Chapter 3:

Network Redundancy
ITP4111
Open Standards Networking

© VTC 2013 ILO 3

 Review of hierarchical
design

© VTC 2013 ILO 3

 Hierarchical Design
•The core serves as the backbone for the network. The core
needs to be fast and extremely resilient.
•The distribution layer aggregates nodes from the access layer
•In a small network, core layer and distribution layer can be
combined into one layer.
Core Layer

Distribution Layer

Server

Access Layer
© VTC 2013 ILO 3 3
 Usage and configuration of
link aggregation with LACP

© VTC 2013 ILO 3

 Benefits of Link Aggregation
Server
Link Aggregation
SWB

• Increased link bandwidth

• Enhanced link reliability
SWA

PC

© VTC 2013 ILO 3 5

 Load Sharing in an Aggregation Group

• Within each link aggregation group, flow-based load sharing is

performed.
• Traffic of the same data flow travels the same port while traffic of
different data flow may travel different member ports.

PCA

PCB SWA SWB

© VTC 2013 ILO 3 6

 Link Aggregation Approaches

• Static link aggregation

 Systems at both end do not negotiate port status.
• Dynamic link aggregation
 Systems at both ends use a control protocol to negotiate port status.
 Control Protocols:
 Link Aggregation Control Protocol (LACP) => IEEE 802.3ad
 Port Aggregation Protocol (PAg) => Cisco

© VTC 2013 ILO 3 7

 Link Aggregation Configuration Example
Create a Layer 2 aggregate interface

[SWA]interface bridge-aggregation 1
[SWA-Bridge-Aggregation1]link-aggregation mode
dynamic
[SWA-Ethernet1/0/1] port link-aggregation group 1
E1/0/1 E1/0/3 [SWA-Ethernet1/0/2] port link-aggregation group 1
E1/0/2 [SWA-Ethernet1/0/3] port link-aggregation group 1

Assign Ethernet ports to the

link aggregation group

E1/0/2
E1/0/1 E1/0/3

[SWB]interface bridge-aggregation 1
[SWB-Bridge-Aggregation1]link-aggregation mode dynamic
[SWB-Ethernet1/0/1] port link-aggregation group 1
[SWB-Ethernet1/0/2] port link-aggregation group 1
[SWB-Ethernet1/0/3] port link-aggregation group 1
© VTC 2013 ILO 3 8
 Displaying & Maintaining Link Aggregation
<Switch>display link-aggregation summary

Aggregation Interface Type:

BAGG -- Bridge-Aggregation, RAGG -- Route-Aggregation
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 000f-e267-6c6a

AGG AGG Partner ID Select Unselect Share

Interface Mode Ports Ports Type

----------------------------------------------------------------------
BAGG1 S none 3 0 　　　　　 　 Shar

The aggregation The aggregation The member ports

Aggregation ID
mode is static group contains 3 share the loading
member ports

© VTC 2013 ILO 3 9

 Implementation of RSTP
and MSTP

© VTC 2013 ILO 3

 Spanning Tree Protocol
• The Spanning Tree Protocol (IEEE 802.1d) eliminates loops at the data link layer of a
bridged LAN.
• STP-enabled bridges/switch complete spanning tree calculation by exchanging
bridge protocol data units (BPDUs).
SWA

BPDU BPDU

BPDU
SWB SWC

© VTC 2013 ILO 3 11

 Configuration BPDUs

• A configuration BPDU carries:

 Root ID
 Root Path Cost
 Designated bridge ID
 Designated port ID
• Initially each port generates a configuration BPDU with the
current switch as the root bridge.
• After topology converges, the root bridge/switch sends out
configuration BPDUs regularly and other bridges/switches
just forward these BPDUs

© VTC 2013 ILO 3 12

 Election of the Root Bridge
• The bridge ID consists of the bridge priority and bridge/switch MAC
address.
• The root ID is the ID of the bridge/switch that the transmitting
bridge/switch believes to be the root.
• The bridge/switch with the lowest bridge ID is elected as the root.
SWA
BridgeID: 0.0000-0000-0000

SWB SWC

BridgeID: 16.0000-0000-0001 BridgeID: 0.0000-0000-0002

© VTC 2013 ILO 3 13
 Port Roles
• All ports on the root bridge/switch are designated ports.
• On a non-root bridge/switch, the port with the least root path cost is
the root port.
• On each physical segment, the bridge/switch with the least root path
cost is the designated bridge/switch, and the port connecting the
designated bridge/switch to the physical segment is the designated
port.
• Ports that are neither designated ports nor root ports are blocked.
Root

