Cisco Networking Academy
advertisement
CCNP3 v5 – Chapter 3
Cisco Networking Academy
Implementing Spanning Tree
Transparent bridges
– A switch has the same characteristics as a
transparent bridge
• It must not modify the frames that are forwarded
• It learns addresses by listening on a port for the
source address of a device
• It forwards broadcasts out all ports,
except for the port that initially
received the broadcast
• If the destination address is unknown
to the bridge, it forwards the frame
out all ports, except for the port that
initially received the broadcast
1
Bridging Loops
– Loops may occur in a network for a variety of
reasons
• Usually loops in networks are the result of a deliberate
attempt to provide redundancy
• Can also occur by configuration error
– Two primary reasons loops can be absolutely disastrous in a
bridged network:
. broadcast loops
. bridge-table corruption
L2 Loops - Flooded unicast frames
Where’s
Host B?
FLOOD
And the floods continue
Where’s
Host B?
FLOOD
Uh oh.
Removed from the network
– L2 frame doesn’t have a TTL field
2
Preventing loops in a L2 network
– The Spanning-Tree Protocol (STP) is a loopprevention protocol
• allows bridges/switches to communicate with
each other to discover physical loops in the
network
• specifies an algorithm that bridges can use to
create a loop-free logical topology
– Spanning-Tree Algorithm 802.1D
• It relies on a set of parameters to make decisions
– Ex: Bridge ID (BID), Path cost, Port ID…
802.1D Spanning Tree Protocol
– Mechanism for switches to reconfigure the paths
over which they forward frames
– Forwards traffic over specific ports and disables
other ports to avoid frames from being sent
repeatedly or in a loop
• Exchange of BPDU messages between adjacent switches
• A single “root bridge” is elected
• Each switch determines a ‘root port’
• On a link between two non-root switch ports, a port of one
switch will become a designated port, and the port on the
other switch will be in a blocking state
• Any port state change on any switch is considered a
network topology change
3
BPDUs
– Bridges pass ST information between themselves
using bridge protocol data units (BPDUs)
– Root ID, Cost of path, Bridge ID, Port ID, STP timer values
• A bridge uses the four-step decision sequence to save a
copy of the "best" BPDU seen on every port.
– it considers all the BPDUs received on the port as well as the
BPDU that would be sent on that port.
. As every BPDU arrives, it is checked to see if it is more
attractive than the existing BPDU saved for that port.
. If the new BPDU (or the locally generated BPDU) is more
attractive, the old value is replaced.
BPDUs are switch-to-switch traffic; they do not carry end-user traffic.
Bridge Identification (BID)
– Used to determine the center of the bridged network
– 8-byte field composed of two subfields
• The high-order BID subfield is the bridge priority
• Extended system ID VLAN ID for PVST
• The low-order subfield is the switch 6-byte MAC address
– It is expressed in the usual hexadecimal (base 16) format
Key point lower costs are better
4
Path Cost
– Sum of the costs of the links in a path between 2
bridges
– Originally:
• 1000Mbps/BW in Mbps
– Problems with Gbps
• Changes
– Lower costs are better
Bridges use the concept of cost to evaluate how close they are to other bridges.
Port ID
– 16-bit field composed of two subfields:
– Port priority (8 bits):
• Configurable parameter
• 0 – 255 (Default 128)
– Port Number (8 bits)
• Numerical identifiers used by Catalyst switches
– 1st: Port priority comparison
– Lower Port ID is preferred
5
STP Decision Sequence
– Spanning Tree always uses the same four-step
decision sequence:
• Lowest root BID
• Lowest path cost to root bridge
• Lowest sender BID
• Lowest port ID
Initial STP Convergence
– When the network first starts, all the bridges flood
the network with a mix of BPDU information.
– They apply the four-step decision sequence
• allowing them to hone in on the set of BPDUs that form a
single spanning tree for the entire network
– To build a loop-free topology:
(Step 1) A single root bridge is elected to act as the central point of this network
(Step 2) All the remaining bridges calculate a set of root ports
(Step 3) All the remaining bridges calculate a set of designated ports
6
Electing the Root Bridge
– The switches elect a single root bridge by looking
for the bridge with the lowest BID
– At the beginning, all bridges assume they are the
center of the universe and declare themselves as the
Root Bridge, by placing its own BID in the Root
BID field of the BPDU
– If all bridges are using the default bridge priority of
32,768, the lowest MAC address serves as the tiebreaker.
