Sunday, September 11, 2022

Spanning Tree Protocol (STP)

STP

  • IEEE 802.1d/802.1t
  • all vlans use same STP (common spanning tree) CST
  • spanning-tree multicast MAC address 01-80-C2-00-00-00
  • BPDU happens every 2 seconds
  • 802.1D States
    • Algorithm:
    1. Select a root bridge
      • bridge with lowest bridge ID
        • bridge ID contains unique ID (e.g. mac addr), and configurable prio #
        • prio is compaired first.  lowest wins. range 0-61440, default 32768
        • If prios are equal, MAC addrs compaired....(lowest wins)
    2. Determine least cost paths to root bridge
      3. port states - draw picture/graph calculating states
      Root Portport on non-root bridge closest to root bridge in terms of cost
      Designated Portport on net segment closest to root bridge in terms of cost
      Non-designated portorts that block traffic in order to preserve loop free l2 topology
      Disabled Portport that is administratively shutdown
      • each bridge determines cost of each possible path from itself to root.  picks one with smallest cost.  Port connecting to that path becomes root port 
      • bridges on a net segment figure out which bridge has least cost path from segment to root.  The port in question becomes the designated port for the segment
    3. Any port that is not a root or designated port can be blocked.
    4. tie breakers
      1. If multiple paths from bridge are least-cost, bridge uses neighbor bridge with lower bridge ID.  This becomes root port.
      2. If multiple paths from segment leads to least-cost path, lower bridge ID is used to forward msgs to root.  Port attaching that brige becomes designated port.
      3. finally lowest port priority is used.
    Data rateSTP Cost (802.1D-1998)STP Cost (802.1t-2001)
    4 Mbit/s2505,000,000
    10 Mbit/s1002,000,000
    16 Mbit/s621,250,000
    100 Mbit/s19200,000
    1 Gbit/s420,000
    2 Gbit/s310,000
    10 Gbit/s22,000

      BPDU

      • frame contains MAC addr of source addr, STP multicast addr as dest (01:08:C2:00:00:00), and prio.
      • Happens every 2 seconds
      • Types of BPDUs:
        • Config BPDUs, used for STP computation
        • Topology Change Notification BPDU announces changes in net topology.  Sent to root.  Root switch sets Top Change flag in normal BPDU.
        • Topology Change Notification Ack
      • BPDU fields 
        • bridge ID - 8 bytes, 2 bytes brige prio, 6 bytes mac addr.
        • if mac addr reduction is used - 1st 2 bytes - 4bytes config prio, 12 bits vlan id or MSTP instance #

      STP switch port states

      • blocking - incoming BPDU can take out of Blocking - 20 second wait for BPDU
      • listening - processes BPDUs - 15 seconds - transitions when doesn't rec valid BPDU
      • learning - learning source addrs, no fwd, add addrs to switching db. - 15 seconds
      • forwarding
      • total time - 30-50 seconds
      • disabled

      STP Port Roles

      • Root - fastest interface/path to root bridge
      • Designated - fast path to Root
      • Non-Designated - Blocking

      Timer Comparison

      Hello(RIP-Invalid)
      (OSPF-Suspicious)      		Dead
      (RIP-Flush)      		Holddown
      RIP30180 (6x)240 (8x)180
      OSPF10 BMA
      30 NBMA      		90 (3x)120 (4x)5 second delay +
      10 seconds Hold
      EIGRP5
      60 WAN < 1.544Mbps      		15 (3x)
      STP220 blocking
      15 listening
      15 learning
      forwarding

      RSTP

      IEEE 802.1w (1998)
      Cisco proprietary - Rapid PVST+
      • 802.1D-2004 incorporates RSTP and obsoletes STP
        • STP can take 30-50 seconds to respond to topology change
        • RSTP typically takes 3*hello (default is 6 seconds total)
        • Edge ports - ports connecting to lan with no other bridges.  Transition directly to forwarding.  Monitor for BPDUs, in case bridge is added.
      • port roles
        • root - best port to get out of router towards root
        • designated - best port to get out of segment (sort of into bridge) to get towards root
        • alternate - alt path to root bridge
        • backup - redundant path to seg where another bridge port connects
        • disabled
      • New BPDUs with new spanning tree info can be sent from upstream/new bridges.  If receiving bridges agree that new info provides better paths, than first bridge can rapidly transition to forwarding, bypassing listening/learning
      • TC bit gets set in BPDU for topology change

      PVST

      Per-VLAN Spanning Tree (PVST and PVST+)
      • Cisco Proprietary - Extreme supports PVST+ except for untagged or VLAN ID 1
      • PVST uses ISL (Cisco Propr VLAN encaps)
      • PVST+ uses 802.1Q encaps.
        • in PVST+, bridge id field has to carry vlan info - add vlan num to priority
      show spanning-tree vlan 100

