Implement and Troubleshoot Spanning-tree

Messaging between switches to stabilize network into logical loop free topology

• STP causes some ports not to forward or receive traffic (blocking)
• Remaining ports are forwarding
• Together provide loop free to every ethernet segment in network

STP Types

• 802.1D – PVST+ (Legacy)
• 802.1S – RPVST+
• 802.1W – MST

BPDU – Bridge Protocol Data Units

• Protocol ID – value set
  • Configuration – 0x00
  • Topology Change Notification – 0x80
• Flag uses 2 of 8 bits
• Message Age Field
  • Estimation age of BPDU since orignated from root bridge
  • Root bridge sets to 0
  • Each switch increases value by 1 when sending
• BPDU’s are compared to find which one is superior by comparing and looking for lowest value:
  • Root bridge ID, root path cost, sender bridge ID, sender port ID, receiver port ID (locally evaluated)
  • Comparison stops at first lowest value
• BPDU allows STP to select:
  • Exactly 1 root bridge per switched environment
  • Exactly 1 root port on a non-root switch
  • Exactly 1 designated port for each connected network segment
• Only configuration BPDUs are compared
• TCN’s do not carry information to build loop free environment

Timers

• Set by the root bridge
• Timers configured on non-root are not used
• Timer Types
  • Max Age
  • Hello Time
  • Forward Delay

Process Steps

• Elect root bridge
  • Switch with lowest bridge ID
  • Bridge ID is 2 bytes followed by MAC
• Determine each switches root port
• Determine designated port for each segment

Electing the Root Bridge

• Can only be 1 switch
• Switches hold election by sending STP Hello BPDU claiming to be root
• If switch hears a superior BPDU (lowest bridge ID) it’ll stop claiming to be root and forward the superior BPDU
• Bridge ID format

Determining the Root Port

1. Root switch creates and sends hello every hello timer (2 seconds by default)
   1. Hello contains Root Bridge ID and SBID
2. Each nonroot switch receiving BPDU on a particular port adds port cost to root port cost value
   1. Port receiving superior BPDU is declared root port
3. Hellos received on root port are forwarded to designated ports
   1. Hellos received on other ports are processed but not forwarded
4. Hellos are not forwarded out root port or ports in blocking state

• Root port always provides least cost path to root bridge
• Cost is associated with interfaces
  • Cost default is based on link speed

Determining Designated Port

• Path used to forward frames onto segment
• Only designated ports forward hellos onto LAN segment

STP never stops running even in stable environments

• 3 steps will always run even if same result

TCN BPDU Occur when:

• TCN is received by designated port
• Port moves from forwarding state and switch has at least one designated port
• Port moves from learning or forwarding to blocking
• A switch becomes root bridge

TCN Triggers to start originating BPDU and re-evaluate the environment

Content Addressable Memory (CAM)

• MAC table, switching table, bridge table
• TCN instructs switch to age CAM entries
  • Does not impair connectivity
• CAM Updates
  • All switches need to be notified to time out apparently unused CAM entries
  • Each switch needs to use shorter timer, equivalent to forward delay timer (15 seconds) to timeout CAM entries

TCN can start as localized event

• Port transitioning to forwarding or learning or blocking
• Propagated to all switches in the topology
  • Sent out root port
• Notified to root

Transitioning from Blocking to Forwarding

• First port moves to listenting then learning
• Each state lasts the time defined by Forward Delay Time (15 seconds)

• PVST+, MSTP, and Rapid-PVST+ Interoperability

---

PVST+ – Per-VLAN Spanning-Tree +

802.1D

• Switched networks with multiple vlans and redundant links may go into a state where links are unused
• PVST+ allows having vlans ‘load balance’ to use the redundant links
• STP instance for each vlan. Can have different root per vlan

 

CST – Common Spanning Tree – Used by non-Cisco switches

• Cisco switches communicate over vlan 1, treats CST region as loop-free shared
• Sends specicial BPDU to destination mac – 0100.0ccc.cccd
• Ordinary STP BPDU sent to mac – 0180.c200.0000

 

PVST+ BPDU

• TLV with VLAN number -> Port vlan ID TLV / PVID TLV
  • Tunneled across CST region
  • CST switches flood the BPDU unprocessed
• IEEE BPDU vlan 1 always untagged
• SSTP BPDU tagged based on trunks native vlan
  • Each BPDU carries PVID TLV

 

Processing BPDU

• Access port must receive IEEE or will be type inconsistent
• IEEE formatted processed immediately by vlan 1 instance
• PVST+ BPDU Processing Steps
  • Assign BPDU to appropriate vlan looking at 802.1q tag
    • If untagged sent to native vlan
  • Check PVID TLV
    • If vlan stored in TLV does not match, drop and declare PVID inconsistent
    • This is the native vlan mismatch check
  • PVID TLV Match
    • Process by STP except vlan 1 which was done in IEEE

