CCNP3 v5 Chapter 3

Cisco Networking Academy

Implementing Spanning Tree

Transparent bridges
A switch has the same characteristics as a
transparent bridge
It must not modify the frames that are forwarded
It learns addresses by listening on a port for the
source address of a device
It forwards broadcasts out all ports,
except for the port that initially
received the broadcast
If the destination address is unknown
to the bridge, it forwards the frame
out all ports, except for the port that
initially received the broadcast


Bridging Loops
Loops may occur in a network for a variety of
reasons
Usually loops in networks are the result of a deliberate
attempt to provide redundancy
Can also occur by configuration error
Two primary reasons loops can be absolutely disastrous in a
bridged network:
. broadcast loops
. bridge-table corruption

L2 Loops - Flooded unicast frames

Wheres
Host B?
FLOOD

And the floods continue

Wheres
Host B?
FLOOD

Uh oh.

Removed from the network

L2 frame doesnt have a TTL field


Preventing loops in a L2 network

The Spanning-Tree Protocol (STP) is a loopprevention protocol
allows bridges/switches to communicate with
each other to discover physical loops in the
network
specifies an algorithm that bridges can use to
create a loop-free logical topology

Spanning-Tree Algorithm
802.1D

It relies on a set of parameters to make decisions
Ex: Bridge ID (BID), Path cost, Port ID

802.1D Spanning Tree Protocol

Mechanism for switches to reconfigure the paths
over which they forward frames
Forwards traffic over specific ports and disables
other ports to avoid frames from being sent
repeatedly or in a loop
Exchange of BPDU messages between adjacent switches
A single root bridge is elected
Each switch determines a root port
On a link between two non-root switch ports, a port of one
switch will become a designated port, and the port on the
other switch will be in a blocking state
Any port state change on any switch is considered a
network topology change


BPDUs
Bridges pass ST information between themselves
using bridge protocol data units (BPDUs)
Root ID, Cost of path, Bridge ID, Port ID, STP timer values

A bridge uses the four-step decision sequence to save a

copy of the "best" BPDU seen on every port.
it considers all the BPDUs received on the port as well as the
BPDU that would be sent on that port.
. As every BPDU arrives, it is checked to see if it is more
attractive than the existing BPDU saved for that port.
. If the new BPDU (or the locally generated BPDU) is more
attractive, the old value is replaced.
BPDUs are switch-to-switch traffic; they do not carry end-user traffic.

Bridge Identification (BID)

Used to determine the center of the bridged network
8-byte field composed of two subfields
The high-order BID subfield is the bridge priority
Extended system ID
VLAN ID for PVST
The low-order subfield is the switch 6-byte MAC address
It is expressed in the usual hexadecimal (base 16) format

Key point
lower costs are better


Path Cost
Sum of the costs of the links in a path between 2
bridges
Originally:
1000Mbps/BW in Mbps

Problems with Gbps

Changes

Lower costs are better

Bridges use the concept of cost to evaluate how close they are to other bridges.

Port ID
16-bit field composed of two subfields:
Port priority (8 bits):
Configurable parameter
0 255 (Default
128)

Port Number (8 bits)

Numerical identifiers used by Catalyst switches

1st: Port priority comparison

Lower Port ID is preferred


STP Decision Sequence

Spanning Tree always uses the same four-step
decision sequence:
Lowest root BID
Lowest path cost to root bridge
Lowest sender BID
Lowest port ID

Initial STP Convergence

When the network first starts, all the bridges flood
the network with a mix of BPDU information.
They apply the four-step decision sequence
allowing them to hone in on the set of BPDUs that form a
single spanning tree for the entire network

To build a loop-free topology:

(Step 1) A single root bridge is elected to act as the central point of this network
(Step 2) All the remaining bridges calculate a set of root ports
(Step 3) All the remaining bridges calculate a set of designated ports


Electing the Root Bridge

The switches elect a single root bridge by looking

for the bridge with the lowest BID
At the beginning, all bridges assume they are the
center of the universe and declare themselves as the
Root Bridge, by placing its own BID in the Root
BID field of the BPDU
If all bridges are using the default bridge priority of
32,768, the lowest MAC address serves as the tiebreaker.

