High availability is a primary goal for enterprise networks that rely heavily on their multilayer switched network to conduct business. One method to ensure high availability is to provide Layer 2 redundancy of devices, modules, and links throughout the network. Network redundancy at Layer 2, however, introduces the potential for bridging loops, where packets loop endlessly between devices, crippling the network. The Spanning Tree Protocol identifies and prevents such Layer 2 loops.
This chapter overviews the Spanning Tree Protocols, including PerVLAN Rapid Spanning Tree Plus (PVRST+) and Multiple Spanning Tree (MST). This chapter also covers how to configure the protocols and how to configure Spanning Tree Protocols stability mechanisms.
Evolution of Spanning Tree Protocols
Multiple redundant paths between switches can cause loops in the network topology. If a loop exists, the potential for message duplication exists. When loops occur, some switches see stations appear on both sides of the switch. This condition confuses the forwarding algorithm and enables duplicate frames to be forwarded. To prevent loops while providing path redundancy, Spanning Tree Protocol (STP) defines a tree that spans all switches in an extended network. STP will allow only one active path and block any redundant paths, as shown in Figure 3-1. In case of failure of the active path, one of the redundant paths may become the active path.
There are several varieties of STP:
-
The first STP, called the DEC STP, was invented in 1985 by Radia Perlman at the Digital Equipment Corporation.
-
In 1990, the IEEE published the first standard for the protocol as 802.1D based on the algorithm designed by Perlman. Subsequent versions were published in 1998 and 2004 incorporating various extensions.
-
Common Spanning Tree (CST) assumes one 802.1D spanning-tree instance for the entire bridged network, regardless of the number of VLANs. Because there is only one instance, the CPU and memory requirements for this version are lower than the others. However, because there is only one instance, there is only one root bridge and one tree. This means that traffic for all VLANs flows over the same path. This can lead to suboptimal traffic flows. Also the network is slow in converging after topology changes due to inherent 802.1D timing mechanisms.
-
Per VLAN Spanning Tree Plus (PVST+) is a Cisco enhancement of STP that provides a separate 802.1D spanning-tree instance for each VLAN configured in the network. The separate instance supports enhancement such as PortFast, BPDU guard, BPDU filter, root guard, and loop guard. Creating an instance for each VLAN increases the CPU and memory requirements but allows for per-VLAN root bridges. This allows the STP tree to be optimized for the traffic of each VLAN. Convergence of this version is similar to 802.1D; however, convergence is per-VLAN.
-
Rapid STP (RSTP), or IEEE 802.1w, is an evolution of STP that provides faster convergence of STP. This version addresses many of the convergence issues, but because it still had a single instance of STP, it did not address the suboptimal traffic flow issues. To support that faster convergence, the CPU usage and memory requirements of this version are slightly more than CST but less than PVRST+.
-
Multiple Spanning Tree (MST) is an IEEE standard inspired from the earlier Cisco proprietary Multi-Instance Spanning Tree Protocol (MISTP) implementation. To reduce the number of required STP instances, MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The Cisco implementation provides up to 16 instances of RSTP (802.1w) and combines many VLANs with the same physical and logical topology into a common RSTP instance. Each instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard. The CPU and memory requirements of this version are less than PVRST+ but more than RSTP.
-
PVRST+ is a Cisco enhancement of RSTP that is similar to PVST+. It provides a separate instance of 802.1w per VLAN. The separate instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard. This version addressed both the convergence issues and the suboptimal traffic flow issues. To do this, this version has the largest CPU and memory requirements.
The RSTP algorithm is far superior to 802.1D STP and even PVST+ from a convergence perspective. It greatly improves the restoration times for any VLAN that requires a topology convergence due to link up, and it greatly improves the convergence time over BackboneFast for any indirect link failures.
Table 3-1 compares various STP protocols in terms of resources needed and convergence times. Currently MST and PVRST+ have become the predominate protocols; therefore, we focus on these protocols in this book.
Table 3-1: Comparison of Spanning Tree Protocols
Open table as spreadsheet | Protocol | Standard | Resources Needed | Convergence |
|
| CST | 802.1D | Low | Slow | All VLANs |
| PVST+ | Cisco | High | Slow | Per VLAN |
| RSTP | 802.1w | Medium | Fast | All VLANs |
| PVRST+ | Cisco | Very high | Fast | Per VLAN |
| MSTP | 802.1s | Medium/high | Fast | VLAN list |
| Note | In Cisco switches, PVST+ is the default STP that is enabled when a VLAN is created. |
Spanning Tree Protocol Basics
STP uses the concepts of root bridges, root ports, designated, and nondesignated ports to establish a loop-free path through the network. The following sections discuss the terms root bridge, root ports, designated ports, nondesignated ports in more detail. This section discusses the operation of basic STP as defined in the STP-defining IEEE 802.1D standard.
802.1D and its successor protocols provide loop resolution by managing the physical paths to given network segments. STP enables physical path redundancy while preventing the undesirable effects of active loops in the network. STP is an IEEE committee standard defined as 802.1D. Rapid Spanning Tree is defined as 802.1w.
