CCNA Complete Course: stp

Showing posts with label stp. Show all posts

Saturday, 26 October 2019

STP Fast PVST + Configuration on Cisco

This article will describes the STP & Fast PVST + Configuration on Cisco, you will learn steps and commands to take into account to configure PVST + and PVST + fast.
PVST + configuration on Cisco
The table shows the default expansion tree configuration for a Cisco Catalyst 2960 series switch. Note that the default expansion tree mode is PVST + .

Configuration and verification of the bridge ID

When an administrator wishes to select a specific switch as a root bridge, the bridge priority value must be adjusted to ensure that it is lower than the bridge priority values of the rest of the switches in the network. There are two different methods to configure the bridge priority value on a Cisco Catalyst switch.
Method 1
To ensure that a switch has the lowest bridge priority value, use the spanning-tree vlan id-vlan root primary command in global configuration mode. The priority for the switch is set to the default value 24576 or the highest multiple of 4096, less than the priority of the lowest bridge detected in the network.
If another root bridge is desired, use the spanning-tree vlan id-vlan root secondary command in global configuration mode. This command sets the priority for the switch to the default value 28672. This ensures that the alternate switch becomes the root bridge if the main root bridge fails. It is assumed that the rest of the switches in the network have the default priority value 32768 defined.

In Image 1, S1 was assigned as the main root bridge using the spanning-tree vlan 1 root primary command , and S2 was configured as a secondary root bridge using the spanning-tree vlan 1 root secondary command .
Method 2
Another method to configure the bridge priority value is to use the spanning-tree vlan id-vlan priority value of the global configuration mode. This command gives more detailed control of the priority value of the bridge. The priority value is set in increments of 4096 between 0 and 61440.
In the example in Image 1, bridge priority value 24576 was assigned to S3 using the spanning-tree vlan 1 priority 24576 command.
To verify the priority of a switch's bridge, use the show spanning-tree command . In Image 2, the switch priority was set to 24576. Also, note that the switch is designated as the root bridge for the expansion tree instance.

PortFast and BPDU protection

PortFast is a feature of Cisco for PVST + environments. When a switch port is configured with PortFast, that port passes from the blocking state to the forwarding state immediately, omitting the usual STP 802.1D transition states (the listening and learning states).
You can use PortFast on the access ports to allow these devices to connect to the network immediately, instead of waiting for STP IEEE 802.1D to converge on each VLAN.
Access ports are ports connected to a single workstation or to a server.
In a valid PortFast configuration, BPDUs should never be received , as this would indicate that another bridge or switch is connected to the port, which could cause an expansion tree loop.
Cisco switches support a feature called " BPDU protection ." When enabled, BPDU protection puts the port in a disabled state by mistake when receiving a BPDU. This deactivates the port completely.
Cisco PortFast technology is useful for DHCP . Without PortFast, a computer can send a DHCP request before the port is in a state to send and prevent the host from obtaining a usable IP address and any other information. Because PortFast changes the status to be sent immediately, the device always obtains a usable IP address.

PortFast configuration

To configure PortFast is a switch port, enter the spanning-tree portfast command of the interface configuration mode on each interface where PortFast must be enabled, as shown in Image 2. The spanning-tree portfast default mode command Global configuration enables PortFast on all non-trunk interfaces.

BPDU protection configuration

To configure BPDU protection on a Layer 2 access port, use the spanning-tree bpduguard enable command in interface configuration mode. The spanning-tree portfast bpduguard default command in global configuration mode enables BPDU protection on all ports with PortFast enabled.

PVST + load balancing

In the topology of Image 6, three switches connected by 802.1Q trunk links are shown. There are two VLANs, 10 and 20, which are linked in a trunk through these links.
The objective is to configure S3 as the root bridge for VLAN 20 and S1 as the root bridge for VLAN 10. Port F0 / 3 on S2 is the forwarding port for VLAN 20 and the blocking port for VLAN 10 The F0 / 2 port on S2 is the forwarding port for VLAN 10 and the blocking port for VLAN 20.

In addition to establishing a root bridge, it is also possible to establish a secondary one. A secondary root bridge is a switch that can be converted into a root bridge for a VLAN if the main root bridge fails. If you take into account that the other VLAN bridges retain their default STP priority, this switch becomes the root bridge in the event of a failure in the main root bridge.

PVST + Configuration Steps

The steps to configure PVST + in this sample topology are as follows:

Step 1. Select the switches you want as primary and secondary root bridges for each VLAN. For example, in Image 6, S3 is the main bridge and S1 is the secondary bridge for VLAN 20.
Step 2. Configure the switch as the main bridge for the VLAN using the spanning-tree vlan number root primary command , as shown in Figure 2.
Step 3. Configure the switch as a secondary bridge for the VLAN using the spanning-tree vlan number root secondary command .
The following command makes S3 the main root for VLAN 20.

