Spanning Tree Protocol

Spanning Tree Protocol

Semester 3, Ch. 5

Sandra Coleman, CCNA, CCAI

Redundancy

Five 9’s uptime = 99.999% uptime, this equates to only 5.25 minutes of downtime per year!

Requires reliability…which is achieved by reliable equipment and fault tolerant networks

Redundant topologies – Goal - eliminate network outages caused by a

single point of failure.

If the bridge is flooded or damaged by an accident, travel to the town center across the bridge is impossible.

A second bridge across the river creates a redundant topology. The suburb is not cut off from the town center if one bridge is impassable

Redundant Switched Topologies

Eliminates single points of failure Switches flood frames for unknown

destinations until they learn their MAC addresses

Broadcasts/Multicasts are flooded out all ports EXCEPT the one on which it was received

Can cause the following problems: broadcast storms multiple Ethernet frame copies MAC address table instability problems

Redundant Switched Topology

When multiple paths exist between two devices on the network and STP has been disabled on those switches, a Layer 2 loop can occur. If STP is enabled on these switches, which is the default, a Layer 2 loop would not occur.

Broadcast Storms

Defined - A state in which a message that has been broadcast across a network results in even more responses, and each response results in still more responses in a snowball effect

Caused by continued sending of broadcasts or multicasts over and over.

Will continue until one of the switches is disconnected.

Switches get so busy with the broadcasts, they can’t forward normal user traffic which causes it to seem as if the network is down or extremely slow.

Occurs when multiple devices are seeking to retrieve information from another device.

A single devices might be seeking a MAC address of a particular host.

In seeking the address, the request travels through other networking devices which also begin seeking the MAC address.

Multiple Frame Transmissions

Multiple frame transmissions

In a redundant switched network it is possible for an end device to receive multiple frames.

Assume that the MAC address of Router Y has been timed out by both switches.

Also assume that Host X still has the MAC address of Router Y in its ARP cache and sends a unicast frame to Router Y.

Multiple frame transmissions

The router receives the frame because it is on the same segment as Host X.

Switch A does not have the MAC address of the Router Y and will therefore flood the frame out its ports. (Segment 2)

Switch B also does not know which port Router Y is on. Note: Switch B will forward the the unicast onto Segment 2,

creating multiple frames on that segment. After Switch B receives the frame from Switch A , it then floods

the frame it received causing Router Y to receive multiple copies of the same frame.

This is a causes of unnecessary processing in all devices.

Media access control -database instability

In a redundant switched network it is possible for switches to learn the wrong information.

A switch can incorrectly learn that a MAC address is on one port, when it is actually on a different port.

Host X sends a frame directed to Router Y. Switches A and B learn the MAC address of Host X on port 0. The frame to Router Y is flooded on port 1 of both switches. Switches A and B see this information on port 1 and

incorrectly learn the MAC address of Host X on port 1.

Redundant topology & spanning tree

No TTL field in Layer 2 Ethernet header(as there is in IP headers). Therefore is a frame is caught in a loop, it can loop forever, wasting bandwidth

Switching loops are necessary for reliability, but networks cannot have loops. ????

Solution: allow physical loops, but create a loop-free logical topology.

Spanning Tree Protocol Loop free switched topology Usually star or extended star logical topology SPANNING means all devices are reachable or

spanned Spanning tree algorithm is used to create this

topology. Can take a relatively long time to converge

Rapid spanning-tree algorithm is being introduced to reduce the time it takes to compute a loop free logical topology

STP ensures that there is only one logical path between all destinations on the network by intentionally blocking redundant paths that could cause a loop (loop-free path).

Spanning Tree Protocol IEEE 802.1D – allows the use of ST algorithm to

construct a loop free shortest path network Shortest path is based on cumulative link costs Establish a root node called the root bridge Establish one path for reaching every node…

originating from the root bridge. Links not part of the shortest path are blocked Features that contribute to the time it takes for total

convergence: Max-age timer Listening forward delay Learning forward delay

Spanning Tree Protocol Data frames received on blocked links are

dropped Links that will cause bridging loops are

blocked BPDU – Bridge Protocol Data Unit

Allows the formation of the loop free topology BPDUs continue to be received on blocked ports.