STP Convergence
Step 1 Elect one Root Bridge
Cat-A has the lowest Bridge MAC Address, so it wins the Root War!
All 3 switches have the same default Bridge Priority value of 32,768
7
Step 2 Electing the Root Ports
– Every non-root bridge must select one root port.
• The root port of a bridge is the port that is closest to the
root bridge.
• The root path cost is the cumulative cost of all links to
the root bridge.
Remember: STP costs are incremented as BPDUs are received on a
port, not as they are sent out a port.
Root
Bridge
Cost=19
1/1
1/2
Cost=19
Cat-A
1/1
BPDU
BPDU
Cost=0
Cost=0
BPDU
BPDU
Cost=0+19=19
Cost=0+19=19
Cat-B
1/1
Cat-C
1/2
1/2
Cost=19
Step 1
•
Cat-A sends out BPDUs, containing a Root Path Cost of 0.
•
Cat-B receives these BPDUs and adds the Path Cost of Port 1/1 to the
Root Path Cost contained in the BPDU.
Step 2
•
Cat-B add Root Path Cost 0 PLUS its Port 1/1 cost of 19 = 19
8
Root
Bridge
Cost=19
1/1
1/2
Cost=19
Cat-A
1/1
BPDU
BPDU
Cost=0
Cost=0
BPDU
BPDU
Cost=19
Cost=19
Cat-B
1/2
BPDU
1/1
Cat-C
BPDU
BPDU
Cost=19
Cost=19
1/2
BPDU
Cost=38 (19=19)
Cost=38 (19=19)
Cost=19
Step 3
•
Cat-B uses this value of 19 internally and sends BPDUs with a Root
Path Cost of 19 out Port 1/2.
Step 4
•
Cat-C receives the BPDU from Cat-B, and increased the Root Path
Cost to 38 (19+19). (Same with Cat-C sending to Cat-B.)
Root
Bridge
Cost=19
1/1
1/2
Cost=19
Cat-A
Root Port
1/1
BPDU
BPDU
Cost=0
Cost=0
BPDU
BPDU
Cost=19
Cost=19
Cat-B
1/1
Root Port
Cat-C
1/2
1/2
BPDU
BPDU
Cost=38 (19=19)
Cost=38 (19=19)
Step 5
Cost=19
•
Cat-B calculates that it can reach the Root Bridge at a cost of 19 via
Port 1/1 as opposed to a cost of 38 via Port 1/2.
•
Port 1/1 becomes the Root Port for Cat-B, the port closest to the Root
Bridge.
•
Cat-C goes through a similar calculation. Note: Both Cat-B:1/2 and CatC:1/2 save the best BPDU of 19 (its own).
9
STP Convergence
Step 3 Elect Designated Ports
• The loop prevention part becomes evident during this
step, electing designated ports
• Designated Port
– the single bridge port that both sends and receives traffic
to and from that segment and the Root Bridge
– Chosen based on cumulative Root Path Cost to the Root
Bridge
• Each segment in a bridged network has one Designated
Port
• The switch containing the Designated Port is referred to
as the Designated Bridge for that segment.
• Every active port on the root bridge becomes a
designated port
Root Path Cost = 0
Cost=19
Root
Bridge
1/1
Segment 1
Root Path Cost = 0
1/2
Cost=19
Segment 2
Cat-A
Root Path Cost = 19
1/1
Root Path Cost = 19
Root Port
1/1
Root Port
Cat-B
Cat-C
1/2
1/2
Root Path Cost = 19
Root Path Cost = 19
Segment 3
Cost=19
•
Segment 1: Cat-A:1/1 has a Root Path Cost = 0 (after all it is the Root
Bridge) and Cat-B:1/1 has a Root Path Cost = 19.
•
Segment 2: Cat-A:1/2 has a Root Path Cost = 0 (after all it is the Root
Bridge) and Cat-C:1/1 has a Root Path Cost = 19.