The following command makes S3 the main root for VLAN 20.

S3 (config) # spanning-tree vlan 20 root primary

This command makes S3 the secondary root for VLAN 10.

S3 (config) # spanning-tree vlan 10 root secondary

This command makes S1 the main root for VLAN 10.

S1 (config) # spanning-tree vlan 10 root primary

The following command makes S1 the secondary root for VLAN 20.

S1 (config) # spanning-tree vlan 20 root secondary

Note that S3 is configured as a secondary root bridge for VLAN 10 and S1 is configured as a secondary root bridge for VLAN 20. This configuration enables expansion tree load balancing , in which VLAN 10 traffic passes on S1 and on VLAN 20, it goes through S3.

Another way to specify the root bridge is to set the expansion tree priority of each switch to the lowest value, so that the switch is selected as the main bridge for the associated VLAN.

Next, the result shows that the priority of VLAN 10 is 4096, the lowest of the three respective VLAN priorities.

S1 # show running-config
Building configuration ...
Current configuration: 1595 bytes
!
version 12.2

!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
spanning-tree vlan 10 priority 4096
spanning-tree vlan 20 priority 28672
!
<result omitted>

Fast PVST + configuration on Cisco

Fast PVST + is the Cisco implementation of RSTP. This supports RSTP by VLAN. The topology in Image 9 has two VLANs: 10 and 20.

Note : The default configuration of the spanning tree on a Cisco Catalyst 2960 series switch is PVST +. Cisco Catalyst 2960 series switches support PVST +, fast PVST + and MST, but there can only be one active version for all VLANs at the same time.

The fast PVST + commands control the configuration of the VLAN expansion tree instances. The expansion tree instance is created when an interface is assigned to a VLAN and is deleted when the last interface is moved to another VLAN.

In addition, you can configure the STP port and switch parameters before an expansion tree instance is created. These parameters apply when an expansion tree instance is created.

Commands to configure PVST + fast

The following table shows the Cisco IOS command syntax that is required to configure PVST + fast on a Cisco switch.

Cisco IOS command syntax to configure PVST + fast
Description	Command
Enter global configuration mode.	configure terminal
Set the PVST + fast tree expansion mode.	spanning-tree mode rapid-pvst
Enter interface configuration mode and specify an interface to configure. Valid interfaces include physical ports, VLANs and port channels.	interface interface-id
Specify that the type of link for this port is point to point.	spanning-tree link-type point-to-point
Return to privileged EXEC mode.	end
Delete all detected STPs.	clear spanning-tree detected-protocols

The command required to configure PVST + fast is the spanning-tree mode rapid-pvst command of the global configuration mode. When the interface to be configured is specified, valid interfaces include physical ports, VLAN networks and port channels.

The VLAN ID range is 1 to 4094 when the enhanced software image (EI) is installed and 1 to 1005 when the standard software image (SI) is installed. The range of port channels is 1 to 6.

Example commands for PVST + fast

The following shows the fast PVST + commands configured in S1 (see Image 9).

S1 # configure terminal

S1 (config) # spanning-tree mode rapid-pvst

S1 (config) # interface f0 / 2

S1 (config-if) # spanning-tree link-type point-to-point

S1 (config-if) # end

S1 # clear spanning-tree detected-protocols

In Image 10, the show spanning-tree vlan 10 command shows the expansion tree configuration for VLAN 10 on switch S1.

Note that the BID priority is set to 4096. In the result, the instruction "Spanning tree enabled protocol rstp" indicates that the S1 executes PVST + fast. Since S1 is the root bridge for VLAN 10, all its interfaces are designated ports.

In following figure, the show running-config command is used to verify the rapid PVST + configuration on S1.

Types of Spanning Tree Protocol STP

The different Types of Spanning Tree Protocol STP are discussed in details. The operation of Per-VLAN Spanning Tree Plus (PVST +) and Rapid Per-VLAN Spanning Tree Plus (RSTP) in a switched LAN environment is explained.

