ch2 spanning tree2

8/3/2019 Ch2 Spanning Tree2

1/29

CHAPTER 2

Spanning Tree Protocol


2/29

THE NEED FOR SPANNING TREE

Broadcast frames would travel aroundredundant paths forever quickly consumingavailable bandwidth without some form of

loop prevention


3/29

SPANNING TREE

A mesh topology use Spanning Tree Kind of converts a mesh into a star

Chooses what ports to block

Maintains only ONE active path between LANsegments (Collision Domains)

Stops LANs from having redundant links Stops Broadcast Loops

Network meltdown Caused by broadcast storms How do you stop a loop in progress?


4/29

OTHER SIDE EFFECTS OF STORMS

MAC table instability

Continually updating MAC Tables

Multiple copies of the same frame


5/29

WHAT SPANNING TREE DOES

Avoids bridging loops by putting someinterfaces into a blocking state based on theirBridge Port Data Unit (802.1d)


6/29

ROOT BRIDGE PRIORITY Is an 8 byte value unique to each switch Consists of 2 byte priority field and 6 byte

system ID

The system ID is based on the MAC address ineach switch

STP defines messages called bridge protocoldata units (BPDU) which switches use toexchange information with each other

The switch with lowest Root Bridge ID is theRoot switch or Root Bridge


7/29

BRIDGE PROTOCOL DATA UNITS

Used to determine the root bridge,designated bridge as well as which ports arein forwarding and block states.

Exchanged between the switches on regularintervals.

STP defines messages called bridge protocol

data units (BPDU) which switches use toexchange information with each other


8/29

HOW SPANNING TREE WORKS

STP elects a root switch (or bridge) and puts all workinginterfaces on the switch into forwarding state

Each non-root switch chooses the port with the lowestcost between itself and the root switch, called the rootport (RP), and places it into forwarding state

Many switches can attach to the same Ethernet segmentand the switch with the lowest cost from itself to the rootbridge, as compared with the other switches on thesegment, is placed into forwarding state

The lowest cost switch on each segment is called thedesignated bridge and that bridges interface attached tothat segment is called the designated port (DP)

All other interfaces are placed into blocking state


9/29

HOW SPANNING TREE WORKS

Spanning simply picks the interfaces toforward or to block based on 3 criteria:1. Root Bridge All interfaces on this bridge /

switch are in Forwarding

2. Non Root bridge has at least one of its ports tohave the lowest cost back to the root bridge.This is called the Root Port and is inforwarding state.

3. The Bridge with the lowest administrative costbetween itself and the root bridge is called theDesignated Bridge. The interface attached tothis segment is called the Designated Port.


10/29

STP REASONS FOR FORWARDING OR BLOCKING

Root switch forwards on all up/up interfacesIf an interface is not UP state it is taken out of the STP poolInterfaces not chosen not to forward (FS Forward State) are in Blockedstate Non Root switch finds the lowest cost between itself and root


11/29

STEP 1: ELECTING THE ROOT SWITCH

When a switch comes online it sends outBPDUs.

The Following Are specified.

1. Root Bridges ID The MAC Address plus thePriority of the Bridge.

2. The Cost to Reach the Root Bridge

3. The Bridge ID of the sender of the BPDU.

The Election process starts the lowest BridgeID becomes the Root Bridge. BPDU Starts with Priority, so lowest Priority wins. If

tie goes to the lowest MAC Address


12/29

ELECTING THE ROOT SWITCH

All switches say Hello

All switches claim to the root switch!

One by one comparison is made till thelowest Bridge ID is found


13/29

THE START OF THE ELECTION PROCESS


14/29

STEP 2: CHOOSING EACH SWITCHES ROOT PORT

Once the Root Switch has been elected theprocess of choosing each switches Root Portbegins

Switch Root Port (RP)

The interface through which it has the least SPTcost to reach the root switch

Most of the time you only have one connection


15/29

STP TIMERS

Dont mess with the defaults. Timers are set for a

reason. They work!!!


16/29

WHEN NETWORK CHANGES HAPPEN

Each switch sends out hello BPDU when achange occursHello Time Default 2 Seconds. The time it

takes for a root bridge to send out BPDUs.MaxAge Default 20 Seconds. Time before to

change the STP topology.