STP Convergence
Step 1 Elect one Root Bridge
Cat-A has the lowest Bridge MAC Address, so it wins the Root War!

All 3 switches have the same default Bridge Priority value of 32,768


Step 2 Electing the Root Ports

Every non-root bridge must select one root port.

The root port of a bridge is the port that is closest to the
root bridge.
The root path cost is the cumulative cost of all links to
the root bridge.

Remember: STP costs are incremented as BPDUs are received on a

port, not as they are sent out a port.

Root
Bridge
Cost=19

1/1

1/2

Cost=19

Cat-A

1/1

BPDU

BPDU

Cost=0

Cost=0

BPDU

BPDU

Cost=0+19=19

Cost=0+19=19

Cat-B

1/1

Cat-C

1/2

1/2

Cost=19

Step 1

Cat-A sends out BPDUs, containing a Root Path Cost of 0.

Cat-B receives these BPDUs and adds the Path Cost of Port 1/1 to the
Root Path Cost contained in the BPDU.

Step 2

Cat-B add Root Path Cost 0 PLUS its Port 1/1 cost of 19 = 19

Root
Bridge
Cost=19

1/1

1/2

Cost=19

Cat-A

1/1

BPDU

BPDU

Cost=0

Cost=0

BPDU

BPDU

Cost=19

Cost=19

Cat-B
1/2

BPDU

1/1

Cat-C
BPDU

BPDU

Cost=19

Cost=19

1/2

BPDU

Cost=38 (19=19)

Cost=38 (19=19)
Cost=19

Step 3

Cat-B uses this value of 19 internally and sends BPDUs with a Root
Path Cost of 19 out Port 1/2.

Step 4

Cat-C receives the BPDU from Cat-B, and increased the Root Path
Cost to 38 (19+19). (Same with Cat-C sending to Cat-B.)

Root
Bridge
Cost=19

1/1

1/2

Cost=19

Cat-A

Root Port

1/1

BPDU

BPDU

Cost=0

Cost=0

BPDU

BPDU

Cost=19

Cost=19

Cat-B

1/1

Root Port

Cat-C

1/2

1/2

BPDU

BPDU

Cost=38 (19=19)

Cost=38 (19=19)

Step 5

Cost=19

Cat-B calculates that it can reach the Root Bridge at a cost of 19 via
Port 1/1 as opposed to a cost of 38 via Port 1/2.

Port 1/1 becomes the Root Port for Cat-B, the port closest to the Root
Bridge.

Cat-C goes through a similar calculation. Note: Both Cat-B:1/2 and CatC:1/2 save the best BPDU of 19 (its own).


STP Convergence
Step 3 Elect Designated Ports

The loop prevention part becomes evident during this

step, electing designated ports
Designated Port
the single bridge port that both sends and receives traffic
to and from that segment and the Root Bridge
Chosen based on cumulative Root Path Cost to the Root
Bridge

Each segment in a bridged network has one Designated

Port
The switch containing the Designated Port is referred to
as the Designated Bridge for that segment.
Every active port on the root bridge becomes a
designated port

Root Path Cost = 0

Cost=19

Root
Bridge

1/1

Segment 1

Root Path Cost = 0

1/2

Cost=19

Segment 2

Cat-A

Root Path Cost = 19

1/1

Root Path Cost = 19

Root Port

1/1

Root Port

Cat-B

Cat-C

1/2

1/2

Root Path Cost = 19

Root Path Cost = 19

Segment 3
Cost=19

Segment 1: Cat-A:1/1 has a Root Path Cost = 0 (after all it is the Root
Bridge) and Cat-B:1/1 has a Root Path Cost = 19.

Segment 2: Cat-A:1/2 has a Root Path Cost = 0 (after all it is the Root
Bridge) and Cat-C:1/1 has a Root Path Cost = 19.

