You are on page 1of 59

MEN Part 1

Network Learning Centre 1
Proprietary & Confidential 1

1
Agenda
Day 3

Module 4
• STP
• RSTP
• MSTP

• Exercise

– MSTP – 2 labs
– Bypass switch password
– Loading
Network Learning CentreIOS on Switch
2
2
Proprietary & Confidential
Module 4

Spanning Tree Protocol - STP

Network Learning Centre 3
Proprietary & Confidential 3
Applications Of Transparent Bridge

• Expand LAN scale
• Free and dynamic learning of site address
information
• Problem: frames or packets might be
forwarded circularly and continuously,
resulting in network congestion
Network
Page 4 Learning Centre 4
Proprietary & Confidential 4

Transparent bridge can learn the address information of the sites by itself,
thereby; it can effectively control the data flow on the network.

When a port of the bridge receives a frame containing the source MAC address, it
will save the address and the receiving port in an address table, and the table will
indicate that the MAC address is located in the network segment where the port is.

When the bridge receives a data frame, it will check the address table to find out
the port corresponding to the destination address.

• If it is the receiving port, it will give up the frame; if it is not the receiving port,
the frame will be forwarded at that port.

• If it cannot find out the port corresponding to the destination address of the
received data frame, the data will be forwarded from all other ports except the port
that received it.

•Moreover, if what the bridge received is a broadcast frame, the frame will be also
forwarded from all other ports except the port that received it.

But, the problem is that the "transparent" bridge is not the router, it will not do
any modification to the frame, and the frame will not record how many bridges has
been passed; if a loop exists on the network, the message might circulate and
increase continuously in the loop and cause the congestion of network. That’s the
problem of “route loop”.
4
Broadcast In A Network With Loops

Site A
1
LAN 1

1 1 1

B1 B2 B3

3 2 3 2 3 2

LAN 2

Site B

Network
Page 5 Learning Centre 5
Proprietary & Confidential 5

In the figure, it is an example of the message circulation and proliferation caused
by the route loop. It is assumed that Site A has not transmitted any packets, so,
there is no record of Mac address of Site A in the address tables of the bridges: B1,
B2 and B3. When Site A has transmitted a packet, all these three bridges have
received the packet at beginning and recorded the address of Site A on LAN 1, and
they are queuing to wait for forwarding the packet to LAN 2. Based on the rules of
LAN, one of the bridges will successfully forward the packet to LAN 2 first of all.
The bridge is assumed as B1, then, B2 and B3 will receive the packet once again;
since B1 is transparent to B2 and B3, the packet is as if it is transmitted on LAN 2,
and then, B2 and B3 will take the note as Site A is on LAN 2, and they will queue
to wait for forwarding the new packet to LAN 1; and supposing, at the same time,
B2 successfully forwards the original packet to LAN 2, then, both B1 and B3 will
receive the packet; as to B3, it regards that Site A is still on LAN 2, but as to B1, it
regards that Site A has been forwarded to LAN 2, thereafter, B1 and B3 will stand
in a line to wait for forwarding the new packet to LAN 1. Thus, the packet recycles
continuously in the loop, and the more awful is that the successfully transmitted
packet will cause two new packets appearing on the network each time.

5
Why We Need Spanning Tree
Protocol?
• Remove path loop that might exist in the bridging network by
blocking redundant links
• Activate redundant backup links to restore network connection
when the current active path fails
LAN D

LAN A ROOT
LAN B
LAN E

LAN C

Network
Page 6 Learning Centre 6
Proprietary & Confidential 6

Even though the hidden trouble exists in the transparent bridge, the application
of transparent bridge is still alluring because the function exerted on the loop-free
network by the transparent bridge is very useful. Does it mean that we cannot build
up the network with loops, then? No. By all appearances, it is out of place; because
the available loop can, however, guarantee the connectivity of network after a link
of the Topology structure is disconnected.
Therefore, we find out a good algorithm that trims the bridge network with the
loop into a tree topology structure without any loop via blocking the redundant
link; it not only resolves the problem of loop but also can re-trim the topology
structure to resume the connection of network via activating the blocked redundant
link when an active link is disconnected.
After referring to the bridge network example of spanning tree in the figure, the
basic concept of the algorithm should be explained very clear. The bridge marked
with the word ROOT is the root of spanning tree, the real lines are active links, i.e.
the branches of spanning tree; but the broken lines are redundant links, which will
be enabled only when the active link is disconnected.

6
Basic Principle Of Spanning Tree
Protocol

• Transmit BPDUs (Bridge Protocol Data Unit )among
network bridges and do the following jobs:
– Select the root.
– Calculate the shortest path.
– Select designated bridge.
– Select a root port.
– Select designated ports.

Network
Page 7 Learning Centre 7
Proprietary & Confidential 7

The basic theory of spanning tree algorithm is very simple. The special
configuration messages are forwarded between the bridges, and they are called
as “Bridge Protocol Data Unit (BPDU)" in the 802.1D protocol. The
configuration messages contain sufficient information to ensure the bridge
accomplishing the calculation of spanning tree.
1) In all the bridges involved in the calculation of the spanning tree on the bridge
network, one of them will be selected as the Root Bridge;
2) Calculate the shortest route from other bridges to the Root Bridge;
3) Specify a bridge among the bridges connected for each LAN, and the bridge
must be the closest one to the Root Bridge, which is
responsible for transmitting the packet on the LAN to the Root Bridge;
4) Select a root port for each bridge, and the route given by that port is the shortest
route from the bridge to the Root Bridge;
5) Select the port contained in the spanning tree, which consists of the root port and
those designated ports of the designated bridges
which are connected to the LANs.

7
Contents Of BPDU
• The content of BPDU is organized as (Root ID, Root
Path Cost, Designated Bridge ID, Designated Port ID)
– Root ID: Identifier of root
– Root Path Cost: The smallest path cost from the
designated bridge to the root
– Designated Bridge ID : Identifier of the designated
bridge

– Designated Port ID :Identifier of the
designated port
Network
Page 8 Learning Centre 8
Proprietary & Confidential 8

BPDU’s destination MAC address is a fixed multicast address, and all the bridges
involved in the calculation of the spanning tree will receive the packet of the
address; the data used for the spanning tree calculation is carried in the payload
domain.
Initially, all the bridges transmit the configuration messages that take themselves
as the root bridges, e.g. the bridge B1 transmits the configuration message as (B1,0,
B1, Port ID).
The bridges will compare the received configuration messages with their own
configuration messages in priority, and save the configuration message with higher
priority and complete the spanning tree calculation according to the saved message.

