What secrets do you not know about the spanning tree protocol?

1. Spanning Tree Protocol (STP)

Compaq was long ago called Digital Equipment Corporation (DEC), and was later acquired and renamed to its current name. DEC developed the original version of the spanning tree protocol 30 years earlier. Later, the IEEE developed its own version of STP, named 802.1D. Cisco has begun to complete the transition to another industry standard, the so-called 802.1w, on its new switches.

[[340173]]

The main task of STP is to prevent network loops in Layer 2 networks (bridges or switches). It vigilantly monitors the network to find all available links and shuts down any redundant links to ensure that loops do not occur. STP first creates a topology database using the spanning tree algorithm (STA), then finds and shuts down redundant links. After running STP, data frames can only be forwarded on the optimal link selected by STP.

In the following sections we will look at the most basic content of the spanning tree protocol.

1. Note

STP is a Layer 2 protocol used to maintain a loop-free switched network. In the network shown in Figure 10-9, the spanning tree protocol is necessary.

Figure 10-9 shows a switched network with a redundant topology (switching loop). If some Layer 2 protocol mechanism is not adopted in the network to prevent network loops, this network will encounter the problems discussed earlier: broadcast storms, multi-frame duplication, and MAC table instability.

2. Warning

Warning: It should be noted that the network in Figure 10-9 can sometimes be run without STP, although it will work very slowly. This example clearly shows the damage that switching loops can cause. The worst part is that once the network is running, it can be extremely difficult to find the source of the problem!

2. Spanning Tree Terminology

Before describing in detail how STP works in a network, we first need to learn some basic concepts and terms and understand how they relate to Layer 2 switched networks.

(1) Root Bridge: The root bridge is the bridge with the best bridge ID. For STP, the key is to elect a root bridge for all switches in the network and make the root bridge the most important point in the network. All other decisions in the network, such as which end to block and which port to configure in forwarding mode, need to be based on the relationship with the root bridge. Once the root bridge in the network is elected, all other bridges need to determine a single path to the root bridge. The port on the best path to the root bridge is called the root port.

(2) BPDU: refers to the information that all switches in the network need to exchange with each other for the election of the root switch. This information is also used for the subsequent configuration of the network. Each switch compares the parameters in the Bridge Protocol Data Unit (BPDU) and puts the BPDU received from the neighbor into its own BPDU before transmitting it to other neighbors.

(3) Bridge ID: STP uses the bridge ID to track all switches in the network. The bridge ID is determined by the bridge priority (by default, all Cisco switches have a priority of 32,768) and the bridge MAC address. The bridge with the lowest bridge ID in the network becomes the root bridge.

(4) Non-root bridge: refers to all bridges except the root bridge. Non-root bridges exchange BPDUs with all bridges and update the STP topology database on all switches to prevent loops and provide protection against link failures.

(5) Port cost: When there are multiple links between two switches, port cost is used to determine the best path. The cost of a link depends on the bandwidth of the link.

(6) Root port: The root port is the port on which the link directly connected to the root bridge is located, or the port with the lowest path cost to the root bridge. If there are multiple links connected to the root bridge, the root port can only be determined by checking the bandwidth of each link. In this case, the port with the lowest cost is the root port. If the costs of multiple upstream switches are the same, the bridge with the lower advertised bridge ID is used. When multiple links are connected to the same device, the port connected to the lowest port number on the upstream switch is used.

(7) Designated port: A designated port is a port that has the lowest cost to reach the root bridge through its root port. A designated port is marked as a forwarding port.

(8) Non-designated ports: Non-designated ports are ports with higher overhead than designated ports. After determining the root port and designated ports, the remaining ports are non-designated ports. Non-designated ports will be set to a blocked state and cannot be forwarded.

(9) Forwarding port: A forwarding port refers to a port that can forward data frames. It can be a root port or a designated port.

(10) Blocked port: A blocked port is a port that cannot forward frames. The purpose of setting a blocked port is to avoid loops. However, a blocked port will always listen to BPDU frames and discard all other frames.

3. Spanning Tree Operation

As mentioned earlier, the task of STP is to find all the links in the network and shut down any redundant links to prevent the occurrence of network loops.

To do this, STP first elects a root bridge, which can forward data through all ports and is the reference point for all devices in the STP domain. Once all switches agree to select a switch as the root bridge, each bridge must find its own and only assigned root port. The link between any two switches must have one and only one designated port, which is located on the link that can provide the maximum bandwidth to the root bridge.

It is important to note that a bridge can reach the root bridge via multiple other bridges, which means that this path may not be the shortest path, but it is definitely the fastest (with the largest bandwidth) path.

