Professional Documents
Culture Documents
2 STP InterVLANRouting PDF
2 STP InterVLANRouting PDF
2 STP InterVLANRouting PDF
Inter-VLAN Routing
Malin Bornhager
Halmstad University
Session Number
Version 2002-1 2002, Svenska-CNAP Halmstad University 1
Objectives
Layer 2 loops
Broadcast storms
Duplicate unicast frames
MAC database instability
Layer 2 loops
Broadcast storm
Root port
Switch port closest to the root bridge
Designated port
All non-root ports that are still permitted to forward traffic
Non-designated port
All ports configured to be in blocking state to prevent loops
Implementation of :
Portfast
Rapid Spanning Tree Protocol 802.1w (RSTP)
Per VLAN Spanning Tree 802.1q (PVST +)
Multiple Spanning Tree 802.1s (MST)
Load balancing across links
Discarding
Prevents the forwarding of data frames
Learning
Accepts data frames to populate the MAC table, to limit
flooding of unknown unicast frames
Forwarding
Forwarding of data frames in stable active topologies
MST (IEEE 802.1s) extends the IEEE 802.1w Rapid Spanning Tree
(RSTP) algorithm to multiple spanning-trees
Main purpose is to reduce the total number of spanning tree instances
to match the physical topology
Grouping VLANs and associate with spanning tree instances
MST carries the instance number in the 12-bit Extended System ID field
of the Bridge ID.
Switches A and B comprise the core of the network. Switch A is the root
bridge.
Switch C is an access layer switch. When Switch D is connected to Switch C,
it begins to participate in STP. If the priority of Switch D is 0 or any value
lower than that of the current root bridge, Switch D becomes the root bridge.
Having Switch D as the root causes the Gigabit Ethernet link connecting the
two core switches to block, thus causing all the data to flow via a 100-Mbps
link across the access layer. This is obviously a terrible outcome.
Version 2002-1 2002, Svenska-CNAP / Halmstad University. 37
Root Guard Operation
After the root guard feature is enabled on a port, the switch does not
enable that port to become an STP root port.
Cisco switches log the following message when a root guard
enabled port receives a superior BPDU:
%SPANTREE-2-ROOTGUARDBLOCK: Port 1/1 tried to become non-
designated in VLAN 77.
Moved to root-inconsistent state.
The current design recommendation is to enable root guard on all access ports so
that a root bridge is not established through these ports.
When Switch D stops sending superior BPDUs, the port unblocks again and goes
through regular STP transition of listening and learning, and eventually to the
forwarding state. Recovery is automatic; no intervention is required.
Version 2002-1 2002, Svenska-CNAP / Halmstad University. 39
Loop Guard
The Loop Guard STP feature improves the stability of Layer 2 networks by preventing bridging loops.
In STP, switches rely on continuous reception or transmission of BPDUs, depending on the port role.
A designated port transmits BPDUs whereas a nondesignated port receives BPDUs.
Bridging loops occur when a port erroneously transitions to forwarding state because it has stopped
receiving BPDUs.
Ports with loop guard enabled do an additional check before transitioning to forwarding state. If a
nondesignated port stops receiving BPDUs, the switch places the port into the STP loop-inconsistent
blocking state.
If a switch receives a BPDU on a port in the loop-inconsistent STP state, the port transitions through
STP states according to the received BPDU. As a result, recovery is automatic, and no manual
intervention is necessary.
When the Loop Guard feature places a port into the loop-inconsistent
blocking state, the switch logs the following message:
SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port
3/2 in vlan 3.
Moved to loop-inconsistent state.
After recovery, the switch logs the following message:
SPANTREE-2-LOOPGUARDUNBLOCK: port 3/2 restored in vlan 3.
Version 2002-1 2002, Svenska-CNAP / Halmstad University. 41
Loop Guard Operation
The link between Switches B and C becomes unidirectional. Switch B can receive
traffic from Switch C, but Switch C cannot receive traffic from Switch B.
On the segment between Switches B and C, Switch B is the designated bridge
sending the root BPDUs and Switch C expects to receive the BPDUs.
Switch C waits until the max-age timer (20 seconds) expires before it takes action.
When this timer expires, Switch C moves through the listening and learning states
and then to the forwarding state. At this moment, both Switch B and Switch C are
forwarding to each other and there is no blocking port in the network.
Version 2002-1 2002, Svenska-CNAP / Halmstad University. 44
UDLD Modes
Mode Purpose
Auto Places an interface in a passive negotiating state in which the interface responds to the
PAgP packets that it receives but does not initiate PAgP negotiation (default).
Desirable Places an interface in an active negotiating state in which the interface initiates
negotiations with other interfaces by sending PAgP packets. Interfaces configured in the
on mode do not exchange PAgP packets.
On Forces the interface to channel without PAgP.
Non- If a switch is connected to a partner that is PAgP-capable, configure the switch interface
silent for non-silent operation. The non-silent keyword is always used with the auto or
desirable mode. If you do not specify non-silent with the auto or desirable mode, silent is
assumed. The silent setting is for connections to file servers or packet analyzers; this
setting enables PAgP to operate, to attach the interface to a channel group, and to use
the interface for transmission.
Version 2002-1 2002, Svenska-CNAP / Halmstad University. 49
LACP Modes
Mode Purpose
Passive Places a port in a passive negotiating state. In this state, the port responds
to the LACP packets that it receives but does not initiate LACP packet
negotiation (default).
Active Places a port in an active negotiating state. In this state, the port initiates
negotiations with other ports by sending LACP packets.
On Forces the interface to the channel without PAgP or LACP.
Version 2002-1 2002, Svenska-CNAP / Halmstad University. 50
Inter-VLAN Routing Options
Multilayer switches build routing, bridging, QoS, and ACL tables for
centralized or distributed switching.
Switches perform lookups in these tables to make decisions, such as
to determine whether a packet with a specific destination IP address is
supposed to be dropped according to an ACL.
These tables support high-performance lookups and search
algorithms to maintain line-rate performance.
Multilayer switches deploy these memory tables using specialized
memory architectures, referred to as content addressable memory
(CAM), and ternary content addressable memory (TCAM).
Process Switching
Fast Switching
All these operations are done by software running on the CPU for each
individual frame.
A router with CEF enabled uses information from tables built by the CPU, such as the
routing table and ARP table, to build hardware-based tables known as the Forwarding
Information Base (FIB) and adjacency tables.
These tables are then used to make hardware-based forwarding decisions for all frames in
a data flow
Although CEF is the fastest switching mode, there are limitations, such as other features
that are not compatible with CEF or rare instances in which CEF functions can actually
degrade performance, such as CEF polarization in a topology using load-balanced Layer 3
paths.
Derived from ARP table and contains Layer 2 header rewrite (MAC)
information for each next hop contained in the FIB. Nodes in network
are said to be adjacent if they are within a single hop from each other.
Maintains Layer 2 next-hop addresses and link-layer header
information for all FIB entries.
Populated as adjacencies are discovered.
Each time adjacency entry created (such as via ARP), a Layer 2 header
for that adjacent node is pre-computed and stored in the adjacency
table.
When the adjacency table is full, a CEF TCAM entry points to the Layer
3 engine to redirect the adjacency.