Spanning Tree Protocol

CHAPTER 2

THE NEED FOR SPANNING TREE

Broadcast frames would travel around redundant paths forever quickly consuming available bandwidth without some form of loop prevention

SPANNING TREE
A mesh topology use Spanning Tree Kind of converts a mesh into a star Chooses what ports to block Maintains only ONE active path between LAN segments (Collision Domains) Stops LANs from having redundant links Stops Broadcast Loops Network meltdown Caused by broadcast storms How do you stop a loop in progress?

OTHER SIDE EFFECTS OF STORMS

MAC table instability Continually updating MAC Tables Multiple copies of the same frame

WHAT SPANNING TREE DOES

Avoids bridging loops by putting some interfaces into a blocking state based on their Bridge Port Data Unit (802.1d)

ROOT BRIDGE PRIORITY

Is an 8 byte value unique to each switch Consists of 2 byte priority field and 6 byte system ID The system ID is based on the MAC address in each switch STP defines messages called bridge protocol data units (BPDU) which switches use to exchange information with each other The switch with lowest Root Bridge ID is the Root switch or Root Bridge

BRIDGE PROTOCOL DATA UNITS

Used to determine the root bridge, designated bridge as well as which ports are in forwarding and block states. Exchanged between the switches on regular intervals. STP defines messages called bridge protocol data units (BPDU) which switches use to exchange information with each other

HOW SPANNING TREE WORKS

STP elects a root switch (or bridge) and puts all working interfaces on the switch into forwarding state Each non-root switch chooses the port with the lowest cost between itself and the root switch, called the root port (RP), and places it into forwarding state Many switches can attach to the same Ethernet segment and the switch with the lowest cost from itself to the root bridge, as compared with the other switches on the segment, is placed into forwarding state The lowest cost switch on each segment is called the designated bridge and that bridges interface attached to that segment is called the designated port (DP) All other interfaces are placed into blocking state

HOW SPANNING TREE WORKS

Spanning simply picks the interfaces to forward or to block based on 3 criteria:

1.

2.

3.

Root Bridge All interfaces on this bridge / switch are in Forwarding Non Root bridge has at least one of its ports to have the lowest cost back to the root bridge. This is called the Root Port and is in forwarding state. The Bridge with the lowest administrative cost between itself and the root bridge is called the Designated Bridge. The interface attached to this segment is called the Designated Port.

STP REASONS FOR FORWARDING OR BLOCKING

Root switch forwards on all up/up interfaces If an interface is not UP state it is taken out of the STP pool Interfaces not chosen not to forward (FS Forward State) are in Blocked state Non Root switch finds the lowest cost between itself and root

STEP 1: ELECTING THE ROOT SWITCH

When a switch comes online it sends out BPDUs. The Following Are specified.

1. 2. 3.

Root Bridges ID The MAC Address plus the Priority of the Bridge. The Cost to Reach the Root Bridge The Bridge ID of the sender of the BPDU.

The Election process starts the lowest Bridge ID becomes the Root Bridge.

BPDU Starts with Priority, so lowest Priority wins. If tie goes to the lowest MAC Address

ELECTING THE ROOT SWITCH

All switches say Hello All switches claim to the root switch! One by one comparison is made till the lowest Bridge ID is found

THE START OF THE ELECTION PROCESS

STEP 2: CHOOSING EACH SWITCHES ROOT PORT

Once the Root Switch has been elected the process of choosing each switches Root Port begins Switch Root Port (RP)

The

interface through which it has the least SPT cost to reach the root switch Most of the time you only have one connection

STP TIMERS

Dont mess with the defaults. Timers are set for a reason. They work!!!