If an active path fails, a new one can be calculated

BPDUs Contain enough info that all switches

can: Select a single switch that will act as the root of the

spanning tree Calculate the shortest path from itself to the root

switch Designate one of the switches as the closest one to

the root, for each LAN segment. This bridge is called the “designated switch”.

Choose one of its ports as its root port, for each non-root switch. This is the interface that gives the best path to the root switch.

Select ports that will forward frames and are part of the spanning tree, the designated ports.

Non-designated ports are blocked

Spanning tree operation Should be one spanning tree per network For every converged switched network, the

following elements exist: One root bridge per network One root port per non root bridge One designated port per segment

These forward data traffic Unused, non-designated ports

These discard data traffic

Two Key Concepts: BID and Path Cost

STP executes an algorithm called Spanning Tree Algorithm (STA).

STA chooses a reference point, called a root bridge, and then determines the available paths to that reference point. If more than two paths exists, STA

picks the best path and blocks the rest

STP calculations make extensive use of two key concepts in creating a loop-free topology: Bridge ID Path Cost

Bridge ID (BID)

Bridge ID (BID) is used to identify each bridge/switch.

The BID is used in determining the center of the network, in respect to STP, known as the root bridge.

Consists of two components: A 2-byte Bridge Priority: Cisco switch defaults to 32,768 or

0x8000. A 6-byte MAC address

Bridge Priority is usually expressed in decimal format and the MAC address in the BID is usually expressed in hexadecimal format.

BID is used to elect a root bridge Lowest Bridge ID is the root. If all devices have the same priority, the bridge

with the lowest MAC address becomes the root bridge. (Yikes!)

Bridge ID (BID)

Path Cost

Bridges use the concept of cost to evaluate how close they are to other bridges.

This will be used in the STP development of a loop-free topology .

Originally, 802.1d defined cost as 1000/bandwidth of the link in Mbps. Cost of 10Mbps link = 100 or 1000/10 Cost of 100Mbps link = 10 or 1000/100 Cost of 1Gbps link = 1 or 1000/1000

Running out of room for faster switches including 10 Gbps Ethernet. 10-Gb/s Ethernet ports have a port cost of 2, 1-Gb/s Ethernet ports have a port cost of 4, 100-Mb/s Fast Ethernet ports have a port cost of 19 10-Mb/s Ethernet ports have a port cost of 100.

Path Cost

Path cost is the sum of all the port costs along the path to the root bridge.

The paths with the lowest path cost become the preferred path, and all other redundant paths are blocked.

Path Cost

You can modify the path cost by modifying the cost of a port. Exercise caution when you do this!

BID and Path Cost are used to develop a loop-free topology .

But first the Four-Step STP Decision Sequence

Four-Step STP Decision Sequence

When creating a loop-free topology, STP always uses the same four-step decision sequence:

Four-Step decision SequenceFour-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port ID

BID Fields The BID is used to determine the root bridge on a

network. The BID field of a BPDU frame contains 3 separate fields.

Each field is used during the root bridge election.

1. Bridge PriorityThe bridge priority is a customizable value that you can use to influence which switch becomes the root bridge. The switch with the lowest priority, which means lowest BID, becomes

the root bridge (the lower the priority value, the higher the priority). The default value for the priority of all Cisco switches is 32768. The priority range is between 1 and 65536; 1 is the highest priority.

2. Extended System IDThe early STP was designed for networks that did not use VLANs. When VLANs started became common, the extended system ID field contains the ID of the VLAN with which the BPDU is associated. The bridge priority values can only be multiples of 4096. The extended system ID is added to identify the priority and VLAN of

BPDU.

3. MAC AddressWhen two switches are configured with the same priority and have the same extended system ID (default setting), the switch with the MAC address with the lowest hexadecimal value has the lower BID. It is recommended to configure the desired root bridge switch with a

lower priority to ensure that it is elected root bridge.

Four-Step STP Decision SequenceBPDU key concepts: Bridges save a copy of only the best BPDU seen on

every port. At startup, each switch initially assumes that it is the

root bridge, so the BPDU frames that are sent, contain the BID of the local switch as the root ID.

When making this evaluation, it considers all of the BPDUs received on the port, as well as the BPDU that would be sent on that port.

As every BPDU arrives, it is checked against this four-step sequence to see if it is more attractive (lower in value) than the existing BPDU saved for that port.

