STP

Spanning Tree Protocol
Spanning Tree
2000, Cisco Systems, Inc.
Agenda
Spanning Tree Basics
Spanning Tree Concepts

Spanning Tree on Catalyst Switches Spanning Tree Enhancements Spanning Tree Troubleshooting
Spanning Tree.
Spanning-Tree Basics
Spanning Tree.
Spanning Tree Protocol
STP is a link management protocol that provides path redundancy while preventing undesirable loops in the network
Spanning Tree.
Spanning Tree Protocol Basics
1. Without the spanning-tree protocol in a redundant topology, a frame sourced from A would loop endlessly in the network.
Spanning Tree.
X
Blocked port
1. Without the spanning-tree protocol in a redundant topology, a frame sourced from A would loop endlessly in the network. 2. The spanning-tree protocol blocks redundant links to prevent frames from looping.
Spanning Tree.

Bridge fails!
X
X
Blocked port Remove blocked port
1. Without the spanning-tree protocol in a redundant topology, a frame sourced from A would loop endlessly in the network. 2. The spanning-tree protocol blocks redundant links to prevent frames from looping. 3. The spanning-tree protocol can adjust to changes in the topology by adjusting which ports are blocking and which are forwarding.
Spanning Tree.
Spanning-Tree Concepts
Spanning Tree.
Four-Step Decision-Making Sequence

When creating a loop-free logical topology, Spanning Tree always uses the same four-step decision sequence: 1. Lowest Root BID 2. Lowest Path Cost to Root Bridge
3. Lowest Sender BID

4. Lowest Port ID
Spanning Tree.
Spanning Tree Terminology

Bridge Types Root Bridge Designated Bridge Port Types Root Port Designated Ports Non-Designated Ports Port States Blocking Listening Learning Forwarding (Disabled)
Network parameters Hello interval Forward delay
Max age
Bridge priority (per bridge) Port-specific parameters Port cost Port priority BPDUs Configuration Topology Change Notification
Spanning Tree.
10
Spanning Tree Terminology

Direction of Config BPDU flow Root Port - Port with least cost path to the root bridge
1
Designated Port Root Port
F
Root bridge
Designated Port
F
B
Non-Designated Port
2 F
C
Root Port
F
D
Root Port
Designated bridge for segment 3
Designated Port
Non-Designated Port
3
Designated Port Port selected for forwarding Non-Designated Port Port in blocking mode
Spanning Tree.
11
Initial STP Convergence

Switches go through three steps for their initial convergence:
1. Elect one Root Bridge 2. Elect one Root Port per non-Root Bridge 3. Elect one Designated Port per segment
Spanning Tree.
12
Spanning Tree Root Bridge

One root per bridged network
Election process to determine root

Dictates timer values for all bridges in configuration BPDUs All other bridges determine shortest path to the root bridge
Spanning Tree.
13
Spanning Tree Root Bridge Election

All bridges first assume they are root (BPDU with RootID = BID; Path Cost = 0)
All bridges have an 8 byte bridge ID2 bytes bridge priority, 6 bytes MAC address
For example, here 32768 is the Bridge priority and 0080.acff.0003 is the MAC address of the bridge
32768:0080.acff.0003
Lowest bridge ID (BID) becomes root Lower bridge priority has a greater chance of becoming root
Spanning Tree.
14
Spanning Tree Root Port

Root port determined using lowest cost to root bridge BPDU received on a port determines the values for transmitted BPDUs
Port cost of transmitted BPDUs = (path cost in received BPDU) + (port cost of port that receives BPDU)
Port state on a root port is never blocking

Spanning Tree.
15
Spanning Tree Designated Bridge

At most one designated bridge per Ethernet segment Always the bridge with the shortest path to the root bridge Election process to determine the designated bridge Responsible for advertising BPDUs to other bridges out designated ports
Spanning Tree.
16
Spanning Tree Designated Bridge Election

Designated bridge is chosen for each segment Root is designated bridge for all connected segments Bridge on a segment with shortest path cost to root bridge becomes designated Bridges with equal cost paths to the root use lower BID as tie-breaker
Spanning Tree.
17
Spanning Tree Designated Port

The port through which all traffic toward the root flows off of a segment Responsible for transmitting BPDUs to downstream bridges Port state on a designated port is never blocking
Spanning Tree.
18
Spanning Tree Non-Designated Port

All ports on a segment other than the designated port or root ports are nondesignated ports Non-designated ports receive BPDUs transmitted from the root or designated bridge Port state on a non-designated port is blocking
Spanning Tree.
19
Spanning Tree Port States

Blocking No user traffic through port, receiving to BPDUs Listening No user traffic through port, and listening to BPDUs Learning No user traffic through port, and building bridge tables Forwarding User traffic across port, and transmitting or receiving BPDUs Disabled Administratively down, does not participate in frame forwarding or STP
Spanning Tree.
20
STP State Machine

Disabled
Listening
Blocking
TCN TCN
Learning
Forwarding
Spanning Tree.
21
Spanning Tree Configuration Parameters

Network parameters
Hello interval Forward delay Max age Bridge priority (per bridge)
Port-specific parameters
Port cost Port priority
Spanning Tree.
22
Spanning Tree Hello Interval
The frequency with which a designated port will send BPDUs One to two second range Two seconds by default
Spanning Tree.
23
Spanning Tree Forward Delay

Used to determine how long to stay in listening and learning state Fifteen seconds by default Lower times will lower convergence, but might increase the chances of having loops Also used as the CAM aging time during topology change
Spanning Tree.
24
Spanning Tree Max Age
The amount of time a bridge stores a BPDU on a port before discarding it

In other words, the time within which a bridge expects to receive a valid BPDU from the root
Most important to blocked port state Twenty seconds by default
Spanning Tree.
25
Spanning Tree Bridge Priority

Used first to determine root bridge Used to help determine designated bridge after root path cost Can range from 165536 (32768 is default) High order 2 bytes of 8 byte BID Lowering priority makes BID numerically lower, and increases the chances of bridge becoming root
Spanning Tree.
26
Spanning Tree Port Cost

Represents the cost of transmitting a frame onto a bridged segment through that output port The root path cost is the total cost to the root bridge, i.e., the path cost received on the root port + the port cost of the root port When sending out new BDPUs, port cost of port that received the BPDU is added to the path cost in the transmitted BPDU
Spanning Tree.
27
Spanning Tree Port Priority