Types of Spanning tree protocols

Types of Spanning tree protocols include the following:

STP : is the original version of IEEE 802.1D (802.1D-1998 and earlier), which provides a loopless topology in a network with redundant links. The common spanning tree (CTS) assumes a spanning tree instance for the entire linked network, regardless of the amount of VLAN.
PVST + : This is a Cisco enhancement from STP that provides an 802.1D spanning tree instance for each VLAN configured in the network. The separate instance supports PortFast, UplinkFast, BackboneFast, BPDU protection, BPDU filter, root protection and loop protection.
802.1D-2004 : this is an updated version of the STP standard that incorporates IEEE 802.1w.
Rapid Spanning Tree Protocol (RSTP) or IEEE 802.1w: This is an evolution of STP that provides faster convergence than STP.
Fast PVST + : This is a Cisco improvement from RSTP that uses PVST +. Fast PVST + provides a different 802.1w instance per VLAN. The separate instance supports PortFast, BPDU protection, BPDU filter, root protection and loop protection.
Multiple Spanning Tree Protocol (MSTP) : It is an IEEE standard inspired by the previous Cisco multi-instance STP (MISTP) implementation. MSTP assigns several VLANs in the same spanning tree instance. MST is the Cisco implementation of MSTP, which provides up to 16 instances of RSTP and combines several VLANs with the same physical and logical topology in a common RSTP instance. Each instance supports PortFast, BPDU protection, BPDU filter, root protection and loop protection.

It is possible that a network professional, whose tasks include switch management, should decide what type of tree spanning protocol to implement.

Characteristics of Spanning tree protocols

The characteristics of the various Spanning tree protocols are detailed below. Italicized words indicate whether that particular spanning tree protocol is unique to Cisco or an implementation of the IEEE standard.

Spanning Tree Protocol STP

It assumes an IEEE 802.1D spanning tree instance for the entire linked network, regardless of the amount of VLAN. Because there is only one instance, the CPU and memory requirements for this version are less than for the rest of the protocols.

However, since there is only one instance, there is also only one root bridge and one tree. Traffic for all VLANs flows along the same route, which may cause poor traffic flows. Due to the limitations of 802.1D, the convergence of this version is slow.

PVST +

It is a Cisco STP enhancement that provides a different instance of the Cisco 802.1D implementation for each VLAN that is configured on the network. The separate instance supports PortFast, UplinkFast, BackboneFast, BPDU protection, BPDU filter, root protection and loop protection.

Creating an instance for each VLAN increases the CPU and memory requirements, but supports root bridges over VLAN. This design allows the optimization of the spanning tree for the traffic of each VLAN. The convergence of this version is similar to the convergence of 802.1D. However, the convergence is by VLAN.

RSTP (or IEEE 802.1w)

It is an evolution of the spanning tree that provides faster convergence than the original 802.1D implementation. This version solves several convergence problems, but since it still provides a single instance of STP, it does not solve the problems of poor traffic flow.

To support faster convergence, the CPU and memory usage requirements of this version are barely more demanding than those of CTS, but less than those of RSTP +.

PVST + fast

It is a Cisco enhancement of RSTP that uses PVST +. It provides a different 802.1w instance per VLAN. The separate instance supports PortFast, BPDU protection, BPDU filter, root protection and loop protection.

This version solves both convergence and poor traffic flow problems. However, this version has the most demanding CPU and memory requirements.

MSTP

It is the IEEE 802.1s standard, inspired by the previous MISTP implementation, unique to Cisco. To reduce the number of STP instances required, MSTP assigns several VLANs with the same traffic flow requirements in the same spanning tree instance.

MST

It is the Cisco implementation of MSTP, which provides up to 16 instances of RSTP (802.1w) and combines many VLANs with the same physical and logical topology in a common RSTP instance. Each instance supports PortFast, BPDU protection, BPDU filter, root protection and loop protection. The CPU and memory requirements of this version are less than those of PVST + fast but more than those of RSTP.

The default spanning tree mode for Cisco Catalyst switches is PVST +, which is enabled on all ports. PVST + has a much slower convergence than PVST + fast after a change in the topology.

Per-VLAN Spanning Tree Plus (PVST +)

The original IEEE 802.1D standard defines a common spanning tree (CST) that assumes only one spanning tree instance for the entire switched network, regardless of the amount of VLAN. Networks running CST have the following characteristics:

It is not possible to share the load. An uplink must block all VLANs.
The CPU is preserved. Only one instance of spanning tree should be calculated.

Cisco developed PVST + so that a network can run a separate instance of the Cisco implementation of IEEE 802.1D for each VLAN in the network. With PVST +, a trunk link port on a switch can block a VLAN without blocking others . PVST + can be used to implement Layer 2 load balancing. Because each VLAN executes a different STP instance, the switches in a PVST + environment require more CPU processing and a higher BPDU bandwidth consumption than the implementation of traditional STP CST.

In a PVST + environment, the spanning tree parameters can be adjusted so that half of the VLANs are forwarded on each uplink trunk. In Image 1, port F0 / 3 on S2 is the forwarding port for VLAN 20, and F0 / 2 on S2 is the forwarding port for VLAN 10. This is achieved by configuring a switch. as a root bridge for half of the VLANs in the network and a second switch as a root bridge for the other half of the VLANs. In the illustration, S3 is the root bridge for VLAN 20, and S1 is the root bridge for VLAN 10. If there are several STP root bridges per VLAN, the redundancy in the network is increased.

