How STP works
======================
Elect on root bridge
elect one root port per bridge
elect Designated ports
Root bridge act as ref point and path calculation happen based on it.
Switch with lowest bridge ID in network becomes Root Bridge
Bridge ID contains ..
- Bridge Priority
0 - 614440 in increments of 4096
- System ID extension
0- 4095
- Mac address
priority of 0 is most preferred for root bridge
Changing the root bridge election
==================================
Manually change BID priority
spanning tree vlan [vlan] priority
Lower is letter
Use root bridge macro
spanning-tree vlan [vlan] root [primary | secondary]
sets local priority based on current root bridge
Verification
show spanning-tree vlan [vlan]
show spanning-tree root
Note: bridges on the rest of the network will only use timer set in root bridge
default version of STP is PVSTP+
Root port opposite is always DP
Root and designated port election
-=====================================
DPs are downstream facing away from root bridge
Like root port election based on ..
-Lowest root path cost
-lowest BID
-lowest PortID
All other ports go into blocking mode
- receive BPDUs
- Discard all other traffic
- Cannot send traffic
Changing the Port's Role
================================
Modify the port's cost
spanning- tree vlan cost
bandwidth [bps]
Modify the bridge ID
spanning-tree vlan [vlan] priority
Modify the Port ID
spanning-tree vlan [vlan] port-prority
verification
- show spanning-tree interface [int] detail
- show spanning-tree vlan [vlan] detail
Why priority is always in increment of 4096?
When the extended system ID is used, it changes the number of bits available for the bridge priority value, so the increment for the bridge priority value changes from 1 to 4096. Therefore, bridge priority values can only be multiples of 4096.
Note that 2 raise to power 12 is 4096. Now if you occupy even a single bit ( out of the 4 bits) for the Bridge Priority,
It means 4096*2=8192 (multiple of 4096..)
The extended system ID value is added to the bridge priority value in the BID to identify the priority and VLAN of the BPDU frame.
Port ID = port priority + port no
default port priority is 128.
STP Timers
=============
Timers effect the transition between port states
- set only on the root bridge
Hello
- How often configuration BPDUs are sent
- defaults to 2 sec
Max Age
- How long to wait in blocking state without hearing BPDU
- defaults to 20 sec
Forward Delay
- How long to wait in each the listening and learning phases while building CAM table.
- defaults to 15 sec
Note : In STP, CST and PVSTP only root bridge is allowed to generate BPDUs. BPDU start at root and forward towards leafs.
worst case convergence timer for STP is 50 sec
Timers are set in root bridge only:
Changing STP Timers
=====================
Configuration
- spanning-tree vlan [vlan] hello-time
- spanning-tree vlan [vlan] forward-time
- spanning-tree vlan [vlan] max-age
Verification
- show spanning-tree vlan [vlan]
=======================
Portfast (direct from blocking to forwarding)
-edge ports shouldn't be subject to forward delay
- also effects TCN generation
UplinkFast
-Direct root port failure should reconverge immediately if Alternate port available
Backbone Fast
-Indirect failures should start recalculating immediately.
CAM age time == max-age time. when topology change notification happens
default CAM aging time is 300 sec
portfast is also called as edge port.
portfast interface will not generate the TCN and edge ports are not subject to forward delay. Also, CAM table does not flushed out and hence cuts down unknown unicast flooding on the network. when portfast is on it does not mean STP is disabled the switch is still sending and listening BPDU's and (their is a default defense protection mechanism and if interface receives BPDU's it put itself out of edge port or portfast status) ie if router or any end device need to run stp, we will enable stp on router ie end device and the switch interface which receives BPDU will put itself out of edge port.
So instead of configuring portfast on every interface we have command which will enable portfast on all interfaces of switch ie spanning-tree portfast default this is equivalent as # int range fa0/1 - 24 , g0/1 -2 + spanning tree portfast and interfaces will automatically figure it out which one should run portfast and which one should not based on built on mechanism.