Obviously, every port on the root bridge is a designated port (a forwarding port for a certain network segment), because the root bridge is always the closest to itself. When the dust settles, those ports that are neither root ports nor designated ports, that is, those non-root ports and non-designated ports, are all set to a blocked state, thus destroying the established switching loop. When deciding the navigation route, if only one person has the decision-making power, things will go very smoothly, so in any given network, only one root bridge is allowed.

1. Root bridge election

The bridge ID will be used to elect the root bridge in the STP domain, and when the available root ports and path costs of multiple candidates are equal, the bridge ID can also determine the root ports of the remaining devices in this STP domain. This ID is 8B long, which includes the priority and MAC address of the device. On all devices running IEEE STP versions, the default priority is 32,768.

To determine the root bridge, each bridge's priority is combined with its MAC address. If two switches or bridges happen to have the same priority value, then the MAC address becomes the basis for determining which device has the lowest (best) ID. If there are two switches, A and B, both using the default priority of 32,768, then the MAC address is the basis for comparison. If switch A's MAC address is 000000101 and switch B's MAC address is 00000.22222, then switch A will become the root bridge. Just remember that when it comes to root bridge election, the lower the value, the better.

By default, before the root bridge election, BPDUs are sent out every 2 seconds through all active ports of the bridge/switch, and again, the bridge with the smallest (best) bridge ID will be elected as the root bridge. Lowering the priority of a bridge can change the ID value so that it automatically becomes the root bridge. In large switched networks, it is important to be able to do this so that the best path is chosen. What you want here is efficiency!

Figure 10-10 shows a typical switched network with redundant switching paths. First, we need to find the root switch; then we can change the priority of the switch to make the non-root bridge become the root bridge.

Looking at Figure 10-10, you can see that Switch A is the root bridge because it has the lowest bridge ID. To prevent a switching loop, Switch B must shut down a port that is connected to Switch A. Remember, although Switch B cannot send through a blocked port, it can still receive BPDU frames.

To determine which port on switch B to shut down, STP first checks the bandwidth value of each link and then shuts down the link with the lowest bandwidth value. Since both links between switches A and B are 100Mbit/s, STP will usually shut down the link with the higher port number. In this example, 12 is higher than 11, so port 12 will be set to blocking mode. Changing the default priority is the best way to select a root bridge. It is important to select the switch closest to the center of the network as the root bridge. This configuration ensures that STP converges quickly.

Let's try to make switch B the root bridge in the network. Below is the output of switch B, which shows the default priority. The show spanning-tree command can be used here:

Here, we immediately notice two things: Switch B is running the IEEE 802.1d protocol (given as "ieee" in the output), and the first output (RootID) is the information about the root bridge in this switched network. Note that this root bridge is not Switch B. The port of Switch B to the root bridge (the so-called root port) is Port 1. The Bridge ID here is actually the information of the spanning tree bridge ID formed by Switch B and VLAN 1, which is represented as VLAN0001. Note that each VLAN can have a different root bridge. The MAC address of Switch B is also listed here, and it can be seen that it is different from the MAC address of the root bridge.

The priority of switch B is 32 768, which is the default priority for all switches. Note that it is shown here as 32 769, which is the result of adding it to the VLAN ID, so it can be inferred that for VLAN 1, it will be shown as 32 769. For VLAN 2, it will be 32 770, and so on.

As mentioned above, by modifying the priority, you can designate a switch to be the root bridge in the STP network. Now, switch B is designated as the root bridge. You can use the following command to modify the priority of a bridge on a Catalyst switch:

The priority can be set to any value between 0 and 61,440. Setting the priority to zero (0) means that the switch is always the root bridge (assuming it always has a lower MAC than other switches, assuming their bridge IDs are also set to 0). The bridge priority value increases in increments of 4096. If you need to set a switch as the root bridge for all VLANs in the network, you must change the priority for each VLAN. 0 is the lowest priority that can be used. It is best not to set the priority of all switches to 0.

Please see the output below. After changing the priority of switch B in VLAN 1 to 4096, we have successfully designated this switch as the root bridge:

Now, the MAC address of the root bridge is the same as the bridge priority of switch B, which indicates that switch B has become the root bridge. It is very important to understand the command show spanning-tree.

!Note Believe it or not, there is another command that can be used to set up a root bridge.

2. Spanning tree port status

For a bridge or switch running IEEE 802.1d STP, its end state will transition between five different states.