•
Segment 3: Cat-B:1/2 has a Root Path Cost = 19 and Cat-C:1/2 has a
Root Path Cost = 19. It’s a tie!
10
Root
Bridge
Root Path Cost = 0
Cost=19
Root Path Cost = 0
1/1
1/2
Segment 1
Cost=19
Segment 2
Cat-A
Designated Port
Designated Port
Root Path Cost = 19
Root Path Cost = 19
1/1
Root Port
1/1
Root Port
Cat-B
Cat-C
1/2
1/2
Root Path Cost = 19
Root Path Cost = 19
Segment 3
Cost=19
Segment 1
•
Because Cat-A:1/1 has the lower Root Path Cost it becomes the
Designate Port for Segment 1.
Segment 2
•
Because Cat-A:1/2 has the lower Root Path Cost it becomes the
Designate Port for Segment 2.
Root
Bridge
Root Path Cost = 0
Cost=19
Root Path Cost = 0
1/1
1/2
Segment 1
Cost=19
Segment 2
Cat-A
Designated Port
Designated Port
Root Path Cost = 19
1/1
Root Path Cost = 19
Root Port
1/1
Root Port
Cat-B
Cat-C
1/2
1/2
Root Path Cost = 19
Root Path Cost = 19
Segment 3
Cost=19
Segment 3
•
Both Cat-B and Cat-C have a Root Path Cost of 19, a tie!
•
When faced with a tie (or any other determination) STP always uses
the four-step decision process:
1. Lowest Root BID;
2. Lowest Path Cost to Root Bridge;
3. Lowest Sender BID; 4. Lowest Port ID
11
Root Path Cost = 0
Cost=19
Root
Bridge
Root Path Cost = 0
1/1
Segment 1
1/2
Cost=19
Segment 2
Cat-A
Designated Port
Designated Port
Root Path Cost = 19
Root Path Cost = 19
1/1
Root Port
Cat-B
1/2
1/1
Root Port
32,768.CC-CC-CC-CC-CC-CC
32,768.BB-BB-BB-BB-BB-BB
Root Path Cost = 19
Cat-C
1/2
Root Path Cost = 19
Designated Port Segment 3 Non-Designated Port
Cost=19
Segment 3 (continued)
•
1) All three switches agree that Cat-A is the Root Bridge, so this is a tie.
•
2) Root Path Cost for both is 19, also a tie.
•
3) The sender’s BID is lower on Cat-B, than Cat-C, so Cat-B:1/2 becomes the
Designated Port for Segment 3.
•
Cat-C:1/2 therefore becomes the non-Designated Port for Segment 3.
STP Convergence (Recap.)
(Recap.)
• Recall that switches go through three steps for
their initial convergence:
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
• Also, all STP decisions are based on a the
following predetermined sequence:
FourFour-Step decision Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to Root Bridge
Step 3 - Lowest Sender BID
Step 4 - Lowest Port ID
12
STP States
State
Purpose
Forwarding Sending/Receiving user data
Learning
Building bridging table
Listening
Building “active” topology
Elect Root Bridge, root ports and Designated Ports
Blocking
Receives BPDUs only
Disabled
Administratively down
STP Timers
Timer
Primary Purpose
Default
Hello
Time
Time between sending of configuration
BPDUs by the Root Bridge
2 Secs
Forward
Delay
Duration of Listening/Learning states
15 Secs
Max Age
Time BPDU stored
20 Secs
Forward Delay Timer
•
Default value (15 seconds) assuming
– a maximum network size of seven bridge hops
– a maximum of three lost BPDUs
– a hello-time interval of 2 seconds
•
Determine the length of:
– Listening state
– Learning state
13
Topology Changes
– It can take 30-50 sec. for a network to converge
• During this time, physical addresses that can no longer be reached
are still listed in the switch table
• The switch will attempt to forward frames to devices it cannot reach
– The STP change process requires the switch to clear the
table faster
– If a switch detects a change,
it can send a Topology
Change Notification (TCN)
BPDU out its root port
– The topology change BPDU
is forwarded to the root switch,
and from there, is propagated throughout the network
– TCN does not start a STP recalculation
Backup root bridge
– Switch that assumes the role of the root bridge in the
event that the primary root bridge fails
– It has a priority value lower than the default, but higher
than the primary root bridge
– When the primary root bridge is functioning, the backup
root bridge behaves like any other non-root bridge
– When the primary root bridge fails, the backup root
bridge
• has the lowest priority
• is selected to be the root bridge
14
Configuring switch priority of a VLAN
• to make it more likely that the switch
will be chosen as the root switch
• Most situations
Switch(config)# spanning-tree vlan vlan-id root primary
Switch(config)# spanning-tree vlan vlan-id root secondary
• Also:
• Switch(config-if)# spanning-tree vlan vlan-id priority priority
• Priority: 0-61440 ; default = 32768
• Priority in increments of 4096
STP and VLANs
• Per-VLAN Spanning Tree (PVST):
– Cisco proprietary
– Compatible with 802.1Q and ISL
– Runs a separate instance of STP for every VLAN