 

Configuration

• Primary
  • Sets root prioroty to 24576, if not lowest will set switch priority 4096 lower than current root
  • Not a dynamic option, runs at time of configuration
• Secondary
  • Always sets priority to 28672
    • Not a dynamic option, runs at time of configuration
• Diameter
  • Macro – not set in config
  • Causes to use lower hello, fwd delay and max age

---

RPVST+ – Rapid PVST+

Rapid Spanning Tree – 802.1W

• Improves STP convergence – enhancement to 802.1d
• New port states (reduced from 5 to 3)
  • Discarding (stable), learning (transitioning), forwarding (stable)
  • Cleaned up because port is either stable or transitioning to stable
  • Discarding
    • Does not forward data frames receive data frames or learn source mac addresses
    • Continues to process BPDUs and send and send/rec inter-switch protocols
• RTSP decouples port state from role
  • Root + designated serve same functions
  • Alternate
    • Prospective replacement for switches root port
  • Backup
    • Prospective replacement for switches designated port into shared segment
• Port Types
  • Edge
    • Immediately become designated
    • Should not receive BPDU (portfast)
  • Non-edge
    • Default type on Cisco Switch
    • Operates as RSTP port
• Link Types
  • Point to point
    • Connects an RSTP switch to at most 1 neighboring RSTP switch
  • Shared
    • Connects an RSTP switch to 2 or more neighboring switches
• BPDU Format
  • Single BPDU used for building topology and topology changes
  • No TCN’s in RSTP
    • Protocol version is set 2
  • Flags updated – RSTP uses all 8 bits
  • Each switch originated its own BPDU
    • Similar to hellos in routing
    • Allows failures to be detected faster, BPDU ages faster
• Topology Change Handling
  • Only transition non-edge port from non-forwarding state to forwarding
  • Port that is newly forwarding has better set of MAC addresses than previously available and CAM needs to be updated
  • Loss of MAC address is not TCN
  • Switch that detects topology change
    • Set tcWhile time to value of Hello + 1 second on all non-edge desginated and root ports. Except out receiving poty
    • Immediately flush all MAC addresses learned out these ports
    • Send BPDU with TC flag set on these ports every Hello second until tcWhile expires
  • Rapid flooding, allows for faster aging
  • Edge ports never cause topology change event

 

Spanning-tree mode rapid-pvst+

Spanning-tree portfast default (global) or spanning-tree portfast (interface)

Backwards compatible with PVST+

---

MST – Multiple Spanning-Tree

802.1s – Multiple Spanning-Tree

• Similar to PVST+ for tuning parameters on a per-instance basis
• Does not run STP per vlan by grouping vlans together (instances)
• Uses RSTP convergence
• Some switch platforms have a limit of 128 STP instances
• Open standard

 

Operations

• Organizes network into one or more regions
• Region
  • Group of switches that together use MST in a consistent way
  • Run the same number of instances and have the same vlans mapped into those instances
  • Multiple regions together appear as single switches between the regions
    • MST blocks redundant links between regions using Common Spanning Tree (CST)
    • CST is interaction of individual IST’s on region boundaries
    • CST has no per-VLAN semantics
      • Determines loop-free paths between regions
      • Only STP understood by non-MST switches (RSTP and STP)
• Instance
  • Grouping of vlans
  • Can be used to manipulate load balancing at L2
  • Default is instance 0 for unmapped vlans
  • Allows for 65 instances on a switch
    • 0 – 64
    • 1-64 are user configurable
    • 0 has special meaning – Internal Spanning Tree (IST)
      • Always exists
      • All undefined vlans (not mapped to an instance) exist here
      • Only instance that can interact with STP outside of MST region
        • Appears as a single switch
• Only 1 STP message sent per MST instance
  • Instead of 1 message be STP instance (vlan)
  • Greatly reduce number of STP messages in network
• MST uses concept of system ID extension from IEEE 802.1t to embed the instance number into the bridge ID

 

Common Spanning Tree

• Interconnecting different MST regions and non-MST
• Common Instance Spanning-Tree (CIST)
• Single spanning tree that spans entire switch topology
  • Can have multiple root switches
  • CIST Root – One for entire CIST
  • CIST Regional Root – one per IST inside of each region

 

Configuration

• Need vlan to instance mapping
• Decide if multiple regions will be used and where the boundaries will be placed
• Show spanning-tree mst configuration digest
• Components
  • Name, revision, vlan to instance mapping
• Conf t
  • Spanning-tree mst configuration
  • Name [name]
  • Revision [number]
  • Instance [#] [vlan] –> repeat for each instance to vlan mapping