8
Bridge ID Format

• STP Bridge ID Format
– Priority + Vlan ID + MAC

Network Learning Centre 9
Proprietary & Confidential 9

Bridge id – 2 bytes priority + mac add as tie breaker

9
Port Cost (Cisco)

• Default port cost
– 10 MB – 100
– 100 MB – 19
– 1 Gbps – 4
– 10 Gbps – 2

Network Learning Centre 10
Proprietary & Confidential 10
Construct BPDU

• Select the best BPDU from all the BPDUs to construct its own BPDU.

– Select RootID: the RootID of the BPDU with the highest priority

– Calculate Root Path Cost:

• Root Path Cost is the sum of the Root Path Cost of best
BPDU and the cost of the port that receives this BPDU

– Select Root Port:

• The root port is the one that receives the best BPDU

– Select designated port: the ports used to forward the packets

• Send the new BPDU from a designated port
Network
Page 11 Learning Centre 11
Proprietary & Confidential 11

Then, how do we calculate the spanning tree on the basis of the priority?
First, the root bridge with the smallest ID in the configuration message will be
the root of spanning tree;
If the root bridge is itself, the overhead of the shortest route is 0; or, the shortest
route overhead from the bridge to the root is that the route overhead in the optimal
configuration message pluses the route overhead of the link corresponding to the
receiving port; Root Path Cost is 0 if it is the root itself
Then, select the root port. Usually, the root port is the port relevant to the
shortest route overhead; the port with the smallest ID will be the root port if there
are more than one port corresponding to the shortest route overhead. the root port is
0 if it is the root itself
After the root and the shortest route are determined, the bridges will obtain their
own configuration messages (BPDU) and take themselves as the designated bridges
for the ports from which the bridges have received BPDUs that are inferior to its
own BPDU, and these ports are the designated ports.
The bridges will transmit their own configuration message from the designated
ports.

11
How To Determine The Best
BPDU?
• The best BPDU has the high priority

– Assume there are two configuration messages C1 and C2, then:

• According to Root ID

• If above is the same, According to the Root Path Cost

• If above are the same, According to the Designated Bridge ID

• If above are the same, According to the Port ID

Principle : the smaller, the better
Network
Page 12 Learning Centre 12
Proprietary & Confidential 12

The comparison principles of configuration message priority are:
First, compare the IDs of root bridges; the smaller ID the higher priority.
If the IDs of root bridges are the same, the shortest routes from the transmission
bridges to the root bridges, that is, the RootPathCost will be compared, and the
smaller value the higher priority.
If both above are the same, the IDs of the transmission bridges will be compared,
the smaller value the higher priority;
Last, if the above three are the same, the IDs of transmission ports will be
compared, the smaller value the higher priority.
What requires explaining is that the two ports of the transmission bridges are
connected to one physical LAN if the above three are the same.

12
Spanning Tree Algorithm
• Using redundant Bridges, for higher network reliability, causes looping of frames.
STA is used to avoid such looping.
• STA detects frame looping and puts one of the two redundant Bridges into
Standby mode.
• Bridges develop and maintain a map of the network topology by exchanging
bridge protocol data units (BPDUs).

Network Learning Centre 13
Proprietary & Confidential 13

Root switch – least bridge id wins….id is priority + mac, this is unique

RP – least cost in Hello packet
if there are same cost from multiple Hellos, tiebreaker is
- lower forwarding switch bridge id
- lowest port priority of forwarding switch
- lowest port number of forwarding switch

BPDUs contain the following information:
• Protocol ID—Defines this packet as a BPDU.
• Version—The current version used by this BPDU packet.
• Message Type—Indicates the stage of the negotiation.
• Flags.Used to indicate a topology change.
• Root ID.A number composed of the assigned bridge priority (most significant two octets)
followed by the bridge MAC address.
• Root cost.Cost of the total path to the root bridge from the bridge sending the BPDU.
• Bridge ID.ID of the bridge sending the BPDU; actually composed of the bridge priority (2
bytes) and the bridge MAC address (6 bytes).
13
• Port ID Made up of the configured port priority (most significant octet) and the interface
An Instance Of Receiving And
Calculating BPDU
B81
Port 1
Port 5
B32 Port 2
Port 3 Port 4

B123 B321 B100 B80

LAN A 13 13
B102
17
13

B23
Root
Network
Page 14 Learning Centre 14
Proprietary & Confidential 14

This Instance can tell us how to calculate BPDU after receiving it. In the
convergent network, bridge B23 is selected as the root bridge,when B81
joins the network ,the topology will change ,so the spanning tree will
calculate again.

14
An Instance Of Receiving And
Calculating BPDU
B81

Port 1 Port 5
Port 2 Port 3 Port 4 blocking
blocking root

32,0,32
32, 23,18,
23, 18,123 23,14,
23, 14,321 23,14,
23, 14,100 23,15,
23, 15,80
23,15,
23, 15,81 23,15,
23, 15,81

• Select Port4 as the root ,select Port1 and Port2 as designated
ports, and meanwhile block Port3 and Port5.
• Send new BPDU from Port1 and Port2: (23, 15, 81)
– Root ID = 23
– Root Path Cost = 14+1 = 15
– Root Port ID = Port4
– Designated Bridge ID=81
Network
Page 15 Learning Centre 15
Proprietary & Confidential 15

Below, we will give an example to explain the process. The bridge B81 in the
figure has 5 ports in total, which separately receive such configuration messages:
Port 1: (32, 0, 32)
Port 2: (23, 18, 123)
Port 3: (23, 14, 321)
Port 4: (23, 14, 100)
Port 5: (23, 15, 80)
After the PRIORITY comparison, the B23 will be determined as the best root
bridge; the shortest route from the bridge to root bridge is 14+1=15. The bridge
must select a port as the root port from Port 3 and Port 4, and Port 4 will be the
root port since the transmission bridge's ID of Port 4 configuration message is 111
and smaller than 315 of Port 3.
The bridge 81 will transmit the configuration message (23,15,81), which is
precedence over the configuration messages received by Port 1 and Port 2, so, the
bridge 81 is the designated bridge of the network segment connected by Port 1 and
Port 2, and it will transmit its own configuration message from Port 1 and Port 2.
Thus, it is determined to block Port 3 and Port 5, Port 4 is the root port, and Port
1 and Port 2 are the designated ports. The blocked port will not join in transferring
data, and the data that are received by the root port and the designated port and
need to be forwarded only can be forwarded from other root ports or other
designated ports.
From the point of view of whole network, it means that some links are blocked
and other links will form a loopless tree topology structure.
15
What To Do If Links Fail?