Segment 3: Cat-B:1/2 has a Root Path Cost = 19 and Cat-C:1/2 has a

Root Path Cost = 19. Its a tie!

10

Root
Bridge

Root Path Cost = 0

Cost=19

Root Path Cost = 0

1/1

1/2

Segment 1

Cost=19

Segment 2

Cat-A
Designated Port

Designated Port

Root Path Cost = 19

Root Path Cost = 19

1/1

Root Port

1/1

Root Port

Cat-B

Cat-C

1/2

1/2

Root Path Cost = 19

Root Path Cost = 19

Segment 3
Cost=19

Segment 1

Because Cat-A:1/1 has the lower Root Path Cost it becomes the
Designate Port for Segment 1.

Segment 2

Because Cat-A:1/2 has the lower Root Path Cost it becomes the
Designate Port for Segment 2.

Root
Bridge

Root Path Cost = 0

Cost=19

Root Path Cost = 0

1/1

1/2

Segment 1

Cost=19

Segment 2

Cat-A
Designated Port

Designated Port

Root Path Cost = 19

1/1

Root Path Cost = 19

Root Port

1/1

Root Port

Cat-B

Cat-C

1/2

1/2

Root Path Cost = 19

Root Path Cost = 19

Segment 3
Cost=19

Segment 3

Both Cat-B and Cat-C have a Root Path Cost of 19, a tie!

When faced with a tie (or any other determination) STP always uses
the four-step decision process:
1. Lowest Root BID;

2. Lowest Path Cost to Root Bridge;

3. Lowest Sender BID; 4. Lowest Port ID

11

Root Path Cost = 0

Cost=19

Root
Bridge

Root Path Cost = 0

1/1

Segment 1

1/2

Cost=19

Segment 2

Cat-A
Designated Port

Designated Port

Root Path Cost = 19

Root Path Cost = 19

1/1

Root Port

Cat-B
1/2

1/1

Root Port

32,768.CC-CC-CC-CC-CC-CC

32,768.BB-BB-BB-BB-BB-BB

Root Path Cost = 19

Cat-C
1/2

Root Path Cost = 19

Designated Port Segment 3 Non-Designated Port

Cost=19

Segment 3 (continued)

1) All three switches agree that Cat-A is the Root Bridge, so this is a tie.

2) Root Path Cost for both is 19, also a tie.

3) The senders BID is lower on Cat-B, than Cat-C, so Cat-B:1/2 becomes the
Designated Port for Segment 3.

Cat-C:1/2 therefore becomes the non-Designated Port for Segment 3.

STP Convergence (Recap.)

(Recap.)
Recall that switches go through three steps for
their initial convergence:
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
Also, all STP decisions are based on a the
following predetermined sequence:
FourFour-Step decision Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to Root Bridge
Step 3 - Lowest Sender BID
Step 4 - Lowest Port ID

12


STP States
State

Purpose

Forwarding Sending/Receiving user data

Learning

Building bridging table

Listening

Building active topology

Elect Root Bridge, root ports and Designated Ports

Blocking

Receives BPDUs only

Disabled

Administratively down

STP Timers
Timer

Primary Purpose

Default

Hello
Time

Time between sending of configuration

BPDUs by the Root Bridge

2 Secs

Forward
Delay

Duration of Listening/Learning states

15 Secs

Max Age

Time BPDU stored

20 Secs

Forward Delay Timer

Default value (15 seconds) assuming

a maximum network size of seven bridge hops
a maximum of three lost BPDUs
a hello-time interval of 2 seconds

Determine the length of:

Listening state
Learning state

13


Topology Changes
It can take 30-50 sec. for a network to converge
During this time, physical addresses that can no longer be reached
are still listed in the switch table
The switch will attempt to forward frames to devices it cannot reach

The STP change process requires the switch to clear the

table faster
If a switch detects a change,
it can send a Topology
Change Notification (TCN)
BPDU out its root port
The topology change BPDU
is forwarded to the root switch,
and from there, is propagated throughout the network

