CCNP SWITCH/Implementing Spanning Tree

From Teknologisk videncenter
Revision as of 00:09, 5 February 2014 by Rael (talk | contribs) (Summary)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Spanning Tree Protocols

DEC STP
Invented in 1985 by Radia Perlman at the Digital Equipment Corporation.
802.1D
Published in 1990 by the IEEE and based on the algorithm design by Perlman. Subsequent versions were published in 1998 and 2004 incorporating various extensions.
Common Spanning Tree(CST)
Common Spanning Tree(CST) assumes one 802.1D spanning-tree instance for the entire bridged network, regardless of the number of VLANs. Maintains only one instance of STP and therefor uses less CPU and memory than other STP varieties.
Per VLAN Spanning Tree Plus(PVST+)
PVST+ is a Cisco enhancement of STP that provides a separate 802.1D spanning-tree instance for each VLAN configured in the network. The separate instance supports enhancement such as PortFast, BPDU guard, BPDU filter, root guard, and loop guard. One instance per VLAN requires more CPU and memory than CST.
Rapid STP(RSTP)
IEEE 802.1w is an evolution of STP that provides faster convergence of STP. This version addresses many of the convergence issues in STP. It only maintains one RSTP instance per STP domain.
Multiple Spanning Tree(MST)
MST is an IEEE standard inspired from the earlier Cisco proprietary Multi-Instance Spanning Tree Protocol (MISTP) implementation. MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The Cisco implementation provides up to 16 instances of RSTP (802.1w). The CPU and memory requirements of this version are less than PVRST+ but more than RSTP.
Per VLAN Rapid Spanning Tree Plus(PVRST+)
PVRST+is a Cisco enhancement of RSTP that is similar to PVST+. It provides a separate instance of 802.1w per VLAN. This version addressed both the convergence issues and the suboptimal traffic flow issues. To do this, this version has the largest CPU and memory requirements.

Comparison

Comparision of STP
Protocol Standard Resource Needed Convergence
CST 802.1D Low Slow - All VLANs
PVST+ Cisco High Slow - Per VLAN
RSTP 802.1w Medium Fast - All VLANs
PVRST+ Cisco Very High Fast - Per VLAN
MSTP 802.1s Medium/High Fast - VLAN List

STP

STP Operation

  1. Elect the root bridge: STP Elects the Root Bridge with the lowest BID. The BID consists of the bridge priority and the MAC address. The Root Bridge only have Designated Ports.
  2. Select the root ports on all nonroot bridges: The protocol establishes one root port on each nonroot bridge. The root port is the lowest-cost path from the nonroot bridge to the root bridge. Root ports send and receive traffic. When the Switch has two or more equal-cost ports it elects the port with the lowest port ID as the root port. The port ID consists of a priority and the port number.
  3. Select the designated port on each segment: On each segment, STP establishes one designated port on the bridge that has the lowest path cost to the root bridge. In the event of a tie, the bridge ID acts as thetiebreaker.

Port Roles

Root port
This port exists on nonroot bridges and is the switch port with the best path to the root bridge. Root ports forward data traffic toward the root bridge, and the source MAC address of frames received on the root port can populate the MAC table. Only one root port is enabled per bridge.
Designated Port
This port exists on root and nonroot bridges. For root bridges, all switch ports are designated ports. For nonroot bridges, a designated port is the switch port that receives and forwards data frames toward the root bridge as needed. Only one designated port is enabled per segment. If multiple switches exist on the same segment, an election process determines the designated switch, and the corresponding switch port begins forwarding frames for the segment. Designated ports can populate the MAC table.
Nondesignated port
The nondesignated port is a switch port that is not forwarding (blocking) data frames and not populating the MAC address table with the source addresses of frames seen on that segment.
Disabled port
The disabled port is a switch port that is shut down.

Port States

STP Port States

Port Cost

Port Cost

STP Example

STP Example

Rapid Spanning Tree Protocol

RSTP is an evolution of STP with better performance than STP event with proprietary enhancments like PortFast, UplinkFast, and BackboneFast. STP was developed in a time where recovering from a network faliure was allowed to take several minutes. But in todays High Availability network with routed solutions sub-second convergence is preferred. In most cases RSTP performs better than STP with Cisco proprietary extensions. IEEE802.1w is backwards compatible with IEEE802.1D.
The main difference between STP and RSTP is that RSTP uses a handshake protocol between neighbor switches to transition from discarding to forwarding immediately.

