Saturday, 26 October 2019

STP Spanning Tree Protocol | Root Bridge

STP Spanning Tree Protocol | Root Bridge

You will about the operation of STP Spanning Tree Protocol IEEE 802.1D is described below and the terms of BPDU and Bridge ID (BID) are introduced. Redundancy increases the availability of the network topology by protecting the network from a single point of failure, such as a failed network cable or switch. When physical redundancy is introduced into a design, loops are produced and frames are duplicated. This has serious consequences for switched networks. The Spanning Tree Protocol (STP) was developed to address these inconveniences.
STP ensures that there is only one logical route between all network destinations , by intentionally blocking those redundant routes that may cause a loop. A port is considered to be blocked when user data is not allowed to enter or exit through that port . This does not include bridge protocol data unit (BPDU) frames used by STP to avoid loops.

Table of Contents  

What is Spanning Tree Protocol

Blocking redundant routes is essential to avoid loops in the network. Physical routes still exist to provide redundancy, but they are disabled to prevent loops from being generated. If the route is ever necessary to compensate for the failure of a network cable or a switch, STP recalculates the routes and unlocks the necessary ports to allow the redundant route to be activated.
The use of the term "Spanning Tree Protocol" and the acronym STP can be misleading. Most professionals often use these denominations to refer to the various implementations of the Spanning tree, such as the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).
In order to explain the concepts of Spanning tree correctly, it is important to consult the implementation or the specific standard in context. The most recent IEEE document on the Spanning tree Protocol, IEEE-802-1D-2004, states that " STP was replaced with the Rapid Spanning Tree Protocol (RSTP) ". As seen, the IEEE uses “STP” to refer to the original implementation of the Spanning tree Protocol and “RSTP” to describe the version of the Spanning tree specified in IEEE-802.1D-2004. Then, when the original Spanning tree protocol is analyzed, the phrase “original 802.1D Spanning tree” is used to avoid confusion.

STP in action

The STP protocol in action (In the example, STP is enabled on all switches):

  1. PC1 sends a broadcast to the network.
  2. The S2 is configured with STP and set the port for Local_link2 in a locked state. The blocking state prevents ports from being used to forward user data, so as to prevent a loop from occurring. The S2 forwards a broadcast frame over all the ports of the switch, except the source port of PC1 and the port for Local_link2.
  3. The S1 receives the broadcast frame and forwards it through all its switch ports, where it reaches PC4 and S3. S3 forwards the frame through the port for Link_troncal2, and S2 discards the frame. Layer 2 loop is avoided.

Now let's look at the new STP calculation when a failure occurs:

In this example:
  1. PC1 sends a broadcast to the network.
  2. Then the broadcast is sent through the network, in the same way as in the previous animation.
  3. The trunk link between S2 and S1 fails, which causes an interruption in the previous route.
  4. The S2 unlocks the port that had previously been blocked for Local_link2 and allows broadcast traffic to traverse the alternative route around the network, allowing communication to continue. If this link is activated again, STP converges again and the port on S2 is blocked again.
STP prevents loops from occurring by configuring a route without loops through the network, with ports " in a locked state " strategically located. Switches that run STP can compensate for failures by dynamically unlocking the previously blocked ports and permission for traffic to be transmitted by alternative routes.

STA: Port functions

The IEEE 802.1D version of STP uses the Spanning tree algorithm (STA) to determine which switch ports on a network should be placed in a locked state and prevent loops from occurring. The STA designates a single switch as the root bridge and uses it as a reference point for all route calculations.

In the illustration, the root bridge (switch S1) is chosen by a process of choice. All switches that share STP exchange BPDU frames to determine the switch that has the lowest bridge ID (BID) in the network. The switch with the lowest BID is automatically transformed into the root bridge according to STA calculations.
A BPDU is a message frame exchanged by switches for STP. Each BPDU contains a BID that identifies the switch that sent the BPDU. The BID contains a priority value, the MAC address of the sending switch and an optional extended system ID. The lowest BID value is determined by the combination of these three fields.

STP The shortest route

After determining the root bridge, the STA calculates the shortest route to that bridge. All switches use the STA to determine the ports to be blocked . While the STA determines the best routes to the root bridge for all switch ports in the broadcast domain, traffic is prevented from being forwarded through the network. The STA takes both route and port costs into account when determining which ports to block. The cost of the route is calculated using the port cost values ​​associated with the port speeds for each switch port that crosses a given route. The sum of the port cost values ​​determines the total route cost for the root bridge. If there is more than one route to choose, the STA chooses the one with the lowest route cost.

