None
Redundancy at digidraft.net

Redundancy

2017-05-02

IEEE 802.1D

    BPDU frames uses multicast destination address 01:80:C2:00:00:00. Single instance of STP - Common Spanning Tree (CST). All CST BPDUs are transmitted over native VLAN.


Two types of BPDU:

  • Configuration BPDU - spanning-tree computation
  • Topology Change Notification (TCN) BPDU - network topology changes

    Configuration BPDU Š¼essage:

Field Bytes
Protocol ID (always 0) 2
Version 1
Message Type (Configuration or TCN BPDU) 1
Flags 8
Root Bridge ID 4
Root Path Cost 8
Sender Bridge ID 2
Port ID 2
Message age (in 256ths of a second) 2
Maximum age (in 256ths of a second) 2
Hello time (in 256ths of a second) 2
Forward delay (in 256ths of a second) 2

    Topology Change Notification BPDU message:

Field Bytes
Protocol ID (always 0) 2
Version (always 0) 1
Message Type (Configuration or TCN BPDU) 1

     By default, BPDUs are sent every 2 seconds.

    The bridge id - 8 byte:

  • bridge priority (2 bytes ) - 0 to 65,535, default is 32,768
  • MAC address (6 bytes ) - come from the Supervisor module, the backplane, or a pool of 1024 addresses that are assigned to every supervisor or backplane, depending on the switch model
  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)
             Address     d072.dc44.5300

    Electing a Root Bridge:

  • A switch sending out BPDUs with a root bridge ID and sender bridge ID equals to its own bridge ID.
  • Accepted BPDUs are checked for lower bridge ID there (lower - better).
  • Substitute better root bridge ID in the BPDU announcements, still identifies itself as the sender bridge ID.

After all, configuration BPDUs are sent only by the root bridge.

    Calculation of the root path cost:

  • The root bridge sends a BPDU with a root path cost equal to 0.
  • To accepted BPDU adds the path cost of incoming port, records the value of incomming messege in memory (if lower value will come).
  • Sending out BPDUs with new aggregated value as the root path cost.

    Electing Designated Ports:

  • Lowest root bridge ID
  • Lowest root path cost to root bridge
  • Lowest sender bridge ID
  • Lowest sender port ID

    States:

State Action Time, c.
Blocking Receive BPDUs n/a
Listening Send and receive BPDUs 15
Learning Send and receive BPDUs, learn MAC addresses 15
Forwarding Send and receive BPDUs, learn MAC addresses, send and receive data n/a

    Timers:

Name Definition Duration, c
Hello Interval between configuration BPDU 2
Forward
delay
Listening and Learning states 15
Max age Maximum length of time a BPDU can be stored without
receiving an update. Timer expiration signals an indirect failure
with designated or root bridge
20

    TCN BPDU sends out root port only, it contains no data about the change, not sends out PortFast. A switch which send TCN wait an acknowledgement from a peer. When TCN reaches a root he sets the Topology Change flag in its Configuration BPDU. All not-root bridges cut their aging times from the default (300 seconds) to the forward delay value (default 15 seconds).

    Different types of topology changes:

Direct Topology Changes

  • C and A detects link down on gi1/0/1
  • Switch C removes the best BPDU. Without UplinkFast on gi1/0/1 C wouldn't send TCN to root
  • A sends a Configuration BPDU with the TCN bit set
  • B and C cut their bridging table aging times to the forward delay time
  • Gi1/0/2 on C becomes the new root port

The total connection-lost time on C - 30 seconds.

Indirect Topology Changes

  • C whait new best BPDU from the Root
  • Gi1/0/2 go to Forwarding through Blocking, Listening and Learning states

The total connection-lost time on C - 20+2+15+13=52 seconds.

Insignificant Topology Changes

  • Gi1/0/33 goes down
  • C send TCN to gi1/0/1
  • Root send TCN acknowledgment back and Configuration BPDU with the TCN bit set down
  • B and C cut bridge table aging times.

By enabing PortFast TCNs are not sent when the port changes state and skip Listening and Learning states.