RSTP Port States

RSTP Port States
STP & RSTP port state comparison

RSTP Port Roles

Root
The root port is the switch port on every nonroot bridge that is the chosen path to the root bridge. Only one root port can be on every switch. The root port assumes the forwarding state in a stable active topology. In Figure 3-4, the root port is marked as R.
Designated
Each segment has at least one switch port as the designated port for that segment. In a stable, active topology, the switch with the designated port receives frames on the segment that are destined for the root bridge. There can be only one designated port per segment. The designated port assumes the forwarding state. All switches that are connected to a given segment listen to all BPDUs and determine the switch that will be the designated switch for a particular segment.
Alternate
The alternateport is a switch port that offers an alternative path toward the root bridge. The alternate port assumes a discarding state in a stable, active topology. An alternate port is present on nondesignated switches and makes a transition to a designated port if the current designated path fails.
Backup
The backup portis an additional switch port on the designated switch with a redundant link to the segment for which the switch is designated. A backup port has a higher port ID than the designated port on the designated switch. The backup port assumes the discarding state in a stable, active topology.
Disabled
A port that has no role within the operation of spanning tree.
RSTP Example

RSTP Link Types

RSTP Link Types
Root Ports
Do not use the link type parameter. Root ports can make a rapid transition to the forwarding state as soon as the port receives the BPDU of the root and it puts the nondesignated ports in blocking state. This operation is called sync.
Alternate and backup ports
Do not use the link type parameter in most cases because these ports need to arrive at these states based on the operation of the RSTP. The only times you would configure link type parameter explicitly is when you understand the final state of these ports due to your full understanding of the topology.
Designated ports
Make the most use of the link type parameter. Rapid transition to the forwarding state for the designated port occurs only if the link type parameter indicates a point-to-point link.

Unlike PortFast, an edge port that receives a BPDU immediately loses its edge port status and becomes a normal spanning-tree port. When an edge port receives a BPDU, it generates a topology change notification (TCN).

RSTP Topology Change

When an 802.1D bridge detects a topology change, it first notifies the root bridge by using a reliable mechanism. After the root bridge is aware of a change in the topology of the network, it sets the TC flag on the BPDUs that it sends out, which then gets relayed to all the bridges in the network through the normal mechanism. When a bridge receives a BPDU with the TC flag bit set, it reduces its bridging-table aging time to forward-delay seconds, ensuring a relatively quick flushing of stale information.

PVRST+

PVRST+ works like RST but instead of one CST it maintains a Spanning Tree per VLAN.

Extended System ID

Spanning Tree default priority is 32768.

Cisco Spanning tree Default Configuration

Cisco Catalyst Switches support three types of spanning tree:

  • PVST+(Default)
  • PVRST+
  • MST

MST

MST Regions

MST maps VLANs to instances, each instance consists of 3 attributes:

  • An alphanumeric configuration name (32 bytes)
  • A configuration revision number (2 bytes)
  • A 4096-element table that associates each of the potential 4096 VLANs supported on the chassis to a given instance

To be a part of the same region all switches need to share the same attriubutes throughout the region.

Configuring Spanning Tree

Basic RPVST+ configuration

switch(config)#<input> spanning-tree mode rapid-pvst</input>
switch(config)# <input>spanning-tree vlan 2 root primary</input>
switch(config)# <input>spanning-tree vlan 3 root secondary</input>

Basic MST configuration

switch(config)# <input>spanning-tree mode mst</input>
switch(config)# <input>spanning-tree mst configuarion</input>
switch(config-mst)# <input>name MstRegion</input>
switch(config-mst)# <input>revision 1</input>
switch(config-mst)# <input>instance 1 vlan 1-50</input>
switch(config-mst)# <input>instance 2 vlan 51-100</input>
switch(config-mst)# <input>spanning-tree mst 1 root primary</input>
switch(config-mst)# <input>spanning-tree mst 2 root secondary</input>
switch(config)# <input>spanning-tree extend system-id</input>

Spanning Tree Enhancments

  • BPDU Guard: Error disables a port when it receives an BPDU
  • BPDU Filter: Filters out BPDU packets in and out of a port.
  • Root Guard: Prevents switches connected on ports configured as access ports from becoming the root switch.
  • Portfast: Enables port to transition from blocking to forwarding immediately.
  • Loop Guard: The Loop Guard STP feature improves the stability of Layer 2 networks by preventing bridging loops.
  • UDLD: UDLD detects and disables unidirectional links.
  • Flex Links: Flex Links is a Layer 2 availability feature that provides an alternative solution to STP and allows users to turn off STP and still provide basic link redundancy

BPDU Guard

Best Practise: BPDU Guard or RootGuard is configured on ports from the access switch to the end device, as is PostFast[1]

switch(config)# ! Global configuration command. Configures BPDUGuard on alle PortFast ports
switch(config)# <input>spanning-tree portfast edge bpduguard default</input>
switch(config-if)# ! interface configuration command.
switch(config-if)# <input>spanning-tree bpduguard enable</input>

BPDU Filter

switch(config)# ! Global configuration command.
switch(config)# <input>spanning-tree portfast bpdufilter default</input>
switch(config-if)# ! interface configuration command.
switch(config-if)# <input>spanning-tree bpdufilter enable</input>

Root Guard

Best Practise: Root guard is configured on the distibution switches facing the access switches[2]

switch(config-if)# ! interface configuration command.
switch(config-if)# <input>spanning-tree guard root</input>