• Common Spanning Tree (CST):
– IEEE 802.1D standard
– Runs a single instance of STP for all VLANs
15
STP Enhancements
• Originally, IEEE 802.1D STP standard
convergence in 1 minute was ok
• Cisco has added enhancements to
speed up STP alternate path
selection:
– PortFast
– UplinkFast
– BackboneFast
PortFast
– Designed to optimize switch access ports connected to
end-station devices
– A port enters the Forwarding state immediately
– A port bypasses the Listening and Learning states
• From DISABLED to FORWARDING
– PortFast begins only when the port first initialize
Switch(config-if)#spanning-tree portfast
16
UplinkFast
– Provides fast convergence after a direct link failure
• Accelerates the choice of a new Root Port when a link or switch fails
• allows a blocked port to almost immediately begin forwarding when
the switch detects the failure of the forwarding link
• The Root Port transitions to the
Forwarding state without going
through the Listening and Learning
states
• must have direct knowledge of the
link failure in order to move a
blocked port into a forwarding
state
• It is globally configured and it affects all VLANs
Switch(config)# spanning-tree uplinkfast
[max_update_rate pkts-per-sec]
BackboneFast
• When a root port or a blocked port on a switch receives
inferior BPDUs from its designated bridge
• An inferior BPDU reception means:
– A link to which the switch is not directly connected has failed
– Designated Bridge has lost connectivity to the Root Bridge
2*Forward Delay time = 30 s
S(config)#spanning-tree
backbonefast
Max_age + 2*Forward Delay time = 50 s
17
Rapid Spanning-Tree Protocol
• RSTP IEEE 802.1w
• Evolution of IEEE 802.1D
• Significantly speeds the recalculation of the ST
when a L2 network topology changes
• Incorporates many of the concepts used in the
Cisco-proprietary STP enhancements
– Edge Fast (Cisco PortFast)
– Uplink Fast RSTP (Cisco Uplink Fast)
– Backbone Fast Engine (Cisco Backbone Fast)
• Redefines the base operation of the STP port roles
and states, and the BPDUs
RSTP port states
• Discarding
– In a stable active topology and during topology
synchronization and changes
– It prevents the forwarding of data frames
• Learning
– In a stable active topology and during topology
synchronization and changes
– It accepts data frames to populate the MAC table
• Forwarding
– Only in a stable active topology
– The forwarding switch ports determine
the topology
18
RSTP port roles
•
Root port
– Port receiving the best BPDU
– Assumes the forwarding state
•
Designated port
– Port that sends the best BPDU on the
connected segment
– Only one designated port per segment
•
Alternate port
– port blocked by receiving more useful
BPDUs from another bridge
– Offers an alternate path toward the root
bridge
•
Backup port
– port blocked by receiving more useful
BPDUs from the same bridge it is on
– Additional port on the designated switch with
a redundant link to the segment
•
Disabled port No role in the ST process
RSTP Edge port
• Switch port that will never have a switch connected to
it
• Switch port that immediately transitions to forwarding
• Switch port that functions similar to Cisco PortFast
feature
• An edge port that receives a BPDU
– immediately loses its edge port status
– becomes a normal spanning tree port
– generates a Topology Change Notification (TCN)
19
RSTP Link types
• It provides a categorization for each port in RSTP
• It can predetermine the active role that the port plays
• Two types
– Point-to-point
• Port operating in Full duplex mode
• The port is connected to a single switch device at the other end
– Shared
• Port operating in Half duplex mode
• The port is connected to a shared media where multiple switches
may exist
•
Root ports don’t use the link type parameter
•
Alternate/backup ports don’t usually
use the link type parameter
•
Designated ports use the link
type parameter
802.1w - RSTP BDPUs
•
BPDU Type 2, version 2
•
Legacy bridges drop this BPDU
•
Bridges send a BPDU with current information every
<hello_time> seconds
•
When a bridge receives inferior information from its
designated or Root Bridge, it immediately accepts it and
replaces the one previously stored
•
Protocol information can be immediately aged on a port if
hellos aren’t received for 3*hello times or if max_age timer
expires
•
3 consecutively missed BPDUs indicate loss connectivity
between neighbor switches
20
RSTP Proposal and agreement process