      MSTP

      Multiple Spanning Tree Protocol
      802.1s merged with 802.1Q-2003
      • per VLAN.  blocks all but one of possible alt paths wihin each spanning tree
      • encodes additional region info after standard RSTP BPDU, and a number of MSTI (Multiple Span Tree Instance) config msgs.  
        • Each MSTI config msg conveys span tree info for each instance.  
        • Each instance can be assigned number of config'ed VLANs.
      • bridges encode MD5 digest of VLAN in MSTP BPDU.
      • compatible with RSTP.  RSTP bridge sees MSTP region as single RSTP bridge.
        • msg age time incr only once when span tree info enters MST region.
        • Ports at edge of MST region known as boundary ports.  Can be configured as edge ports
      • IST - 802.1s Internal Spanning Tree - MSTI0 (see below) - default/special STP instance 0.  Carries RTSP info for IST, and files like config name, rev #, hash value of VLAN to STP instance mapping table (easy to detect misconfig on neighboring switches).
      • MSTI - mult span tree instances - each MSTI may assign diff prios/costs to switches, links, ports.  MSTIs info piggybacked in IST BPDUs in MRecord fields (carries root prio, desig bridge prio, port prio, root path, etc).
      • MSTP (without RSTP, STP,(R)PVST+) uses MaxHops (root is MaxHops, every bridge decrements, when zero, BPDU is ignored, this bridge is not the IST root(?)).
      • DO NOT USE "VLAN pruning" static method of distr VLANs with MSTP enabled.  You get bad blocks.
      • Do USE separate TP for each logical topology (MSTI).

      R-PVST

      Rapid Per-VLAN Spanning Tree
      • Cisco proprietary
      • combines RSTP and PVST

      PortFast and BPDU Guard

      PortFast

      • promise end station only non bpdu
      • tells port to bypass STP Listening and Learning states
        • spanning-tree portfast

      BPDU Guard

      if you see bpdu, put it into err disable (shut/no shut to clear)
      spanning-tree bpduguard enable (port mode)
OR
(global mode)
spanning-tree portfast bpduguard default
spanning-tree portfast default (again global)

      VLANs

      VLAN setting in ethernet packet - See 802.1p/Q section in QOS Notes to see packet/header details.

      Cisco VLAN Commands

      • native vlan is mgmt - untagged - reccomended you dont use vlan 1
      Taken from http://itknowledgeexchange.techtarget.com/cisco/setting-up-a-vlan-with-the-cisco-ios/
      Show vlan brief
Show interfaces switchport
Show ip interface brief
Show int trunk
      And here is how you would configure a VLAN routing on your router with some show commands:
      Router commands
      Interface fastethernet 0/4.1
 Encapsulation dot1q 10
 ip address x.x.x.x y.y.y.y 

Interface fastethernet 0/4.2
 Encapsulation dot1q 20
 ip address z.z.z.z a.a.a.a
      Interface fastethernet 4
      No shutdown
      Show ip interface brief
      Show vlans
      And here is how you would configure a VLAN on your switch:
      Switch commands
      Interface fastethernet 0/1
 switchport mode trunk

Interface fastethernet 0/2
 Switchport access vlan 10
 No shutdown

Interface fastethernet 0/5
 Switchport access vlan 20
 No shutdown

Interface vlan 10
 Ip address x.x.x.x y.y.y.y
 No shutdown

Interface vlan 20
 Ip address x.x.x.x y.y.y.y
 No shutdown

      Cisco STP and VLAN Commands


      sh interfaces switchport
sh spanning tree
Switch0#sh spanning-tree 
 VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 24577
 Address 0003.E475.0A66
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 Bridge ID Priority 24577 (priority 24576 sys-id-ext 1)
 Address 0003.E475.0A66
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 20

 Interface Role Sts Cost Prio.Nbr Type
 -------------------------------------
 Fa0/1 Desg FWD 19 128.1 P2p
 Fa0/10 Desg FWD 19 128.10 P2p
 Fa0/22 Desg FWD 19 128.22 P2p
 Fa0/24 Desg FWD 19 128.24 P2p
 sh interface trunk
 Port Mode Encapsulation Status Native vlan
 Fa0/10 on 802.1q trunking 1
 Fa0/24 on 802.1q trunking 1

 Port Vlans allowed on trunk
 Fa0/10 1-1005
 Fa0/24 1-1005

 Port Vlans allowed and active in management domain
 Fa0/10 1,10,20
 Fa0/24 1,10,20

 Port Vlans in spanning tree forwarding state and not pruned
 Fa0/10 1,10,20
 Fa0/24 1,10,20
sh vlan brief
sh vtp status
---
int fa0/24
 switchport mode trunk (trunk port passes tags, access port strips)
---
vlan 10
 name <name>
(VLANS stored vlan.dot stored in FLASH)
---
int vlan 10
 ip addr 10.10.10.1 255.255.255.0
---
int <interface> 
 switchport mode access
 switchport access vlan 10
---(set spanning tree root)---
spanning-tree vlan <x> priority
spanning-tree vlan <x> root primary
spanning-tree vlan <x> root secondary (wrks in reg STP also)