When two BPDUs are received with the same BID and same path cost, the port priority field in BPDU is used Port which receives BPDU with lowest port priority becomes root port Port priority = static value + port ID Useful for load-balancing using multiple spanning trees when there are two links between the same two bridges
Spanning Tree.
28
Configuration BPDU
Orginated by root switch and sent on all the designated ports (all ports on the root switch are designated ports)
On all other switches in the network (in a steady state), configuration BPDUs are received on root ports & blocked ports only (never sent)
Forwarded on designated ports by changing the BID & adding the port cost of the received port to the root path cost in the transmitted BPDU When a designated port hears an inferior BPDU, it sends a configuration BPDU with its stored BPDU information
Spanning Tree.
29
Configuration BPDU Parameters
Root Identifier Root Path Cost Bridge Identifier Port Identifier Message Age
Max Age Hello Time Forward Delay Topology Change Ack. Topology Change
Spanning Tree.
30
IEEE 802.1d Config BPDU Frame Format
Protocol Identifier
Ver
Msg Type
Flags
Root ID
Root Path Cost
Bridge ID
Port ID
Msg Age
Max Age
Hello Time
Forward Delay
0x00 = Config BPDU
2 byte priority 6 byte ID (MAC address)
2 byte priority 6 byte ID (MAC address)
Spanning Tree.
31
Configuration BPDU Layout (1)

DLC: ----- DLC Header ----DLC: DLC: Frame 15 arrived at 11:02:20.8523; frame size is 60 (003C hex) bytes. DLC: Destination = Multicast 0180C2000000, Bridge_Group_Addr DLC: Source DLC: = Station Cisco7A009A6 DLC: 802.3 length = 39
IEEE 802.1d Reserved Destination MAC address
LLC: ----- LLC Header ----LLC:
Source MAC address of sending port
LLC: DSAP Address = 42, DSAP IG Bit = 00 (Individual Address) LLC: SSAP Address = 42, SSAP CR Bit = 00 (Command) LLC: Unnumbered frame: UI LLC:
DSAP/SSAP of 0x42 is BPDU
Spanning Tree.
32

BPDU: ----- Bridge Protocol Data Unit Header ----BPDU: Protocol Identifier = 0000 BPDU: Protocol Version BPDU: BPDU: BPDU Type = 00 (Configuration) BPDU: BPDU: BPDU Flags = 00 BPDU: .... ...0 = Not Topology Change = 00
Always 0 00 Configuration BPDU 80 TCN BPDU LSB = TC flag; MSB = TCA flag
BPDU: 0... .... = Not Topology Change Acknowledgment
BPDU: .000 000. = Unused

BPDU: BPDU: Root Identifier = 8000.00400BA009A2 BPDU: Priority BPDU: BPDU: Root Path Cost =0 = 8000 = 00400BA009A2 BPDU: MAC Address
Root Bridge ID
Since this BPDU is sent by the root, the path cost is 0
Spanning Tree.
33

BPDU: Sending Bridge Id = 8000.00400BA009A2.8005 BPDU: Priority = 8000 = 00400BA009A2
BID of sending bridge
BPDU: MAC Address BPDU: Port
= 8005 = 0.000 seconds
Port ID Seconds since root originated the BPDU
BPDU: Message Age
BPDU: Information Lifetime = 20.000 seconds BPDU: Root Hello Time BPDU: Forward Delay BPDU: DLC: Frame padding= 7 bytes = 2.000 seconds = 15.000 seconds
Timers: MaxAge HelloTime FwdDelay
Spanning Tree.
34
Topology Change Notification

Used to notify other switches of a change in the spanning tree topology TCN BPDUs are sent:
Any time a port transitions to the forwarding state and the bridge has at least one designated port Any time a port transitions from the forwarding or learning state to the blocking state
Sent from the bridge with the topology change towards the root bridge A TCN received on a designated port of a non-root switch is forwarded towards the root
Spanning Tree.
35
IEEE 802.1d TCN BPDU Frame Format
Protocol Identifier
Ver
Msg Type
0x80 = TCN BPDU
Spanning Tree.
36
Topology Change Notification

TCN is sent every two seconds, until the upstream bridge acknowledges receipt with a TCN ACK flag set in the configuration BPDU When the root bridge receives the TCN BPDU, it sets the TC flag in the next configuration BPDU (it also sets the TCN ACK flag on the port the TCN was received) When bridges receive a BPDU with the TC flag set, they reduce their CAM aging time to FwdDelay (15 seconds) The root switch continues to send Configuration BPDUs with TC flag set for a total of FwdDelay+Max Age seconds (default=35)
Spanning Tree.
37
Topology Change Process

1. Bridge A fails.
Root TCN toward root TCN ACK C TCN toward root
2. Bridge Bs port moves out of forwarding mode. 3. Bridge B generates a TCN BPDU and sends it on the root port. 4. Bridge C ACKs the TCN in the next BPDU it sends to Bridge B. 5. Bridge C generates a TCN BPDU and sends it on the root port. 6. Root ACKs the TCN in the next BPDU it sends to Bridge C.
TCN ACK
B
Port moves out of forwarding mode
X
A
Spanning Tree.
Bridge fails
38
Topology Change Process

TC flag set=35s Root TC Flag CAM Aging=15s TC Flag CAM Aging=15s
7. Root also sets the topology change (TC) flag in all Config BPDUs 8. Downstream bridges reduce CAM aging time to FwdDelay seconds for duration of the topology change. 9. Root sets TC flag in all BPDUs for MaxAge + FwdDelay seconds, then clears the TC flag.
TC Flag
TC Flag
TC Flag CAM Aging=15s

CAM Aging=15s CAM Aging=15s
Spanning Tree.
39
Spanning Tree on Catalyst Switches
Spanning Tree.
40
Spanning Tree in Catalyst Switches

Catalyst switches implement a Spanning Tree per VLAN Permits creation of different forwarding paths for each VLAN (but be aware that this is taking up resources)
Spanning Tree.
41
Tuneable Spantree Parameters