DP DP

Cost=10 Cost=20

RP RP
Cost=30
DP AP
© VTC 2013 ILO 3 14
SWB SWC
 Root Path Cost
• For a non-root bridge/switch, root path cost is the sum of all port path
costs on the least cost path to the root bridge/switch.
• On a non-root bridge/switch, the port with the lowest path cost is
elected as the root port.
• On a physical segment, the bridge/switch with the least root path cost is
elected as the designated bridge/switch.
SWA

Root
1000M 100M

Cost=10 Cost=20

1000M 100M
Cost=30
10M 10M
© VTC 2013 ILO 3 15
SWB SWC
 Root Path Cost
Link Speed 802.1D (1998) 802.1t H3C proprietary
standard
10 Mbps 100 2,000,000 200,000

100 Mbps 19 200,000 2,000

1000 Mbps 4 20,000 20

10 Gbps 2 2,000 2

© VTC 2013 ILO 3 16

 Bridge ID as a Tie Breaker for Port Role Assignment

• If multiple ports are found with the least root path cost, the one connected to
the upstream bridge/switch with the lowest bridge ID is elected as the root
port.
• If multiple bridges/switches are connected to a physical segment with the least
root path cost, the one with the lowest bridge ID is elected as the designated
bridge/switch for the physical segment. The port connecting the designated
bridge/switch to the physical segment is assigned
SWA the role of designated port.
Root
DP DP
Cost=10 Cost=10

RP RP
DP AP
SWB SWC
DP DP
Cost=10 Cost=10
RP AP
© VTC 2013 ILO 3 17
SWD
 Port ID as a Tie Breaker for Port Role Assignment

Given the same root path cost and the same upstream bridge/switch,
the port connected to the upstream port that has the lowest port ID
wins out during root port election.
SWA
BridgeID: 0.0000-0000-0001
Root

G0/1 G0/2

Cost=10 Cost=10

RP AP

SWB
© VTC 2013 ILO 3 18
 RSTP

• The Rapid Spanning Tree Protocol (RSTP) is an enhancement

to the IEEE 802.1D-1998 STP.
• RSTP provides all the functions of STP.
• RSTP achieves fast network convergences.
• RSTP shortens the delay that a root or designated port must
experience to transition from the blocking state to the forwarding
state.

© VTC 2013 ILO 3 19

 Drawbacks of STP and RSTP
• A trunk link may carry traffic for multiple VLANs.
• All VLAN2 share the same spanning tree.
• VLAN traffic cannot be load-shared across multiple trunk links.

SWA Server

Traffic of all
VLANs is
blocked here

PCA SWB SWC PCB

VLAN 10 VLAN 20
© VTC 2013 ILO 3 20
 Multiple Spanning Tree Protocol (MSTP)

• The Multiple Spanning Tree Protocol (MSTP) maps one or more VLANs
to an instance and each instance maintains an independent spanning
tree.
• Multiple trunk links can load share traffic by VLAN
SWA Server
Instance A: VLAN1~10
Instance B: VLAN11~20

PCA SWC PCB

SWB
VLAN 10 VLAN 20

© VTC 2013 ILO 3 21

 STP and RSTP vs MSTP
Feature STP RSTP MSTP
Loop removal and link
Y Y Y
redundancy
Fast convergence N Y Y
Multiple spanning trees for load
N N Y
sharing

• MSTP achieves fast network convergence and provides a load

sharing mechanism.
• MSTP is compatible with STP and RSTP.

© VTC 2013 ILO 3 22

 Port States – RSTP/MSTP and STP
Blocking Discarding

Listening Forwarding Delay

Forwarding Delay

Learning Learning

Forwarding Delay Forwarding Delay

Forwarding Forwarding

STP RSTP/MSTP
© VTC 2013 ILO 3 23
 Spanning Tree Configuration
Core
Example
SWA SWB
[SWA]stp enable [SWB]stp enable
[SWA]stp priority 0 [SWB]stp priority 4096

SWC [SWC]stp enable

[SWC]interface Ethernet 1/0/1
[SWC-Ethernet1/0/1] stp edged-
E1/0/1 port enable

End User

© VTC 2013 ILO 3 24

 Displaying Spanning Tree Information
[SWA]display stp
-------[CIST Global Info][Mode MSTP]------- Operating Mode
CIST Bridge :32768.000f-e23e-f9b0 Bridge ID
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000f-e23e-f9b0 / 0
CIST RegRoot/IRPC :32768.000f-e23e-f9b0 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
Bridge Config-
Digest-Snooping :disabled
TC or TCN received :0
......