WHEN NETWORK CHANGES HAPPEN

Each switch sends out hello BPDU when a change occurs

Time Default 2 Seconds. The time it takes for a root bridge to send out BPDUs. MaxAge Default 20 Seconds. Time before to change the STP topology. Forward Delay Delay that affects the time involved when an interface changes from blocking stat to forwarding state. (Default time is about 50 seconds)
Hello

OPTIONAL STP FEATURES

Cisco has adopted 802.1d STP EtherChannel Combines multiple channels into one single channel on a switch. This way if one channel goes down another can take its place and no effect to STP

Must be same speed Must be same destination All trunks Eight interfaces max EtherChannel does combine the bandwidth of the channels

PortFast Allows a port to go right into Forwarding.

STP CONVERGENCE

PAGE 75

When STP converges a switch transitions interfaces from one state to another, however, a transition from blocking to forwarding cannot be done immediately because forwarding data could temporarily cause frames to loop

Listening State 15 seconds - Interfaces in this state do not forward frames but old MAC table entries are timed out because incorrect MAC entries could cause temporary loops Learning State 15 seconds - Interfaces in the state still do not forward frames but the switch begins to learn the MAC addresses of frames received on the interface

STP SECURITY

Switch interfaces that connect to end-user locations have some security exposures Attackers could connect a switch with a low STP priority and become the root switch The attacker could connect a LAN analyzer and copy large amounts of data sent through the LAN The Cisco BPDU Guard feature helps defeat these kinds of problems by disabling the port of BPDUs are received on the port This is normally used in conjunction with PortFast on an access port The Cisco Root Guard feature helps defeat the problem where a rogue switch tries to become the root switch If a port with Root Guard enabled received BPDU with superior root ID, the BPDU will be ignored and the interface will be disabled

RAPID STP (IEEE 802.1W)

Works very similarly to 802.1d STP

Elects

with same parameters Elects root port on non root switches with same parameters Elects designated ports on each LAN segments with the same Rule Place forwarding and blocking state. (RSTP blocking is called Discarding)

RSTP IMPROVEMENTS
Can be deployed on switches along side of STP Convergence is a lot faster with RSTP

Typically

about 10 seconds compared to 50 seconds for STP Not designed to work with hubs But most networks dont use hubs Main advantage is speed!

RSTP LINK AND EDGE TYPES

Link type Point to Point

Links

switches point to point with no hubs in the middle

Link Type Shared

Between

a switch and a hub In this type, there is no improvement on Convergence time.

Edge Type
End

node to switch

RSTP PORT STATUS

The following table describes the new RSTP terms for port states

RSTP PORT ROLES

Root Port The port which the switch hears the best BPDU Alternate Port Used when the root port goes Down.

Receives suboptimal root BPDUs

Backup Port When a switch has two links to the same segment. Knows it is a backup port when it receives the same BPDU it send out back.

Backup Ports are on Hubs

Disabled Port Is administratively down.

STP CONFIGURATION AND VERIFICATION

STP works without being configured By default all switches have the same priority The lowest burned in MAC becomes root

Is

this a problem?

What happens when you add a switch? What happens when you remove a switch?

STP TROUBLESHOOTING
Very seldom have to mess with it! Step 1 Determine the root switch Step 2 For each non-root switch, determine the root port (RP) and cost to reach the root switch through that RP Step 3 For each segment, determine the designated port (DP) and the cost advertised by the DP onto that segment

DETERMINING THE ROOT SWITCH

Step 1 Pick a switch and find the switchs root BID and local BID using the show spanning-tree vlan vlan-id command Step 2 If the root BID and local BID are equal, then the local switch is the root switch Step 3 If the root BID and local BID are not equal then

Find the RP on the local switch with show spanningtree command Using CDP or other documentation determine which switch is on the other end of the RP Log onto the switch on the other end of the RP and repeat the process starting at step 1

DETERMINING THE ROOT PORT ON NON-ROOT SWITCHES

Step 1 Determine all possible paths over which a frame can reach the root switch Step 2 For each path add the costs of all outgoing interfaces in the path Step 3 The lowest cost found is the RP Step 4 If the cost ties, use port priority, and if that ties use the lowest port number