• Blocked A blocked port cannot forward data frames; it only listens to BPDU frames.
• Use a path with loops. When the switch is powered on, all ports are in blocking state by default.
• The listening port listens to BPDU to ensure that there is no loop on the network before starting to transmit data frames. A port in the listening state is ready to forward data frames without forming a MAC address table.
• The learning switch port listens to BPDU and learns all paths in this switched network. The port in the learning state begins to form a MAC address table, but still cannot forward data frames. Forwarding delay refers to the time it takes to convert a port from the listening state to the learning mode (or from the learning to the forwarding mode). The default setting is 15 seconds, which can be viewed with the command show spanning-tree.
• The forwarding port sends and receives data frames on all bridge ports. If the port is still a designated port or root port at the end of the learning state, it enters the forwarding state.
• Disabled (technically it is not a transitional state) A port in the disabled state cannot (administratively) participate in frame forwarding or STP. A port in the disabled state is essentially inoperative.

Note that the switch can form a MAC address table only in learning and forwarding mode.

In most cases, the ports on a switch are either in a blocking or forwarding state. The forwarding port is usually the port with the lowest (best) cost to the root bridge. But if the network topology changes (perhaps because a link fails or someone adds a new switch), you will find that the ports on the switch are switching between the listening and learning states.

I mentioned that blocking ports is a strategy to prevent network loops. Once a switch determines the best path to the root bridge for its root port and any designated ports, all other redundant ports will be blocked. Blocked ports can still receive BPDUs, but they can no longer send any frames.

If the switch determines a blocked port as a designated port or root port due to a change in network topology, it will enter listening mode and check all received BPDUs to ensure that it does not create a network loop once the port enters forwarding mode.

3. Convergence

Convergence occurs when all ports on a bridge or switch are switched to forwarding or blocking mode. No data can be forwarded until convergence is complete. Yes, that's right: During STP convergence, all host data stops being sent! Therefore, if you want to maintain good relationships (or long-term employment) with your network users, you must ensure that your switched network is designed so that STP can converge quickly.

Figure 10-11 shows the issues that must be paid special attention to when designing and implementing a switched network to ensure that STP can converge efficiently.

Convergence is important because it ensures that all devices have a coordinated, unified database. But I need to emphasize again that convergence actually takes some time. The transition from blocking to forwarding mode usually takes 50 seconds, and it is recommended not to change the default STP timer time (but you can adjust these timer settings if necessary or when dealing with large networks). You can make STP converge quickly and well by creating a hierarchical switch practical design as shown in Figure 10-11, and try to make the core switch the root bridge of STP.

On a switch port, the typical spanning tree topology convergence time from blocking to forwarding is 50 seconds, which can cause timeout issues on the server or host, such as restarting the switch. To address this issue, you can use port fast on individual ports to

Disable the spanning tree protocol.

4. Spanning Tree Port Fast

If you connect servers or other devices to the switch, and you are absolutely sure that these links will not cause switching loops due to disabling STP, you can use the so-called PortFast on these ports. Using PortFast means that when STP converges, this port does not take 50 seconds to enter forwarding mode.

Here are the commands to accomplish this configuration, it's pretty simple:

We haven't formally introduced trunk ports yet. Basically, trunk ports are used to connect switches and pass VLAN information between switches. If you want to enable port fast on a trunk port, you must be particularly careful. Ports between switches usually need to run STP, so this is not a typical configuration. Next, let's take a look at what the switch will tell us when port fast is enabled on an interface:

We enabled port speed on port F0/1. Notice that a rather long message is given here, telling you to be careful when doing this. Another very useful interface command is range, which can be used to configure multiple ports on the switch at the same time. Here is an example:

 Switch(config)#int range fastEthernet 0/1 - 12
 Switch(config-if-range)#spanning-tree portfast

By simply typing the range and configure portfast commands described above followed by a return, we can set all 12 ports on this switch to portfast mode. Hopefully, this configuration will not create any loops! Again, be extremely careful when using portfast. Also note that the interface range command can be used in conjunction with any command. In the example above, it is used with the portfast command.

5. UplinkFast of spanning tree

UplinkFast is a Cisco-specific feature that can be used to shorten the STP convergence time when a link fails. Note that, like the portfast command, you need to be especially careful when using this command! The UplinkFast feature is designed to run in a switched environment and is only needed when the switch has at least one replaceable/backup root port (a port in a blocked state). This is why Cisco only recommends enabling UplinkFast in a typical application, that is, when the switch port at the access layer is blocked.

UplinkFast allows the switch to find an alternative path to the root bridge before the primary link fails. This means that if the primary link fails, the alternative backup link will be enabled first, so that the port does not have to wait for the usual 50 seconds required for STP convergence. Therefore, if you are running 802.1d STP and have redundant links configured on the access layer switches, then you definitely need to turn on UplinkFast. However, in a Cisco multilayer design, do not use Uplinkfast lightly if you do not know the topology design structure of the alternative/backup root link that is usually used for the distribution layer and core layer switches.