• STA: When a port becomes designated, it waits
2*15sec. before Forwarding State
• RSTP: Designated role in Discarding
or Learning state
– It sets the proposal bit on the BPDUs
it sends out
– Next switch
• P1: new root port
• Starts a sync to prevent switches
below A from causing a loop during
the proposal agreement process
– blocking, edge, designated forwarding ports blocked
• Unblocks new root port
• Replies to the root by sending an agreement message
– The proposal & Agreement process continues on switch A
out of all of its downstream, designated, non-edge ports
RSTP topology change notification process
•
802.1D
– Any port state change generates a TCN
– When a bridge detects a topology change, it sends TCNs
toward the root bridge
– The root bridge sets the TC flag on the outbound BPDUs
– When a bridge receives a BPDU with the TC flag set, it reduces
its bridge-table aging time to forward delay seconds
•
RSTP
– Only non-edge ports moving to the forwarding state cause a TC
– A port moving to the blocking state doesn’t generate a TC BPDU
– The originator of the TC directly floods this information through
the network
– If the port consistently keeps receiving BPDUs that don’t
correspond to the current operating mode for 2*hello time,
the port switches to the mode indicated by the BPDUs
21
RSTP Implementation commands
•
•
•
Spanning tree is enabled on a per-VLAN basis
By default, ST is enabled on all VLANs
If it is needed to reenable it for a particular VLAN
– S(config)#spanning-tree vlan vlan_ID
MST (IEEE 802.1s)
•
Multiple Spanning Tree
•
MST extends the IEEE 802.1w rapid spanning tree (RST)
algorithm to multiple spanning-trees
•
MST groups multiples VLANs in one instance of spanning-tree
•
rapid convergence and load balancing in a VLAN environment
•
MST combines the best aspects from both PVST+ and 802.1Q
•
Cisco implementation backward compatible with
– 802.1D STP
– 802.1w Rapid Spanning-Tree Protocol (RSTP)
– Cisco PVST+ architecture
•
Example:
– VLANs 1-500 using 1 path, and
VLANs 501-1000 using the other path
– Only two ST instances in every switch
– MST converges faster than PVST+ (1000 instances)
22
MST regions
•
802.1Q standard
•
PVST+
– a unique and common instance Common Spanning Tree (CST)
– Different VLANs carry the BPDUs for their respective instance
(one BPDU per VLAN)
•
MST
– Single MST configuration that consist of 3 attributes
• Name
• Revision number
• VLAN association table: VLAN ST instance
– If 2 switches differ on any attribute, they are part of different
regions
– VLAN association table is not sent
– A digest of the VLANs-to-instance mapping table is sent, along
with the revision number and the name
– A port is at the boundary of a region if the designated bridge on
its segment is in a different region or if it receives legacy 802.1D
BPDUs
Extended System ID
• MST uses the 12-bit Extended System
ID field
• The Extended System ID carries the
MST instance number
23
Interacting between MST regions
and 802.1q networks
•
An MST switch must handle at least one Internal Spanning Tree
(IST) = Instance 0
– Provides interaction between MST regions
– Provides compatibility between MST regions and 802.1D, 802.1Q
(CST) and PVST+ networks
•
MST regions appear as a single virtual bridge to the adjacent
CST and MST regions
•
IST connects all the MST switches in the region and any CST
switched domain
•
MST establishes and maintains additional ST within each MSTI
– The IST is numbered 0
– The MSTIs are numbered 1, 2, 3, and so on,
up to 15
– Any MSTI is local to the MST region
– Any MSTI is independent of MSTIs in
another region
Interacting between MST regions
and 802.1q networks
•
MST supports some of the PVST extensions as follows:
– UplinkFast and BackboneFast are not available in MST mode;
they are part of RSTP
– PortFast is supported
– BPDU filter and BPDU guard are supported in MST mode
– Loop guard and root guard are supported in MST
– For PVLANs, you must map a secondary VLAN to the same
instance as the primary
24
Configuring Multiple Spanning Tree
How to verify MST
• To display MST information
– Switch#show spanning-tree mst
• To display MST configuration information
– Switch#show spanning-tree mst configuration
• To display MST specifically
– Switch#show spanning-tree mst X interface
int
• To display detailed MST information
– Switch#show spanning-tree mst X detail
25
Redundant Links
0/2
0/1
Backup
Active
STP will place one of these links in blocking mode.