Portfast

Spanning Tree Portfast enables edge port status on an interface and makes the port go from disabled to forwarding immediately. PortFast can prevent DHCP timeouts

Switch(config-if)#<input>spanning-tree portfast</input>

Use this command to enable PortFast on all ports

Switch(config)#<input>spanning-tree portfast default</input>

Loop Guard

Loop Guard provides additional protection against Layer 2 forwarding loops (STP loops). A bridging loop happens when an STP blocking port in a redundant topology erroneously transitions to the forwarding state. This usually occurs because one of the ports of a physically redundant topology (not necessarily the STP blocking port) has stopped receiving STP BPDUs. In STP, switches rely on continuous reception or transmission of BPDUs, depending on the port role. (A designated port transmits BPDUs, whereas a non-designated port receives BPDUs.)

Best Practise: Loop Guard is implmented on the Layer2 ports between the distribution switches and on the uplink ports from the access switches to the distribution switches.[3]

switch(config)# ! Global configuration command.
switch(config)# <input>spanning-tree loopguard default</input>
switch(config-if)# ! interface configuration command.
switch(config-if)# <input>spanning-tree guard loop</input>

UDLD

A unidirectional link occurs when traffic is transmitted between neighbors in one direction only. Unidirectional links can cause spanning-tree topology loops. Uni-Directional Link Detection (UDLD) enables devices to detect when a unidirectional link exists and also to shut down the affected interface. UDLD is useful on a fiber ports to prevent network issues resulting in miswiring at the patch panel causing the link to be in up/up status but the BPDUs are lost.

UDLD is a Layer 2 protocol enabled between adjacent switches. It uses MAC 01-00-0c-cc-cc-cc with Subnetwork Access Protocol (SNAP) High-Level Data Link Control (HDLC) protocol type 0x0111.

UDLD Default configuration
Feature Default Status
UDLD global enable state Globally disabled
UDLD per-interface enable state for fiber-optic media Enabled on all Ethernet fiber-optic interfaces
UDLD per-interface enable state for twisted-pair (copper) media Disabled on all Ethernet 10/100 and 1000BASE-TX interfaces
Switch(config-if)# ! Enable UDLD on an interface
Switch(config-if)# udld enable
Switch(config)# ! Enable UDLD globaly on all Fiber-optic interfaces
Switch(config)# udld enable

Comparison Between Aggressive Mode UDLD and Loop Guard

Normal UDLD only disblaes the link on the switch that notices the unidirection link. The default timer is 15 seconds. Agressiv mode will err-disable both ends of the UDLD connection after aging on the previously bidirection link in 8 seconds[4]

UDLD and Loop Guard Comparison
Feature Loop Guard UDLD
Protection against STP failures caused by problem in software resulting in designated switch not sending BPDUs Yes No
Protection against miswiring No Yes
Auto-recovery Yes Yes with err-disbable autorecovery.

The most noticeable difference between aggressive mode UDLD and Loop Guard is with regard to STP. UDLD cannot detect failures caused by problems in software in the designated switch not sending the BPDU.
Nevertheless, aggressive mode UDLD is more robust in its capability to detect unidirectional links on EtherChannel. Loop Guard blocks all interfaces of the EtherChannel in such a failure by putting the EtherChannel into the loop-inconsistent state for a VLAN or for all VLANs, whereas aggressive modeUDLD disables the single port exhibiting problems.

Flex Links

Flex Links are configured on one Layer 2 interface (the active link) by assigning another Layer 2 interface as the Flex Links or backup link. The Flex Links can be on the same switch or on another switch in the stack. When one of the links is up and forwarding traffic, the other link is in standby mode.

Flex Links

Follow these guidelines to configure Flex Links:

  • You can configure only one Flex Links backup link for any active link, and it must be a different interface from the active interface.
  • Neither of the links can be a port that belongs to an EtherChannel. However, you can configure two port channels (EtherChannel logical interfaces) as Flex Links.
Switch#<input> configure terminal</input>
Switch(conf)# <input>interface fastethernet1/0/1</input>
Switch(conf-if)# <input>switchport backup interface fastethernet1/0/2</input>
Switch(conf-if)# <input>end</input>

RSTP

RSTP Proposal

When a designated port is in a discarding or learning state (and only in this case), it sets the proposal bit on the BPDUs it sends out. This is what occurs for port p0 of the root bridge, as shown in Step 1 of Figure. Because Switch A receives superior information, it immediately knows that p1 is the new root port. Switch A then starts a sync process that puts nonedge designated ports in blocking state as it needs to verify that all its ports are in-sync with the new superior BPDU received.

Se også Fig.18-5

Summary

References

  1. Designing Cisco Network Services Architectures p. 39
  2. Designing Cisco Network Services Architecture(ARCH) p. 39
  3. Designing Cisco Network Services Architecture(ARCH) p. 39
  4. Designing Cisco Network Services Architecture(ARCH) p. 42