Introduction to Computer Networking

Reminder – Bridging and Spanning Tree Protocol

Emeline Marechal & Simon Lienardy

Academic year 2019 – 2020

1 Introduction

This lab is about bridges and spanning tree protocol. After this lab, you will never again mistakeswitches for routers because you will study them in operation. Switches and routers tackle similarproblems, e.g.: “On which interface must I forward this packet?”. Yet, their respective behavioursare quite different because they do not operate at the same scale! Some solution are nice at theLAN scale but would be unfeasible at the scale of the whole Internet.

2 Network layer (recall)

Figure 1 – Network layer principle

• The role of the network layer is to transport the segments between the transport layer entities.

• The sender encapsulates each segment into a datagram and the latter goes through the routersuntil it reaches its destination.

• Between two routers and between a router and a host, we must go through a local area network(LAN).

• The transportation of the datagrams inside a LAN is performed by the datalink layer.

1

3 Datalink layer

Figure 2 – Link layer principle

The datalink layer is responsible for transmitting a datagram to physically adjacent nodes.

• Each host, router and bridge has a datalink layer. Bridges and switches are equivalent, exceptthat a bridge can interconnect networks which have different types (e.g. Ethernet with Wi-Fi), while a switch is a bridge between several Ethernet links.In other words, a switch cannot interconnect networks with different types. From now on, wewill use the word bridge and switch indifferently of each other.

• A local area network (LAN) can be:

– A single point to point link, such as a link interconnecting two routers.

– A true network consisting of segments linked together by switches.

3.1 Transportation between two network layer entities

• At a LAN entrance (network layer):

– The network layer must handle an IP packet with IPsrc = IPHost1 and IPdest = IPHost2.

– Thanks to its forwarding table, it knows whether IPHost2 is on the local area network(Next hop = IPHost2) or if a router must be used to reach the destination (Next hop =IPGateway).

– It passes the packet (without modification) to the datalink layer and asks it to send thepacket to the entity which has the IP address “Next hop”.

• At a LAN entrance (datalink layer):

– Two possible cases:

∗ Either the datalink layer knows the MAC address associated with the IP address“Next hop”. If so, it constructs a frame with its own MAC address as source, andMACNext hop as destination.

2

∗ Or it does not know this MAC address. In this case, it uses an ARP request to findout before it constructs the frame (the frame is never sent in broadcast1).

– The datalink layer sends the frame.

• Inside a LAN:

– The switches (if any) take the responsibility of transferring the frames until the next IPhop without modification.

• At a LAN exit:

– The datalink layer extracts the IP packet from the frame and passes this packet to thenetwork layer.

3.2 ARP (Address Resolution Protocol)

In the network layer, IP addresses are used for forwarding. In the datalink layer, MAC addresses areused locally to get the frame from one interface to another physically connected interface. Beforesending a frame, the node must determine the interface’s MAC address knowing its IP address.The ARP protocol is used for that purpose.

• An ARP request is like “What is the MAC address corresponding to the address IPaddress?Respond to MACaddress”.

• This request is a frame which is sent in broadcast on the LAN.

• When the station that has the address IPaddress receives the request, it responds with aframe which is directly addressed to the sender of the request.

4 Switches

In Ethernet topologies, nodes used to be interconnected together through a bus.Now, the bus is replaced with a central device: the switch. The switch looks at the destinationMAC address of the frame, and selectively forwards the frame to one or more outgoing links.

4.1 Transparent switches

The switches are datalink layer devices and are said to be transparent. It means that neither thesender nor the receiver sees the switch and they don’t have to care about it: everything happensas if the receiver was directly connected to the sender.

Hence, the MAC addresses of the switches will never appear as source or destination addressesof a frame!

1except if the “Next Hop” is itself an IP broadcast address

3

4.2 Working principle of transparent switches

4.2.1 The forwarding table

In order for a switch to forward the frame to its destination, it must learn on which outgoing portthe destination is reachable. Each switch has a forwarding table that associates a MAC addressto the outgoing port. The entries of the forwarding table are of the form:

(MAC address, port ID, Creating date)

• How is the forwarding table populated? The switch is self-learning. When a frame arrives on aninput port, the switch updates its forwarding table because it learned the location of the sender.

Assume that a frame, with a source MAC address SrcAddr , arrives on a port with ID portId attime time. Upon reception,

• If there already exists an association between the input port and the source address of theframe, the creation date of this association is updated.

• If there already exists an association between this MAC address and another port, it isreplaced by (SrcAddr , portId, time).