PVST + features

Networks running PVST + have the following characteristics:

Load balancing can work optimally.
An spanning tree instance for each VLAN that is maintained can mean a huge waste of CPU cycles for all switches in the network (in addition to the bandwidth used in each instance to send its own BPDU). This would only be a problem if a large number of VLAN networks were configured.

Port States

STP facilitates the logical path without loops throughout the broadcast domain. The spanning tree is determined through the information obtained in the exchange of BPDU frames between the interconnected switches. To facilitate the learning of the logical spanning tree, each switch port undergoes a transition through five possible states and three BPDU timers .

The spanning tree is determined immediately after the switch completes the boot process. If a switch port passes directly from the blocking state to the forwarding state without information about the entire topology during the transition, the port can create a temporary data loop. For this reason, STP introduces the five port states.

Description of STP port states

In Image 2, the following port states are described that ensure that no loops occur during the creation of the logical spanning tree:

Blocking : the port is an alternative port and does not participate in frame forwarding. The port receives frames from BPDU to determine the location and root ID of the root bridge switch and the port functions that each of them must assume in the final topology of the active STP.
Listen : listen to the path to the root. STP determined that the port can participate in frame forwarding based on the BPDU frames the switch received so far. At this point, the switch port not only receives BPDU frames, but also transmits its own BPDU frames and informs adjacent switches that the switch port prepares to participate in the active topology.
Learning : learn MAC addresses. The port prepares to participate in frame forwarding and begins to complete the MAC address table.
Forwarding : the port is considered part of the active topology. Forwards data frames, in addition to sending and receiving BPDU frames.
Disabled : Layer 2 port does not participate in the spanning tree and does not forward frames. The disabled state is set when the switch port is administratively disabled.

Note that the number of ports in each of the various states (blocking, listening, learning or forwarding) can be displayed with the show spanning-tree summary command

Functioning of Spanning Tree

For each VLAN in a switched network, PVST + follows four steps to provide a logical network topology without loops:

Choose a root bridge : only one switch can function as a root bridge (for a given VLAN). The root bridge is the switch with the lowest bridge ID. In the root bridge, all ports are designated ports (in particular, those that are not root ports).
Select the root port on each non-root port: STP establishes a root port on each non-root bridge. The root port is the lowest cost route from the non-root bridge to the root bridge, which indicates the direction of the best route to the root bridge. Generally, the root ports are in forwarding state.
Select the designated port in each segment : STP establishes a designated port on each link. The designated port is selected on the switch that has the lowest cost route to the root bridge. Usually, the designated ports are in forwarding state and forward traffic for the segment.
The rest of the ports in the switched network are alternative ports : in general, the alternate ports are kept in a locked state to break the loop topology logically. When a port is in a blocking state, it does not forward traffic but can process received BPDU messages.

Extended system ID

In a PVST + environment, the extended switch ID ensures that the switch has a unique BID for each VLAN.

For example, the default BID of VLAN 2 would be 32770 (32768 priority, plus 2 extended system ID). If no priority was set, all switches have the same default priority, and the root choice for each VLAN is based on the MAC address. This method is a random means to select the root bridge.

Rapid Per-VLAN Spanning Tree Plus (PVST + Fast)

RSTP (IEEE 802.1w) is an evolution of the original 802.1D standard and is incorporated into the IEEE 802.1D-2004 standard. The terminology of STP 802.1w remains fundamentally the same as that of the original STP IEEE 802.1D. Most of the parameters were not modified, so users familiar with STP can configure the new protocol with ease. Fast PVST + is simply the Cisco implementation of RSTP by VLAN . With fast PVST +, a separate RSTP instance is run for each VLAN.

In image 4, a network running RSTP is shown. The S1 is the root bridge with two ports designated in forwarding state. RSTP supports a new type of port: port F0 / 3 on S2 is an alternate port in discarded state. Note that there are no blocked ports. RSTP defines port states as discard, learn or send. (does not have the status of the blocking port).

RSTP increases the speed of recalculation of the spanning tree when the topology of the Layer 2 network changes. In addition, it can achieve much faster convergence in a properly configured network, sometimes only in a few hundred milliseconds. RSTP redefines the types of ports and their states. If a port is configured as an alternate or backup port, it can automatically switch to the forwarding state without waiting for the network to converge.