Max Age (per VLAN) Forward Delay (per VLAN) Hello Time (per VLAN) Bridge Priority (per VLAN) Port Cost (per port or per port/VLAN) Port Priority (per port or per port/VLAN) Enable/disable spantree (per VLAN)
Enhancements (PortFast, UplinkFast, etc)
Spanning Tree.
42
Spanning Tree set Commands
set spantree <enable|disable> set spantree portvlanpri set spantree priority set spantree hello set spantree maxage set spantree fwddelay set spantree portcost set spantree portpri set spantree portvlancost set spantree root [secondary] set spantree portfast set spantree portfast bpdu-guard set spantree uplinkfast set spantree backbonefast set spantree guard root
Spanning Tree.
43
Spanning Tree set Commands Caveats

The portvlanpri can only have two values, where one of the values is the portpriority per trunk
The same applies for portvlancost when cost is omitted the cost will be portcost - 1 The use of this command is not encouraged, since the effect is additive
The rate in the set spantree uplinkfast command is the rate at which the switch in question will send multicast packets with SA= MAC-addresses downstream (MACs in CAM)
Spanning Tree.
44
Spanning Tree set Commands Caveats

The set spantree root macro lowers the bridge priority to 8192 or one lower than the current root (secondary will have priority 16384)
If diameter is specified, the appropriate MaxAge and FwdDelay will be calculated
Spanning Tree.
45
Spanning Tree clear Commands

clear spantree root
clear spantree statistics

clear spantree uplinkfast
clear spantree portvlancost

clear spantree portvlanpri
Spanning Tree.
46
Spanning Tree clear Commands Caveats

clear spantree root restores the default values for bridge priority, max age, fwd delay and hello time clear spantree uplinkfast restores the default for bridge priority, portcost, and portvlancost clear spantree portvlancost (portvlanpri) restores the default value (which is equal to portcost/portpriority)
Spanning Tree.
47
Spanning Tree show Commands

show spantree [vlan] [active] show spantree <mod_num/port_num>
show spantree statistics <port_num/port_num> <vlan>

show spantree blockedports [vlan] show spantree summary show spantree uplinkfast
show spantree backbonefast

Spanning Tree.
48
PVST
PVST Per-VLAN Spanning Tree
Developed around ISL

Maintains a spantree for each active VLAN All current Catalyst switches support PVST
For details, see Cisco VLAN Architecture (ENG-6197)
Spanning Tree.
49
PVST+
PVST+ Per-VLAN Spanning Tree Plus Developed to accommodate the IEEE 802.1Q standard for VLAN trunking PVST+ maintains a per-VLAN spantree for both 802.1Q and ISL PVST+ can interoperate with MST domains (3rd party) while maintaining a PVST for 802.1Q and/or ISL (no config required)
For more info, see An Engineering Guide to IEEE 802.1Q and IEEE 802.1p (ENG-18215)
Spanning Tree.
50
MST
MST Mono Spanning Tree
IEEE 802.1Q describes a Mono Spanning Tree (MST) a single spantree dictates the topology for all VLANs
Spanning Tree.
51
PVST/PVST+/MST Interoperation
To interoperate with 3rd party 802.1Q-capable devices, use the set trunk mod/port nonegotiate dot1q command All Cisco PVST+ connections to the MST region must be through 802.1q trunks PVST and PVST+ regions can communicate over ISL trunk links MST and PVST+ regions can connect over an 802.1q trunk
Spanning Tree.
52
PVST/PVST+/MST Interoperation
Two techniques to provide transparent STP support across the different types of regions:
Mapping Used between PVST and PVST+ regions; each spantree in the PVST region maps to a spantree in PVST+ region on a one-to-one basis Tunneling Used between MST and PVST+ regions; implements a combination of mapping and tunneling
Spanning Tree.
53
Tunneling PVST+ Through MST

The single spantree used in the MST region maps to a single spantree in the PVST+ region
This spanning tree is referred to as the Common Spanning Tree (CST) and consists of a single spantree combining the MST and the native VLAN spantree of the PVST+ device (VLAN 1 by default) Cisco switches send BPDUs on the CST to the reserved IEEE 802.1D multicast MAC address 01-80-C2-00-00-00
Spanning Tree.
54
Tunneling PVST+ Through MST

The per-VLAN spantrees in the PVST+ region are tunnelled through the MST region
Cisco switches send BPDUs on non-native VLANs to the reserved Shared Spanning Tree (SSTP) multicast MAC address 01-00-0C-CC-CC-CD 3rd party devices in the MST region do not recognize this multicast address and flood the BPDUs throughout the MST region (constrained by VLAN), allowing them to reach other PVST+ devices connected to the MST region
Spanning Tree.
55
VLAN Load Balancing
Used to load share traffic across redundant links which would otherwise have been unused as the ports would be blocked by spanning tree. Technique is to associate different port costs with different VLANs on a single port.
Spanning Tree.
56
VLAN Load Balancing Operation

(10,10)
BID 16384.0000.0000.0002 BID 16384.0000.0000.0022 S2
L3 S1 L1 (10,10) L2 (10,10) S3
BID 32768.0000.0000.0003 BID 32768.0000.0000.0033
Root (Red, Blue)

BID 8192.0000.0000.0001 BID 8192.0000.0000.0011
Blocked Port (Red, Blue)
Link L1, L2, and L3 are VLAN trunks The port cost is 10 on all ports for all VLANs S1 is the root switch for all VLANs The L1 port on S3 is blocking for all VLANs & therefore cannot carry data traffic
This is because S3s root path cost = 10 on L2 but 10+10=20 on L1+L3
Spanning Tree.
57
VLAN Load Balancing Operation

(10,10)
BID 16384.0000.0000.0002 BID 16384.0000.0000.0022 S2
L3 S1 L1 (10,10) ( L2
Root (Red, Blue)

BID 8192.0000.0000.0001 BID 8192.0000.0000.0011
Blocked Port (Blue)
30,10)
S3
Blocked Port (Red)
BID 32768.0000.0000.0003 BID 32768.0000.0000.0033
If we change the port cost for the Red VLAN to 30 on S3s L2 port, then L2 becomes the blocking link for VLAN Red and L1 becomes the forwarding link for VLAN Red
This is because S3s root path cost = 30 on L2 but only 10+10=20 on L1+L3.
Spanning Tree.
58
PortVlanCost Implementation
Associating a different port cost for different
VLANs for all ports requires too much memory Therefore, we associate all VLANs with one of two possible portcosts (known as portvlancost) Using just two portvlancosts per port and
associating all VLANs with one or the other of these costs, we can load balance VLANs over two
paths
Spanning Tree.
59
VLAN Load Balancing Configuration