Description of the STP ports

Once the STA has determined the most desirable routes in relation to each switch, it assigns port functions to the participating switch ports. The port functions describe the relationship they have on the network with the root bridge and if they are allowed to forward traffic:

  • Root ports: the switch ports closest to the root bridge. In Image 1, the root port on S2 is F0 / 1, configured for the trunk link between S2 and S1. The root port on S3 is F0 / 1, configured for the trunk link between S3 and S1. Root ports are selected by switch.
  • Designated ports : all ports that are not root and can still send traffic to the network. In Image 1 , the switch ports (F0 / 1 and F0 / 2) on S1 are designated ports. Port F0 / 2 of S2 is also configured as a designated port. The designated ports are selected by trunk. If one end of a trunk link is a root port, the other end is a designated port. All ports in the root bridge are designated ports.
  • Alternate and backup ports: Alternate and backup ports are configured in a locked state to avoid loops. In Image 1 , the STA configured port F0 / 2 on S3 in the alternate function. Port F0 / 2 on S3 is in the locked state. Alternate ports are selected only on trunks where neither end is a root port.

Ports in the locked state only take action when two ports on the same switch are connected to each other via a hub or a single cable.
  • Ports disabled : A disabled port is a switch port that is disabled.

STP: Root bridge

As shown in Image 2, all Spanning tree Protocol instances (switched LAN or broadcast domain) have a switch designated as a root bridge. The root bridge serves as a reference point for all Spanning tree calculations to determine the redundant routes to be blocked.

A process of choice determines the switch that becomes the root bridge.

In Image 3, the IDB fields are shown. The BID is composed of a priority value, an extended system ID and the MAC address of the switch.
All switches in the broadcast domain participate in the election process . Once the switch starts, it starts sending BPDU frames every two seconds. These BPDUs contain the switch BID and root ID.
As the switches resend their BPDU frames, the adjacent switches in the broadcast domain read the root ID information of the BPDU frames. If the root ID that is received from a BPDU is lower than the root ID of the receiving switch, this switch updates its root ID and identifies the adjacent switch as the root bridge.
Actually, it may not be an adjacent switch, since it can be any other switch in the broadcast domain. Then the switch sends new BPDU frames with the lowest root ID to the other adjacent switches. Finally, the switch with the lowest BID is the one that is identified as the root bridge for the Spanning tree instance.
A root bridge is chosen for each Spanning tree instance. It is possible to have several different root bridges. If all ports on all switches belong to VLAN 1, only one instance of an Spanning tree Protocol is given. The extended system ID plays a role in determining the Spanning tree Protocol instances.

 STP Cost of the route

Once the root bridge was chosen for the Spanning tree instance, the STA begins the process to determine the best routes to the root bridge from all destinations in the broadcast domain. The route information is determined by the sum of the individual costs of the ports that cross the route from the destination to the root bridge. Each "destination" is really a switch port.

The costs of the default ports are defined by the speed at which they work. As shown in Image 4, the port cost of the 10 Gb / s Ethernet ports is 2, that of the 1 Gb / s Ethernet ports is 4, that of the 100 Mb / s Ethernet ports is 19 and The 10 Mb / s Ethernet ports is 100.

Configure the port cost

Although the switch ports have a default port cost associated with them, this cost can be configured. The ability to configure individual port costs gives the administrator the flexibility to manually control the Spanning tree Protocol routes to the root bridge.
To configure the port cost of an interface, enter the spanning-tree cost value command in the interface configuration mode. The value can vary between 1 and 200 000 000.
S2 # configure terminal
Enter configuration commands, one per line. End with CNTL / Z.
S2 (config) # interface f0 / 1
S2 (config-if) # spanning-tree cost 25
In the example, switch port F0 / 1 was configured with port cost 25 using the spanning-tree cost 25 command in the interface configuration mode on interface F0 / 1.
To restore the port cost to the default value 19, enter the no spanning-tree cost command in the interface configuration mode.
S2 # configure terminal
Enter configuration commands, one per line. End with CNTL / Z.
S2 (config) # interface f0 / 1
S2 (config-if) # no spanning-tree cost
The cost of the route is equal to the sum of all port costs along the route to the root bridge (Image 5).

Routes with the lowest cost become preferred, and the rest of the redundant routes are blocked. In the example, the cost of the route from S2 to the root bridge S1 through route 1 is 19 (according to the individual port cost specified by the IEEE), while the cost of the route through route 2 is 38. Since Route 1 has a lower overall route cost to the root bridge, it is the preferred route. Then, STP configures the redundant path to be blocked and thus prevents the generation of loops.

Verify port cost

To verify the port and route costs to the root bridge, enter the show spanning-tree command . The Cost field near the top of the result is the cost of the total route to the root bridge. This value varies according to the number of switch ports that must be traversed to reach the root bridge. In the result, each interface is also identified with an individual port cost of 19.


STP BPDU 802.1D frame format

The Spanning tree algorithm depends on the exchange of BPDU to determine a root bridge. A BPDU frame contains 12 different fields that transmit route and priority information that is used to determine the root bridge and routes to it.
  • The first four fields identify the protocol, the version, the type of message and the status flags.
  • The following four fields are used to identify the root bridge and the cost of the route to it.
  • The last four fields are all timer fields that determine the frequency with which BPDU messages are sent and the time that information is retained through the BPDU process (next topic).

Sample BPDU

Below is a BPDU frame that was captured by Wireshark.