Only the lowest value BPDU is saved. Bridges send configuration BPDUs until a more

attractive BPDU is received. Okay, lets see how this is used...

Three Steps of Initial STP Convergence

The STP algorithm uses three simple steps to converge on a loop-free topology.

Switches go through three steps for their initial convergence:

STP ConvergenceSTP ConvergenceStep 1 Elect one Root BridgeStep 2 Elect Root PortsStep 3 Elect Designated Ports

root bridge


STP ConvergenceSTP ConvergenceStep 1 Elect one Root BridgeStep 2 Elect Root PortsStep 3 Elect Designated Ports

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridge

Step 1 Elect one Root Bridge

Step 1 - Elect one Root Bridge

Each switch in the broadcast domain initially assumes that it is the root bridge for the spanning-tree instance, so the BPDU frames sent contain the BID of the local switch as the root ID.

Each switch maintains local information about its own BID, the root ID, and the path cost to the root.By default, BPDU frames are sent every 2 seconds.

When adjacent switches receive a BPDU frame, they compare the root ID from the BPDU frame with the local root ID.

If the root ID in the BPDU is lower than the local root ID, the switch updates the local root ID and the ID in its BPDU messages. These messages serve to indicate the new root bridge on the network. Also, the path cost is updated to indicate how far away the root bridge is. (looking

for the shortest path to the root bridge) For example, a Fast Ethernet switch port, the path cost would be set to 19. If the local root ID is lower than the root ID received in the BPDU frame, the BPDU frame is discarded.

Elect the root bridge

After a root ID has been updated to identify a new root bridge, all subsequent BPDU frames sent from that switch contain the new root ID and updated path cost.

Use to determine which ports will forward frames as part of the spanning tree.As the BPDU frames pass between other adjacent switches, the path cost is continually updated to indicate the total path cost to the root bridge. Each switch in the spanning tree uses its path costs to identify the best possible path to the root bridge.

All 3 switches have the same default Bridge Priority value of 32,768

Cat-A has the lowest Bridge MAC Address, so it wins the Root War!


At the beginning, all bridges assume they are the center of the universe and declare themselves as the Root Bridge, by placing its own BID in the Root BID field of the BPDU.

Once all of the switches see that Cat-A has the lowest BID, they are all in agreement that Cat-A is the Root Bridge.

Can be influenced by network admin by setting switch priority to a smaller value than the default. Do this cautiously!


Configure and Verify the BID There are 2 methods used to configure bridge

priority value. Method 1

To ensure the switch has the lowest priority value, use the spanning-tree vlan vlan-id root primary in global configuration. The priority for the switch is set to the predefined value of

24576 or to the next 4096 increment value below the lowest bridge priority detected on the network.

If an alternate root bridge is desired, use the spanning-tree vlan vlan-id root secondary global configuration mode. It sets the priority for the switch to the predefined value of

28672. This ensures that this switch becomes the root bridge if the

primary root bridge fails and the rest of the switches in the network have the default 32768 priority value defined.

Method 2 Another method for configuring the bridge priority value is using the spanning-tree vlan vlan-id priority value global configuration mode command. This command gives you more granular control over the

bridge priority value. The priority value is configured in increments of 4096

between 0 and 65536. To verify the bridge priority of a switch, use the

show spanning-tree privileged EXEC mode command.

In the example, the priority of the switch has been set to 24576. Also notice that the switch is designated as the root bridge for the spanning-tree instance.

24576

28672

2457620480

Port Roles There are 4 port roles that switch automatically configured for SPT process.1. Root Port - Root port exists on non-root bridges and it is the port with the best path to the

root bridge. Only one root port is allowed per bridge.S2 and S3 have root ports on the trunk links connecting back to S1.

2. Designated Port - The designated port exists on root and non-root bridges. For root bridges, all switch ports are designated ports. For non-root bridges, a designated port is the switch port that receives and forwards frames toward the root bridge as needed. Only one designated port is allowed per segment. S1 has both sets of ports for its 2 trunk links configured as designated ports. S2 also has a designated port configured on the trunk link going toward S3.

3. Non-designated Port - The non-designated port is a switch port that is blocked, so it is not forwarding data frames and not populating the MAC address table with source addresses.