• Hello Time

– The bridge cyclically sends BPDU from a designated port at the

period of Hello Time.

• Message Age and Max Age

– BPDUs stored at a port have a Message Age field, which grows

proportionally with time.

– If there is not BPDU received until the Message Age equals to

the Max Age, the bridge will regard it as failure on the links

connected to this port.
Network
Page 16 Learning Centre 16
Proprietary & Confidential 16

What will be done if the active links fail? The spanning tree algorithm provides a
timer policy: a threshold value of the message age will be carried in the
configuration message and the root bridge will periodically transmit the
configuration message with message age 0 from all ports of its own, and the
bridges that receive the configuration message will also transmit their own
configuration message with message age 0 from their designated ports. If the fault
occurs in the branches of spanning tree, the downstream ports of the link will not
receive the fresh configuration message and the message age value of those
configuration messages will be increased continuously until reaching a margin. The
bridge will abandon the outdated configuration message and recalculate the
spanning tree.
Thereunto, the period of timing transmission is "hello time"; the duration of
configuration message is "message age", and the maximal duration is "max age".
BPDUs stored at a port have a Message Age field, which grows proportionally
with time.
Once a BPDU with a smaller message age is received, its own BPDU is
updated.
If there is not BPDU received until the Message Age equals to the Max Age, the
bridge will regard it as failure on the links connected to this port, and will start
failure processing。

16
Processing Of Link Fault (I)
B81

Port 1 Port 5
Port 2 Port 3 Port 4 blocking
root

32,0,32
32, 23,18,
23, 18,123 23,14,
23, 14,321 23,15,
23, 15,81 23,15,
23, 15,80
23,15,
23, 15,81 23,15,
23, 15,81

• When the message of the BPDU of Port4 is timeout, this BPDU is

abandoned, and a new spanning tree are calculated, so as to select

Port3 as the new root port, while the BPDU of bridge 81 remains

unchanged
Network
Page 17 Learning Centre 17
Proprietary & Confidential 17

It supposes that the configuration message at Port 4 of the bridge 81 is outdated,
the bridge 81 will abandon the configuration message (23,14,100) and re-select
Port 3 as a new root port: Port 5 is still blocked, Port 1, Port 2 and Port 4 are as the
designated ports, and there is no change with its configuration message, then the
configuration message (23,15,81) will be transmitted from Port 1, Port 2 and Port
4.。

17
Processing Of Link Fault (II)

B81

Port 1 Port 5

Port 2 Port 3 Port 4
root

32,0,32
32, 23,18,
23, 18,123 23,16,
23, 16,81 23,16,
23, 16,81 23,15,
23, 15,80
23,16,
23, 16,81 23,16,
23, 16,81

• When the message of the BPDU of Port3 is timeout, this BPDU is abandoned, and

a new spanning tree are calculated, so as to select Port5 as the new root port,

while the BPDU of bridge 81 changes to (23,16,81)

Network
Page 18 Learning Centre 18
Proprietary & Confidential 18

It assumes that the configuration message at Port 3 is also outdated, and the
(23,14,321) configuration message is abandoned; Port 5 is re-selected as a new
root port, the ports of 1, 2, 3, 4 are as the designated ports, and the configuration
message is changed into (23,16,81) and it will be transmitted from the four
designated ports.

18
Processing Of Link Fault (III)

B81

Port 1 Port 5
Port 2 Port 3 Port 4

81,0,81
81, 81,0,81
81, 81,0,81
81, 81,0,81
81, 81,0,81
81,

• When the message of the BPDU of Port5 is
timeout, this BPDU is abandoned, and it is taken
itself as the root bridge to send the BPDU
Network
Page 19 Learning Centre 19
Proprietary & Confidential 19
(81,0,81) till a BPDU of a higher priority is

It assumes that the configuration message at Port 5 is outdated too, then, the
configuration message (23,15,80) will be abandoned, and the bridge will take itself
as the root to transmit the configuration message (81,0,81) until receiving the
better configuration message, then it will recalculate the spanning tree.。

19
Temporary Loops Or
Disconnection
• If the ports at the Forwarding status have not realized that they
should stop forwarding, temporary loops might exist.
• If ports blocked have not realized that they should start forwarding,
it might lead to temporary disconnection.
ROOT

ROOT

Network
Page 20 Learning Centre 20
Proprietary & Confidential 20

When the link failed and the network topology is changed, the new configuration
message would be spread over the whole network always after a certain delay.
Then, what will happen on other bridges before they discover the topology change?
One possibility may be that the ports in forwarding status in the old topology
should be blocked in the new one, but it does not aware of that and results in the
temporary path loop;
The other possibility may be that the blocked ports in the old topology should
join the data transmission in the new topology, but if it does not know, it may cause
the network to temporarily lose the connectivity.
It does not much matter with the second possibility; a few of packets will be lost
at most. While the jeopardousness of the first possibility is already talked about a
lot in the above, I guess that the readers might worry about it. It does not matter.
The timer policy of spanning tree algorithm has provided a very good solution.