To enable VLAN-based load balancing:
set spantree portvlancost <mod/port> [cost <value>] [<preferred vlan list>]
Cost is between 1-65535 The cost value is one less than the current port cost for that port by default If supplied, the value must be lower than the current port cost
Spanning Tree.
60
VLAN Load Balancing Configuration

If the preferred VLAN list is not supplied, the command applies to all VLANs, rendering the command ineffective
Once supplied, new values of cost apply to all previously supplied VLANs and also to newly specified VLANs The portvlancost must be less than the portcost on a port
Spanning Tree.
61
VLAN Load Balancing Examples

Console> (enable) set spantree portvlancost 5/2 Port 5/2 VLANs 1-1005 have path cost 10. no change to default Console> (enable) set spantree portvlancost 5/2 2 Port 5/2 VLANs 1,3-1005 have path cost 10. Port 5/2 VLANs 2 have path cost 9. Console> (enable) set spantree portvlancost 5/2 cost 8 3-6 Port 5/2 VLANs 1,7-1005 have path cost 10. Port 5/2 VLANs 2-6 have path cost 8. Console> (enable) clear spantree portvlancost 5/2 4
Port 5/2 VLANs 1,4,7-1005 have path cost 10.

Port 5/2 VLANs 2-3,5-6 have path cost 8.
Spanning Tree.
62
VLAN Load Balancing A Better Method

(10,10) L3
Root (Red)
BID 8192.0000.0000.0002 S2 BID 16384.0000.0000.0022
S1
L1 (10,10) L2 (10,10) S3
BID 32768.0000.0000.0003 BID 32768.0000.0000.0033
Root (Blue)
BID 16384.0000.0000.0001 BID 8192.0000.0000.0011
Blocked Port (Blue)
Blocked Port (Red)
Simpler configuration: Move the root switch for the Red VLAN to S2
Spanning Tree.
63
Root Bridge Configuration

set spantree root vlans set spantree root secondary vlans
Decreases bridge priority value for specified VLANs to make the switch root for those VLANs (remember, lower is better)
The bridge priority is set to 8192, or 1 less than the current roots priority The secondary keyword hard sets the bridge priority to 16384
To return a VLAN to the default settings, use clear spantree root <VLAN list>
Spanning Tree.
64
Root Bridge Configuration Special Cases

If the current roots bridge priority is already 1, then the command will fail After we become root, there is no guarantee we will remain root
Someone could change the bridge priority on another switch to make that the root switch Someone could change the bridge priority on this switch to make it a nonroot switch
Spanning Tree.
65
Root Bridge Configuration Examples

Console> (enable) set spantree root 1
VLAN 1 bridge priority set to 8192. VLAN 1 bridge max aging time set to 20. VLAN 1 bridge hello time set to 2. VLAN 1 bridge forward delay set to 15. Switch is now the root switch for active VLAN 1. Console> (enable) set spantree root secondary 1 VLAN 1 bridge priority set to 16384. VLAN 1 bridge max aging time set to 20. VLAN 1 bridge hello time set to 2. VLAN 1 bridge forward delay set to 15. Console> (enable)
66
Spanning Tree.
Root Bridge Configuration Advanced Configuration

set spantree root [secondary] vlans [dia network_diameter] [hello hello_time] Allows you to safely tune max age, forward delay and hello time By specifying the network diameter, the switch will determine the most aggressive possible values of the STP parameters to achieve the fastest convergence time Network diameter is defined as the maximum number of switches between any two attachments of end stations The default STP timers assume a network diameter of 7 (the maximum recommended by IEEE)
The switch uses the formula specified in the 802.1D spec to calculate the new values of max age and forward delay
Spanning Tree.
67
Root Bridge Configuration Advanced Examples

Console> (enable) set spantree root 3 dia 5 VLAN 3 bridge priority set to 8192.
VLAN 3 bridge max aging time set to 16.

VLAN 3 bridge hello time set to 2. VLAN 3 bridge forward delay set to 12. Switch is now the root switch for active VLAN 3. Console> (enable) set spantree root 3 dia 3 hello 1 VLAN 3 bridge priority set to 8192. VLAN 3 bridge max aging time set to 7. VLAN 3 bridge hello time set to 1. VLAN 3 bridge forward delay set to 5. Switch is now the root switch for active VLAN 3. Console> (enable)
Spanning Tree.
68
Spanning Tree Enhancements
Spanning Tree.
69
Spanning-Tree PortFast
set spantree portfast <mod/port> <enable|disable>
Causes a switch port to transition to the forwarding state immediately, bypassing the listening & learning states Prevents connectivity issues related to forwarding delay Most common problems are seen with DHCP, IPX GNS, and AppleTalk
Spanning Tree.
70
Spanning-Tree PortFast
Use only on host ports (otherwise, you might open temporary spantree loops) Failsafe if a BPDU is received on the port, transition to listening mode No TCN is generated for state changes on portfast ports
Use in combination with set trunk off and set port channel off (or just use set port host)
Spanning Tree.
71
STP State Machine with PortFast

Disabled
Listening
Blocking
TCN TCN
Learning
PortFast (No TCN!)
Forwarding
Spanning Tree.
72
Spanning-Tree PortFast Example

Console> (enable) set spantree portfast 8/10 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to Use with caution. a fast start port can cause temporary spanning tree loops. Spantree port Port 8/10 Console> (enable) 8/10 fast start enabled. Vlan Port-State 1 connected Cost 3100 Prio Portfast Channel_id 32 enabled 0
Console> (enable) show spantree 8/10 ------------------------ ---- ------------- --------- ---- -------- ----------
Spanning Tree.
73
PortFast BPDU Guard

set spantree portfast bpdu-guard <enable|disable>
Safeguard to make sure rogue bridges are not allowed to connect to the network through host ports If a BPDU is received on a portfast-enabled port, that port is placed in the errdisable state
Works only on portfast-enabled ports Disabled by default If BPDUs stop arriving on the port, the port is reenabled automatically Also works with errdisable-timeout feature
Spanning Tree.
74
PortFast BPDU Guard Example

Console> (enable) set spantree portfast 5/1 enable Warning: Spantree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to Use with caution. a fast start port can cause temporary spanning tree loops. Spantree port 5/1 fast start enabled.
Console> (enable) set spantree portfast bpdu-guard enable
Spantree portfast bpdu-guard enabled on this switch.