However, there are two ways you can use both links
to move data at the same time.
1. Port Priority on a per-vlan basis
2. Fast Etherchannel
Redundant Links: Etherchannel
Can we use both of these links together?
bundle
1/1
1/2
Yes. With EtherChannel frames are distributed among
both links, allowing them to work together as a channel.
• Etherchannel:
– Cisco-propietary technology
– Aggregates links into a single logical link
– Incremental trunk speeds from 10Mbs to
16Gbps (Full-duplex)
26
Etherchannel
•
Etherchannel: bond 2, 4 or 8 links
•
Provides
– Very high-bandwidth logical link
– Load balances amongst the physical links involved
– Fault-tolerant links resiliency
– Between routers, switches and servers
•
Uses a load distribution algorithm based on
– the destination MAC address
– XOR on the 2 lowest order bits of the source and destination
MAC address
– MAC, IP addresses, IP +TCP/UDP…
•
2 methods for negotiating bundles:
– Port Aggregation Protocol (PAgP)
– Link Aggregation Control Protocol (LACP)
Port Aggregation Protocol (PAgP)
– Cisco Propietary
– Aids in the automatic creation of EtherChannel links
– PAgP packets are sent between EtherChannel technologycapable ports
– The protocol
• determines correctly paired, bidirectional, point-to-point links
• groups the ports that have the same neighbor device ID and neighbor
group capability into a channel
• adds the channel to Spanning Tree as a single bridge port
• will not form a bundle on ports configured for dynamic VLANs
• requires all ports in the channel
– Have the same speed, duplex setting and VLAN information
– belong to the same VLAN or configured as trunk ports
27
Link Aggregation Control Protocol
(LACP)
• Open-standard: 802.3ad
• Similar to PAgP
• To manage Ethernet channels with non-Cisco
devices conforming to the 802.3ad specification
• To start automatic EtherChannel configuration
with LACP, configure at least one end of the link to
active mode
Configuring Fast EtherChannel
• To enable an L2 EtherChannel bundle
Switch(config)#interface range interface-range
Switch(config-if)# channel-protocol {pagp|lacp}
Switch(config-if)# channel-group group-number
[non-silent] | desirable [non-silent] | on }
mode {auto
• To enable an L3 EtherChannel bundle
Switch(config)#interface port-channel number
Switch(config-if)#no switchport
Switch(config-if)#ip address address mask
Switch(config)#interface interface slot/port
Switch(config-if)# no switchport
Switch(config-if)# channel-group number mode
{auto [non-silent] | desirable [non-silent] | on }
• To verify:
Switch# show etherchannel [channel-group-number] {brief
| detail | load-balance| port | port-channel |
summary}
28
EtherChannel Guidelines
– Use the following guidelines to avoid configuration
problems:
Load balancing in Fast EtherChannel
– Load balancing is applied globally for all EtherChannel
bundles in a switch
– Load balancing can be based on
•
•
•
•
•
•
•
•
•
source MAC address
destination MAC address
source & destination MAC addresses
source IP
destination IP
source & destination IP
source port
destination port
source & destination port
Switch(config)# port-channel load-balance type
29
The End
30