RSTP features

The characteristics of RSTP are briefly described below:

RSTP is the preferred protocol to avoid Layer 2 loops in a switched network environment. Most of the differences were established with improvements to the original Cisco 802.1D standard exclusive to Cisco. These improvements, such as BPDUs that transport and send information about port functions only to neighboring switches, do not require additional configuration and generally have better performance than previous versions owned by Cisco. They are now transparent and integrated into the operation of the protocol.
Improvements to the original Cisco 802.1D standard exclusive to UplinkFast and BackboneFast are not compatible with RSTP .
RSTP (802.1w) replaces the original 802.1D standard and, at the same time, maintains compatibility with earlier versions. Most of the terminology of the original 802.1D standard is maintained, and most of the parameters were not modified. In addition, 802.1w can be reverted to the old 802.1D standard to interoperate with older switches per port. For example, the RSTP spanning tree algorithm chooses a root bridge in the same way as the original 802.1D standard does.
RSTP maintains the same BPDU format as the original IEEE 802.1D standard, except that the Version field is set to 2 to indicate the RSTP protocol and the Indicators field uses all 8 bits.
RSTP can actively confirm that a port can undergo a secure transition to the send state without relying on any timer settings.

BPDU in RSTP

RSTP uses BPDU type 2, version 2. The original STP 802.1D protocol uses BPDU type 0, version 0. However, the switches running RSTP can communicate directly with the switches running the original STP 802.1D protocol. RSTP sends BPDU and completes the indicator byte in a slightly different way than the original 802.1D standard:

The protocol information can be immediately expired on a port if the greeting packets are not received for three consecutive greeting times (six seconds by default) or if the maximum age timer expires.
Because BPDUs are used as an activity mechanism, three BPDUs lost consecutively indicate loss of connectivity between a bridge and its neighboring root or designated bridge. The rapid expiration of information allows failures to be detected very quickly.

Edge ports

An Edge port in RSTP is a switch port that never connects to another switch device. It suffers the transition to the state of sending immediately when it is enabled.

The RSTP perimeter port concept corresponds to the PVF + PortFast feature; A perimeter port connects directly to a terminal station and assumes that there is no switch device connected to it. The RSTP perimeter ports must immediately go to the forwarding state, so the long listening and learning port states of the original 802.1D standard are omitted.

The Cisco implementation of RSTP, fast PVST +, retains the PortFast keyword using the spanning-tree portfast command for perimeter port configuration. This makes the transition from STP to RSTP smoothly.

Link types

By using duplex mode on the port, the link type provides a categorization for each port that participates in RSTP. Depending on what is connected to each port, two different types of link can be identified:

Point to point : a port that operates in full-duplex mode usually connects one switch to another and is a candidate for the rapid transition to the forwarding state.
Shared : A port that works in half-duplex mode connects a switch to a hub that connects several devices.

The type of link can determine if the port can immediately go to the forwarding state, assuming certain conditions are met. These conditions are different for end ports and for non-end ports. Non-end ports are categorized into two types of links, point to point and shared . The type of link is determined automatically, but can be overridden with an explicit port configuration using the spanning-tree link-type parameter command .

Perimeter and point-to-point port connections are candidates for the rapid transition to the forwarding state. However, before the link type parameter is considered, RSTP must determine the port function.

Features

The characteristics of the port functions in relation to the link types include the following:

Root ports do not use the link type parameter. Root ports are capable of making a quick transition to the state of sending whenever the port is synchronized.
In most cases, alternate and backup ports do not use the link type parameter.
The designated ports are the ones that use the link type parameter the most. The rapid transition to the forwarding state for the designated port occurs only if the link type parameter is set to point-to-point.

STP Spanning Tree Protocol | Root Bridge

You will about the operation of STP Spanning Tree Protocol IEEE 802.1D is described below and the terms of BPDU and Bridge ID (BID) are introduced. Redundancy increases the availability of the network topology by protecting the network from a single point of failure, such as a failed network cable or switch. When physical redundancy is introduced into a design, loops are produced and frames are duplicated. This has serious consequences for switched networks. The Spanning Tree Protocol (STP) was developed to address these inconveniences.

STP ensures that there is only one logical route between all network destinations , by intentionally blocking those redundant routes that may cause a loop. A port is considered to be blocked when user data is not allowed to enter or exit through that port . This does not include bridge protocol data unit (BPDU) frames used by STP to avoid loops.

Table of Contents

1. Introduction to the Spanning Tree Protocol

2. STP in action

3. STA: Port functions

4. STA: Root bridge

5. STA: Cost of the route

6. BPDU 802.1D frame format

7. Propagation and BPDU process

8. Extended system ID

What is Spanning Tree Protocol

Blocking redundant routes is essential to avoid loops in the network. Physical routes still exist to provide redundancy, but they are disabled to prevent loops from being generated. If the route is ever necessary to compensate for the failure of a network cable or a switch, STP recalculates the routes and unlocks the necessary ports to allow the redundant route to be activated.