Console> (enable) 2001 Jul 12 21:23:10 %SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port. Disabling 5/1 2001 Jul 12 21:23:10 %PAGP-5-PORTFROMSTP:Port 5/1 left bridge port 5/1 Console> (enable) show port status 5/1
Port
5/1
Name
Status
Vlan
Duplex Speed Type

auto auto 10/100BaseTX
----- ------------------ ---------- ---------- ------ ----- -----------errdisable 1 Console> (enable)
Spanning Tree.
75
PortFast BPDU Guard Verifying
Console> (enable) show spantree summary Root switch for vlans: 1-3,5,10,20. Portfast bpdu-guard enabled for bridge. Uplinkfast disabled for bridge. Backbonefast disabled for bridge.
< . . . >
Spanning Tree.
76
Spanning-Tree UplinkFast
Spanning Tree has relatively slow convergence in recovering from faults
At default values, convergence time varies between 30-50 seconds In the wiring closet, the typical design has a redundant link into the distribution/core that is in spantree blocking mode
Spanning Tree.
77
Spanning Tree UplinkFast Operation

When the forwarding port fails, the blocking port directly transitions to forwarding without going through listening & learning states Should be used ONLY in wiring closet/access layer switches Need to have at least one port in forwarding and one port in blocking
Used in conjunction with deterministic setting of root switch

Spanning Tree.
78

Switch transmits dummy multicast packets for each downstream MAC address to upstream switches for MaxAge seconds so that other switches update their CAM tables Dummy multicasts have DA of 01000CCDCDCD and SA of MAC addresses in local CAM table Multicasts sent at the rate of 15 packets per 100 msec, 1% of the load of a 10Mbps Ethernet (a conservative value) The rate limit prevents excessive flooding when many access switches change root port The value of rate is also limited by the power of the CPU on the switch. A Cat 5000 Supervisor 1 does not have enough power to go well above the default rate It is better to be conservative in choosing this value and preventing excessive flooding when a distribution switch dies which will affect many wiring closet switches
Spanning Tree.
79

When the failed link is restored, the port on the uplinkfast switch goes directly to forwarding state However, the upstream switch still transitions through listening & learning states Therefore, we delay the selection of a recovered port as the root port until 2*forward_delay + 5 seconds has elapsed, allowing the connected switch to transition the port to the forwarding state
Spanning Tree.
80
Spanning Tree UplinkFast Configuration

set spantree uplinkfast <enable> [rate <station_update_rate>] [all-protocols <off|on>]
Increases the bridge priority value on all VLANs to 49152 (so the switch is unlikely to become root)
Increases the portcost of all ports by 3000 (so the switch is unlikely to be the designated bridge on any segment)
The rate sets the rate of transmission of dummy multicast packets (packets/100 ms) If protocol filtering is enabled upstream, use allprotocols option
Spanning Tree.
81
Spanning Tree UplinkFast Configuration

Bridge priority set very high to reduce chance of being the root 6509> (enable) set spantree uplinkfast enable VLANs 1-1005 bridge priority set to 49152. 3000 is added to all port The port cost and portvlancost of all ports set to above 3000. costs to prevent ports from Station update rate set to 15 packets/100ms. becoming designated ports uplinkfast all-protocols field set to off. uplinkfast enabled for bridge. 6509> (enable) Station update rate set to 15 packets/100ms. Can be adjusted upto 32000 pkts/100ms! Be careful!
All-protocols field set to off. Turn on if protocol filtering is enabled on uplink switch but not on this switch
Spanning Tree.
82
Spanning Tree UplinkFast Verifying

Console> (enable) show spantree summary MAC address reduction: disabled Root switch for vlans: 1. Portfast bpdu-guard disabled for bridge.
Uplinkfast enabled for bridge.

Backbonefast disabled for bridge. < . . . > UplinkFast statistics
-------------------Number of transitions via uplinkFast (all VLANs) Console> (enable) : 10 Number of proxy multicast addresses transmitted (all VLANs) : 4234
Spanning Tree.
83

Console> (enable) show spantree uplinkfast Station update rate set to 15 packets/100ms.
uplinkfast all-protocols field set to off.

VLAN 1 port list 4/1(fwd),4/2,5/3 ------------------------------------------------------
2
7
4/1(fwd), 5/4
5/1(fwd)
Example above indicates that :
Vlan 1 has 4/1 as root port, 4/2 and 5/3 as redundant root ports
Vlan 2 has 4/1 as root port, but only one redundant port, 5/4 Vlan 7 has 5/1 as the root port and no redundant ports
Spanning Tree.
84

If you want to disable uplinkfast, use the set spantree uplinkfast disable command. Use the clear spantree uplinkfast command to return to defaults:
At this point, bridge priority and 6509> (enable) set spantree uplinkfast disable port uplinkfast disabled for bridge. costs are still artificially high; we Use clear spantree uplinkfast to return stp parameters to default. just wont switchover to blocked 6509> (enable) clear spantree uplinkfast uplink and send dummy This command will cause all portcosts, portvlancosts, and the multicasts if there is a failure bridge priority on all vlans to be set to default. Do you want to continue VLANs 1-1005 bridge priority set to 32768. (y/n) [n]? y The port cost of all bridge ports set to default value. The portvlancost of all bridge ports set to default value. uplinkfast all-protocols field set to off. uplinkfast disabled for bridge. Bridge priority and port costs 6509> (enable) are returned to default (will overwrite any manual tuning performed after set spantree uplinkfast enable)
Spanning Tree.
85
Spanning Tree BackboneFast

At default values, convergence time on an indirect link failure takes 50 seconds BackboneFast detects indirect link failures and recovers in ~30 seconds
Spanning Tree.
86
Direct vs. Indirect Link Failure
These switches see link down
X
These switches do not see a link down
Spanning Tree.
87
Indirect Link Failure Without BackboneFast