Decisions on which port to block if they have equal costs depend on the port priority and identity.A non-designated port is not a root port or a designated port. For some variants of STP, the non-designated port is called an alternate port.S3 has the only non-designated ports in the topology. The non-designated ports prevent the loop from occurring.

4. Disabled Port - The disabled port is a switch port that is administratively shut down. A disabled port does not function in the spanning-tree process. There are no disabled ports in the example.


STP ConvergenceSTP ConvergenceStep 1 Elect one Root Bridge

Step 2 Elect Root PortsStep 3 Elect Designated Ports

Step 2 Elect Root Ports

Now that the Root War has been won, switches move on to selecting Root Ports.

A bridge’s Root Port is the port closest to the Root Bridge.

Bridges use the cost to determine closeness. Every non-Root Bridge will select one Root Port! Specifically, bridges track the Root Path Cost, the

cumulative cost of all links to the Root Bridge.

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridge

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridgeStep 2

Elect Root Ports

Step 1 Cat-A sends out BPDUs, containing a Root Path Cost of 0. Cat-B receives these BPDUs and adds the Path Cost of Port 1/1

to the Root Path Cost contained in the BPDU.Step 2 Cat-B adds Root Path Cost 0 PLUS its Port 1/1 cost of 19 = 19

BPDU

Cost=0

BPDU

Cost=0

BPDU

Cost=0+19=19

BPDU

Cost=0+19=19

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridgeStep 2

Elect Root Ports

Step 3 Cat-B uses this value of 19 internally and sends BPDUs with a

Root Path Cost of 19 out Port 1/2.Step 4 Cat-C receives the BPDU from Cat-B, and increased the Root

Path Cost to 38 (19+19). (Same with Cat-C sending to Cat-B.)

BPDU

Cost=0

BPDU

Cost=0

BPDU

Cost=19

BPDU

Cost=19

BPDU

Cost=19 BPDU

Cost=38 (19+19)

BPDU

Cost=38 (19+19)

BPDU

Cost=19

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridgeStep 2

Elect Root Ports

Step 5 Cat-B calculates that it can reach the Root Bridge at a cost of 19

via Port 1/1 as opposed to a cost of 38 via Port 1/2. Port 1/1 becomes the Root Port for Cat-B, the port closest to the

Root Bridge. Cat-C goes through a similar calculation. Note: Both Cat-B:1/2

and Cat-C:1/2 save the best BPDU of 19 (its own).

BPDU

Cost=0

BPDU

Cost=0

BPDU

Cost=19

BPDU

Cost=19

BPDU

Cost=38 (19+19)

BPDU

Cost=38 (19+19)

Root PortRoot Port

Elect Root Ports Every switch in a spanning-tree topology, except

for the root bridge, has a single root port defined. The root port is the switch port with the lowest path cost to the root bridge.

Normally path cost alone determines which switch port becomes the root port.

Switch ports with equivalent path costs to the root use the configurable port priority value.

They use the port ID to break a tie. When a switch chooses one equal path cost port as a root port over another, the losing port is configured as the non-designated to avoid a loop.

Three Steps of Initial STP ConvergenceSTP ConvergenceSTP ConvergenceStep 1 Elect one Root BridgeStep 2 Elect Root PortsStep 3 Elect Designated Ports

Step 3 Elect Designated Ports

The loop prevention part of STP becomes evident during this step, electing designated ports.

A Designated Port functions as the single bridge port that both sends and receives traffic to and from that segment and the Root Bridge.

Each segment in a bridged network has one Designated Port, chosen based on cumulative Root Path Cost to the Root Bridge.

The switch containing the Designated Port is referred to as the Designated Bridge for that segment.

To locate Designated Ports, lets take a look at each segment. Root Path Cost, the cumulative cost of all links to the Root Bridge.

Segment 1: Cat-A:1/1 has a Root Path Cost = 0 (after all it has the Root Bridge) and Cat-B:1/1 has a Root Path Cost = 19.

Segment 2: Cat-A:1/2 has a Root Path Cost = 0 (after all it has the Root Bridge) and Cat-C:1/1 has a Root Path Cost = 19.

Segment 3: Cat-B:1/2 has a Root Path Cost = 19 and Cat-C:1/2 has a Root Path Cost = 19. It’s a tie!

