6 - Spanning Tree Protocol
46
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4-1 Spanning Tree Protocol
-
Upload
ruben-felipe-munguia -
Category
Documents
-
view
224 -
download
4
Transcript of 6 - Spanning Tree Protocol
Spanning Tree Protocol4-*
Builds loop-free paths in redundant Layer 2 networks
Automatically rebuilds tree when topology changes
B
A
Bridge ID: Unique identifier for each switch
Root bridge: Switch with lowest bridge ID
Root port: Port closest to root bridge
Designated bridge: Switch representing the LAN segment
Designated port: Designated bridge’s port on the LAN segment
Bridge protocol data unit (BPDU): Packets used to exchange information between switches
Configuration BPDU
*
Port states:
Listening
Port is transitioning and will be used in active topology
Learning
Port is transitioning, switch is learning MAC addresses
Forwarding
*
Switches exchange BPDUs
Root bridge is elected based on BPDU information
Criterion for election is bridge ID, which includes a configurable priority and a unique identifier
The election process reviews priority first; lowest priority wins
If priority values are the same, unique device identifiers are reviewed; lowest identifier wins
A1 is elected as the root bridge based on BPDU information
A
B
A3
A1
A2
Root
Building a Spanning Tree (2 of 3)
Port role is determined by the least-cost path calculation to the root bridge; port state is determined by the port role
Ports on root bridge assume designated port role and forwarding state
Root ports on nonroot switches are placed in forwarding state
Designated ports on designated bridges are placed in forwarding state
All other ports are placed in blocking state
A
B
A3
A1
A2
Tree is considered fully converged
All traffic flows through the root bridge (A1)
A
B
A1
A2
A3
Root
F
F
F
F
F
F
Steps:
Bridge E sends TCN
continues every 2 seconds until the
TCN ACK is received on the root port
Bridge B acknowledges TCN
Bridge B sends TCN
Bridge A acknowledges TCN
Steps (contd.):
Root bridge sets topology change (TC) flag and sends updated configuration BPDU
Bridges B and C relay TC flag
to downstream switches
table aging timer to equal forwarding delay time
(default: 15 seconds)
*
First defined in IEEE 802.1w; later incorporated into IEEE 802.1D-2004
Convergence improvements include:
Point-to-point link designation
Edge port designation
*
Alternate port:
Blocks traffic while receiving superior BPDUs from neighboring switch
Backup port:
Provides redundant path to a segment (designated switches only)
Blocks traffic while a more preferred port functions as designated port
RSTP continues to use root and designated port roles
(Root)
RSTP Port States
RSTP (802.1D-2004) uses fewer states than STP (802.1D-1998) but has the same functionality
Alternate, backup, and disabled ports
Root and designated ports
Act as keepalives
RSTP bridges send BPDUs every hello time (default of 2 seconds)
Provide faster failure detection
If no BPDU is received within 3 times the hello interval
*
Takes 30 seconds before ports start forwarding traffic
after being enabled
Uses proposal/agreement handshake on point-to-point links instead of timers
Root and edge ports transition to forwarding state immediately
Nonedge-designated ports transition to forwarding state once explicit agreement is received
*
Topology Change Reconvergence
Topology changes occur only when nonedge ports transition to the forwarding state
Port transitions to the discarding state no longer trigger TCN
TCNs are flooded out all designated ports as well as out the root port by the initiator
Switches flush the majority of MAC addresses in the MAC address forwarding table
MAC addresses learned from edge ports are not flushed
*
When an indirect link failure occurs:
Switch A’s root port fails; it assumes it is the new root
Switch B receives inferior BPDUs from Switch A; it moves the alternate port to the designated port role
Switch A receives superior BPDUs, knows it is not the root, and designates the port connecting to Switch B as the
root port
When a direct link failure occurs:
The alternate port transitions to the forwarding state; it assumes the new root port role following the failure of the old root port
Switches running RSTP send MAC flush messages out of the new root port to trigger upstream switches to relearn the MAC addresses
Root
R
R
D
A
STP and RSTP interoperability considerations:
If switch supports only the 802.1D-1998 STP protocol, it discards any RSTP BPDUs received
*
Originally defined in IEEE 802.1s; later merged into IEEE 802.1Q-2003
Provides extensions to RSTP
Separate topology tree for each MSTI
Resource friendly—maps VLANs to one or more instances; provides for load balancing over available links
All links are utilized
F
F
F
*
Multiple Spanning Tree Region