Root
X
B
Blocking
1. 2. 3. 4. 5. 6.
7.
Link between A & B fails B detects link failure and send out BPDU claiming to be root C ignores B and MaxAges BPDU on blocked port toward B (20 seconds) MaxAge expires and C transmits a BPDU toward B B receives superior BPDU from C and establishes root port C transitions the port toward B through listening (15 seconds) and learning (15 seconds) C transitions the port toward B into forwarding and begins sending traffic Convergence time = MaxAge + (2 * FwdDelay) = 50 sec
Spanning Tree.
88
Inferior BPDUs
If the switch receives an inferior BPDU from the designated bridge, we know that the designated bridge has either:
1. Lost the root
Root
2. Or, its root path cost has increased above ours
Root
Spanning Tree.
89
Spanning Tree BackboneFast Operation

In IEEE 802.1D, an inferior BPDU is discarded With BackboneFast, the switch tracks inferior BPDUs
We compare inferior BPDUs to the stored BPDU to determine if there has been an indirect link failure
Only inferior BPDUs sent by the designated bridge are tracked (i.e., inferior BPDUs sent with the same BID as the stored BPDU)
If a newly inserted bridge starts sending inferior BPDUs, it will not trigger the BackboneFast feature
Spanning Tree.
90
BackboneFast Root Link Query

BackboneFast implements a new PDU, the Root Link Query (RLQ)
When a BackboneFast switch receives an inferior BPDU from the designated bridge on a blocked port, an RLQ is sent toward the root If the root is still active, it responds to the RLQ confirming it is active The originating switchs BID is included in the RLQ PDUs so when the switch receives a reply to its own query, it doesnt flood the response on its designated ports The RLQ PDU has the same packet structure as a normal spanning-tree BPDU, but we use two different Cisco-specific SNAP addresses, one for the request and one for the reply
Spanning Tree.
91
Indirect Link Failure With BackboneFast

Root
X
B
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Blocking
Link between A & B fails B detects link failure and send out BPDU claiming to be root C detects possible indirect failure, sends RLQ toward root D forwards RLQ on the root port A receives the RLQ & sends a response D floods the response on all designated ports C receives the response and expires the BPDU on the port toward B (skips MaxAge) B receives superior BPDU from C and establishes root port C transitions the port toward B through listening (15 seconds) and learning (15 seconds) C transitions the port toward B into forwarding and begins sending traffic Convergence time = (2 * FwdDelay) = 30 sec
Spanning Tree.
92
Spanning Tree BackboneFast Configuration

set spantree backbonefast <enable|disable>
Enable BackboneFast on all switches in the network (access, distribution, core)

Console> (enable) set spantree backbonefast enable Backbonefast enabled for all VLANs. Console> (enable)
Verify the configuration:

Console> (enable) show spantree backbonefast Backbonefast is enabled. Console> (enable)
Spanning Tree.
93
Spanning Tree BackboneFast Verifying

Console> (enable) show spantree summary MAC address reduction: disabled Root switch for vlans: 1. Portfast bpdu-guard disabled for bridge. Uplinkfast enabled for bridge. Backbonefast enabled for bridge. < . . . > BackboneFast statistics ----------------------Number of transitions via backboneFast (all VLANS) : 0 Number of inferior BPDUs received (all VLANs) Number of RLQ req PDUs received (all VLANs) Number of RLQ res PDUs received (all VLANs) Number of RLQ req PDUs transmitted (all VLANs) Number of RLQ res PDUs transmitted (all VLANs) Console> (enable)
Spanning Tree.
: 0 : 0 : 0 : 0 : 0
94
Spanning Tree Root Guard

The problem: Customers switch becomes root for the ISPs switched network
Root
Spanning Tree.
95
Spanning Tree Root Guard

The solution: ISP uses spanning tree Root Guard
Root
Spanning Tree.
96
Spanning Tree Root Guard Configuration

set spantree guard root <mod/port>
Define a perimeter within which you want the root to remain by enabling rootguard on each perimeter port Root guard can be enabled per port, not per port per VLAN Verifies that the port is the designated port for the segment If a superior BPDU is received: The port moves to the root-inconsistent state The BPDU is dropped
Spanning Tree.
97
Spanning Tree Root Guard Operation

Disconnects switches claiming to be root Prevents superior BPDUs from passing through the defined perimeter The ISP spanning-tree topology is not affected If the port stops receiving superior BPDUs, it leaves the root-inconsistent state after a max age
Spanning Tree.
98
Spanning Tree Root Guard Example
Console> (enable) set spantree guard root 1/1 Rootguard on port 1/1 is enabled. Console> (enable) 2001 Jun 15 07:04:15 %SPANTREE-2ROOTGUARDBLOCK:Port 1/1 tried to become nondesignated in VLAN 1. Moved to root-inconsistent state
Spanning Tree.
99
Spanning Tree Root Guard Verification
Console> (enable) show spantree guard Port 1/1 1/2 8/1 VLAN Port-State 1 1 1 root-inconsis forwarding not-connected Guard Type root root none ------------------------ ---- ------------- ----------
Spanning Tree.
100
Spanning Tree Troubleshooting
Spanning Tree.
101
What Causes Loops?

1) Configuration problems Spantree disabled Spantree enabled on some switches but not on others Bridging VLANs together Speed/duplex mismatches Portfast enabled on ports connected to hubs or switches Router, multiport NIC, configured for bridging
Using different spantree protocols within the same VLAN

Misconfigured or buggy trunk- or channel-capable NIC Loops with hubs or switches Port channeling misconfiguration
Spanning Tree.
102
What Causes Loops?
2) Design issues
Too large of a switched network

Bridging over the WAN (delay problems)
Spanning Tree.
103
What Causes Loops?
3) Software issues Software bugs

Forwarding traffic across blocked ports
UplinkFast/BackboneFast Etc.
Loss of management communication to line cards
Spanning Tree.
104
What Causes Loops?