TCN does not start a STP recalculation

Backup root bridge

Switch that assumes the role of the root bridge in the
event that the primary root bridge fails
It has a priority value lower than the default, but higher
than the primary root bridge
When the primary root bridge is functioning, the backup
root bridge behaves like any other non-root bridge
When the primary root bridge fails, the backup root
bridge
has the lowest priority
is selected to be the root bridge

14


Configuring switch priority of a VLAN

to make it more likely that the switch

will be chosen as the root switch
Most situations
Switch(config)# spanning-tree vlan vlan-id root primary
Switch(config)# spanning-tree vlan vlan-id root secondary

Also:
Switch(config-if)# spanning-tree vlan vlan-id priority priority

Priority: 0-61440 ; default = 32768

Priority in increments of 4096

STP and VLANs

Per-VLAN Spanning Tree (PVST):
Cisco proprietary
Compatible with 802.1Q and ISL
Runs a separate instance of STP for every VLAN

Common Spanning Tree (CST):

IEEE 802.1D standard
Runs a single instance of STP for all VLANs

15


STP Enhancements
Originally, IEEE 802.1D STP standard
convergence in 1 minute was ok
Cisco has added enhancements to
speed up STP alternate path
selection:
PortFast
UplinkFast
BackboneFast

PortFast
Designed to optimize switch access ports connected to
end-station devices
A port enters the Forwarding state immediately
A port bypasses the Listening and Learning states
From DISABLED to FORWARDING

PortFast begins only when the port first initialize

Switch(config-if)#spanning-tree portfast

16


UplinkFast
Provides fast convergence after a direct link failure
Accelerates the choice of a new Root Port when a link or switch fails
allows a blocked port to almost immediately begin forwarding when
the switch detects the failure of the forwarding link
The Root Port transitions to the
Forwarding state without going
through the Listening and Learning
states
must have direct knowledge of the
link failure in order to move a
blocked port into a forwarding
state
It is globally configured and it affects all VLANs
Switch(config)# spanning-tree uplinkfast
[max_update_rate pkts-per-sec]

BackboneFast
When a root port or a blocked port on a switch receives
inferior BPDUs from its designated bridge
An inferior BPDU reception means:
A link to which the switch is not directly connected has failed
Designated Bridge has lost connectivity to the Root Bridge

2*Forward Delay time = 30 s

S(config)#spanning-tree
backbonefast

Max_age + 2*Forward Delay time = 50 s

17


Rapid Spanning-Tree Protocol

RSTP
IEEE 802.1w
Evolution of IEEE 802.1D
Significantly speeds the recalculation of the ST
when a L2 network topology changes
Incorporates many of the concepts used in the
Cisco-proprietary STP enhancements
Edge Fast (Cisco PortFast)
Uplink Fast RSTP (Cisco Uplink Fast)
Backbone Fast Engine (Cisco Backbone Fast)

Redefines the base operation of the STP port roles

and states, and the BPDUs

RSTP port states

Discarding
In a stable active topology and during topology
synchronization and changes
It prevents the forwarding of data frames

Learning
In a stable active topology and during topology
synchronization and changes
It accepts data frames to populate the MAC table

Forwarding
Only in a stable active topology
The forwarding switch ports determine
the topology

18


RSTP port roles

Root port
Port receiving the best BPDU
Assumes the forwarding state

Designated port
Port that sends the best BPDU on the
connected segment
Only one designated port per segment

Alternate port
port blocked by receiving more useful
BPDUs from another bridge
Offers an alternate path toward the root
bridge

Backup port
port blocked by receiving more useful
BPDUs from the same bridge it is on
Additional port on the designated switch with
a redundant link to the segment

Disabled port
No role in the ST process

RSTP Edge port

Switch port that will never have a switch connected to
it
Switch port that immediately transitions to forwarding
Switch port that functions similar to Cisco PortFast
feature
An edge port that receives a BPDU
immediately loses its edge port status
becomes a normal spanning tree port
generates a Topology Change Notification (TCN)