Configuration

Enable instance:

Switch(config)# spanning-tree vlan vlan-id

Enable instance on port:

Switch (config-if)# spanning-tree vlan vlan-id

Formats for a STP bridge ID:

  • 802.1D (default) - bridge priority (16 bits) + switch MAC address for the VLAN
  • 802.1t  (if not support 1024 unique MAC addresses) - 4-bit priority multiplier + 12-bit VLAN ID + nonunique switch MAC address for the VLAN

Enable 802.1t:

Switch(config)# spanning-tree extend system-id

Set bridge priority (default 32,768):

Switch(config)# spanning-tree vlan vlan-list priority bridge-priority

or

Switch(config)# spanning-tree vlan vlan-id root { primary | secondary } [ diameter diameter ]

Path Cost:

Switch (config-if)# spanning-tree [ vlan vlan-id ] cost cost

Port Priority:

Switch(config)# spanning-tree vlan [ vlan-id ] root primary
% Failed to make the bridge root for vlan 100
% It may be possible to make the bridge root by setting the priority
% for some (or all) of these instances to zero.

    The current root bridge has a bridge priority of 4196. Because that priority is less than 24,576, the local switch will try to set its priority to 4096 less than the current root. Although the resulting priority would be 100, the local switch is using an extended system ID, which requires bridge priority values that are multiples of 4096. The only value that would work is 0, but the automatic method will not use it. Instead, the only other option is to manually configure the bridge priority to 0.

Switch(config-if)# spanning-tree vlan [ vlan-id ] port-priority [0 - 255]

STP Timers:

Switch(config)# spanning-tree [ vlan vlan-id ] hello-time seconds
Switch(config)# spanning-tree [ vlan vlan-id ] forward-time seconds
Switch(config)# spanning-tree [vlan vlan-id ] max-age seconds
Switch(config)# spanning-tree vlan vlan-list root { primary | secondary } [ diameter diameter [ hello-time hello-time ]]

PortFast:

Switch(config)# spanning-tree portfast default

Macro configuration  PortFast, access, disables PAgP:

Switch(config-if)# switchport host

UplinkFast:

    If the primary root port uplink fails, another blocked uplink immediately can be brought up for use. It enabled for all VLANs.

Switch(config)# spanning-tree uplinkfast [max-update-rate pkts-per-second (default 150 pps) ]

    It sets priority to 49,152, port cost incremented by 3000. UplinkFast also provides a mechanism for the local switch to notify other upstream switches that stations downstream can be reached over the newly activated uplink. The switch accomplishes this by sending dummy multicast frames to destination 0100.0ccd.cdcd on behalf of the stations contained in its CAM table.

BackboneFast:

    Works in case of indirect link failure. A switch detects an indirect link failure when it receives inferior BPDUs from its designated bridge on either its root port or a blocked port. (Inferior BPDUs are sent from a designated bridge that has lost its connection to the root bridge, making it announce itself as the new root.)

  • If the inferior BPDU arrives on a port in the Blocking state, the switch considers the root port and all other blocked ports to be alternative paths to the root bridge.
  • If the inferior BPDU arrives on the root port itself, the switch considers all blocked ports to be alternative paths to the root bridge.
  • If the inferior BPDU arrives on the root port and no ports are blocked, however, the switch assumes that it has lost connectivity with the root bridge. In this case, the switch assumes that it has become the root bridge, and BackboneFast allows it to do so before the Max Age timer expires.

    If the local switch has blocked ports, BackboneFast begins to use the Root Link Query (RLQ) protocol to see whether upstream switches have stable connections to the root bridge.
    First, RLQ Requests are sent out. If a switch receives an RLQ Request and either is the root bridge or has lost connection to the root, it sends an RLQ Reply. Otherwise, the RLQ Request is propagated on to other switches until an RLQ Reply can be generated. On the local switch, if an RLQ Reply is received on its current root port, the path to the root bridge is intact and stable. If it is received on a nonroot port, an alternative root path must be chosen. BackboneFast can reduce the maximum convergence delay only from 50 to 30 seconds.

Switch(config)# spanning-tree backbonefast

    BackboneFast should be enabled on all switches in the network.

Protection

Root Guard

    If enabled on port switch will not allow a superior BPDU from another switch. Port will be conserved in the root-inconsistent state. No data can be sent or received,  switch listen to BPDUs.

Switch(config-if)# spanning-tree guard root

    When the superior BPDUs no longer are received, the port is cycled through the normal STP states to return to normal use. When a superior BPDU is heard on the port, the entire port (for all VLANs), in effect, becomes blocked.

BPDU Guard

    When a BPDU occurs on port with portfast bpduguard enabled on it, that port is put into errdisable state.

Switch(config)# spanning-tree portfast bpduguard default
Switch(config-if)# [ no] spanning-tree bpduguard enable

Loop Guard

    It keeps track of the BPDU activity on nondesignated ports. When BPDUs go missing, Loop Guard moves the port into the loop-inconsistent state. When BPDUs are received on the port again, Loop Guard allows the port to move
through the normal STP states and become active.