[SWA]display stp brief

MSTID Port Role STP State Protection
0 Ethernet1/0/1 DESI FORWARDING NONE
0 Ethernet1/0/2 DESI FORWARDING NONE
......

Port role
© VTC 2013
Instance ID ILO 3 Port state 25
 Default H3C MSTP
Region-configuration

<SWA>dis stp region-configuration

Oper configuration
Format selector :0
Region name :002389d8cad0
Revision level :0

Instance Vlans Mapped

0 1 to 4094

© VTC 2013 ILO 3 26

 [SWA] stp region-configuration
[SWA-mst-region] region-name example
[SWA-mst-region] revision-level 0
 
# Activate MST region configuration.
[SWA-mst-region] active region-configuration
[SWA-mst-region] quit
[SWA]stp priority 0
Or [SWA] stp instance 0 priority 0
 
[SWA]stp enable

© VTC 2013 ILO 3 27

 MSTP Configuration Example

© VTC 2013 ILO 3 28

 H3C MSTP Configurations
[CoreA]stp region-configuration
[CoreA-mst-region]region-name H3C
[CoreA-mst-region]instance 1 vlan 1 3 5 7 9
[CoreA-mst-region]instance 2 vlan 2 4 6 8 10
[CoreA-mst-region]revision-level 1
[CoreA-mst-region]active region-configuration
[CoreA-mst-region]quit

Enable the primary root bridge for “instance 1” and backup root bridge for “instance
2” respectively
[CoreA]stp instance 1 root primary
[CoreA]stp instance 2 root secondary
[CoreA]stp enable

© VTC 2013 ILO 3 29

 Cisco MST Configuration

Switch(config)# spanning-tree mst configuration

Switch(config-mst)# instance 1 vlan 1,3,5,7,9
Switch(config-mst)# instance 2 vlan 2,4,6,8,10
Switch(config-mst)# name Cisco
Switch(config-mst)# revision 1
Switch(config-mst)# exit
Switch(config)# spanning-tree mode mst
Switch(config)# spanning-tree mst 1 root primary
Switch(config)# spanning-tree mst 2 root secondary

© VTC 2013 ILO 3 30

 Virtual Router
Redundancy Protocol

© VTC 2013 ILO 3

 Problem in IP Networks

• In the following network, when a fault appears at the interface of the

switch, the users in the directly connected network cannot
communicate with the outside network. VRRP （ Virtual Router
Redundancy Protocol ） is used to address this problem.

IP nets

10.0.0.1

© VTC 2013 ILO 3 32

10.0.0.6 10.0.0.7 10.0.0.8 10.0.0.9
 Application of VRRP
• The protocol creates a virtual router, which is an abstract
representation of multiple routers, i.e. master and backup routers,
acting as a group. The default gateway of the hosts are assigned to the
virtual router instead of a physical router. If the physical router that
is routing packets on behalf of the virtual router fails, another physical
router is selected to automatically replace it.

IP nets

Virtual Router
10.0.0.2 10.0.0.1 10.0.0.3

© VTC 2013 10.0.0.6 10.0.0.7 ILO 3 10.0.0.8 10.0.0.9 33

Gw 10.0.0.1 Gw 10.0.0.1 Gw 10.0.0.1 Gw 10.0.0.1
 Application of VRRP (II)
• More than one VRRP groups are created in the same VLAN
interface, different VRRP group select different physical
switch as master, and as the backup for another VRRP
group. Different hosts in the VLAN use different Virtual IP
as its default gateway.
IP nets

10.0.0.2 10.0.0.1 10.0.0.4 10.0.0.3

© VTC 2013 10.0.0.6 10.0.0.7 ILO 3 10.0.0.8 10.0.0.9 34

Gw 10.0.0.1 Gw 10.0.0.1 Gw 10.0.0.4 Gw 10.0.0.4
 Outline of VRRP Protocol

• VRRP messages use multicast address 224.0.0.18 to

communicate.
• VRRP elects a Master in a group ， all other members are
Backup.
• Master acts as the Virtual Router which functions as the
default gateway.
• Virtual Router is identified by a Virtual Router ID. It has the
following MAC address: 00-00-5E-00-01-{vrid}.