4) Hardware Issues Layer one links that are bad (i.e. CRCs, other input errors)
Unidirectional links
Data corruption (BPDUs dropped) Port Stuck (BPDUs dropped) NMP stops listening to spanning-tree (stuck inband) Loss of management communication to line cards
Spanning Tree.
105
Detecting Spanning Tree Loops

1) Network is EXTREMELY slow for all nodes 2) Network outage 3) High system utilization on switch
System Utilization in show system above 20% usually indicates a loop Above 7% indicates possible transitory loop Depends on network traffic and hardware (Cat5000 Sup1 vs. Cat6000 Sup2, etc.)
4) System LED indicators on Switch Utilization Bar 5) High Amount of In-lost and Out-lost on show mac 6) MLS: TOO MANY MOVES appearing on console and log (Cat5000 only) 7) HSRP, OSPF, etc report duplicate IP address 8) Unicast flooding
Spanning Tree.
106
Detecting Spanning Tree Loops

Check spantree blocked and root ports for errors using show port, show mac & show counters Set up a syslog server and turn on logging for the spantree facility to 6, which will show port transitions through the spantree states (listening, learning, etc.) Use show inband to check for RsrcErrors (BPDU could be dropped if supervisor is unable to process the BPDU) Check to see if you are exceeding spanning tree instances show spantree summary
Spanning Tree.
107
During an Event
Remove redundant Ethernet segments from the network
Start with connections between core switches Begin with EtherChannels, if used Wait for 30-60 seconds for the network to recover before removing another link If the network does not recover, continue methodically removing redundancy until the network stabilizes
Avoid rebooting or powering off switches

If you do this youll lose the logging buffer & spantree stats on the switch
Syslog to a server cannot necessarily be trusted during a network failure

Spanning Tree.
108
Finding the Smoking Gun

Use show system to find switches with high backplane utilization Use show mac and look for large amounts of broadcast/multicast received & transmitted Use show spantree statistics to follow the problem through the network On the root, check the topology change initiator to see which bridge last generated a TCN Look for msg age expiry count on blocked ports to see whether we expired a BPDU on the port (MaxAge was reached) Look for tcn bpdu's xmitted to see whether a bridge sent many TCNs Look for forward trans count to see how many times the port transitioned into the forwarding state
Spanning Tree.
109
Preparing for the Next Time
Take proactive measures (perform these tasks prior to having another event)
Turn spantree logging level on the switches to 6 (set logging level spantree 6 default) to see state transitions & TCNs (also, log to a server)
On switches running IOS, use debug spanning events Enter clear counters on all switches
Spanning Tree.
110
Finding the Root

Verify the location of the root
The customer might have failed to deterministically set the root

The root might have moved due to a new bridge in the network, or a bridge priority change
The bridge ID of the root bridge
esc-cat6500-a> (enable) show spantree 5 VLAN 5 Spanning tree enabled Spanning tree type ieee Designated Root 00-d0-06-26-f4-04 Designated Root Priority 8192 Designated Root Cost 3 Designated Root Port 2/1-2 (agPort 13/33) Root Max Age 20 sec Hello Time 2 sec Forward Delay Bridge ID MAC ADDR 00-d0-bb-01-30-04 Bridge ID Priority 32768 Bridge Max Age 20 sec Hello Time 2 sec Forward Delay Port Vlan Port-State Cost Priority ------------------------ ---- ------------- ----- -------2/1-2 5 forwarding 3 32 15/1 5 forwarding 4 32
Root port (port to get to root bridge) 15 sec
15 sec Portfast ---------disabled enabled
Channel_id ---------801 0
Spanning Tree.
111
Finding the Root

esc-6500-b> (enable) show spantree 5 VLAN 5 Spanning tree enabled Spanning tree type ieee Designated Root 00-d0-06-26-f4-04 Designated Root Priority 8192 Designated Root Cost 0 Designated Root Port 1/0 Root Max Age 20 sec Hello Time 2 sec Forward Delay Bridge ID MAC ADDR 00-d0-06-26-f4-04 Bridge ID Priority 8192 Bridge Max Age 20 sec Hello Time 2 sec Forward Delay Port Vlan Port-State Cost Priority ------------------------ ---- ------------- ----- -------4/1-2 5 forwarding 3 32
Designated root cost on the root is always 0 RootID and BID will match on the root bridge
15 sec
15 sec Portfast Channel_id ---------- ---------disabled 865
esc-6500-b> (enable) show spantree summary Root switch for vlans: 4-10.
In 5.4 and later, use show spantree summary to see for which VLANs the switch is root
Spanning Tree.
112
Finding Active and Blocked Ports

esc-6500-b> (enable) show spantree summary < . . . > Summary of connected spanning tree ports by vlan Vlan Blocking Listening Learning Forwarding STP Active ----- -------- --------- -------- ---------- ---------1 2 0 0 4 6 4 0 0 0 2 2 5 0 0 0 6 6 6 0 0 0 4 4 7 0 0 0 4 4 8 0 0 0 4 4 9 0 0 0 4 4 10 0 0 0 4 4 Blocking Listening Learning Forwarding STP Active ----- -------- --------- -------- ---------- ---------Total 2 0 0 32 34 < . . . >
Total ports in the spanning tree (do not exceed limits specified for your supervisor engine in the Release Notes
Total blocking ports on the switch
Spanning Tree.
113
Viewing Blocked Ports
esc-6500-b> (enable) show spantree blocked T = trunk g = group Ports Vlans Ports 8/23 and 8/24 are -------------blocking for VLAN 1 8/23 (T) 1 8/24 (T) 1 Number of blocked ports (segments) in the system : 2
Spanning Tree.
114
Monitoring Blocked & Root Ports

Blocked & root ports should receive BPDUs every 2 seconds
Monitor blocked and root ports to see if they are receiving config BPDUs every 2 seconds Check for errors on blocked or root ports, which might cause a blocked port to transition out of blocking mode, or a root bridge change
esc-6500-b> (enable) show spantree stat 8/23 1 Port 8/23 VLAN 1 SpanningTree enabled for vlanNo = 1 BPDU-related parameters port spanning tree enabled state blocking port_id 0x836c port number 0x36c path cost 12 message age (port/VLAN) 3(20) designated_root 00-30-94-93-e5-80 designated_cost 19 designated_bridge 00-50-53-59-a0-00 designated_port 0x8001 top_change_ack FALSE config_pending FALSE port_inconsistency none PORT based information & statistics config bpdu's xmitted (port/VLAN) 36(698871) config bpdu's received (port/VLAN) 215843(608891) tcn bpdu's xmitted (port/VLAN) 0(7)
Ports 8/23 is blocking for VLAN 1
Make sure the config bpdus received counter is incrementing on the port approximately every 2 seconds
Spanning Tree.
115
Monitoring Blocked & Root Ports