For trunk link portfast will not be on by default. if trunk links goes down and comes up it's not going to create TCN
UplinkFast
=========
Spanning-tree uplinkfast == should be configure in single switch
Backbonefast
============
Spanning-tree backbonefast = > should be configure on all switches
These features are used for fast convergence. We need not to wait for max age time.
STP BPDU Filter
============
BPDU Filter:
-To drop STP packet as they come into the interface or go out of the interface ie filter BPDUs in and out
- Can be configured per interface basis or globally . If configured at interface, the STP is disabled at interface and if configured globally stp is disabled on all interfaces. Typically used at access layer. This is mainly used to avoid L2 attacks.
Spanning-tree bpdufilter enable. Its like a passive interface. A disadvantage is when a router connected to this switch want to run STP, router will send BPDUs but switch will not receive BPDUs.
BPDU Guard
-If BPDU is received shut port down. Link is put in err-disable state.it will not come out of it until err-disable recovery timeout or manually brought up.
Root Guard
-if superior BPDU is received shut port down.
Loop Guard & UDLD
-Prevent unidirectional links
Typically in the case of fiber network where send channel might be working but receiving channel might not be working. One physical link for sending traffic and other physical links for receiving traffic. It is possible to have one working and other break. In STP if we are able to send BPDUS but not able to receive BPDUs then max age time out will happen and port will move from blocking to forwarding since it will not rx BPDUs from other end and it will put itself in DP and it might happen both switches elect DP ports and both interface will be in forwarding state. This is the violation of STP but STP will not detect this since it is a L1 issue. Solution is loop guard and unidirectional link detection
Multiple Spanning-Tree Protocol
===================
IEEE (802.1s) response to PVST/PVST+
-supports rapid STP (802.w)
Instances are separate from VLANs
-PVST+ uses one instance per VLAN
-MST uses definable instances
Highly scalable
-Switches with same instances, configuration revision number, and name form a “region”
-Different regions see each other as virtual bridges.
Disadvantage of STP is more overload. If there are multiple vlans associated with same physical interface we need to create separate instance of STP for all vlans.
MST Path Selection
======================
Same election process as CST/PVST
Root Bridge
-lowest BID
Root port
-lowest cost
-lowest upstream BID
-lowest portID
Changing MST Root Bridge Election
==========================
Manually change BID priority
-spanning-tree mst [instance] priority
-lower is better
Use root bridge macro
-spanning-tree mst [instance] root [primary | secondary]
-sets local priority based on current Root Bridge
Verification
-show spanning-tree mst [instance]
-show spanning-tree root
Note: with RSTP we need not to configure uplinkfast and backbonefast. Those are enabled by default.
Typically we want root bridge somewhere in the core.
In case of MST sys id comes from Instance number of MST.
Rstp is automatically enabled when we turn on MST.
MST0 instance is used for inter region operability. MST interact with PVSTP through MST instance 0 ie MST0
Role of VTP in MST is to advertise the instance between the neighbors.
Changing an MST Port’s Role
=========================
Modify the port’s cost
- Spanning-tree mst [instance ] cost
- Bandwidth [bps]
Modify the Bridge ID
- Spanning-tree mst [instance] priority
Modify the port ID
-spanning-tree mst [instance] port-priority
Verification
-show spanning-tree interface [init] detail
-show spanning-tree mst [instance] detail
Rapid Spanning-tree protocol
==========================
Rapid convergence based on sync process
Enabled through..
-spanning-tree mode mst
-spanning-tree mode rapid-pvst
Sync process only occurs on point-to-point non-edge ports
-implies link-type must be accurate
-spanning-tree link-type [point-to-point|shared]
-spanning-tree portfast
Root -----à downstream
Upstream--à Root
If links are not point to point ie full duplex then proposal process will not happen. Especially in the case when link is connected to hub.
In that case we have to use legacy STP.
So requirement is linked between the switches are point to point and non-edge ports and all other interfaces connected to end host should be defined as edge port as defined portfast command in STP.
Portfast in STP is equivalent to edge port in rstp.
No comments:
Post a Comment