Spanning Tree Protocol
CHAPTER 2
�THE NEED FOR SPANNING TREE
Broadcast frames would travel around redundant paths forever quickly consuming available bandwidth without some form of loop prevention
�SPANNING TREE
A mesh topology use Spanning Tree Kind of converts a mesh into a star Chooses what ports to block Maintains only ONE active path between LAN segments (Collision Domains) Stops LANs from having redundant links Stops Broadcast Loops Network meltdown Caused by broadcast storms How do you stop a loop in progress?
�OTHER SIDE EFFECTS OF STORMS
MAC table instability Continually updating MAC Tables Multiple copies of the same frame
�WHAT SPANNING TREE DOES
Avoids bridging loops by putting some interfaces into a blocking state based on their Bridge Port Data Unit (802.1d)
�ROOT BRIDGE PRIORITY
Is an 8 byte value unique to each switch Consists of 2 byte priority field and 6 byte system ID The system ID is based on the MAC address in each switch STP defines messages called bridge protocol data units (BPDU) which switches use to exchange information with each other The switch with lowest Root Bridge ID is the Root switch or Root Bridge
�BRIDGE PROTOCOL DATA UNITS
Used to determine the root bridge, designated bridge as well as which ports are in forwarding and block states. Exchanged between the switches on regular intervals. STP defines messages called bridge protocol data units (BPDU) which switches use to exchange information with each other
�HOW SPANNING TREE WORKS
STP elects a root switch (or bridge) and puts all working interfaces on the switch into forwarding state Each non-root switch chooses the port with the lowest cost between itself and the root switch, called the root port (RP), and places it into forwarding state Many switches can attach to the same Ethernet segment and the switch with the lowest cost from itself to the root bridge, as compared with the other switches on the segment, is placed into forwarding state The lowest cost switch on each segment is called the designated bridge and that bridges interface attached to that segment is called the designated port (DP) All other interfaces are placed into blocking state
�HOW SPANNING TREE WORKS
Spanning simply picks the interfaces to forward or to block based on 3 criteria:
1.
2.
3.
Root Bridge All interfaces on this bridge / switch are in Forwarding Non Root bridge has at least one of its ports to have the lowest cost back to the root bridge. This is called the Root Port and is in forwarding state. The Bridge with the lowest administrative cost between itself and the root bridge is called the Designated Bridge. The interface attached to this segment is called the Designated Port.
�STP REASONS FOR FORWARDING OR BLOCKING
Root switch forwards on all up/up interfaces If an interface is not UP state it is taken out of the STP pool Interfaces not chosen not to forward (FS Forward State) are in Blocked state Non Root switch finds the lowest cost between itself and root
�STEP 1: ELECTING THE ROOT SWITCH
When a switch comes online it sends out BPDUs. The Following Are specified.
1. 2. 3.
Root Bridges ID The MAC Address plus the Priority of the Bridge. The Cost to Reach the Root Bridge The Bridge ID of the sender of the BPDU.
The Election process starts the lowest Bridge ID becomes the Root Bridge.
BPDU Starts with Priority, so lowest Priority wins. If tie goes to the lowest MAC Address
�ELECTING THE ROOT SWITCH
All switches say Hello All switches claim to the root switch! One by one comparison is made till the lowest Bridge ID is found
�THE START OF THE ELECTION PROCESS
�STEP 2: CHOOSING EACH SWITCHES ROOT PORT
Once the Root Switch has been elected the process of choosing each switches Root Port begins Switch Root Port (RP)
The
interface through which it has the least SPT cost to reach the root switch Most of the time you only have one connection
�STP TIMERS
Dont mess with the defaults. Timers are set for a reason. They work!!!
