VLAN
    • Configuration - global (spanning-tree vlan 20 priority 8192)
  • Spanning-tree Timers
    • Hello time: 2 seconds
    • Forward-delay time: 15 seconds
    • Maximum-aging time: 20 seconds
    • Transmit hold count: 6 BPDUs

  • BPDUs contain information about the sending device and its ports, including:
    • Device and MAC addresses
    • Device priority
    • Port priority
    • Path cost.
  • Spanning tree uses this information to elect the root device and root port for the switched network and the root port and designated port for each switched segment.
  • The path cost value represents the media speed.
  • In addition to STP, the device uses keepalive messages to detect loops. By default, keepalive is enabled on Layer 2 ports. To disable keepalive, use the no keepalive command in interface configuration mode.
  • Bridge ID is formed by the device priority and MAC address.
  • Port identifier is formed by the port priority and MAC address.
  • When the devices in a network are powered up, each function as the root device. Each device sends a configuration BPDU through all its ports. The BPDUs communicate and compute the spanning-tree topology. 
    • Each configuration BPDU contains this information.
      • The unique bridge ID of the device that the sending device identifies as the root device.
      • The spanning-tree path cost to the root
      • The bridge ID of the sending device
      • Message age
      • The identifier of the sending interface
      • Values for the hello, forward delay, and max-age protocol timers
  • If a device receives a configuration BPDU that contains inferior information to that currently stored for that port, it discards the BPDU.
  • STP optional features
    • We can use the show spanning-tree summary to see which features are enabled or not.
SW1#show spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0010, VLAN4009
Extended system ID                      is enabled
Portfast Default                        is disabled
Portfast Edge BPDU Guard Default        is disabled
Portfast Edge BPDU Filter Default       is disabled
Loopguard Default                       is disabled
PVST Simulation Default                 is enabled but inactive in pvst mode
Bridge Assurance                        is enabled but inactive in pvst mode
EtherChannel misconfig guard            is enabled
Configured Pathcost method used is short
UplinkFast                              is disabled
BackboneFast                            is disabled
    • 1 - PortFast 

      • Can be configured in a trunk or access port, make sure only one switch is connected to a single server, router in a stack or host. If not, then loop might occur.
      • It does not disable STP.
      • It can be enabled globally with the command spanning-tree portfast  (edge, network, normal). This command will be activate portfast in the physical interface

    • 2 - BPDU guard
      • STP shuts down any portfast enabled interface by putting it in error down.
      • Portfast does not need to be enabled.
  • Example

R3 and R4 are connected via two interfaces. For this example we will use only the connection between gig0/3 interfaces.

R3 interface Gig0/3 will be configured as access with portfast enabled.

interface GigabitEthernet0/3
 switchport access vlan 30
 no negotiation auto
 spanning-tree portfast edge
 spanning-tree bpduguard enable

R4 interface G0/3 is configured as trunk, so BPD are being sent out towards R3 in G0/3.

interface GigabitEthernet0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 negotiation auto

Once R3 receives BPDU on interface G0/3, the interface is moved to err disabled, see the below logs.

*Jul 28 21:11:58.248: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi0/3 with BPDU Guard enabled. Disabling port.

*Jul 28 21:11:58.248: %PM-4-ERR_DISABLE: bpduguard error detected on Gi0/3, putting Gi0/3 in err-disable state

*Jul 28 21:11:58.640: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to down

*Jul 28 21:12:00.250: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to down

SW3#sho int g0/3 | in err
GigabitEthernet0/3 is down, line protocol is down (err-disabled)
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     11605 packets output, 829409 bytes, 0 underruns
     0 output errors, 0 collisions, 7 interface resets
     0 babbles, 0 late collision, 0 deferred

SW3#sho ip int bri | in Statu|0/3
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/3     unassigned      YES unset  down                  down

BPDU guard can also be configured globally, as seen below.

interface GigabitEthernet0/3
 switchport access vlan 30
 no negotiation auto
 spanning-tree portfast edge

SW3#sho int g0/3 | in err
GigabitEthernet0/3 is down, line protocol is down (err-disabled)

SW3#sho run | in portf
spanning-tree portfast edge bpduguard default

    • 3 - BPDU filter
      • This is a way to block the spanning-tree on an interface.
      • Similar to BPDUguard, it can be enabled globally or in the interface.
      • It should be avoided.

    • Loop guard
    • root guard

No comments:

Post a Comment

Subscribe to: Comments (Atom)

 EIGRP New 

  • (no title)
     EIGRP New 
  • CCIE EI
    Topology Topics
  • CCIE SP Workbook
    ISIS Topology Prefix Suppression Hello Padding Hello padding Prefix Suppression Overload bit LSP Size Default Metric Hello/hold Timer