An MST region is a group of switches with the same region name, revision level, and VLAN-to-instance mapping
Max of 64 MSTIs per region
One regional root bridge per instance
Backward compatible with STP and RSTP through common spanning tree (CST)
MST
One root bridge for CST
Each MST region appears as a virtual bridge
Common and internal spanning tree (CIST) extends CST into regions
CST
CST =
Blocking =
B
B
B
STP summary:
STP (802.1D-1998) is used in Layer 2 networks to prevent logical loops
Automated—user selects root switch and STP does the rest
STP is slow to converge and can be difficult to troubleshoot
RSTP (802.1D-2004) reduces link-convergence time to subseconds on point-to-point links
STP and RSTP support a single STP instance
Lacks load-balancing mechanism; creates underutilized links
MSTP (802.1Q-2003) supports up to 64 instances
Overcomes the shortcomings of a single spanning tree
*
bridge-priority Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)
disable Disable STP
forward-delay Time spent in listening or learning state (4..30 seconds)
hello-time Time interval between configuration BPDUs (1..10 seconds)
> interface
> traceoptions Tracing options for debugging protocol operation
[edit protocols stp]
*
Excludes interface from participating in RSTP
Default priority value (used to influence downstream device’s least-cost path calculation to root bridge—lower is better)
Default interface mode for interfaces operating in full-duplex mode
Default interface mode for interfaces operating in half-duplex mode
Default cost value for interfaces operating at 1 Gbps
Default value for interfaces that do not connect to
STP-enabled devices
user@switch> show spanning-tree ?
mstp Show Multiple Spanning Tree Protocol information
statistics Show STP statistics
user@switch> show spanning-tree bridge
Time since last topology change : 72 seconds
Local parameters
Root Port
user@switch> show spanning-tree interface
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/10.0 128:523 128:523 32768.0019e2507c00 20000 BLK ALT
ge-0/0/11.0 128:524 128:524 32768.0019e2507c00 20000 BLK ALT
ge-0/0/12.0 128:525 128:525 32768.0019e2507c00 20000 BLK ALT
ge-0/0/13.0 128:526 128:526 32768.0019e2503fe0 20000 FWD ROOT
ge-0/0/14.0 128:527 128:527 32768.0019e2503fe0 20000 BLK ALT
ge-0/0/15.0 128:528 128:528 32768.0019e2503fe0 20000 BLK ALT
user@switch> show spanning-tree statistics interface
Interface BPDUs sent BPDUs received Next BPDU
transmission
*
user@switch> show spanning-tree ?
mstp Show Multiple Spanning Tree Protocol information
statistics Show STP statistics
MSTP configuration information
Context identifier : 0
Region name : reg1
0 0,31-4094
1 1-10
2 11-20
3 21-30
*
Interfaces and associated details are listed by instance
user@switch> show spanning-tree interface
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/10.0 128:523 128:523 32768.0019e2507c00 20000 BLK ALT
…
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/13.0 128:526 128:526 4097.0019e25082e0 20000 FWD DESG
Spanning tree interface parameters for instance 2
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/14.0 128:527 128:527 12290.0019e2503fe0 20000 FWD ROOT
…
*
user@switch> show spanning-tree bridge
Root ID : 32768.00:19:e2:50:3f:e0
Root cost : 0
Root port : ge-0/0/13.0
MSTI regional root : 4097.00:19:e2:50:82:e0
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
*
Problem:
Bridge applications running on PCs or “personal” switches can generate BPDU
STP, RSTP, or MSTP running on an EX switch could detect those BPDUs and trigger STP miscalculations, leading to network outages
Solution:
*
BPDUs
BPDUs
To verify BPDU protection functionality:
Use the show spanning-tree interface command before and after enabling the BPDU protection feature in STP-running switch
Use the show ethernet-switching interfaces command in a non-STP switch
Watch for state changes, role changes, or both in the output:
FWD state transitions to BLK
DESG role transitions to DIS (loop inconsistent)
unblocked transitions to blocked
To unblock the interface:
Use the clear ethernet-switching bpdu-error operational mode command
*
The problem:
Switch hardware and configuration errors could cause an interface to transition to the blocking state and stop receiving BPDUs
This transition could lead to erroneous interface transitioning from the blocking state to the forwarding state, resulting in loops and network outages
The solution:
Enable loop protection on all switch interfaces that have a chance of becoming root or designated ports
Once enabled, designated ports receive BPDUs, the interface transitions to a loop-inconsistent state
*
To verify loop protection functionality:
Use the show spanning-tree interface command before and after enabling the loop protection feature
Watch for state changes, role changes, or both in the interface output
BLK state remains BLK