If BPDUs are not being received every 2 seconds (or at all) on the port, check for errors using:
show port counters Check for Layer 1 errors (Align, FCS, etc.)
show mac Make sure the Rcv-Multicast counter is incrementing; make sure the In-Discard counter is not incrementing
show counters Check for any errors on the receive side

show inband Look for RsrcErrors show cam system Make sure 01-80-c2-00-00-00 (IEEE 802.1d BPDU MAC) is listed as a system entry for the VLAN
Spanning Tree.
116
Monitoring Spanning Tree

Console> (enable) show spantree 3/47 Port Vlan Port-State Cost Priority Portfast Channel_id ------------------------ ---- ------------- ----- -------- ---------- ---------3/47 1 blocking 3019 32 disabled 0 3/47 2 blocking 3019 32 disabled 0 3/47 3 blocking 3019 32 disabled 0 3/47 4 forwarding 3019 32 disabled 0 3/47 5 forwarding 3019 32 disabled 0 3/47 6 forwarding 3019 32 disabled 0 3/47 10 forwarding 3019 32 disabled 0 3/47 11 forwarding 3019 32 disabled 0 Console> (enable) show spantree 3 active VLAN 3 Spanning tree enabled Spanning tree type ieee Designated Root 00-50-80-39-ee-42 Designated Root Priority 32768 Designated Root Cost 3019 Designated Root Port 3/48 Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Bridge ID MAC ADDR Bridge ID Priority Bridge Max Age 20 sec Port -----------------------3/47 3/48 4/1-4
Spanning Tree.
00-d0-00-3f-a0-02 49152 Hello Time 2 sec Forward Delay 15 sec Vlan ---3 3 3 Port-State Cost Priority Portfast Channel_id ------------- ----- -------- ---------- ---------blocking 3019 32 disabled 0 forwarding 3019 32 disabled 0 forwarding 3002 32 disabled 865
117

Console> (enable) show spantree statistics 3/47 3 Port 3/47 VLAN 3 SpanningTree enabled for vlanNo = 3 BPDU-related parameters port spanning tree enabled state blocking port_id 0x80af port number 0xaf path cost 3019 message age (port/VLAN) 0(20) designated_root 00-50-80-39-ee-42 designated_cost 0 designated_bridge 00-50-80-39-ee-42 designated_port 0x8026 top_change_ack FALSE config_pending FALSE port_inconsistency none PORT based information & statistics config bpdu's xmitted (port/VLAN) config bpdu's received (port/VLAN) tcn bpdu's xmitted (port/VLAN) tcn bpdu's received (port/VLAN) forward trans count scp failure count
Spanning Tree.
Spanning-tree port state
Config BPDU stats for port & VLAN TCN BPDU stats for port & VLAN
2(127624) 51(3124) 0(65) 0(36) 0 0
Number of times the port transitioned to forwarding mode
118

[continued] VLAN based information & statistics spanningtree type spanningtree multicast address bridge priority bridge mac address bridge hello time bridge forward delay topology change initiator: last topology change occured: topology change topology change time topology change detected topology change count topology change last recvd. from ieee 01-80-c2-00-00-00 49152 00-d0-00-3f-a0-02 2 sec 15 sec 3/48 Thu Jan 20 2000, 23:53:12 FALSE 35 FALSE 63 00-d0-79-09-60-5d
Port on which TCN was last received
Time of last TCN
Total topology change count
Other port-specific info dynamic max age transitions 0 port bpdu ok count 0 msg age expiry count 0 link loading 1 bpdu in processing FALSE num of similar bpdus to process 0 received_inferior_bpdu FALSE next state 4
BID that sourced the last TCN
Number of times the stored BPDU expired
Spanning Tree.
119
References
Cisco Press Cisco LAN Switching book, two chapters on Spanning Tree
Troubleshooting Spanning-Tree Protocol and Related Design Considerations
http://www.cisco.com/warp/customer/473/16.html
Bridge Loop Troubleshooting:

http://www-tac.cisco.com/Support_Library/ Internetworking/ Spanning_Tree/span.html
Spanning Tree.
120
121

STP

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

STP

Uploaded by

Copyright:

Available Formats

Spanning Tree Protocol

2000, Cisco Systems, Inc.

Spanning Tree Basics

Spanning Tree Concepts

2000, Cisco Systems, Inc.

2000, Cisco Systems, Inc.

Spanning Tree Protocol

2000, Cisco Systems, Inc.

Spanning Tree Protocol Basics

2000, Cisco Systems, Inc.

Spanning Tree Protocol Basics

2000, Cisco Systems, Inc.

Spanning Tree Protocol Basics

2000, Cisco Systems, Inc.

2000, Cisco Systems, Inc.

Four-Step Decision-Making Sequence

3. Lowest Sender BID

Spanning Tree Terminology

Network parameters Hello interval Forward delay

Spanning Tree Terminology

Designated bridge for segment 3

2000, Cisco Systems, Inc.

Initial STP Convergence

2000, Cisco Systems, Inc.

Spanning Tree Root Bridge

Election process to determine root

2000, Cisco Systems, Inc.

Spanning Tree Root Bridge Election

Spanning Tree Root Port

Port state on a root port is never blocking

Spanning Tree Designated Bridge

Spanning Tree Designated Bridge Election

2000, Cisco Systems, Inc.

Spanning Tree Designated Port

2000, Cisco Systems, Inc.

Spanning Tree Non-Designated Port

2000, Cisco Systems, Inc.

Spanning Tree Port States

STP State Machine

2000, Cisco Systems, Inc.

Spanning Tree Configuration Parameters

2000, Cisco Systems, Inc.

Spanning Tree Hello Interval

2000, Cisco Systems, Inc.

Spanning Tree Forward Delay

Spanning Tree Max Age

The amount of time a bridge stores a BPDU on a port before discarding it

Most important to blocked port state Twenty seconds by default

2000, Cisco Systems, Inc.

Spanning Tree Bridge Priority

2000, Cisco Systems, Inc.

Spanning Tree Port Cost

2000, Cisco Systems, Inc.

Spanning Tree Port Priority

2000, Cisco Systems, Inc.

2000, Cisco Systems, Inc.

Configuration BPDU Parameters

2000, Cisco Systems, Inc.

IEEE 802.1d Config BPDU Frame Format

Root Path Cost

0x00 = Config BPDU

2 byte priority 6 byte ID (MAC address)

2 byte priority 6 byte ID (MAC address)

2000, Cisco Systems, Inc.