19


RSTP Link types

It provides a categorization for each port in RSTP
It can predetermine the active role that the port plays
Two types
Point-to-point
Port operating in Full duplex mode
The port is connected to a single switch device at the other end

Shared
Port operating in Half duplex mode
The port is connected to a shared media where multiple switches
may exist

Root ports dont use the link type parameter

Alternate/backup ports dont usually

use the link type parameter

Designated ports use the link

type parameter

802.1w - RSTP BDPUs

BPDU Type 2, version 2

Legacy bridges drop this BPDU

Bridges send a BPDU with current information every

<hello_time> seconds

When a bridge receives inferior information from its

designated or Root Bridge, it immediately accepts it and
replaces the one previously stored

Protocol information can be immediately aged on a port if

hellos arent received for 3*hello times or if max_age timer
expires

3 consecutively missed BPDUs indicate loss connectivity

between neighbor switches

20


RSTP Proposal and agreement process

STA: When a port becomes designated, it waits
2*15sec. before Forwarding State
RSTP: Designated role in Discarding
or Learning state
It sets the proposal bit on the BPDUs
it sends out
Next switch
P1: new root port
Starts a sync to prevent switches
below A from causing a loop during
the proposal agreement process
blocking, edge, designated forwarding ports
blocked

Unblocks new root port

Replies to the root by sending an agreement message

The proposal & Agreement process continues on switch A

out of all of its downstream, designated, non-edge ports

RSTP topology change notification process

802.1D
Any port state change generates a TCN
When a bridge detects a topology change, it sends TCNs
toward the root bridge
The root bridge sets the TC flag on the outbound BPDUs
When a bridge receives a BPDU with the TC flag set, it reduces
its bridge-table aging time to forward delay seconds

RSTP
Only non-edge ports moving to the forwarding state cause a TC
A port moving to the blocking state doesnt generate a TC BPDU
The originator of the TC directly floods this information through
the network
If the port consistently keeps receiving BPDUs that dont
correspond to the current operating mode for 2*hello time,
the port switches to the mode indicated by the BPDUs

21


RSTP Implementation commands

Spanning tree is enabled on a per-VLAN basis

By default, ST is enabled on all VLANs
If it is needed to reenable it for a particular VLAN
S(config)#spanning-tree vlan vlan_ID

MST (IEEE 802.1s)

Multiple Spanning Tree

MST extends the IEEE 802.1w rapid spanning tree (RST)

algorithm to multiple spanning-trees

MST groups multiples VLANs in one instance of spanning-tree

rapid convergence and load balancing in a VLAN environment

MST combines the best aspects from both PVST+ and 802.1Q

Cisco implementation
backward compatible with

802.1D STP
802.1w Rapid Spanning-Tree Protocol (RSTP)
Cisco PVST+ architecture

Example:
VLANs 1-500 using 1 path, and
VLANs 501-1000 using the other path
Only two ST instances in every switch
MST converges faster than PVST+ (1000 instances)

22


MST regions

802.1Q standard

PVST+

a unique and common instance Common Spanning Tree (CST)

Different VLANs carry the BPDUs for their respective instance
(one BPDU per VLAN)

MST
Single MST configuration that consist of 3 attributes
Name
Revision number
VLAN association table: VLAN
ST instance

If 2 switches differ on any attribute, they are part of different

regions
VLAN association table is not sent
A digest of the VLANs-to-instance mapping table is sent, along
with the revision number and the name
A port is at the boundary of a region if the designated bridge on
its segment is in a different region or if it receives legacy 802.1D
BPDUs

Extended System ID
MST uses the 12-bit Extended System
ID field
The Extended System ID carries the
MST instance number

23


Interacting between MST regions

and 802.1q networks

An MST switch must handle at least one Internal Spanning Tree

(IST) = Instance 0
Provides interaction between MST regions
Provides compatibility between MST regions and 802.1D, 802.1Q
(CST) and PVST+ networks