6. BackboneFast for Spanning Tree

Unlike UplinkFast, which can identify and quickly repair link failures on the local switch, Cisco also has a dedicated STP extension feature BackboneFast that can speed up convergence in the case of link failures that are not directly connected to the switch. When a switch running BackboneFast receives a poor quality BPDU from the designated bridge, it knows that a link in the path to the root bridge has failed. To be clear, a poor quality BPDU is a BPDU that gives a list of switches of the same type as the root bridge and the designated bridge.

In addition, BackboneFast is different from UplinkFast. Uplinkfast can only be configured on access layer switches or switches with redundant links (and at least one of the links is in blocking mode), while BackboneFast can be enabled on all Catalyst switches, so that failures on non-direct links can be detected. The benefit of enabling BackboneFast is that it can speed up the reconfiguration process of the spanning tree, saving 20 seconds in the default 50-second STP convergence time.

7. Rapid Spanning Tree Protocol (RSTP) 802.1w

Do you wish that in your switched network (regardless of the brand of switches), not only was STP well configured, but all of the features just discussed were built in and enabled on every switch? Of course you can! Then welcome to the world of Rapid Spanning Tree Protocol (RSTP).

Cisco created PortFast, UplinkFast, and BackboneFast to "fix" the holes and flaws in the IEEE 802.1d standard. The downside to these improved features is that they are all Cisco-specific and require additional configuration. But the new 802.1w standard (RSTP) solves all these "problems" and all you need to do is turn on RSTP. It is important to make sure that all switches in the network can run the 802.1w protocol correctly.

!Note that RSTP does interoperate with the traditional STP protocol, which may surprise you. But you need to know that 802.1w loses its inherent fast convergence capability when it interacts with traditional bridges.

RSTP is not a "new" protocol, but it is a step up from the 802.1d standard and has faster convergence times when topologies change. Backward compatibility was a must when creating 802.1w.

802.1w redefines five port states:

• Prohibit = discard
• Block = discard
• Listen = Abandon
• Study = Learn
• Forward = Forward

The method for finding the root bridge, root port, and designated port has not changed; however, the method for determining the cost of each link needs to be relearned. Table 10-1 shows the bandwidth-based IEEE cost that STP and RSTP use to determine the best path to the root bridge.

Let's take a look at how to use the modified IEEE overhead specification to determine the port. Figure 10-12 shows such an example. In Figure 10-12, which switch will become the root bridge, and which ports will become the root port and designated port?

Switch C has the lowest MAC address, so switch C will be the root bridge, and all ports on the root bridge are forwarding ports. This is the easy part. Which is the root port of switch A? If the path between switch A and switch B is gigabit, then its cost can only be 4, but they are fast Ethernet links, so the link cost between switches A and B is 19.

Looking at the link cost between switches B and C, we can see that it is 4 because it is a Gigabit link; however, since the link between switches D and C is a Fast Ethernet link, its cost is 19, the same as the link between switches A and B. The total cost of the path from switch A to C through switches B and D is 19+4+19 = 42. If we go directly from switch A to switch C, the cost is lower (19), so Fa0/1 on switch A is our root port. For switch B, the best path goes through switch D, which has a cost of 4+19=23, so Gi0/1 on switch B is the root port and Gi0/2 on switch D is the root port. On the link between switches A and B, we only need one forwarding port, and since switch A has the lower bridge ID, Fa0/2 on switch A will be the forwarding port. All ports not listed here will be put into blocking mode (unassigned state) to prevent loops.

If it's still not clear, remember that you only need to find the root bridge, then the root port, then the designated port. The best way to understand this is to practice, so let's look at an example, as shown in Figure 10-13.

Which bridge will be the root bridge? With all priorities set to default, SW-C will be the root bridge as it has the lowest MAC address. We will soon see that SW-D has a Gigabit port connected to SW-C, so it will be the root port for SW_D with a cost of 4. SW-B's best path is also directly connected to the Gigabit port of SW-C, also with a cost of 4, but what about SW-A? SW-A's root port will not be the directly connected 100 Mbit/s port, which has a cost of 19, but the Gigabit port connected to SW_D and then to SW-C, which has a total cost of only 8.

8. EtherChannel

In addition to configuring redundant links and allowing STP to set a link to blocking (BLK) mode, we can also bundle multiple links together to create a logical aggregation so that multiple links can work like a single link. Since this approach provides the same redundancy as STP, why don't we bundle these redundant links together?

Again, there are two different versions to choose from, Cisco's EtherChannel and the IEEE's version of the Port Channel Negotiation Protocol. Cisco's version is called the Port Aggregation Protocol (PAgP), while the IEEE's 802.3ad standard is called the Link Aggregation Control Protocol (LACP). Both versions work well, but the configurations are different.