The use of the term "Spanning Tree Protocol" and the acronym STP can be misleading. Most professionals often use these denominations to refer to the various implementations of the Spanning tree, such as the Rapid Spanning Tree Protocol (RSTP) and the Multiple Spanning Tree Protocol (MSTP).

In order to explain the concepts of Spanning tree correctly, it is important to consult the implementation or the specific standard in context. The most recent IEEE document on the Spanning tree Protocol, IEEE-802-1D-2004, states that " STP was replaced with the Rapid Spanning Tree Protocol (RSTP) ". As seen, the IEEE uses “STP” to refer to the original implementation of the Spanning tree Protocol and “RSTP” to describe the version of the Spanning tree specified in IEEE-802.1D-2004. Then, when the original Spanning tree protocol is analyzed, the phrase “original 802.1D Spanning tree” is used to avoid confusion.

STP in action

The STP protocol in action (In the example, STP is enabled on all switches):

PC1 sends a broadcast to the network.
The S2 is configured with STP and set the port for Local_link2 in a locked state. The blocking state prevents ports from being used to forward user data, so as to prevent a loop from occurring. The S2 forwards a broadcast frame over all the ports of the switch, except the source port of PC1 and the port for Local_link2.
The S1 receives the broadcast frame and forwards it through all its switch ports, where it reaches PC4 and S3. S3 forwards the frame through the port for Link_troncal2, and S2 discards the frame. Layer 2 loop is avoided.

Now let's look at the new STP calculation when a failure occurs:

In this example:

PC1 sends a broadcast to the network.
Then the broadcast is sent through the network, in the same way as in the previous animation.
The trunk link between S2 and S1 fails, which causes an interruption in the previous route.
The S2 unlocks the port that had previously been blocked for Local_link2 and allows broadcast traffic to traverse the alternative route around the network, allowing communication to continue. If this link is activated again, STP converges again and the port on S2 is blocked again.

STP prevents loops from occurring by configuring a route without loops through the network, with ports " in a locked state " strategically located. Switches that run STP can compensate for failures by dynamically unlocking the previously blocked ports and permission for traffic to be transmitted by alternative routes.

STA: Port functions

The IEEE 802.1D version of STP uses the Spanning tree algorithm (STA) to determine which switch ports on a network should be placed in a locked state and prevent loops from occurring. The STA designates a single switch as the root bridge and uses it as a reference point for all route calculations.

In the illustration, the root bridge (switch S1) is chosen by a process of choice. All switches that share STP exchange BPDU frames to determine the switch that has the lowest bridge ID (BID) in the network. The switch with the lowest BID is automatically transformed into the root bridge according to STA calculations.

A BPDU is a message frame exchanged by switches for STP. Each BPDU contains a BID that identifies the switch that sent the BPDU. The BID contains a priority value, the MAC address of the sending switch and an optional extended system ID. The lowest BID value is determined by the combination of these three fields.

STP The shortest route

After determining the root bridge, the STA calculates the shortest route to that bridge. All switches use the STA to determine the ports to be blocked . While the STA determines the best routes to the root bridge for all switch ports in the broadcast domain, traffic is prevented from being forwarded through the network. The STA takes both route and port costs into account when determining which ports to block. The cost of the route is calculated using the port cost values associated with the port speeds for each switch port that crosses a given route. The sum of the port cost values determines the total route cost for the root bridge. If there is more than one route to choose, the STA chooses the one with the lowest route cost.

Description of the STP ports

Once the STA has determined the most desirable routes in relation to each switch, it assigns port functions to the participating switch ports. The port functions describe the relationship they have on the network with the root bridge and if they are allowed to forward traffic:

Root ports: the switch ports closest to the root bridge. In Image 1, the root port on S2 is F0 / 1, configured for the trunk link between S2 and S1. The root port on S3 is F0 / 1, configured for the trunk link between S3 and S1. Root ports are selected by switch.
Designated ports : all ports that are not root and can still send traffic to the network. In Image 1 , the switch ports (F0 / 1 and F0 / 2) on S1 are designated ports. Port F0 / 2 of S2 is also configured as a designated port. The designated ports are selected by trunk. If one end of a trunk link is a root port, the other end is a designated port. All ports in the root bridge are designated ports.
Alternate and backup ports: Alternate and backup ports are configured in a locked state to avoid loops. In Image 1 , the STA configured port F0 / 2 on S3 in the alternate function. Port F0 / 2 on S3 is in the locked state. Alternate ports are selected only on trunks where neither end is a root port.

Ports in the locked state only take action when two ports on the same switch are connected to each other via a hub or a single cable.