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridge

Root Port Root Port

Segment 1 Segment 2

Segment 3

Root Path Cost = 0 Root Path Cost = 0




Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridge


Segment 1 Because Cat-A:1/1 has the lower Root Path Cost it becomes

the Designate Port for Segment 1.Segment 2 Because Cat-A:1/2 has the lower Root Path Cost it becomes

the Designate Port for Segment 2.

Root Port Root Port

Segment 1 Segment 2

Segment 3




Designated Port Designated Port

Segment 3 Both Cat-B and Cat-C have a Root Path Cost of 19, a tie! When faced with a tie (or any other determination) STP always

uses the four-step decision process: 1. Lowest Root BID; 2. Lowest Path Cost to Root Bridge; 3. Lowest Sender BID; 4. Lowest Port ID

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridge

Root Port Root Port

Segment 1 Segment 2

Segment 3





Segment 3 (continued) 1) All three switches agree that Cat-A is the Root Bridge, so this is a tie. 2) Root Path Cost for both is 19, also a tie. 3) The sender’s BID is lower on Cat-B, than Cat-C, so Cat-B:1/2 becomes

the Designated Port for Segment 3. Cat-C:1/2 therefore becomes the non-Designated Port for Segment 3.

Cat-A

Cat-B Cat-C

Cost=19 Cost=19

Cost=19

1/1 1/2

1/1 1/1

1/2 1/2

RootBridge

Root Port Root Port

Segment 1 Segment 2

Segment 3





32,768.BB-BB-BB-BB-BB-BB

32,768.CC-CC-CC-CC-CC-CC

Designated Port Non-Designated Port

Non-designated ports When two switches are connected to the same

LAN segment, and root ports have already been defined, the two switches have to decide which port gets to be configured as a designated port and which one is left as the non-designated port.

Generally, the switch with the lower BID has its port configured as a designated port,

while the switch with the higher BID has its port configured as a non-designated port.

However, keep in mind that the first priority is the lowest path cost to the root bridge and that only if the port costs are equal, is the BID of the sender.

As a result, each switch determines which port roles are assigned to each of its ports to create the loop-free spanning tree.

Spanning Tree Port States

Blocking (20 secs) Is this a root bridge or a designated port Can only receive BPDUs Data frames are discarded

Listening (15 secs) Determine if there are other paths to the root bridge All paths, except lowest cost, go back to blocking

Learning (15 secs) Learning MAC addresses from any traffic, does not forward user data

Forwarding User data is forwarded, BPDUs are processed, and MAC addresses are

learned Disabled – the layer 2 port does NOT participate in STP and

doesn’t forward frames.

STP Recalculation – Topology ChangesConvergence occurs when all the switch

and bridge ports are in either the forwarding or blocked state

Network changes require the switches to recompute the Spanning Tree and therefore recalculate. This disrupts user traffic.

Can take up to 50 seconds to go from blocking state to forwarding state with 802.1D standards.

The entire process of electing the root bridge, determining the root ports, and determining the designated and non-designated ports happens within the 20-second blocking port state.

BPDU Timers The amount of time that a port stays in the

various port states depends on the BPDU timers.

Only the switch in the role of root bridge may send information through the tree to adjust the timers. These contribute to the time it takes for the network to fully converge!

Hello time (2 seconds)Forward delay (15 seconds)Maximum age (20 seconds)

At power up: Every switch port goes through the blocking, listening and learning states. The ports then stabilize to the forwarding or blocking state.

During a topology change: A port temporarily implements the listening and learning states for a specified period called the "forward delay interval.“

They must also allow the frame lifetime to expire for frames that have been forwarded using the old topology

Cisco and STP Variants

Cisco and STP Variants There are many types or variants of STP. Cisco Proprietary

Per-VLAN spanning tree protocol (PVST) - Maintains a spanning-tree instance for each VLAN. It uses the Cisco proprietary ISL trunking protocol. For PVST, Cisco developed a number of proprietary extensions to the original IEEE

802.1D STP, such as BackboneFast, UplinkFast, and PortFast. Per-VLAN spanning tree protocol plus (PVST+) – It is developed to provide support for IEEE 802.1Q. PVST+ provides the same functionality and proprietary STP extensions. PVST+ is not supported on non-Cisco devices. PVST+ includes the PortFast enhancement called BPDU guard, and root guard. BID modified to include VLAN ID

Rapid per-VLAN spanning tree protocol (rapid PVST+) – Based on the IEEE 802.1w and has a faster convergence than 802.1D. Rapid PVST+ includes Cisco-proprietary extensions.