• If there isn’t any association for this MAC address, the entry (SrcAddr , portId , time) is added.

The lifetime of the associations is limited, which allows the algorithm to adapt to topology changes.

4.2.2 Transportation of the frames

The switch captures all the frames that transit on the LAN segments on which it is connected(promiscuous mode). The frame forwarding/filtering works in the following way:

• If the recipient of the frame is associated with the input port, the switch will discard theframe.

• If the recipient is associated with an output port 6= input port, the switch will transmit theframe on the corresponding output port.

• If the recipient is unknown (no association), the switch will transmit the frame on all its portsexcept the input port.

This mechanism works well when there is no cycle in the interconnection of the switches. How-ever, if there are cycles, a frame could loop forever in the topology.

4.2.3 Loop prevention

To avoid the loop creation, we use the Spanning Tree algorithm, which allows to see the networktopology as a tree (as such, there is a unique path between two nodes). We achieve this by disablinga set of ports in each switch.

Every insertion or removal of a switch in the network will lead to the reconstruction of a newtree.

4

When the spanning tree algorithm is stabilized, a state is associated with each port. The possiblestates are “Forwarding”, “Root” and “Blocking”. A port in the Blocking state won’t retransmit anydata frame. The other ports will retransmit the data frames according to the filtering rules.

5 The spanning tree algorithm

5.1 Terminology

Root switch The switch whose ID is the smallest.

Path cost With each port of a switch is associated the cost for transmitting a frame on the LANsegment which is connected to this switch. It is thus possible to associate a cost with eachpath between two switches.

Root port The port which leads to the root switch by using the least-cost path. The manner ofdealing with ties will be explained later.

Root path cost For each switch, the cost of the least-cost path linking the switch to the rootswitch (thus using the root port of the switch).

Designated switch On each LAN segment, only one switch is the designated switch. It is theswitch that provides the path with minimum cost to the root. It is the only switch that cantransmit LAN frames to the root switch. The root switch is the designated switch of all theLAN segments’ on which it is attached.

Designated port The port that links the designated switch to the LAN segment is the designatedport.

5.2 Control messages

The switches exchange control messages called BPDU’s (Bridge Protocol Data Units) in order todetermine the root switch and build the tree. A BPDU has the following form:

〈Root id. as assumed,Root path cost, Sender id〉

where

• Root id. as assumed is the ID of the switch that it considers to be the root switch.

• Root path cost is the cost of the least-cost path to reach the root.

• Sender id is the ID of the BPDU sender.

The ID of a switch is composed of a priority level and of one of the MAC addresses of theswitch.

5

5.3 Classification of control messages

For ordering two BPDU, we define a lexicographic order between them in the following way. LetC1 and C2 be two BPDUs containing, respectively:

〈rootId1 , cost1 , senderId1〉 and 〈rootId2 , cost2 , senderId2〉

C1 is better than C2

1. if rootId1 < rootId2, or else

2. (when the two root id’s are equal), if cost1 < cost2, or else

3. (when the costs are also equal), if senderId1 < senderId2, or else

4. (when both BPDUs are identical), the final tie-break is based on the smallest receiving port number.

5.4 The spanning tree algorithm

Switches exchange BPDUs on all ports in order to determine the root switch, build the tree, anddecide whether non-root ports are forwarding or blocking.

• Spanning tree table The table of a switch contains an entry per port. At any time, an entrycorresponding to a port indicates the port state as well as the best BPDU among the BPDU thatit sends on this port, and the BPDU that it receives on this port.

Each entry thus has the following form:

[Port id, Root id, Root path cost, Sender id, Port state]

where Port state ∈ {RP,FP,BP}2

Caution: There is a difference between the forwarding table and the spanning tree table.The forwarding table is used to forward frames, and the spanning tree table is used to storeinformation learned by running the spanning tree algorithm.

• Initialization Initially, each switch considers itself as the root switch. All its ports are in theForwarding state (FP).

Each switch sends a 〈switchId, 0, switchId〉 BPDU on all its ports, where switchId is its ownID.

• Table update - Input port When a switch receives a 〈rootId, cost, senderId〉 BPDU on a port P ,it compares the received BPDU with the entry in its table corresponding to port P , quoted by EP .

- If EP is better or equal than the received BPDU, the table is left unchanged and the updateprocess is completed.

- If EP is worse than the received BPDU, the table is updated with the information inside thisBPDU and it is then compared to the other entries of the table.