MST regions appear as a single virtual bridge to the adjacent

CST and MST regions

IST connects all the MST switches in the region and any CST
switched domain

MST establishes and maintains additional ST within each MSTI

The IST is numbered 0
The MSTIs are numbered 1, 2, 3, and so on,
up to 15
Any MSTI is local to the MST region
Any MSTI is independent of MSTIs in
another region

Interacting between MST regions

and 802.1q networks

MST supports some of the PVST extensions as follows:

UplinkFast and BackboneFast are not available in MST mode;
they are part of RSTP
PortFast is supported
BPDU filter and BPDU guard are supported in MST mode
Loop guard and root guard are supported in MST
For PVLANs, you must map a secondary VLAN to the same
instance as the primary

24


Configuring Multiple Spanning Tree

How to verify MST

To display MST information
Switch#show spanning-tree mst

To display MST configuration information

Switch#show spanning-tree mst configuration

To display MST specifically

Switch#show spanning-tree mst X interface
int

To display detailed MST information

Switch#show spanning-tree mst X detail

25


Redundant Links
0/2
0/1

Backup
Active

STP will place one of these links in blocking mode.

However, there are two ways you can use both links
to move data at the same time.
1. Port Priority on a per-vlan basis
2. Fast Etherchannel

Redundant Links: Etherchannel

Can we use both of these links together?
bundle
1/1
1/2

Yes. With EtherChannel frames are distributed among

both links, allowing them to work together as a channel.

Etherchannel:
Cisco-propietary technology
Aggregates links into a single logical link
Incremental trunk speeds from 10Mbs to
16Gbps (Full-duplex)

26


Etherchannel

Etherchannel: bond 2, 4 or 8 links

Provides
Very high-bandwidth logical link
Load balances amongst the physical links involved
Fault-tolerant links
resiliency
Between routers, switches and servers

Uses a load distribution algorithm based on

the destination MAC address
XOR on the 2 lowest order bits of the source and destination
MAC address
MAC, IP addresses, IP +TCP/UDP

2 methods for negotiating bundles:

Port Aggregation Protocol (PAgP)
Link Aggregation Control Protocol (LACP)

Port Aggregation Protocol (PAgP)

Cisco Propietary
Aids in the automatic creation of EtherChannel links
PAgP packets are sent between EtherChannel technologycapable ports
The protocol
determines correctly paired, bidirectional, point-to-point links
groups the ports that have the same neighbor device ID and neighbor
group capability into a channel
adds the channel to Spanning Tree as a single bridge port
will not form a bundle on ports configured for dynamic VLANs
requires all ports in the channel
Have the same speed, duplex setting and VLAN information
belong to the same VLAN or configured as trunk ports

27


Link Aggregation Control Protocol

(LACP)
Open-standard: 802.3ad
Similar to PAgP
To manage Ethernet channels with non-Cisco
devices conforming to the 802.3ad specification
To start automatic EtherChannel configuration
with LACP, configure at least one end of the link to
active mode

Configuring Fast EtherChannel

To enable an L2 EtherChannel bundle
Switch(config)#interface range interface-range
Switch(config-if)# channel-protocol {pagp|lacp}
Switch(config-if)# channel-group group-number
[non-silent] | desirable [non-silent] | on }

mode {auto

To enable an L3 EtherChannel bundle

Switch(config)#interface port-channel number
Switch(config-if)#no switchport
Switch(config-if)#ip address address mask
Switch(config)#interface interface slot/port
Switch(config-if)# no switchport
Switch(config-if)# channel-group number mode
{auto [non-silent] | desirable [non-silent] | on }

To verify:
Switch# show etherchannel [channel-group-number] {brief
| detail | load-balance| port | port-channel |
summary}

28


EtherChannel Guidelines
Use the following guidelines to avoid configuration
problems:

Load balancing in Fast EtherChannel

Load balancing is applied globally for all EtherChannel
bundles in a switch
Load balancing can be based on

source MAC address

destination MAC address
source & destination MAC addresses
source IP
destination IP
source & destination IP
source port
destination port
source & destination port

Switch(config)# port-channel load-balance type

29

The End

30