IEEE StandardsRapid spanning tree protocol (RSTP) - First introduced in 1982 as an evolution of 802.1D 802.1W It provides faster spanning-tree convergence than 802.1D. RSTP implements the Cisco-proprietary STP extensions, BackboneFast, UplinkFast, and

PortFast. As of 2004, the IEEE has incorporated RSTP into 802.1D, identifying the specification as

IEEE 802.1D-2004. So when you hear STP, think RSTP.Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree instance reducing the number of instances needed to support a large number of VLANs. Standard IEEE 802.1Q-2003 now includes MSTP.

PVST+ In order to support IEEE 802.1Q

standard CST, Cisco extended PVST to become PVST+

PVST+ is compatible with with both CST and PVST and can be uses with switches that support either or both VLAN Spanning Tree methods

PVST+ also adds checking mechanisms to ensure there is no configuration inconsistency with port trunking.

PVST+ is available starting with Catalyst 4.1 release.

53

PVST+ With PVST+, load sharing can be

implemented. In a Cisco PVST+ environment, you can tune the spanning-tree parameters so that half of the VLANs forward on each uplink trunk.

For example, port F0/3 on switch S2 is the forwarding port for VLAN 20, and F0/2 on switch S2 is the forwarding port for VLAN 10.

This is accomplished by configuring one switch to be elected the root bridge for half of the total number of VLANs in the network, and a second switch to be elected the root bridge for the other half of the VLANs. In the figure, switch S3 is the root bridge for VLAN 20, and switch S1 is the root bridge for VLAN 10. Creating different STP root switches per VLAN

creates a more redundant network.

PVST+ Bridge ID PVST+ requires that a separate instance of

spanning tree run for each VLAN. To support PVST+, the 8-byte BID field is modified to carry a VLAN ID (VID).

The following provides more details on the PVST+ fields:

Bridge priority - A 4-bit field carries the bridge priority. Due to the limited bit count, the priority is conveyed in

discrete values in increments of 4096 rather than in increments of 1.

The default priority, in accordance with IEEE 802.1D, is 32,768, which is the midrange value.

Extended system ID - A 12-bit field carrying the VID. MAC address - A 6-byte field with the MAC address.

The MAC address is what makes a BID unique. When the priority and extended system ID are prepended to the switch MAC address, each VLAN on the switch can be represented by a unique BID.

PVST+ The table shows the default spanning-tree

configuration for a Cisco Catalyst 2960 series switch. Notice that the default spanning-tree mode is PVST+.

What is RSTP? RSTP (IEEE 802.1w) is an evolution of the

802.1D. RSTP does not have a blocking port state. RSTP defines port states as discarding, learning, or

forwarding. Port F0/3 on switch S2 is an alternate port in

discarding state. RSTP can achieve much faster convergence

in a properly configured network, sometimes in as little as a few hundred milliseconds by placing designated ports into forwarding state immediately.

If a port is configured to be an alternate or a backup port it can immediately change to a forwarding state without waiting for the network to converge.

The following briefly describes RSTP characteristics:

RSTP is the preferred protocol for preventing Layer 2 loops in a switched network environment. Cisco-proprietary enhancements, such as UplinkFast and BackboneFast, are not compatible with RSTP.RSTP (802.1w) supersedes STP (802.1D) while retaining backward compatibility. In addition, 802.1w is capable of reverting back to

802.1D to interoperate with legacy switches on a per-port basis.

RSTP keeps the same BPDU format as IEEE 802.1D, except that the version field is set to 2 to indicate RSTP. Port can safely transition to the forwarding state without having to rely on any timer configuration.

Rapid Transition to Forwarding State Rapid transition is the most important feature

introduced by 802.1w. The legacy STA passively waited for the network to converge before it turned a port into the forwarding state.

The new rapid STP is able to actively confirm that a port can safely transition to the forwarding state without having to rely on any timer configuration.