2RP: Root port, FP: Forwarding port, BP: Blocking port

6

• Table update - Other ports EP , that consists of the values (rootId, cost and senderId) will nowbe compared to the other entries of the table. Assume that the entry EP∗, corresponding to portP∗ in the table, consists of the values rootId∗, cost∗ and senderId∗.

If EP (rootId, cost and senderId) is better3 than EP∗ then EP∗ is updated with the informationrootId, cost+1 and switchId.

• Table update - Ports state When the fields Root id, Root path cost and Sender id have beenupdated, the port state is determined in the following way:

- The port for which these fields form the best BPDU is the root port. If several entries areequivalent, the port with the smallest ID is the root port. It is assigned the Root Port state(RP).

- The ports for which the field Sender id contains the value switchId go into the Forwardingstate (FP). These are designated ports. They form a BPDU and send it on the LAN segmentsto which they are attached.

- The other ports go to the Blocking state (BP).

• Topology change detection The root switch regularly sends BPDUs on its ports to signal itspresence to the other switches.

The ports in the Forwarding state transmit them.A timer is associated with each port in the Root Port or Blocking states. The timer is reset when

a BPDU is received. If the timer expires, a topology change is detected. The table is recalculatedaccording to the previously described rules.

6 Synthesis on the port state

6.1 Forwarding Port

1. The switch regularly sends a BPDU on this port.

2. The switch is designated on the LAN segment to which this port gives access.

3. The switch stores the source addresses of the frames which arrive on this port.

4. The switch retransmits on this port the frames that are sent in broadcast.

5. The switch retransmits on this port the frames whose destination address are unknown to it.

6.2 Root Port

1. This port gives access to the root switch through the shortest path.

2. There is one and only one RP per switch4.

3. The switch listens to the BPDUs sent on the LAN segment corresponding to the port.

3see Section 5.3: Classification of control messages4Except for the root switch (all its ports are FP)

7

4. The switch does not send any BPDU via this port.

5. The switch stores the source addresses of the frames which arrive on this port.

6. The switch retransmits on this port the frames that are sent in broadcast.

7. The switch retransmits on this port the frames whose destination address is associated with this portin the forwarding table.

8. The switch retransmits on this port the frames whose destination address is unknown to it.

6.3 Blocking Port

1. The switch listens to the BPDUs sent on the LAN segment corresponding to the port.

2. The switch does not send any BPDU via this port.

3. The switch is not designated for this LAN segment.

4. The switch discards the frames other than the BPDUs transiting on the corresponding LAN segment.

5. The switch does not retransmit any frame via this port.

7 Spanning Tree Protocol Example

Here is an example of STP protocol on a basic topology to help you understand the protocol.

Figure 3 – Example exercise topology

Consider the network depicted on Figure 3. We assume that, initially, switch 3 is not operational. Weask you to:

1. Calculate the spanning tree table of each switch if the spanning tree is stable.

8

2. Give the possible BPDU exchange scenario if switch 3 comes back online. Be precise and indicate theevolution of the table of each switch.

3. Indicate the BPDUs which are exchanged when everything is stabilized.

7.1 Initial table

The root switch is switch 1 (it has the smallest ID). Each switch is useful to the spanning tree, they are allenabled. The following tables can then easily be obtained from the initial situation:

Initialization Initially, each switch considers itself as the root switch:

switch 1

port root ID cost sender ID type1 1 0 1 FP2 1 0 1 FP

switch 2

port root ID cost sender ID type1 2 0 2 FP2 2 0 2 FP

switch 4

port root ID cost sender ID type1 4 0 4 FP2 4 0 4 FP

switch 1 will send 〈1, 0, 1〉 BPDUs on all its ports. switch 2 will receive 〈1, 0, 1〉 on its port 2. 〈1, 0, 1〉 isbetter than 〈2, 0, 2〉 and switch 2 will update its table:

switch 2

port root ID cost sender ID type1 1 1 2 FP2 1 0 1 RP

After the update, BPDU on port 2 is now 〈1, 0, 1〉, which is the BPDU received from switch 1. BPDUon port 1 will be 〈1, 1, 2〉 since 〈1, 0+1, 2〉 is a better BPDU than 〈2, 0, 2〉.