Ports disabled : A disabled port is a switch port that is disabled.

STP: Root bridge

As shown in Image 2, all Spanning tree Protocol instances (switched LAN or broadcast domain) have a switch designated as a root bridge. The root bridge serves as a reference point for all Spanning tree calculations to determine the redundant routes to be blocked.

A process of choice determines the switch that becomes the root bridge.

In Image 3, the IDB fields are shown. The BID is composed of a priority value, an extended system ID and the MAC address of the switch.

All switches in the broadcast domain participate in the election process . Once the switch starts, it starts sending BPDU frames every two seconds. These BPDUs contain the switch BID and root ID.

As the switches resend their BPDU frames, the adjacent switches in the broadcast domain read the root ID information of the BPDU frames. If the root ID that is received from a BPDU is lower than the root ID of the receiving switch, this switch updates its root ID and identifies the adjacent switch as the root bridge.

Actually, it may not be an adjacent switch, since it can be any other switch in the broadcast domain. Then the switch sends new BPDU frames with the lowest root ID to the other adjacent switches. Finally, the switch with the lowest BID is the one that is identified as the root bridge for the Spanning tree instance.

A root bridge is chosen for each Spanning tree instance. It is possible to have several different root bridges. If all ports on all switches belong to VLAN 1, only one instance of an Spanning tree Protocol is given. The extended system ID plays a role in determining the Spanning tree Protocol instances.

STP Cost of the route

Once the root bridge was chosen for the Spanning tree instance, the STA begins the process to determine the best routes to the root bridge from all destinations in the broadcast domain. The route information is determined by the sum of the individual costs of the ports that cross the route from the destination to the root bridge. Each "destination" is really a switch port.

The costs of the default ports are defined by the speed at which they work. As shown in Image 4, the port cost of the 10 Gb / s Ethernet ports is 2, that of the 1 Gb / s Ethernet ports is 4, that of the 100 Mb / s Ethernet ports is 19 and The 10 Mb / s Ethernet ports is 100.

Configure the port cost

Although the switch ports have a default port cost associated with them, this cost can be configured. The ability to configure individual port costs gives the administrator the flexibility to manually control the Spanning tree Protocol routes to the root bridge.

To configure the port cost of an interface, enter the spanning-tree cost value command in the interface configuration mode. The value can vary between 1 and 200 000 000.

S2 # configure terminal
Enter configuration commands, one per line. End with CNTL / Z.
S2 (config) # interface f0 / 1
S2 (config-if) # spanning-tree cost 25

In the example, switch port F0 / 1 was configured with port cost 25 using the spanning-tree cost 25 command in the interface configuration mode on interface F0 / 1.

To restore the port cost to the default value 19, enter the no spanning-tree cost command in the interface configuration mode.

S2 # configure terminal

Enter configuration commands, one per line. End with CNTL / Z.

S2 (config) # interface f0 / 1

S2 (config-if) # no spanning-tree cost

The cost of the route is equal to the sum of all port costs along the route to the root bridge (Image 5).

Routes with the lowest cost become preferred, and the rest of the redundant routes are blocked. In the example, the cost of the route from S2 to the root bridge S1 through route 1 is 19 (according to the individual port cost specified by the IEEE), while the cost of the route through route 2 is 38. Since Route 1 has a lower overall route cost to the root bridge, it is the preferred route. Then, STP configures the redundant path to be blocked and thus prevents the generation of loops.

Verify port cost

To verify the port and route costs to the root bridge, enter the show spanning-tree command . The Cost field near the top of the result is the cost of the total route to the root bridge. This value varies according to the number of switch ports that must be traversed to reach the root bridge. In the result, each interface is also identified with an individual port cost of 19.

STP BPDU 802.1D frame format

The Spanning tree algorithm depends on the exchange of BPDU to determine a root bridge. A BPDU frame contains 12 different fields that transmit route and priority information that is used to determine the root bridge and routes to it.

The first four fields identify the protocol, the version, the type of message and the status flags.
The following four fields are used to identify the root bridge and the cost of the route to it.
The last four fields are all timer fields that determine the frequency with which BPDU messages are sent and the time that information is retained through the BPDU process (next topic).

Sample BPDU

Below is a BPDU frame that was captured by Wireshark.

In the example, the BPDU frame contains more fields than those described above. The BPDU message is encapsulated in an Ethernet frame when it is transmitted over the network. The 802.3 header indicates the source and destination addresses of the BPDU frame.

This frame has the destination MAC address 01: 80: C2: 00: 00: 00, which is a multicast address for the Spanning tree group. When this MAC address is assigned to a frame, each switch configured for Spanning tree Protocol accepts and reads the frame information. The rest of the devices on the network ignore the plot.