In order to achieve fast convergence on a port, the protocol relies upon two new variables: edge ports and link type.

Edge Ports An RSTP edge port is a switch port that is never

intended to be connected to another switch device. It immediately transitions to the forwarding state when enabled.

Unlike PortFast, an RSTP edge port that receives a BPDU loses its edge port status immediately and becomes a normal spanning-tree port.

The Cisco RSTP implementation maintains the PortFast keyword using the spanning-tree portfast command for edge port configuration.

Configuring an edge port to be attached to another switch can have negative implications for RSTP when it is in sync state because a temporary loop can result, possibly delaying the convergence of RSTP due to BPDU contention with loop traffic.

RSTP Link Types RSTP can only achieve rapid transition to the

forwarding state on edge ports and on point-to-point links.

The link type provides a categorization for each port participating in RSTP.

Non-edge ports are categorized into 2 link types, point-to-point and shared. The link type is automatically derived from the duplex

mode of a port. A port that operates in full-duplex is assumed to be

point-to-point, while a half-duplex port is considered as a shared port by default.

point-to-point links are candidates for rapid transition to a forwarding state.

However, before the link type parameter is considered, RSTP must determine the port role.

Root ports: do not use the link type parameter. Root ports are able to make a rapid transition to the

forwarding state as soon as the port is in sync.Alternate and backup ports: do not use the link type parameter in most cases. Designated ports: make the most use of the link type parameter. Rapid transition to the forwarding state for the

designated port occurs only if the link type parameter indicates a point-to-point link.

RSTP Port States With RSTP, the role of a port is separated from

the state of a port. For example, a designated port could be in the discarding state temporarily, even though its final state is to be forwarding. The figure shows the three possible RSTP port states: discarding, learning, and forwarding. In all port states, a port accepts and processes BPDU frames.

There are only 3 port states left in RSTP that correspond to the three possible operational states.

The 802.1D disabled, blocking, and listening states are merged into a unique 802.1w discarding state.

RSTP Port Roles Root - A forwarding port that has been elected for the spanning-tree

topology Designated - A forwarding port for every LAN segment Alternate - An alternate path to the root bridge. This path is

different than using the root port. Backup - A backup/redundant path to a segment where another

bridge port already connects. Disabled - Not strictly part of STP, a network administrator can

manually disable a port

Design STP for Trouble Avoidance Know Where the Root Is

You now know that the primary function of the STA is to break loops that redundant links create in bridge networks. Do not leave it up to the STP to decide which bridge is root. For each VLAN, you can usually identify which switch can

serve as root. Generally, choose a powerful bridge in the middle of the

network. If you put the root bridge in the center of the network with a direct connection to the servers and routers, you reduce the average distance from the clients to the servers and routers.

If switch S2 is the root, the link from S1 to S3 is blocked on S1 or S3. In this case, hosts that connect to switch S2 can access the server and the router in two hops. Hosts that connect to bridge S3 can access the server and the router in three hops. The average distance is two and one-half hops. If switch S1 is the root, the router and the server are reachable in two hops for both hosts that connect on S2 and S3. The average distance is now two hops.

Note: For each VLAN, configure the root bridge and the backup root bridge using lower priorities.

Design STP for Trouble Avoidance

In non-hierarchical networks you might need to tune the STP cost parameter to decide which ports to block.

However, this tuning is usually not necessary if you have a hierarchical design and a root bridge in a good location.Knowing the location of redundant links helps you identify an accidental bridging loop and the cause. Also, knowing the location of blocked ports allows you to determine the location of the error.

Minimize the Number of Blocked PortsThe only critical action that STP takes is the blocking of ports. A good way to limit the risk inherent in the use of STP is to reduce the number of blocked ports as much as possible.

VTP PruningYou do not need more than two redundant links between two nodes in a switched network. Distribution switches are dual-attached to two core switches, switches, C1 and C2. Users on switches S1 and S2 that connect on distribution switches are only in a subset of the VLANs available in the network. In the figure, there are three redundant paths between core switch C1 and core switch C2. This redundancy results in more blocked ports and a higher likelihood of a loop.

Manual PruningVTP pruning can help, but this feature is not necessary in the core of the network. In this figure, only an access VLAN is used to connect the distribution switches to the core. In this design, only one port is blocked per VLAN. Also, with this design, you can remove all redundant links in just one step if you shut down C1 or C2.