ALT role transitions to DIS (loop inconsistent)
*
The problem:
Bridge applications running on PCs can generate BPDUs and interfere with root port election
Erroneous root port election on a switch
The solution:
Enable root protection on the switch interfaces that should not receive superior BPDUs from the root bridge and should not be elected as the root port
The interfaces become designated ports
Once a superior BPDU arrives on a port with root protection enabled, the port transitions to inconsistency state, blocking the interface
*
To verify root protection functionality:
Use the show spanning-tree interface command before and after you enable the root protection feature
Receipt of superior BPDUs on the watched interface triggers root protection
FWD state changes to BLK
DESG role transitions to DIS (loop inconsistent)
*
Redundant Trunk Group
Redundant trunk group:
Provides quick and simple failover mechanism for redundant Layer 2 links without requiring STP
Primary application is in enterprise environments where each access switch is dual homed to two distribution switches
*
Active Link
Nonactive Link
Switch A
Switch B
Switch C
Access Layer
Distribution Layer
Configuration Considerations
Redundant trunk group feature and STP are mutually exclusive on a given port
Access layer (Switch C in the previous example):
Cannot run STP on redundant trunk group links
STP BPDUs received on redundant trunk group links are discarded
Distribution layer (Switches A and B in previous example):
Redundant trunk group is not configured on distribution switches
STP is configured on distribution switches without any restriction
Maximum of 16 redundant trunk groups per switch
*
[edit ethernet-switching-options redundant-trunk-group]
user@switch# commit
error: XSTP : msti 0 STP and RTG cannot be enabled on the same interface ge-0/0/13.0
commit complete
Interface marked as primary is always active when operational
If the primary knob is omitted from configuration, the higher-numbered interface initially becomes the active link but does not preempt lower-numbered interfaces functioning as the active link in failure and recovery scenarios
*
user@switch> show redundant-trunk-group
name count
ge-0/0/16.0 Up 2008-03-08 12:12:15 UTC (00:00:10 ago) 2
user@switch> show redundant-trunk-group group-name rtg-group1
Interface State Bandwidth Time of last flap Flap
count
ge-0/0/13.0 Up/Pri/Act 1000 Mbps 2008-03-08 12:12:15 UTC (00:01:43 ago) 2
ge-0/0/16.0 Up 1000 Mbps 2008-03-08 12:12:15 UTC (00:01:43 ago) 2
(Pri) = Primary interface with preemption enabled
(Act) = Active interface currently forwarding traffic
Builds loop-free paths in redundant Layer 2 networks
Automatically rebuilds tree when topology changes
B
A
Bridge ID: Unique identifier for each switch
Root bridge: Switch with lowest bridge ID
Root port: Port closest to root bridge
Designated bridge: Switch representing the LAN segment
Designated port: Designated bridge’s port on the LAN segment
Bridge protocol data unit (BPDU): Packets used to exchange information between switches
Configuration BPDU
*
Port states:
Listening
Port is transitioning and will be used in active topology
Learning
Port is transitioning, switch is learning MAC addresses
Forwarding
*
Switches exchange BPDUs
Root bridge is elected based on BPDU information
Criterion for election is bridge ID, which includes a configurable priority and a unique identifier
The election process reviews priority first; lowest priority wins
If priority values are the same, unique device identifiers are reviewed; lowest identifier wins
A1 is elected as the root bridge based on BPDU information
A
B
A3
A1
A2
Root
Building a Spanning Tree (2 of 3)
Port role is determined by the least-cost path calculation to the root bridge; port state is determined by the port role
Ports on root bridge assume designated port role and forwarding state
Root ports on nonroot switches are placed in forwarding state
Designated ports on designated bridges are placed in forwarding state
All other ports are placed in blocking state
A
B
A3
A1
A2
Tree is considered fully converged
All traffic flows through the root bridge (A1)
A
B
A1
A2
A3
Root
F
F
F
F
F
F
Steps:
Bridge E sends TCN
continues every 2 seconds until the
TCN ACK is received on the root port
Bridge B acknowledges TCN
Bridge B sends TCN
Bridge A acknowledges TCN
Steps (contd.):
Root bridge sets topology change (TC) flag and sends updated configuration BPDU
Bridges B and C relay TC flag
to downstream switches
table aging timer to equal forwarding delay time
(default: 15 seconds)
*
First defined in IEEE 802.1w; later incorporated into IEEE 802.1D-2004
Convergence improvements include:
Point-to-point link designation
Edge port designation
*
Alternate port:
Blocks traffic while receiving superior BPDUs from neighboring switch
Backup port:
Provides redundant path to a segment (designated switches only)
Blocks traffic while a more preferred port functions as designated port
RSTP continues to use root and designated port roles
(Root)
RSTP Port States
RSTP (802.1D-2004) uses fewer states than STP (802.1D-1998) but has the same functionality
Alternate, backup, and disabled ports
Root and designated ports
Act as keepalives
RSTP bridges send BPDUs every hello time (default of 2 seconds)
Provide faster failure detection
If no BPDU is received within 3 times the hello interval
*
Takes 30 seconds before ports start forwarding traffic
after being enabled
Uses proposal/agreement handshake on point-to-point links instead of timers
Root and edge ports transition to forwarding state immediately
Nonedge-designated ports transition to forwarding state once explicit agreement is received
*
Topology Change Reconvergence
Topology changes occur only when nonedge ports transition to the forwarding state
Port transitions to the discarding state no longer trigger TCN
TCNs are flooded out all designated ports as well as out the root port by the initiator
Switches flush the majority of MAC addresses in the MAC address forwarding table
MAC addresses learned from edge ports are not flushed
*
When an indirect link failure occurs:
Switch A’s root port fails; it assumes it is the new root
Switch B receives inferior BPDUs from Switch A; it moves the alternate port to the designated port role
Switch A receives superior BPDUs, knows it is not the root, and designates the port connecting to Switch B as the
root port
When a direct link failure occurs:
The alternate port transitions to the forwarding state; it assumes the new root port role following the failure of the old root port
Switches running RSTP send MAC flush messages out of the new root port to trigger upstream switches to relearn the MAC addresses
Root
R
R
D
A
STP and RSTP interoperability considerations:
If switch supports only the 802.1D-1998 STP protocol, it discards any RSTP BPDUs received
*
Originally defined in IEEE 802.1s; later merged into IEEE 802.1Q-2003
Provides extensions to RSTP
Separate topology tree for each MSTI
Resource friendly—maps VLANs to one or more instances; provides for load balancing over available links
All links are utilized
F
F
F
*
Multiple Spanning Tree Region
An MST region is a group of switches with the same region name, revision level, and VLAN-to-instance mapping
Max of 64 MSTIs per region
One regional root bridge per instance
Backward compatible with STP and RSTP through common spanning tree (CST)
MST
One root bridge for CST
Each MST region appears as a virtual bridge
Common and internal spanning tree (CIST) extends CST into regions
CST
CST =
Blocking =
B
B
B
STP summary:
STP (802.1D-1998) is used in Layer 2 networks to prevent logical loops
Automated—user selects root switch and STP does the rest
STP is slow to converge and can be difficult to troubleshoot
RSTP (802.1D-2004) reduces link-convergence time to subseconds on point-to-point links
STP and RSTP support a single STP instance
Lacks load-balancing mechanism; creates underutilized links
MSTP (802.1Q-2003) supports up to 64 instances
Overcomes the shortcomings of a single spanning tree
*
bridge-priority Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)
disable Disable STP
forward-delay Time spent in listening or learning state (4..30 seconds)
hello-time Time interval between configuration BPDUs (1..10 seconds)
> interface
> traceoptions Tracing options for debugging protocol operation
[edit protocols stp]
*
Excludes interface from participating in RSTP
Default priority value (used to influence downstream device’s least-cost path calculation to root bridge—lower is better)
Default interface mode for interfaces operating in full-duplex mode
Default interface mode for interfaces operating in half-duplex mode
Default cost value for interfaces operating at 1 Gbps
Default value for interfaces that do not connect to
STP-enabled devices
user@switch> show spanning-tree ?
mstp Show Multiple Spanning Tree Protocol information
statistics Show STP statistics
user@switch> show spanning-tree bridge
Time since last topology change : 72 seconds
Local parameters
Root Port
user@switch> show spanning-tree interface
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/10.0 128:523 128:523 32768.0019e2507c00 20000 BLK ALT
ge-0/0/11.0 128:524 128:524 32768.0019e2507c00 20000 BLK ALT
ge-0/0/12.0 128:525 128:525 32768.0019e2507c00 20000 BLK ALT
ge-0/0/13.0 128:526 128:526 32768.0019e2503fe0 20000 FWD ROOT
ge-0/0/14.0 128:527 128:527 32768.0019e2503fe0 20000 BLK ALT
ge-0/0/15.0 128:528 128:528 32768.0019e2503fe0 20000 BLK ALT
user@switch> show spanning-tree statistics interface
Interface BPDUs sent BPDUs received Next BPDU
transmission
*
user@switch> show spanning-tree ?