20
How to avoid temporary loops?
• Forward Delay: Maximum delay for configuration message to be

broadcasted to the whole network

– Design interim status: ports at the interim status merely learns

address info of sites, but does not forward any data

– Ports enter the interim status from the blocked status after the

Forward Delay, then enter the Forwarding status after the Forward

Delay

• Ports will go through a certain delay to change from the blocking

status to the forwarding status. This time should at least be twice the

Page
forward
Network
21
delay
Learning Centre 21
Proprietary & Confidential 21

When a blocked port needs to turn into the forwarding status, a certain delay is
required. The delay is at least twice over the required time to ensure that the new
configuration message is spread over the whole network. We can suppose the
"forward delay" is the time to spread the configuration message over the whole
network and we will design an intermediate status; and the port in the intermediate
status can only study the address information of the site and can not take part in the
data transmission. Through the "forward delay", the port will be turned from the
blocked status into the intermediate status, and it will start to forward the data after
the "forward delay" again.

21
Port Status
Port Status Port Ability

Disabled Not receive/send any message

Blocking Not receive/forward data, receive but not
transfer BPDUs, and not learn addresses

Listening Not receive/forward data, receive and
transfer BPDUs, but not learn addresses

Learning Not receive/forward data, receive and
transfer BPDUs, and start to learn addresses

Forwarding Receive and forward data, receive and
transfer BPDUs, and learn addresses

Network
Page 22 Learning Centre 22
Proprietary & Confidential 22

To solve the temporary loop problem, the spanning tree protocol has introduced
some intermediate status. In the 802. ID protocol, the ports have such status:
Disabled: It indicates that the port cannot be used and does not receive and
transmit any messages. Such status might be caused
by the physical status at the port, and also might be configured manually by the
administrator.
Blocking: In this status, the port cannot forward the data messages, but it can
receive the configuration messages and hand it to CPU for processing. But then, it
cannot transmit the configuration messages and cannot learn the addresses.
Listening: In this status, the port can neither take part in the data transmission,
nor learn the addresses; but it can receive and
transmit the configuration messages.
Learning: In this status, similarly, the port cannot forward the data but it starts
the address learning, and it can receive, process and transmit the configuration
messages.
Forwarding: Once the port is turned into this status, it can forward any data,
start the address learning and receive, process and transmit the configuration
messages.

22
Port Status Transition
Disabled

(1) (2)

(1,2)

Listening
(3) (5)
(4)
(1)
Blocking (4) (1,2)
Learning
(2)

(4) (5)
Forwarding

(1,2)

1)interface enabled 4)interface is selected as backup interface ( blocking)
2)interface disabled 5)Forward Delay
3)interface is selected as root port or designated port
Network
Page 23 Learning Centre 23
Proprietary & Confidential 23

In the drawing, it presents the movement relationship of 5 states at the ports.
We can see, when a port is selected as the root port or the designated port, it will
move from the blocking status to a interim status (the listening status); it goes
through the delay of "forward delay" and moves to the next interim status (the
learning status); and then, it goes through another delay of "forward delay" and
moves to the forwarding status.
When a port is no longer as the root port or the designated port since the
Topology changed, it will immediately move to the blocking status.
Besides, the port in any states can be turned into the disabled status.

23
Two Timers about the MAC Address
Table
• There are two timers used to update the MAC address info:
– A bigger timer is used when the topology is stable
– A smaller timer is used when the topology changes
B4
LAN D
B1

LAN E
LAN B

ROOT
LAN A

B2
LAN C B3
Network
Page 24 Learning Centre 24
Proprietary & Confidential 24

Topology structure change can enable shifts of the relative position of sites in the
spanning tree, so that the MAC address info the network bridge originally learnt
might be incorrect. So, the learnt MAC address info should also have an age, and if
the address is not proven to be correct within this age, the address info is then
discarded.
When the physical location of the site is changed, the learnt address information
by the bridge might not be correct, so, every learnt address information has a
lifetime; if no message confirms the address is correct in the lifetime, it will be
abandoned. Everyone may image, if the physical location of the site is changed,
e.g. pulling off a terminal equipment from an access port and plugging into another
port will be certain to take a long time, then, the terminal will not transmit any
message in the period; for the reason, its address information will be deleted from
the address table of bridge. That is why the lifetime of address information can be a
longer value in such condition.
But, when the topology of spanning tree is changed, the location of the site
might be changed correspondingly, e.g. in the figure, the sites on the LANC are
originally in the network segment where the Port 1 is located, as for the root
bridge; latterly, the fault occurs on the LANA link and causes the spanning tree to
recalculate and select a new route to the root bridge for the bridge B2; at the same
time, the sites on the LANC are forwarded to the network segment where the Port 2
is located, as for the root bridge.
If the root bridge does not discover the change in a long period, the messages to
the LANC will be forwarded from Port 1, but the real destination can not receive
the messages. So how? The resolving measure that we adopt is to add up a shorter
lifetime for each learnt address information. In the period that the bridge discovers
the change of topology, the most possibility is the relevant location change of site; 24
that is why the shorter lifetime is used to restrict the address items Here you might
Transmission Of Topology Change
Message
ROOT

4 3 4

5 2 1 5

Topology change notice message
Topology change response message
Topology change message
Network
Page 25 Learning Centre 25
Proprietary & Confidential 25

But, another question appeared, not all bridges in the bridge network will
discover the topology changing. For example, in the figure on the last page, the
local change of B2 does not affect much other parts of network, and the bridges:
B1, B3 and B4 might not be aware at all that the spanning tree is different; as to
these bridges, the status of each port has not any changes and the links are normal;
the only difference is the relative location of LANC, and yet, such a thing can only
be discovered when the sites on LANC transmit the messages and before the
transmission the bridges will wrongly forward the data to the LANC with the items
of old address; so, it is necessary to make all the bridges in the network aware that
the network topology has changed and the address transmission items might be
abnormally! Must set the shorter message age for the learnt address items!
That is the purpose of the message of topology change in STP. There are three
kinds of messages of topology change: the notification message of topology
change, the response message of topology change and the message of topology
change. The meanings of the three kinds of messages will be explained below:
1) The Notification message of topology change: the bridge, that discovers the
topology change, periodically sends the notification message of topology change
from the root port to the direction of Root Bridge in the cycle of "hello time"; and
each non-root bridge, which receives the notification message, also plans to
transmit the message toward the direction of Root Bridge. This message is in a
special format, which has no data item and only makes the root aware of the
topology change.
2) The response message of topology change: if the bridge that receives the
notification message of topology change is not the root bridge, it needs to respond
the response message of topology change; and the bridge that receives the response
message will know: well, you have received my notification message and I should 25
stop transmitting it This message is carried in the next configuration message
Disadvantages of STP

• Recovery time is too long: two Forward Delay

• Network diameter should be less than 7.