Design STP for Trouble Avoidance Use Layer 3 Switching

Layer 3 switching means routing approximately at the speed of switching. A router performs two main functions: It builds a forwarding table. The router generally

exchanges information with peers by way of routing protocols.

It receives packets and forwards them to the correct interface based on the destination address.

There is no speed penalty with the routing hop and an additional segment between C1 and C2. Leaving the VLAN by Layer 3 switching is as fast as

bridging inside the VLAN.Core switch C1 and core switch C2 are Layer 3 switches. VLAN 20 and VLAN 30 are no longer bridged

between C1 and C2, there is no possibility for a loop. STP no longer blocks any single port, so there is no

potential for a bridging loop.

Design STP for Trouble Avoidance Keep STP Even If It Is Unnecessary

Generally, disabling STP in a switched network is not worth the risk. Assuming you have removed all the blocked ports from the network and do not have any physical redundancy, it is strongly suggested that you do not disable STP.However, if a technician makes a connection error on a patch panel and accidentally creates a loop, the network will be negatively impacted.

Keep Traffic off the Administrative VLAN and Do Not Have a Single VLAN Span the Entire Network

In administrative VLAN, the switch behaves like a IP host. A high rate of broadcast traffic on the administrative VLAN can adversely ability to process vital BPDUs. Therefore, keep user traffic off the administrative VLAN.

Until recently, there was no way to remove VLAN 1 from a trunk in a Cisco implementation.

As of Cisco IOS Software Release 12.1(11b)E, you can remove VLAN 1 from trunks. VLAN 1 still exists, but it blocks traffic, which prevents any loop possibility.Though useful, this setup can be dangerous because a bridging loop on VLAN 1 affects all trunks, which can bring down the whole network.

Troubleshoot STP Operation: Troubleshoot a Failure In-band access may not be available

during a bridging loop. Therefore, out-of-band connectivity, such as console access may be required.

For example, during a broadcast storm you may not be able to Telnet to the infrastructure devices.

Before you troubleshoot a bridging loop, you need to know at least these items:

Topology of the bridge networkLocation of the root bridgeLocation of the blocked ports and the redundant links

This knowledge is essential. To know what to fix in the network, you need to know how the network looks when it works correctly.

Most of the troubleshooting steps simply use show commands to try to identify error conditions. Knowledge of the network helps you focus on the critical ports on the key devices.

Troubleshoot STP Operation: PortFast Configuration Error

You typically enable PortFast only for a port or interface that connects to a host.

When the link comes up on this port, the bridge skips the first stages of the STA and directly transitions to the forwarding mode.Even with a PortFast configuration, the port or interface still participates in STP. Cisco IOS software have a feature called BPDU guard. BPDU guard disables a PortFast-configured port or interface if the port or interface receives a BPDU.

Troubleshoot STP Operation: PortFast Configuration Error

Caution: Do not use PortFast on switch ports or interfaces that connect to other switches, hubs, or routers. Otherwise, you may create a network loop.

If the looped traffic is very intensive, the switch can have trouble successfully transmitting the BPDU that stops the loop. This problem can delay the convergence considerably or in some extreme cases can actually bring down the network.

In this example, port F0/1 on switch S1 is already forwarding. Port F0/2 has erroneously been configured with the PortFast feature.

Therefore, when a second connection from switch S2 is connected to F0/2 on S1, the port automatically transitions to forwarding mode and creates a loop.

Comparing STP with RSTP Both

Use portfast command to allow ports to transition immediately to forwarding state

Use same basic configuration commands for establishing primary/secondary bridges

RSTP–Backwards compatible with STP

Good Luck on your Test Test-Discuss – Hands on, configuring all up

until now! Similar to the Packet Tracer activity, but without all the commands laid out for you.

Study Guide Pg. 190 – Matching Pg. 200-201 – STP Configuration Exercise pg. 196-199 Root bridge and Port Roles – Will go

over this NEXT CLASS meeting!

Labs: Lab 5-1, pg. 206-213 – actually in the LAB

Packet Tracer Challenge Spanning Tree protocol – Lab Book – LSG03-

Lab552.pka on Public

Documents

Spanning Tree Protocol