In this example, the root ID and the IDB are the same in the captured BPDU frame. This indicates that the plot was captured from a root bridge. All timers are set to their default values.

Propagation and BPDU process

In principle, each switch in the broadcast domain assumes that it is the root bridge for an Spanning tree instance, so the BPDU frames that are sent contain the BID of the local switch as the root ID. By default, BPDU frames are sent every two seconds after the switch starts; that is, the default value of the greeting timer specified in the BPDU frame is two seconds. Each switch maintains local information about its own BID, the root ID and the cost of the path to the root.

When adjacent switches receive a BPDU frame, they compare the root ID of the BPDU frame with the local root ID. If the root ID in the BPDU is lower than the local one, the switch updates the local root ID and the ID in its BPDU messages. These messages indicate the new root bridge in the network. The distance to the root bridge is also indicated by the route cost update. For example, if the BPDU was received on a Fast Ethernet switch port, the cost of the route would increase 19 numbers. If the local root ID is lower than the root ID that is received in the BPDU frame, the frame is discarded.

After a route ID has been updated to identify a new root bridge, all subsequent BPDU frames sent by that switch contain the new root ID and the cost of the updated route. In this way, all other adjacent switches can see the lowest root ID identified at all times. As BPDU frames are transmitted between other adjacent switches, the route cost is constantly updated to indicate the total route cost to the root bridge. All switches in the Spanning tree Protocol use their route costs to identify the best possible route to the root bridge.

Extended system ID

The bridge ID (BID) is used to determine the root bridge of a network. The BID field of a BPDU frame contains three separate fields:

Bridge Priority
Extended system ID
MAC Address

Each field is used during the choice of the root bridge.

Bridge priority

The bridge priority is a customizable value that can be used to influence the choice of the switch as the root bridge. The switch with the lowest priority, which implies the lowest IDB, becomes the root bridge, since a lower priority value prevails.

For example, to ensure that a specific switch is always the root bridge, set the priority to a lower value than the rest of the switches in the network. The default priority value for all Cisco switches is 32768. The range is 0 to 61440 and increases to 4096. Valid priority values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 4949152, 53248, 57344 and 61440. The rest of the values are rejected. Bridge priority 0 prevails over all other bridge priorities.

Extended system ID

As VLANs became more common in network infrastructure segmentation, 802.1D was improved to include VLANs, with the requirement that the VLAN ID be included in the BPDU frame. VLAN information is included in the BPDU frame through the use of the extended system ID. All the most modern switches include the use of the extended system ID by default.

As shown in Image 10, the bridge priority field has a length of 2 bytes or 16 bits; 4 bits are used for bridge priority and 12 bits for the extended system ID, which identifies the VLAN that participates in this particular STP process.

If these 12 bits are used for the extended system ID, the priority of the bridge is reduced to 4 bits. This process reserves the 12 bits of the right end for the VLAN ID and the 4 bits of the left end for the priority of the bridge. This explains why the bridge priority value can only be set in multiples of 4096, or 2 ^ 12.

If the leftmost bits are 0001, the priority of the bridge is 4096; if the rightmost bits are 1111, the priority of the bridge is 61440 (= 15 x 4096). The Catalyst 2960 and 3560 series switches do not allow the jumper priority to be set to 65536 (= 16 x 4096), since it involves the use of a fifth bit that is not available due to the use of the extended system ID.

The extended system ID value is added to the bridge priority value in the BID to identify the priority and the VLAN of the BPDU frame.

Decision based on priority

When two switches are configured with the same priority and have the same extended system ID, the switch that has the MAC address with the lowest hexadecimal value is the one with the lowest BID. Initially, all switches are configured with the same default priority value. Then, the MAC address is the decision factor on which the switch will become a root bridge. To ensure that the chosen root bridge meets the requirements of the network, it is recommended that the administrator configure the desired root bridge switch with a lower priority. This also allows to ensure that, if new switches are added to the network, a new Spanning tree choice does not occur, which can interrupt network communication while selecting a new root bridge.

In Image 11, S1 has a lower priority than the rest of the switches; therefore, it is preferred as the root bridge for that Spanning tree instance.

MAC Address

When all switches are configured with the same priority, as is the case with switches that maintain the default configuration with priority 32768, the MAC address becomes the deciding factor in the choice of the switch that will become the root bridge (Image 12).

Note : in the example, the priority of all switches is 32769. The value is based on the default priority 32768 and the assignment of VLAN 1 related to each switch (32768 + 1).

The MAC address with the lowest hexadecimal value is considered as preferred for root bridge. In the example, S2 has the MAC address with the lowest value and, therefore, is designated as the root bridge for that Spanning tree instance.