mstp Show Multiple Spanning Tree Protocol information
statistics Show STP statistics
MSTP configuration information
Context identifier : 0
Region name : reg1
0 0,31-4094
1 1-10
2 11-20
3 21-30
*
Interfaces and associated details are listed by instance
user@switch> show spanning-tree interface
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/10.0 128:523 128:523 32768.0019e2507c00 20000 BLK ALT
…
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/13.0 128:526 128:526 4097.0019e25082e0 20000 FWD DESG
Spanning tree interface parameters for instance 2
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/14.0 128:527 128:527 12290.0019e2503fe0 20000 FWD ROOT
…
*
user@switch> show spanning-tree bridge
Root ID : 32768.00:19:e2:50:3f:e0
Root cost : 0
Root port : ge-0/0/13.0
MSTI regional root : 4097.00:19:e2:50:82:e0
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
*
Problem:
Bridge applications running on PCs or “personal” switches can generate BPDU
STP, RSTP, or MSTP running on an EX switch could detect those BPDUs and trigger STP miscalculations, leading to network outages
Solution:
*
BPDUs
BPDUs
To verify BPDU protection functionality:
Use the show spanning-tree interface command before and after enabling the BPDU protection feature in STP-running switch
Use the show ethernet-switching interfaces command in a non-STP switch
Watch for state changes, role changes, or both in the output:
FWD state transitions to BLK
DESG role transitions to DIS (loop inconsistent)
unblocked transitions to blocked
To unblock the interface:
Use the clear ethernet-switching bpdu-error operational mode command
*
The problem:
Switch hardware and configuration errors could cause an interface to transition to the blocking state and stop receiving BPDUs
This transition could lead to erroneous interface transitioning from the blocking state to the forwarding state, resulting in loops and network outages
The solution:
Enable loop protection on all switch interfaces that have a chance of becoming root or designated ports
Once enabled, designated ports receive BPDUs, the interface transitions to a loop-inconsistent state
*
To verify loop protection functionality:
Use the show spanning-tree interface command before and after enabling the loop protection feature
Watch for state changes, role changes, or both in the interface output
BLK state remains BLK
ALT role transitions to DIS (loop inconsistent)
*
The problem:
Bridge applications running on PCs can generate BPDUs and interfere with root port election
Erroneous root port election on a switch
The solution:
Enable root protection on the switch interfaces that should not receive superior BPDUs from the root bridge and should not be elected as the root port
The interfaces become designated ports
Once a superior BPDU arrives on a port with root protection enabled, the port transitions to inconsistency state, blocking the interface
*
To verify root protection functionality:
Use the show spanning-tree interface command before and after you enable the root protection feature
Receipt of superior BPDUs on the watched interface triggers root protection
FWD state changes to BLK
DESG role transitions to DIS (loop inconsistent)
*
Redundant Trunk Group
Redundant trunk group:
Provides quick and simple failover mechanism for redundant Layer 2 links without requiring STP
Primary application is in enterprise environments where each access switch is dual homed to two distribution switches
*
Active Link
Nonactive Link
Switch A
Switch B
Switch C
Access Layer
Distribution Layer
Configuration Considerations
Redundant trunk group feature and STP are mutually exclusive on a given port
Access layer (Switch C in the previous example):
Cannot run STP on redundant trunk group links
STP BPDUs received on redundant trunk group links are discarded
Distribution layer (Switches A and B in previous example):
Redundant trunk group is not configured on distribution switches
STP is configured on distribution switches without any restriction
Maximum of 16 redundant trunk groups per switch
*
[edit ethernet-switching-options redundant-trunk-group]
user@switch# commit
error: XSTP : msti 0 STP and RTG cannot be enabled on the same interface ge-0/0/13.0
commit complete
Interface marked as primary is always active when operational
If the primary knob is omitted from configuration, the higher-numbered interface initially becomes the active link but does not preempt lower-numbered interfaces functioning as the active link in failure and recovery scenarios
*
user@switch> show redundant-trunk-group
name count
ge-0/0/16.0 Up 2008-03-08 12:12:15 UTC (00:00:10 ago) 2
user@switch> show redundant-trunk-group group-name rtg-group1
Interface State Bandwidth Time of last flap Flap
count
ge-0/0/13.0 Up/Pri/Act 1000 Mbps 2008-03-08 12:12:15 UTC (00:01:43 ago) 2
ge-0/0/16.0 Up 1000 Mbps 2008-03-08 12:12:15 UTC (00:01:43 ago) 2
(Pri) = Primary interface with preemption enabled
(Act) = Active interface currently forwarding traffic