In the example, the BPDU frame contains more fields than those described above. The BPDU message is encapsulated in an Ethernet frame when it is transmitted over the network. The 802.3 header indicates the source and destination addresses of the BPDU frame.
This frame has the destination MAC address 01: 80: C2: 00: 00: 00, which is a multicast address for the Spanning tree group. When this MAC address is assigned to a frame, each switch configured for Spanning tree Protocol accepts and reads the frame information. The rest of the devices on the network ignore the plot.
In this example, the root ID and the IDB are the same in the captured BPDU frame. This indicates that the plot was captured from a root bridge. All timers are set to their default values.

Propagation and BPDU process

In principle, each switch in the broadcast domain assumes that it is the root bridge for an Spanning tree instance, so the BPDU frames that are sent contain the BID of the local switch as the root ID. By default, BPDU frames are sent every two seconds after the switch starts; that is, the default value of the greeting timer specified in the BPDU frame is two seconds. Each switch maintains local information about its own BID, the root ID and the cost of the path to the root.
 When adjacent switches receive a BPDU frame, they compare the root ID of the BPDU frame with the local root ID. If the root ID in the BPDU is lower than the local one, the switch updates the local root ID and the ID in its BPDU messages. These messages indicate the new root bridge in the network. The distance to the root bridge is also indicated by the route cost update. For example, if the BPDU was received on a Fast Ethernet switch port, the cost of the route would increase 19 numbers. If the local root ID is lower than the root ID that is received in the BPDU frame, the frame is discarded.
After a route ID has been updated to identify a new root bridge, all subsequent BPDU frames sent by that switch contain the new root ID and the cost of the updated route. In this way, all other adjacent switches can see the lowest root ID identified at all times. As BPDU frames are transmitted between other adjacent switches, the route cost is constantly updated to indicate the total route cost to the root bridge. All switches in the Spanning tree Protocol use their route costs to identify the best possible route to the root bridge.

Extended system ID

The bridge ID (BID) is used to determine the root bridge of a network. The BID field of a BPDU frame contains three separate fields:
  • Bridge Priority
  • Extended system ID
  • MAC Address

Each field is used during the choice of the root bridge.

Bridge priority

The bridge priority is a customizable value that can be used to influence the choice of the switch as the root bridge. The switch with the lowest priority, which implies the lowest IDB, becomes the root bridge, since a lower priority value prevails.
For example, to ensure that a specific switch is always the root bridge, set the priority to a lower value than the rest of the switches in the network. The default priority value for all Cisco switches is 32768. The range is 0 to 61440 and increases to 4096. Valid priority values ​​are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 4949152, 53248, 57344 and 61440. The rest of the values ​​are rejected. Bridge priority 0 prevails over all other bridge priorities.

 Extended system ID

As VLANs became more common in network infrastructure segmentation, 802.1D was improved to include VLANs, with the requirement that the VLAN ID be included in the BPDU frame. VLAN information is included in the BPDU frame through the use of the extended system ID. All the most modern switches include the use of the extended system ID by default.

As shown in Image 10, the bridge priority field has a length of 2 bytes or 16 bits; 4 bits are used for bridge priority and 12 bits for the extended system ID, which identifies the VLAN that participates in this particular STP process.
If these 12 bits are used for the extended system ID, the priority of the bridge is reduced to 4 bits. This process reserves the 12 bits of the right end for the VLAN ID and the 4 bits of the left end for the priority of the bridge. This explains why the bridge priority value can only be set in multiples of 4096, or 2 ^ 12.
If the leftmost bits are 0001, the priority of the bridge is 4096; if the rightmost bits are 1111, the priority of the bridge is 61440 (= 15 x 4096). The Catalyst 2960 and 3560 series switches do not allow the jumper priority to be set to 65536 (= 16 x 4096), since it involves the use of a fifth bit that is not available due to the use of the extended system ID.
The extended system ID value is added to the bridge priority value in the BID to identify the priority and the VLAN of the BPDU frame.

Decision based on priority

When two switches are configured with the same priority and have the same extended system ID, the switch that has the MAC address with the lowest hexadecimal value is the one with the lowest BID. Initially, all switches are configured with the same default priority value. Then, the MAC address is the decision factor on which the switch will become a root bridge. To ensure that the chosen root bridge meets the requirements of the network, it is recommended that the administrator configure the desired root bridge switch with a lower priority. This also allows to ensure that, if new switches are added to the network, a new Spanning tree choice does not occur, which can interrupt network communication while selecting a new root bridge.


In Image 11, S1 has a lower priority than the rest of the switches; therefore, it is preferred as the root bridge for that Spanning tree instance.

MAC Address

When all switches are configured with the same priority, as is the case with switches that maintain the default configuration with priority 32768, the MAC address becomes the deciding factor in the choice of the switch that will become the root bridge (Image 12).


Note : in the example, the priority of all switches is 32769. The value is based on the default priority 32768 and the assignment of VLAN 1 related to each switch (32768 + 1).
The MAC address with the lowest hexadecimal value is considered as preferred for root bridge. In the example, S2 has the MAC address with the lowest value and, therefore, is designated as the root bridge for that Spanning tree instance.


on
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)