Network
Page 26 Learning Centre 26
Proprietary & Confidential 26

Much about the STP has been introduced; however, it also has some
shortcomings, which mainly involve two items:
1) The port needs double "forward delay" for changing from the blocked status
into the forwarding status, resulting in the connectivity of network to be recovered
after tens of seconds at least, and that is not profitable for services.
2) Only one example of spanning tree is applied for the whole bridge network.
When the network is of a larger scale, it might require even longer convergent
time, and the topology might change frequently.
To solve the first shortcoming, a "rapid spanning tree" algorithm is applied in the
switch.

26
Rapid Spanning Tree Protocol -
RSTP

Network Learning Centre 27
Proprietary & Confidential 27
Rapid Spanning Tree Protocol

• The RSTP evolved from the STP, and shares the same basic

concepts;

• RSTP has all functions of STP;

• RSTP can bring down the convergence time
• Port Transition from Disable state to Learning state
• New port type - Backup DP

Network
Page 28 Learning Centre 28
Proprietary & Confidential 28

The rapid spanning tree(RSTP) is developed on the basis of spanning tree
algorithm, which inherits the basic concept of STP, i.e. it transmits the information
of spanning tree also via the configuration message and performs the calculation by
comparing the priority.
The rapid spanning tree can perform all the functions of spanning tree, and the
difference is: under the precondition that the rapid spanning tree will not cause the
temporary loop, it shortens the delay changing from the blocking status to the
forwarding and resumes the connectivity of network as soon as possible to offer the
much better services for users.

28
STP vs. RSTP (Port States)

STP port state RSTP port state

Disabled Discarding

Blocking Discarding

Listening Discarding

Learning Learning

Forwarding Forwarding

Network
Page 29 Learning Centre 29
Proprietary & Confidential 29

But the ports states in STP are more than those in RSTP, in STP we have
Disabled, Blocking, Listening, Learning, Forwarding; In RSTP only three states: Discarding,
Learning, Forwarding.

29
STP vs. RSTP (Port Types)

STP types of port RSTP types of port

Designated Port Designated Port

Root Port Root Port

Disabled Port Disabled Port

Alternate Port

Backup Port

Network
Page 30 Learning Centre 30
Proprietary & Confidential 30

In the STP ,we only have three kinds of ports: Designated Port, Root Port,
Disabled Port, but in the RSTP we have five kinds of ports: Designated Port, Root Port,
Disabled Port, Alternate Port, Backup Port. So you can see that RSTP have more kinds of
ports than STP.

30
Improvement Of Rapid Spanning
Tree (I) TO ROOT TO ROOT

LAN A LAN A

Designated Port F F Designated Port Designated Port F F Designated Port

LAN A LAN A LAN A LAN A

Blocked Port F Root Port Root Port F Blocked Port

• A new root port can immediately enter the
Forwarding status, if the original root port has
Network
Page 31 Learning Centre 31
entered the blocked status, and the designated
Proprietary & Confidential 31

From three aspects, the rapid spanning tree can realize the "Rapid" function:
(1) A new root port changing from blocking status into forwarding status: if the
old root port is aware that itself is no longer as the root port and changes into the
blocking status, while the designated port of network segment connected by the
new root port is in the forwarding status, then, the new root port can change into
the forwarding status without delay.
The condition shown in the figure is a typical example for the rapid status change
of a root port.

31
Improvement Of Rapid Spanning
Tree (II)
• The designated port can make a
handshake with the connected bridge so
as to enter the Forwarding
LAN A status quickly

Designated Port F
Handshake request
4 1
Handshake response
LAN B

3 2
Root Port

Network
Page 32 Learning Centre 32
Proprietary & Confidential 32

(2) A non-boundary designated port changing from the blocking status to the
forwarding status: the "non-boundary" means that the port is connected with other
bridges, not only be connected to the terminal equipment. The designated port
waiting to change into the forwarding status transmits a message of handshake
request to the downstream, if the bridge of downstream responds with an approving
message, then, the designated port can turn into the forwarding status without
delay.
The message of handshake request is in the next configuration message
transmitted by the port and it is identified with a handshake flag bit; and the
message of handshake response is also carried in the next configuration message
transmitted by the port and identified with a hand approving flag bit.
The condition shown in figure is a typical example for the rapid status change of
a non-boundary designated port.

32
Attention
• Handshakes must occur on point to point links.

Designated Port F

LAN A

LAN A
Designated Port F F Designated Port

LAN B LAN C

Non Point to Point Links Handshake Diffusion

Network
Page 33 Learning Centre 33
Proprietary & Confidential 33

But, the rapid status change requires a precondition: a point-to-point link is
required between the port initiating the handshake and the port responding the
handshake! If the precondition cannot be satisfied, the handshake will not be
responded. Then, the designated port has to wait for double "forward delay".
It is obvious that the point-to-point link has great influence on the performance
of rapid spanning tree. Several conditions about the point-to-point link are listed as
below:
The port is a aggregate port of links and it is bound with the aggregate links
(please refers to the contents of port aggregation)
The port supports the function of self-negotiation and works in the full duplex
mode via the negotiation (please refer to the relevant sections);
The administrator configures the port in full duplex mode
In other conditions, all the links connected by the port cannot be regarded as the
point-to-point links.
Another point should be noted that the bridge responding to the handshake
would respond an approving message only after it changes its non-boundary
designated port into the "blocking" status. Then, the non-boundary designated port
of the bridge responding to the handshake also needs to initiate the handshake to
the downstream. That is, the handshake will diffuse continuously till to the
boundary of network, as shown in figure above.

33
Improvement Of Rapid Spanning
Tree (III)
• The edge ports, i.e., those directly connected to terminals but not to
other bridges can directly enter the forwarding status, without any
delay.