Then, switch 2 will send 〈1, 1, 2〉 BPDU on its port 1, that will be received by switch 4 on its port 1.〈1, 1, 2〉 is better than 〈4, 0, 4〉. Plus, 〈1, 1+1, 4〉 is a better BPDU than 〈4, 0, 4〉. Hence, the final table is:

switch 1port root ID cost sender ID type

1 1 0 1 FP2 1 0 1 FP

switch 2

port root ID cost sender ID type1 1 1 2 FP2 1 0 1 RP

switch 4

port root ID cost sender ID type1 1 1 2 RP2 1 2 4 FP

7.2 switch 3 comes back online

Switch 3 is back online. It assumes that it is the root brigde and sends 〈3, 0, 3〉 BPDUs on all its ports5.

5In practice, the switches have a timer that force them to listen to the network before beginning to send anything(it is the forward delay timer)

9

switch 3port root ID cost sender ID type

1 3 0 3 FP2 3 0 3 FP

Switches 1, 2 and 4 will receive the BPDU but they won’t retransmit it because the root ID of thisBPDU is bigger than the root ID (=1) of these switches. Eventually, switch 3 will receive a 〈1, 0, 1〉 BPDUon its port 2. It will thus update its table.

switch 3

port root ID cost sender ID type1 1 1 3 FP2 1 0 1 RP

After updating its table, switch 3 retransmits the incremented BPDU on port 1. So switch 4 receives〈1, 1, 3〉 on its port 2 and will update its table because 〈1, 1, 3〉 is better than 〈1, 2, 4〉. Switch 4 deduces thatit is no longer designated on LAN segment 2 and blocks the data transfer on this port.

switch 4

port root ID cost sender ID type1 1 1 2 RP2 1 1 3 BP

Switch 4 will periodically receive the 〈1, 1, 2〉 BPDU on its port 1, but it will not update its table. Thealgorithm is now stabilized. Switch 4 is no longer part of the spanning tree.

7.3 BPDUs exchange when everything is stabilized

The 〈1, 1, 3〉 and 〈1, 1, 2〉 BPDUs will not be retransmitted anymore by switch 4.

8 The brctl program

brctl stands for switch ConTroL. According to its manpage, “brctl is used to set up, maintain, and inspectthe ethernet switch configuration in the linux kernel”.

8.1 Setting up a switch

To set up a brigde, one has to:

1. Create a new switch (several switches can be created on the same vm)

2. Attach network interfaces to the newly created switch

3. Enable the spanning tree protocol on the switch

4. Enable the switch (that is seen as an inteface)

Here are the command:

10

switch:# brctl addbr br0 # Create a new switch

switch:# brctl addif br0 eth0 # Add interfaces

switch:# brctl addif br0 eth1

switch:# brctl stp br0 on #enable the spanning tree protocol on switch br0

switch:# ip link set br0 up #enable the switch

In the lab, addbr and addiff are already done in vms *.startup scripts

8.2 Inspect the switch configuration

8.2.1 Filtering

You can display a list of learned MAC addresses for a switch:

switch:# brctl showmacs BR_NAME

where BR_NAME is the name of the switch (br0 in the above creation example). This command displaysthe MAC address, the associated port number and the ageing timer (if the timer runs out, the port/MACassociation is forgotten).

The ageing timer can be set:

switch:# brctl setageing BR_NAME TIME

TIME is a time in second.

8.2.2 Spanning Tree Protocol (STP)

In order to see the spanning tree tables of the switch (the same tables that are drawn in the example exercise),one just have to type:

switch:# brctl showstp BR_NAME

It will display information about the switch and its interfaces. Here is an example of output (some ports ofthe switch are not depicted):

br0

switch id 8000.000000000200

designated root 8000.000000000100

root port 2 path cost 100

max age 20.00 switch max age 20.00

hello time 2.00 switch hello time 2.00

forward delay 15.00 switch forward delay 15.00

ageing time 300.00

hello timer 0.00 tcn timer 0.00

topology change timer 0.00 gc timer 1.73

flags

eth0 (1)

port id 8001 state forwarding

designated root 8000.000000000100 path cost 100

designated switch 8000.000000000200 message age timer 0.00

designated port 8001 forward delay timer 0.00

11

designated cost 100 hold timer 0.00

flags

In the example exercise (see Section 3), switch ids were number. Here you can see that in practice, theyare composed of two numbers: a priority (8000 by default) and a MAC address (typically the smallest one).The costs are configurable, and the default value is 100.

• State In the showstp table, you will see state forwarding or state blocking. You will not see“state root” (as in Sec. 3 exercise). The information about the root port is displayed after the keywordroot port.

Timer Here is a summary of the timers used in the switch configuration:

Timer Usage

Max age After this time, a switch that has not sent hello packet is considered deadHello time Time between 2 Hello packets

Forward delay Time to wait before entering in forwarding state

12