© VTC 2013 ILO 3 35

 VRRP Message Format
• VRRP has Advertisement message only.
0 4 8 16 24 32
versi type VRID Priority Count IP
on Addrs
Auth Type Adver Int Checksum
IP address (1)
……
IP address (n)
Authentication Data (1)
Authentication Data (2)
© VTC 2013 ILO 3 36
 Election of VRRP

• In each VRRP group, you can specify the priority of each

router.
• The one with a higher priority will be the Master of that
VRRP group, others are Backup.
• If two VRRP Routers has the same priority, the one with
higher IP address will be the Master.
• Master periodically send Advertisement out. If Backup
cannot receive Advertisement within a specific time, it
regards Master as Down, a new election for the Master
will begin.

© VTC 2013 ILO 3 37

 VRRP Configuration (II)

• Add or remove IP address

– vrrp vrid virtual-router-ID virtual-ip virtual-address
– undo vrrp vrid virtual-router-ID [ virtual-ip virtual-address ]
• Set up the priority
– vrrp vrid vrid priority priority
– The priority determines the status of a switch in the VRRP
group. A higher-priority switch is more likely to be the
master. Priority 0 is reserved for some special purpose. 255
is reserved for the IP address owner. The priority of the IP
address owner is always 255 and cannot be modified.

© VTC 2013 ILO 3 38

 VRRP Configuration (III)
• Setup preemptive mode and delay timer
– vrrp vrid virtual-router-ID preempt-mode [ timer delay delay-value ]
– By default, a virtual router is in preemption mode and the delay-value is 0 seconds.
Preemption will be delayed when you configure the timer.

– vrrp authentication-mode authentication-type authentication-key

– VRRP provides three methods of authentication ：
• NONE ： No authentication, default.
• SIMPLE ： The key is transferred in clear text, length must be less than 8 characters
• MD5 ： The key is transferred in MD5.

– Note that you can set different authentication modes and authentication keys for
different VRRP groups on an interface. You need to set the same authentication
mode and authentication key for the members of a VRRP group.

© VTC 2013 ILO 3 39

 VRRP Configuration (IV)

• set an interval for sending VRRP packets on the master

– vrrp vrid virtual-router-ID timer advertise adver-interval
– adver-interval: Interval for sending VRRP packets on the master
in seconds, ranging from 1 to 255; By default, the value is 1.
• configure the switch to track an interface
– vrrp vrid virtual-router-ID track interface vlan-interface
interface-num [ reduced value-reduced ]
– The priority of the switch will be reduced if the state of the
tracked interface goes down. Accordingly, another switch in the
virtual router will have the comparatively highest priority and
become the new master.

© VTC 2013 ILO 3 40

 Verification of VRRP

• Display the status of VRRP

– display vrrp [ interface vlan-interface interface-num ] [ virtual-router-ID ]
– display vrrp vlan-interface 20
vlan-interface20 | Virtual Router 10
State : backup
Virtual IP : 10.10.10.2
Priority : 100
Preempt : YES Delay Time : 0
Timer : 3
Auth Type : NONE

• Open/close debugging of VRRP

– debugging vrrp { state | packet }
– undo debugging vrrp { state | packet }

© VTC 2013 ILO 3 41

 VRRP Configuration Example

IP nets
Switch_A Switch_B

10.0.0.2 10.0.0.3

10.0.0.6 10.0.0.7 10.0.0.8 10.0.0.9

© VTC 2013 ILO 3 42

 Implementation of VRRP Group

• Configure a VRRP group ， virtual router ID to be

1 ， virtual IP address to be 10.0.0.1
• Switch_A ：
– [Switch_A-vlan-interface2] vrrp vrid 1 virtual-ip 10.0.0.1
– [Switch_A-vlan-interface2] vrrp vrid 1 priority 100
• Switch B ：
– [Switch_B-vlan-interface2] vrrp vrid 1 virtual-ip 10.0.0.1

© VTC 2013 ILO 3 43

 Load Balancing with Two Groups

• Configure two VRRP groups, the virtual router IDs to be 1 and 2, virtual
gateways to be 10.0.0.1 and 10.0.0.4. In normal situation, Switch_A to
be the Master of Group 1, Switch_B to be the Master of Group 2. Some
hosts will use 10.0.0.1 as their default gateway, others use 10.0.0.4 as
their default gateway.
• Switch_A ：
– [Switch_A-vlan-interface2] vrrp vrid 1 virtual-ip 10.0.0.1
– [Switch_A-vlan-interface2] vrrp vrid 1 priority 120
– [Switch_A-vlan-interface2] vrrp vrid 2 virtual-ip 10.0.0.4
• Switch_B ：
– [Switch_B-vlan-interface2] vrrp vrid 1 virtual-ip 10.0.0.1
– [Switch_B-vlan-interface2] vrrp vrid 2 virtual-ip 10.0.0.4
– [Switch_B-vlan-interface2] vrrp vrid 2 priority 120