TO ROOT

LAN A

LAN B LAN C

Designated Port Blocked Port
F LAN D
Edge Port
Network
Page 34 Learning Centre 34
Proprietary & Confidential 34

(3) The boundary port changing from the blocking status to the forwarding
status: it is easy to understand that the boundary ports are the ports directly
connected with the terminal equipment and no longer connected to any other
bridges. The statuses of these ports will not affect the connection of whole network
or cause any loop. So, it can quickly turn into the forwarding status without delay.

34
Faults of STP & RSTP

Network Learning Centre 35
Proprietary & Confidential 35
Review STP & RSTP

• Transmit BPDU among switches in order to select one bridge as the root;

• Each non-root bridge only selects one root port;

• For each LAN,select designated bridge to handle the data forward;

• The root port and designated port are at Forwarding State;

All the other ports are Discarding State; (Alternate Port/Backup Port)

Network
Page 36 Learning Centre 36
Proprietary & Confidential 36

After we establish the STP/RSTP network ,the switches will transmit BPDU
among switching network to select one root bridge from all bridges .And then
select root ports, designated ports, designated bridges, calculate the path cost. The
bridge selects a root port, and the path given from this port will be the optimal path
from this bridge to the root; The root ports and designated ports will be in
forwarding state, the other ports will be blocked.

36
Faults Of STP & RSTP

VLAN load balance can not be implemented

VLAN 20 VLAN 10

Link 1 Link 2 Backup

Network
Page 37 Learning Centre 37
Proprietary & Confidential 37

Between the two switches, we have two links, but the data from two VLANs can
only use one link to transmit, only one link, the other one will be idle. So VLAN
load balance can not be implemented.
In the figure above, we have configure VLAN 10 and VLAN 20,between the two
switches ,we have two links :link1 and link 2, but link 2 is only backup;
But the data from VLAN 10 will go through link 1,and data from VLAN 20 will
also go though link 1,so link 2 is always idle;
In this situation, it can not realize VLAN load balance .

37
Faults Of STP & RSTP

Some specific VLAN messages can not reach the destination

10,20,30 10,20

20,30

10,30 20 10,30
30 All the ports of
VLAN 10 and 30
are discard state
10
Switch A
Network
Page 38 Learning Centre 38
Proprietary & Confidential 38

In STP/RSTP, some links will be blocked for avoiding loop, only when some
actual links are down ,the blocked links will be activated, so in this case, data from
some VLANs can not get to the destination.
For example ,data from VLAN 10 and VLAN 30 can not get to the switch A,
because the two links which can transmit VLAN 10 and VLAN 30 data are virtual
links. Only when they become actual links, they can transmit data .

38
Multiple Spanning Tree Protocol -
MSTP

Network Learning Centre 39
Proprietary & Confidential 39
What Is MSTP?

• MSTP : Multiple Spanning Tree Protocol

– Clause 13 of IEEE Std 802.1s, 2002 Edition

• MSTP is the perfect combination of VLAN load balance and

STP/RSTP.

• MSTP allows frames from different VLANs to follow separate paths,

each based on an independent Multiple Spanning Tree Instance

(MSTI)

Network
Page 40 Learning Centre 40
Proprietary & Confidential 40

Spanning tree protocol (STP) cannot enable Ethernet ports to transit their states
rapidly. It costs two times of the forward delay for a port to transit to the
forwarding state even if the port is in a point-to-point links or the port is an edge
port.
Rapid spanning tree protocol (RSTP) enables Ethernet ports to transit their states
rapidly, but it suffers from the same drawback as that of STP. That is, all bridges in
a LAN with RSTP employed share one spanning tree and redundant links cannot be
blocked by VLANs. In networks with RSTP employed, packets of all VLANs are
forwarded along one spanning tree.
Multiple spanning tree protocol (MSTP) can disbranch a ring network to form a
ring-free network with a tree topology. The network can prevent packets from
being duplicated and forwarded endlessly. It provides multiple redundant paths for
packet forwarding and balances the forwarding loads of different VLANs.
MSTP is compatible with both STP and RSTP. It overcomes the drawbacks that
STP and RSTP suffer from. Since it enables spanning trees to be established
rapidly and enables packets of different VLANs to be forwarded along the
corresponding paths, it provides a better load-balancing mechanism for redundant
links.

40
MSTP Concepts

• Several terms of MSTP

– MSTP Multiple Spanning Tree Protocol

– MSTI Multiple Spanning Tree Instance

– MST Region Multiple Spanning Tree Region

– CIST Common and Internal Spanning Tree

– IST Internal Spanning Tree

– CST Common Spanning Tree

– SST Single Spanning Tree

Network
Page 41 Learning Centre 41
Proprietary & Confidential 41

There are some basic MSTP concepts. And in the follow slides ,we will
introduce every concept particular.

41
MSTP

• Each instance generates its own independent spanning tree

• The calculation of each instance is almost the same as RSTP

• Every instance can have different roots/topologies.

• The topology of each instance can be confirmed manually.

• The port within different instances can have different value of

spanning tree.

• The port within different instances can have different port roles/port

states.
Network
Page 42 Learning Centre 42
Proprietary & Confidential 42

There are some MSTP (multiple spanning tree protocol) principles.
Each instance generates its own independent spanning tree, all the switches
configured the same VLAN can form a tree, we call the tree an instance . It means
all the switches who have been configured the same VLAN belong to the same
instance.
The calculation of each instance is almost the same as RSTP, Each instance
sends its own BPDU to other bridges. Similar to STP and RSTP, MSTP uses
BPDUs to figure out spanning trees too. In this case, the BPDUs carry MSTP
configuration information of the switches.
To each instance ,it will choose a bridge as the root . Every instance can have
different roots/topologies. The instance can communicate with other instances by
the root. If we configure several VLANs on one switch ,then the switch maybe
belong to several instances. And the port on it may have different value , different
port roles and port states.

42
MST Region
• MST Region:
– An MST Region comprises one or more MST Bridges with the
same MST Configuration Identifiers. These Regions and the
other Bridges are connected into a Common Spanning Tree
(CST).