�WHEN NETWORK CHANGES HAPPEN
Each switch sends out hello BPDU when a change occurs
Time Default 2 Seconds. The time it takes for a root bridge to send out BPDUs. MaxAge Default 20 Seconds. Time before to change the STP topology. Forward Delay Delay that affects the time involved when an interface changes from blocking stat to forwarding state. (Default time is about 50 seconds)
Hello
�OPTIONAL STP FEATURES
Cisco has adopted 802.1d STP EtherChannel Combines multiple channels into one single channel on a switch. This way if one channel goes down another can take its place and no effect to STP
Must be same speed Must be same destination All trunks Eight interfaces max EtherChannel does combine the bandwidth of the channels
PortFast Allows a port to go right into Forwarding.
�STP CONVERGENCE
PAGE 75
When STP converges a switch transitions interfaces from one state to another, however, a transition from blocking to forwarding cannot be done immediately because forwarding data could temporarily cause frames to loop
Listening State 15 seconds - Interfaces in this state do not forward frames but old MAC table entries are timed out because incorrect MAC entries could cause temporary loops Learning State 15 seconds - Interfaces in the state still do not forward frames but the switch begins to learn the MAC addresses of frames received on the interface
�STP SECURITY
Switch interfaces that connect to end-user locations have some security exposures Attackers could connect a switch with a low STP priority and become the root switch The attacker could connect a LAN analyzer and copy large amounts of data sent through the LAN The Cisco BPDU Guard feature helps defeat these kinds of problems by disabling the port of BPDUs are received on the port This is normally used in conjunction with PortFast on an access port The Cisco Root Guard feature helps defeat the problem where a rogue switch tries to become the root switch If a port with Root Guard enabled received BPDU with superior root ID, the BPDU will be ignored and the interface will be disabled
�RAPID STP (IEEE 802.1W)
Works very similarly to 802.1d STP
Elects
with same parameters Elects root port on non root switches with same parameters Elects designated ports on each LAN segments with the same Rule Place forwarding and blocking state. (RSTP blocking is called Discarding)
�RSTP IMPROVEMENTS
Can be deployed on switches along side of STP Convergence is a lot faster with RSTP
Typically
about 10 seconds compared to 50 seconds for STP Not designed to work with hubs But most networks dont use hubs Main advantage is speed!
�RSTP LINK AND EDGE TYPES
Link type Point to Point
Links
switches point to point with no hubs in the middle
Link Type Shared
Between
a switch and a hub In this type, there is no improvement on Convergence time.
Edge Type
End
node to switch
�RSTP PORT STATUS
The following table describes the new RSTP terms for port states
�RSTP PORT ROLES
Root Port The port which the switch hears the best BPDU Alternate Port Used when the root port goes Down.
Receives suboptimal root BPDUs
Backup Port When a switch has two links to the same segment. Knows it is a backup port when it receives the same BPDU it send out back.
Backup Ports are on Hubs
Disabled Port Is administratively down.
�STP CONFIGURATION AND VERIFICATION
STP works without being configured By default all switches have the same priority The lowest burned in MAC becomes root
Is
this a problem?
What happens when you add a switch? What happens when you remove a switch?
�STP TROUBLESHOOTING
Very seldom have to mess with it! Step 1 Determine the root switch Step 2 For each non-root switch, determine the root port (RP) and cost to reach the root switch through that RP Step 3 For each segment, determine the designated port (DP) and the cost advertised by the DP onto that segment
�DETERMINING THE ROOT SWITCH
Step 1 Pick a switch and find the switchs root BID and local BID using the show spanning-tree vlan vlan-id command Step 2 If the root BID and local BID are equal, then the local switch is the root switch Step 3 If the root BID and local BID are not equal then
Find the RP on the local switch with show spanningtree command Using CDP or other documentation determine which switch is on the other end of the RP Log onto the switch on the other end of the RP and repeat the process starting at step 1
�DETERMINING THE ROOT PORT ON NON-ROOT SWITCHES
Step 1 Determine all possible paths over which a frame can reach the root switch Step 2 For each path add the costs of all outgoing interfaces in the path Step 3 The lowest cost found is the RP Step 4 If the cost ties, use port priority, and if that ties use the lowest port number