---

Switch Priority

Configure most central switch with the lowest bridge priority

Unique bridge ID – Switch priority and MAC Address

When selecting the root port on a switch stack, spanning tree follows this sequence:

• Selects the lowest root bridge ID
• Selects the lowest path cost to the root switch
• Selects the lowest designated bridge ID
• Selects the lowest designated path cost
• Selects the lowest port ID

4 bit priority and 12 bit extended system ID

Switch Priority Value and Extended System ID

---

Port Priority

Lower priority is preferred for choosing root port

Config

Spanning-tree vlan port priority

• Configurable on per-vlan basis
• Default setting – 128

Spanning-tree port priority

• Configurable on per-interface basis
• Default setting – 128

Configure the port priority for an interface.

For priority, the range is 0 to 240, in increments of 16; the default is 128.Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority.

Configure the port priority for a VLAN.

• For vlan-id, you can specify a single VLAN identified by VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma. The range is 1 to 4094.
• For priority, the range is 0 to 240, in increments of 16; the default is 128. Valid values are 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, and 240. All other values are rejected. The lower the number, the higher the priority

---

Path Cost

The spanning-tree path cost value is calculated from the speed of an interface. If a loop occurs, spanning tree uses cost when selecting an interface to put in the forwarding state. You can assign lower cost values to interfaces that you want selected first and higher cost values that you want selected last. If all interfaces have the same cost value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces.

Configure Cost of an interface – spanning-tree cost [cost]

• Range of 1 – 200000000, lower cost is better

Configure cost of a vlan – spanning-tree vlan [vlan] cost [cost]

---

STP Timers

• Hello Timer – controls how often the switch broadcasts hello messages to other switches
• Forward-delay Timer – controls how long each of the listening and learning states last before the interface begins forwarding
• Maximum-age Timer – Controls the amount of time the switch stores protocol information received on an interface
• Transmit hold count – Controls the number of BPDUs that can be sent before pausing for 1 second

 

• spanning-tree vlan [vlan] hello-timer [sec]
  • Default is 2 seconds
  • Configure hellotimer of a vlan, configure on root switch
• spanning-tree vlan [vlan] forward-time [sec]
  • Seconds – range 4 – 30, default is 15
• spanning-tree vlan [vlan] max-age [sec]
  • Seconds – range 6 – 40, default is 20
• spanning-tree transmit hold-count [value]
  • value range – 1 – 60, default is 6

---

Portfast

Immediately brings an interface into forwarding state from blocking state

• Bypasses listening and learning
• Use on connections to clients / servers
• Portfast interface should not receive BPDU’s

Interface > Spanning-tree portfast

Global > spanning-tree portfast default

---

BPDU Guard

Enable globally or per interface

Global

• Spanning-tree portfast bpduguard default
• Enables bpduguard on portfast enabled ports
• Shutdown ports in the portfast operational state if the port receives any BPDU
  • Error Disables the port
• Errdisable detect cause bpduguard shutdown vlan [vlan]
  • Shuts down offending vlan on the port

Interface

• Spanning-tree bpduguard enable
• Can be used without the portfast command to error disable a port when a bpdu is received
• Use on a ISP access port to prevent participation in STP

---

BPDU Filter

Enable globally or per interface

Global

• Spanning-tree portfast bpdufilter default
• Prevents interfaces configured with portfast from sending or receiving bpdu’s
• Use to prevent hosts from receiving BPDU’s
• If BPDU’s are received on portfast interface, it’ll lose it’s portfast operational status and BPDU filtering is disabled

Interface

• Spanning-tree bpdufilter enable
• Can be used without the portfast on interface

Enabling BPDU filtering on an interface effectively disables spanning-tree and can result in a L2 loop

---

Loopguard

Global > spanning-tree loopguard default

• Prevent alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link
• Best practice – enable on entire switches network
• Spanning tree does not send BPDU’s on root or alternate ports

---

Uplinkfast

Spanning-tree uplinkfast

• Global config

Accelerates the choice of a new root port when a interface or switch fails

Port transitions to forwarding state immediately

• Skips listening and learning states

Use at access / edge switches

Provides fast convergence after a direct link failure

---

Backbonefast

Spanning-tree backbonefast

• Global command
• Detects indirect failures in the core of the backbone
• Complementary to uplinkfast
• Optimizes the max-age timer
• When the switch receive an inferior BPDU from a designated port of another switch, that is a trigger that the other switch may have lost its path to root. Backbonefast will try an alternative path

---

Rootguard

Interface > spanning-tree guard root

• Prevent designated ports from becoming root ports
• Protect placement of root switch
• Places port into root-inconsistent (blocked) state