– MCID: MST Configuration ID

• MCID contains the following components:

– Format Selector (1 Byte)

– Configuration Name (32 Bytes)

– Revision Level (2 Bytes)
Network
Page 43 Learning Centre 43
– Configuration
Proprietary & Confidential Digest (16 Bytes) 43

An MST (multiple spanning tree) region comprises of multiple switches and the
corresponding network segments connected to these switches. These switches have
MSTP employed. In order to be part of a same MST region, a group of switches
must share the same configuration attributes.
Each MST Configuration Identifier contains the following components:
1) A Configuration Identifier Format Selector: the value 0 encoded in a fixed
field of one octet to indicate the use of the following components as specified in
this Standard.
2) The Configuration Name: a variable length text string encoded within a fixed
field of 32 octets, conforming to RFC 2271’s definition of SnmpAdminString.
3) The Revision Level: an unsigned integer encoded within a fixed field of 2
octets.
4) The Configuration Digest: a 16 octet signature of type HMAC-MD5 (see
IETF RFC 2104) created from the MST Configuration Table (3.26, 8.11). For the
purposes of calculating the Configuration Digest, the MST Configuration Table is
considered to contain 4096 consecutive two octet elements, where each element of
the table (with the exception of the first and last) contains an MSTID value
encoded as a binary number, with the first octet being most significant. The first
element of the table contains the value 0, the second element the MSTID value
corresponding to VID 1, the third element the MSTID value corresponding to VID
2, and so on, with the next to last element of the table containing the MSTID value
corresponding to VID 4094, and the last element containing the value 0. The key
used to generate the signature consists of the 16 octet string.

43
MSTI

• MSTI: Multiple Spanning Tree Instance
– Each instance can mapped to one or more
than one VLANs.
– One VLAN can be mapped to one instance
only.
– Multiple instances can be run on one switch.
– All VLANs are mapped to instance 0 by
default if mapping relationship is not
configured between VLAN and the instance.
Network
Page 44 Learning Centre 44
Proprietary & Confidential 44

A multiple spanning tree instance (MSTI) refers to spanning trees in a MST
region.
With MSTP employed, multiple spanning trees can be established in a MST region.
These spanning trees are independent of each other. Each of these spanning trees
corresponds to a VLAN.
Each instance can mapped to one or more than one VLANs. For
example, we have configured VLAN 2 and VLAN 3; at the same time
,we have instance 2 and instance 3 in the region. Then we can both map
the two VLANs to instance2 . Or map the VLAN2 to instance 2 and
VLAN3 to instance 3. But remember one VLAN can be mapped to one
instance only. it means if you have mapped VLAN 2 to instance 2 ,then
you can not map VLAN 2 to instance at the same time.
Multiple instances can be run on one switch. For example ,if on a switch
,we have configured three VLANs, every VLAN is corresponds to an instance, then
the switch can belong to three instances.

44
Example

10,20,30 10,20

20,30

10,30

20 10,30
30

10

If we use STP/RSTP, some problems will occur
Network
Page 45 Learning Centre 45
Proprietary & Confidential 45

In the figure above, the five switches , we have configured VLAN 10 ,20,30,
maybe different VLANs on different switches. If we run STP/RSTP, the data from
VLANs maybe can not reach the destination or can not realize load balance.

45
Example SWITCH A
VLAN10 Root

10 10 20 20
SWITCH B
20

VLAN20 Root
10 10
20

10
VLAN10 Root

30 10,20,30 10,20
VLAN20 Root
30 20,30

30 30 10,30 10,30
30 30 20
VLAN30 Root VLAN30 Root

SWITCH C
10
Network
Page 46 Learning Centre 46
Proprietary & Confidential 46

VLAN 10 is mapped to MSTI 1, Switch A is chose as the root bridge.
VLAN 20 is mapped to MSTI 2, Switch B is chose as the root bridge.
VLAN 30 is mapped to MSTI 3, Switch C is chose as the root bridge.
The other VLAN are mapped to MSTI 0 (IST)
The three instances compose one region .
The MSTIs are simple RSTP instances that only exist inside a region.
They run the RSTP automatically by default, without any extra configuration work.

46
IST & CST

• IST: (Internal Spanning Tree)
– IST connects the spanning trees within the MST
Region.
– The special MSTI with ID 0 within the MST Region.
• CST: (Common Spanning Tree)
– CST connects the spanning trees of all MST regions.
– Regard every MST region as a “switch”, and the CST
is generated by the computing of “switches” through
STP/RSTP.

Network
Page 47 Learning Centre 47
Proprietary & Confidential 47

An internal spanning tree (IST) is a spanning tree in an MST region. ISTs along
with the common spanning tree (CST) form the common and internal spanning tree
(CIST) of the entire switched network. ISTs are branches of CIST and are special
MSTIs.
A CST is the spanning tree in a switched network that connects all MST regions
in the network. If you take each MST region in a switched network for a switch,
then the CST is the spanning tree generated by STP or RSTP employed on these
logical switches.

47
CIST & SST

• CIST: (Common and Internal Spanning Tree)
– The IST and the CST, together make up a
CIST for the entire switching network.
• SST: (Single Spanning Tree)
– In a region, there is only one switch. The
single spanning tree may be supported by the
STP or by the RSTP

Network
Page 48 Learning Centre 48
Proprietary & Confidential 48

A CIST is the spanning tree in a switched network that connects all switches in
the network. It comprises the ISTs and the CST.
If in a region, we only has one switch, then we can call this tree single spanning
tree.

48
IST & CST (II)

CIST

CST
IST
Network
Page 49 Learning Centre 49
Proprietary & Confidential 49

Within a region ,we just use IST to connect all the switch together; among
regions ,we use CST to connect all the regions together. So the IST and CST
compose of the CIST.
within the region we should choose region root ,it is the root of the ISTs and the
MSTIs of a MST region. The region root of a MST region differs with the
topologies of the spanning trees in the region. So in the region ,if we have three
instances, then we can have three region roots.
A common root bridge is the root of a CIST. So in the CIST above ,we have a
common root .

49
New Port Roles And Role
Transformation (I)

• Common Root Bridge/CIST Root Bridge
– The Common Root Bridge refers to the root
bridge of CIST.
• Region Root
– The region root refers to the root of the IST
and MSTI within MST region.
– Every instance has its own region root.