© VTC 2013 ILO 3 44

 Tracking Interface

• Switch A ：
– [Switch_A-vlan-interface2] vrrp vrid 1 virtual-ip 10.0.0.1
– [Switch_A-vlan-interface2] vrrp vrid 1 priority 120
– [Switch_A-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch
– [Switch_A-vlan-interface2] vrrp vrid 1 track vlan-interface 3 reduced 30
• Switch B ：
– [Switch_B-vlan-interface2] vrrp vrid 1 virtual-ip 10.0.0.1
– [Switch_B-vlan-interface2] vrrp vrid 1 priority 100
– [Switch_B-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

© VTC 2013 ILO 3 45

 Benefits of using
stackable switches

© VTC 2013 ILO 3

 Stackable Switches

• A stackable switch is a network switch that is

fully functional operating standalone but
which can also be set up to operate together
with one or more other network switches,
with this group of switches showing the
characteristics of a single switch but having
the port capacity of the sum of the
combined switches.

© VTC 2013 ILO 3 47

 Cisco Stackable Switches

• Cisco StackWise technology unites up to nine

individual Cisco Catalyst 3750 switches into a
single logical unit, using special stack
interconnect cables and stacking software.

© VTC 2013 ILO 3 48

 Functions of Stackable Switches

• The stack behaves as a single switching unit

that is managed by a master switch elected
from one of the member switches. The
master switch automatically creates and
updates all the switching and optional
routing tables. A working stack can accept
new members or delete old ones without
service interruption.

© VTC 2013 ILO 3 49

 Link Aggregation

• EtherChannel is a port aggregation technology to aggregate several

physical Ethernet links to create one logical Ethernet link with a
bandwidth equal to the sum of the bandwidths of the aggregated links.
• A limitation of EtherChannel is that all the physical ports in the
aggregation group must be between two switches.

© VTC 2013 ILO 3 50

 Multi-Chassis Link Aggregation (MC-
LAG/MLAG)

• All the ports in a stack behave as one logical unit,

EtherChannel technology can operate across multiple
physical devices in the stack. 

© VTC 2013 ILO 3 51

 Cisco Stacking Technologies
• StackWise and StackWise Plus • Virtual Port Channel (vPC) on Cisco
technology on Catalyst 3750 Nexus 7000 and Nexus 5000.
switches
• Virtual Switching System (VSS)
technology on Catalyst 6500
switches

© VTC 2013 ILO 3 52

 Virtual Port Channel (vPC)

• Cisco refers both VSS and vPC as multichassis EtherChannel

(MCEC) technology.
• The difference between vPC and the Stacking/VSS methods is
that the control planes of the vPC devices are separate. So,
routing tables and STP will be different in different switches
using vPC.
• The control plane at each switch provides independent
forwarding/control plane for each chassis. Each switch's control
plane controls only its own local port state and local forwarding
state.  Its advantages are the system is highly resilient and can
scale to performance limits of each modular chassis. 

© VTC 2013 ILO 3 53

 H3C Stackable Switch Technology
•  Intelligent Resilient Framework (IRF)

© VTC 2013 ILO 3 54

Application of IRF

Access
802.3ad LACP

802.3ad LACP
Core/Distribution
IRF enabled switches

802.3ad LACP

Server
Cluster
 Benefits of Using
Stackable Switches

• Utilizes all available uplink bandwidth

• Allows the creation of resilient Layer 2 topologies based on link
aggregation
• Eliminates the dependence of Spanning Tree Protocol in Layer 2 access
distribution layer(s)
• Enables transparent server mobility, server high available (HA) clusters
• Scales available Layer 2 bandwidth
• Simplifies network design
• Dual-homed servers operating in active-active mode
• Provides faster convergence upon link failure
• Improves convergence time when a single device fails

© VTC 2013 ILO 3 56

 Problems of MC-LAG

• MC-LAG is not an open standard.  Its implementation varies by

vendor.
• Before you choose to use MC-LAG technology, the device need
to have a robust split brain failure detection and determine
how each switch will react and assume or relinquish the
aforementioned roles and state. All of these different
synchronization elements and split brain detection can lead to
a complex matrix of failure scenarios that the switch maker
must test and insure software stability.

© VTC 2013 ILO 3 57