Forward Delay Delay that affects the time

involved when an interface changes fromblocking stat to forwarding state. (Default time isabout 50 seconds)


17/29

OPTIONAL STP FEATURES

Cisco has adopted 802.1d STP

EtherChannel Combines multiple channels intoone single channel on a switch. This way if onechannel goes down another can take its place and

no effect to STP Must be same speed

Must be same destination

All trunks

Eight interfaces max

EtherChannel does combine the bandwidth of thechannels

PortFast Allows a port to go right into Forwarding.


18/29

STP CONVERGENCE PAGE 75

When STP converges a switch transitions interfacesfrom one state to another, however, a transition fromblocking to forwarding cannot be done immediatelybecause forwarding data could temporarily cause

frames to loop Listening State 15 seconds - Interfaces in this state do

not forward frames but old MAC table entries are timedout because incorrect MAC entries could causetemporary loops

Learning State 15 seconds - Interfaces in the state stilldo not forward frames but the switch begins to learn theMAC addresses of frames received on the interface


19/29

STP SECURITY Switch interfaces that connect to end-user locations have some

security exposures Attackers could connect a switch with a low STP priority and become

the root switch

The attacker could connect a LAN analyzer and copy large amountsof data sent through the LAN

The Cisco BPDU Guard feature helps defeat these kinds of problems bydisabling the port of BPDUs are received on the port

This is normally used in conjunction with PortFast on an access port

The Cisco Root Guard feature helps defeat the problem where a rogueswitch tries to become the root switch

If a port with Root Guard enabled received BPDU with superior rootID, the BPDU will be ignored and the interface will be disabled


20/29

RAPID STP (IEEE 802.1W)

Works very similarly to 802.1d STP

Elects with same parameters

Elects root port on non root switches with same

parameters

Elects designated ports on each LAN segmentswith the same Rule

Place forwarding and blocking state. (RSTPblocking is called Discarding)


21/29

RSTP IMPROVEMENTS

Can be deployed on switches along side ofSTP

Convergence is a lot faster with RSTP

Typically about 10 seconds compared to 50seconds for STP

Not designed to work with hubs

But most networks dont use hubs

Main advantage is speed!


22/29

RSTP LINK AND EDGE TYPES

Link type Point to Point Links switches point to point with

no hubs in the middle

Link Type SharedBetween a switch and a hub

In this type, there is noimprovement on Convergence

time.

Edge TypeEnd node to switch


23/29

RSTP PORT STATUS

The following table describes the new RSTPterms for port states


24/29

RSTP PORT ROLES

Root Port The port which the switch hears thebest BPDU

Alternate Port Used when the root port goesDown. Receives suboptimal root BPDUs

Backup Port When a switch has two links tothe same segment. Knows it is a backup portwhen it receives the same BPDU it send out

back. Backup Ports are on Hubs

Disabled Port Is administratively down.


25/29

STP CONFIGURATION AND VERIFICATION

STP works without being configured

By default all switches have the same priority

The lowest burned in MAC becomes root

Is this a problem?

What happens when you add a switch?

What happens when you remove a switch?


26/29

STP TROUBLESHOOTING

Very seldom have to mess with it!

Step 1 Determine the root switch

Step 2 For each non-root switch, determinethe root port (RP) and cost to reach the rootswitch through that RP

Step 3 For each segment, determine thedesignated port (DP) and the cost advertisedby the DP onto that segment


27/29

DETERMINING THE ROOT SWITCH

Step 1Pick a switch and find the switchs root BIDand local BID using the show spanning-tree vlanvlan-id command

Step 2 If the root BID and local BID are equal, then

the local switch is the root switch Step 3 If the root BID and local BID are not equal

then Find the RP on the local switch with show spanning-

tree command Using CDP or other documentation determine which

switch is on the other end of the RP Log onto the switch on the other end of the RP and

repeat the process starting at step 1


28/29

DETERMINING THE ROOT PORT ON NON-ROOT

SWITCHES

Step 1 Determine all possible paths overwhich a frame can reach the root switch

Step 2 For each path add the costs of all

outgoing interfaces in the path

Step 3 The lowest cost found is the RP

Step 4 If the cost ties, use port priority, andif that ties use the lowest port number


29/29

ch2 spanning tree2

Documents