STP and RSTP behave as follows:
-
STP forces certain ports into a standby state so that they do not listen to, forward, or flood data frames. The overall effect is that there is only one path to each network segment that is active at any time.
-
If there is a problem with connectivity to any of the segments within the network, STP or RSTP reestablishes connectivity by automatically activating a previously inactive path, if one exists.
STP Operation
STP initially converges on a logically loop-free network topology by performing these steps:
-
Elects one root bridge: The protocol uses a process to elect a root bridge. Only one bridge acts as the root bridge in a given network per VLAN. On the root bridge, all ports act as designated ports. Designated ports send and receive traffic and configuration messages, or BPDUs. In the sample scenario in Figure 3-2, switch X wins the election as the root bridge because it has the lower priority parameter.
Figure 3-2: STP Operation
-
Selects the root port on all nonroot bridges: The protocol establishes one root port on each nonroot bridge. The root port is the lowest-cost path from the nonroot bridge to the root bridge. Root ports send and receive traffic. If a nonroot bridge has two or more equal-cost paths to the root; the nonroot bridge selects the port that has lowest port ID. Port ID consists of a configurable priority + Port number that defaults to the lowest port number when all eligible root ports have equal priority. In the scenario in Figure 3-2, from Switch Y, the lowest-cost path to the root bridge is through the 100BASE-TX Fast Ethernet link.
-
Selects the designated port on each segment: On each segment, STP establishes one designated port on the bridge that has the lowest path cost to the root bridge. In the scenario in Figure 3-2, the designated port for both segments is on the root bridge because the root bridge directly connects to both segments. The 10BASE-T Ethernet port on Switch Y is a nondesignated port because there is only one designated port per segment. The switch primarily chooses a designated port as the least-cost path to the root bridge. In the event of a tie, the bridge ID acts as the tiebreaker. Table 3-2 summarizes the port roles in a nondesignated switch.
Table 3-2: Port Roles on a Nondesignated Switch
Open table as spreadsheet | Port Role | Description |
| Root port | This port exists on nonroot bridges and is the switch port with the best path to the root bridge. Root ports forward data traffic toward the root bridge, and the source MAC address of frames received on the root port can populate the MAC table. Only one root port is enabled per bridge. |
| Designated port | This port exists on root and nonroot bridges. For root bridges, all switch ports are designated ports. For nonroot bridges, a designated port is the switch port that receives and forwards data frames toward the root bridge as needed. Only one designated port is enabled per segment. If multiple switches exist on the same segment, an election process determines the designated switch, and the corresponding switch port begins forwarding frames for the segment. Designated ports can populate the MAC table. |
| Nondesignated port | The nondesignated port is a switch port that is not forwarding (blocking) data frames and not populating the MAC address table with the source addresses of frames seen on that segment. |
| Disabled port | The disabled port is a switch port that is shut down. |
By examining the switch port roles on a switch, STP can determine the most desirable forwarding path for data frames.
Each Layer 2 port on a switch running STP exists in one of these five port states:
-
Blocking: The Layer 2 port is a nondesignated port and does not participate in frame forwarding. The port receives BPDUs to determine the location and root ID of the root switch and which port roles (root, designated, or nondesignated) each switch port should assume in the final active STP topology. By default, the port spends 20 seconds in this state (max age).
-
Listening: Spanning tree has determined that the port can participate in frame forwarding according to the BPDUs that the switch has received so far. At this point, the switch port is not only receiving BPDUs, but it is also transmitting its own BPDUs and informing adjacent switches that the switch port is preparing to participate in the active topology. By default, the port spends 15 seconds in this state (forward delay).
-
Learning: The Layer 2 port prepares to participate in frame forwarding and begins to populate the CAM table. By default, the port spends 15 seconds in this state (forward delay).
-
Forwarding: The Layer 2 port is considered part of the active topology; it forwards frames and also sends and receives BPDUs.
-
Disabled: The Layer 2 port does not participate in spanning tree and does not forward frames.
To determine its root port (best port toward the root bridge), each switch uses a cost value. Each port link speed is associated to a cost. The cost to the root bridge is calculated using the cumulative costs of all links between the local switch and the root bridge that becomes the path cost.
Default individual port cost values are
-
10 Gbps link: Cost 1
-
1 Gbps link: Cost 4
-
100 Mbps link: Cost 19
-
10 Mbps link: Cost 100
In Figure 3-3, switch 0000.1111.3333 has three links that can link to the root bridge. Suppose that all links are 100 Mbps links.
Port 1 and Port 2 would both have a cost of 19. Port 3 would have a cost of 38, which represents the overall path cost (19+19) to reach the root. Port 1 or Port 2 would be elected as root port due to both having lower path cost to the root.
When two ports have the same cost, arbitration can be done using the priority value. Priority is a combination of a default value and port number. Default value is 128. The first port will have a priority of 128.1, the second port of 128.2, and so on. With this logic, the lower port is always chosen as the root port when priority is the determining factor.
0 comments
Post a Comment