Network
Page 50 Learning Centre 50
Proprietary & Confidential 50

Common Root Bridge: It is the root bridge of CIST. according to BPDUs
comparison, the whole network will choose a switch whose priority is the highest
as the CIST root.
Region Root: It is the root of the IST and MSTI within MST region. Every
instance has its own region root. So if there are three instances, then there are three
region roots.

50
New Port Roles And Role
Transformation (I)
• Edge Port
– The edge port is located at the MST
region edge, connecting different
MST regions, MST region and STP
region, or MST region and RSTP
region.
• Master Port
– Master port is the port connecting the
entire region to the Common Root
Bridge .It has the shortest path cost
Network
Page 51
to the
Learning common Root Bridge.
Centre 51
Proprietary & Confidential 51

Edge Port: The edge port is located at the MST region edge, connecting
different MST regions, MST region and STP region, or MST region and RSTP
region.
Master Port: It is used to connect region to common root bridge. The path cost
between master and common Root Bridge is the shortest. Master port is special
Edge Port, its role on the IST/CIST is Root port, but master port on instances.

51
New Port Roles And Role
Transformation (II)

Master Port
CIST Root

SST

Network
Page 52 Learning Centre 52
Proprietary & Confidential 52

So you can see that in the for regions, we have four master ports, they are used to
connect regions to common root bridge.
If the region wants to communicate with other regions ,they can use the master
port.

52
STP/RSTP Priority Vector Review

• STP/RSTP priority vectors are
composed of the following components:
– Root ID
– Root Path Cost
– Designated Bridge ID
– Designated Port ID
– Receiving Port ID.

Network
Page 53 Learning Centre 53
Proprietary & Confidential 53

STP/RSTP priority vectors are composed of the following components:
Root ID: the Bridge Identifier of the Root Bridge .
Root Path Cost: Path cost from the transmitting to Root Bridge .
Designated Bridge ID: the bridge ID of the transmitting Bridge.
Designated Port ID: the port ID of the Port through which the message was
transmitted.
Receiving Port ID: the port ID of the Port through which the message was
received.

53
CIST Priority Vector

• CIST priority vectors comprise the following
components:
– CIST Root ID
– CIST External Root Path Cost
– CIST Region Root ID
– CIST Internal Root Path Cost
– CIST Designated Bridge ID
– CIST Designated Port ID
– CIST Receiving Port ID
Network
Page 54 Learning Centre 54
Proprietary & Confidential 54

CIST Root ID: the Bridge Identifier of the CIST Root.
CIST External Root Path Cost: the path cost between MST Regions from the transmitting
Bridge to the CIST Root.
CIST Regional Root ID: the Bridge Identifier of the single bridge in a Region whose CIST
Root Port is a Boundary Port, or the Bridge Identifier of the CIST Root if that is within the
Region.
CIST Regional Root ID: the Bridge Identifier of the single bridge in a Region whose CIST
Root Port is a Boundary Port, or the Bridge Identifier of the CIST Root if that is within the
Region.
CIST Internal Root Path Cost: the path cost to the CIST Regional Root.
CIST Designated Bridge ID: the Bridge Identifier for the transmitting bridge for the CIST.
CIST Designated Port ID: the Port Identifier for the transmitting port for the CIST.
CIST Designated Port ID: the Port Identifier for the transmitting port for the CIST.
CIST Receiving Port ID: not conveyed in Configuration Messages, used as tie-breaker
between otherwise equal priority vectors within a receiving Bridge.

54
MSTI Priority Vector

• MSTI priority vectors is composed of the
following components:
– MSTI Regional Root ID
– MSTI Internal Root Path Cost
– MSTI Designated Bridge ID
– MSTI Designated Port ID
– MSTI Receiving Port ID

Network
Page 55 Learning Centre 55
Proprietary & Confidential 55

MSTI priority vector is composed of the following components:
MSTI Regional Root ID: the Bridge Identifier of the MSTI Regional Root for
this particular MSTI in this MST Region.
MSTI Internal Root Path Cost: the path cost to the MSTI Regional Root for
this particular MSTI in this MST Region.
MSTI Designated Bridge ID: the Bridge Identifier for the transmitting bridge
for this MSTI.
MSTI Designated Port ID: the Port Identifier for the transmitting port for this
MSTI.
MSTI Receiving Port ID: not conveyed in Configuration Messages.

55
Priority Vectors Calculation

• For all components, the lesser numerical value,
the better it is; Earlier components in the above
lists are more significant.
• As each Bridge Port receives priority vector
information from Ports closer to the Root,
additions are made to one or more priority vector
components to yield a worse priority vector for
potential transmission through other ports of the
same Bridge.

Network
Page 56 Learning Centre 56
Proprietary & Confidential 56

56
Understanding Priority Vectors
Calculation
32768.0-
32768.0-0-1
32768.0-
32768.0-0-1

32768.0-
32768.0-0-2 32768.0-
32768.0-0-3
32768.0-
32768.0-0-2 32768.0-
32768.0-0-3 Region 1
32768.0-
32768.0-0-2
32768.0-
32768.0-0-2

32768.0-
32768.0-0-1 Region 1 32768.0-
32768.0-0-3
32768.0-
32768.0-0-1 32768.0-
32768.0-0-3

Network
Page 57 Learning Centre 57
Proprietary & Confidential 57

We divide switch32768.0-0-2 and 32768.0-0-3 in the same region 1; then
between region 1 and switch32768.0-0-1 ,we have two links ,so one should be
blocked as the figure above.
If we divide switch32768.0-0-1 and 32768.0-0-3 in the same region 1; then
between region 1 and switch32768.0-0-2 ,we have two links ,so one should be
blocked as the figure above.

57
PVST+ (Cisco)

• If one STP is used with redundant links but with
multiple VLANs, several ports would be in blocking
state
• PVST+ creates STP instance for each VLAN
• Each STP instance can use different root switch
• The traffic load is balanced among available link
• Disadvantage- lot of messages & consume
processor time

Network Learning Centre 58
Proprietary & Confidential 58
ThankYou

Network Learning Centre 59
Proprietary & Confidential 59