Switch(config)# spanning-tree loopguard default
Switch(config-if)# [ no ] spanning-tree guard loop

UDLD

    UDLD messages are sent every 15 seconds(default). UDLD can detect a unidirectional link after about three times the UDLD message interval (45 seconds total, using the default).

    UDLD modes:

  • Normal - generates a syslog message
  • Aggressive - messages are sent out once a second for 8 seconds when condition is detected. If none of those messages is echoed back, the port is placed in the errdisable state so that it cannot be used.
Switch(config)# udld { enable | aggressive | message time seconds }
Switch(config-if)# udld { enable | aggressive | disable }

To reenable UDLD on all ports:

Switch# udld reset

BPDU filtering

    This command prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. If a BPDU is received on a Port Fast-enabled interface, the interface loses its Port Fast-operational status, and BPDU filtering is disabled.

Switch(config)# spanning-tree portfast bpdufilter default
Switch(config-if)# spanning-tree bpdufilter { enable | disable }

Advanced STP

RSTP (IEEE 802.1w).

    Port roles:

  • Root port - identical to 802.1D
  • Designated port - identical to 802.1D
  • Alternate port - A port that has an alternative path to the root, different from the path the root port takes. This path is less desirable than that of the root port. (An example of this is an access layer switch with two uplink ports; one becomes the root port, and the other is an alternate port.)
  • Backup port - A port that provides a redundant (but less desirable) connection to a segment where another switch port already connects. If that common segment is lost, the switch might or might not have a path back to the root.

    Port states:

  • Discarding - Incoming frames merely dropped; no MAC addresses are learned.
  • Learning - Incoming frames are dropped, MAC addresses are learned.
  • Forwarding - Incoming frames are forwarded MAC addresses are learned.

    In RSTP  bits in the Message Type field are used. RSTP uses an interactive process so that two neighboring switches can negotiate state changes. The BPDU version is set to 2. Some BPDU bits are used to flag messages during this negotiation. BPDUs are sent out every switch port at hello time intervals, regardless of whether BPDUs are received from the root. In this way, any switch anywhere in the network can play an active role in maintaining the topology. Switches also can expect to receive regular BPDUs from their neighbors. When three BPDUs are missed in a row, that neighbor is presumed to be down, and all information related to the port leading to the neighbor immediately is aged out. This means that a switch can detect a neighbor failure in three Hello intervals (default 6 seconds), versus the Max Age timer interval (default 20 seconds) for 802.1D.

    When a switch first joins the topology (perhaps it was just powered up) or has detected a failure in the existing topology, RSTP requires it to base its forwarding decisions on the type of port.

    Port Types:

  • Edge - a single host connects, just like STP PortFast does. If a BPDU ever is received on an edge port, the port immediately loses its edge port status.
  • Root - best cost to the root
  • Point-to-point - any port that connects to another switch and becomes a designated port. A quick handshake with the neighboring switch, rather than a timer expiration, decides the port state. BPDUs are exchanged back and forth in the form of a proposal and an agreement. One switch proposes that its port becomes a designated port; if the other switch agrees, it replies with an agreement message.

    Full-duplex ports are detarminated as Point-to-point. STP convergence can occur quickly over a point-to-point link through RSTP handshake messages.
    On Half-duplex ports the 802.1D convergence must be used. This results in a slower response because the shared-medium ports must go through the fixed Listening and Learning state time periods.

    For each nonedge port, the switch exchanges a proposal-agreement handshake to decide the state of each end of the link. Each switch assumes that its port should become the designated port for the segment, and a proposal message (a configuration BPDU) is sent to the neighbor suggesting this.

    The following sequence occurs when proposal message received:

  • If the proposal’s sender has a superior BPDU, then port must become the new root port.
  • all nonedge ports immediately are moved into the Discarding state.
  • an agreement message (a configuration BPDU) is sent back to the sender, indicating that the switch is in agreement with the new designated port choice. This also tells the sender that the switch is in the process of synchronizing itself.
  • for each nonedge port that is in the Discarding state, a proposal message is sent.
  • an agreement message is expected and received from a neighbor on a nonedge port
  • the nonedge port immediately is moved to the Forwarding state.

    The recipient of the proposal must synchronize itself by effectively isolating itself from the rest of the topology. All nonedge ports are blocked until a proposal message can be sent, causing the nearest neighbors to synchronize themselves. 

    RSTP detects a topology change only when a nonedge port transitions to the Forwarding state. BPDUs, with their TC bit set, are sent out all the nonedge designated ports. This is done until the TC timer expires, after two intervals of the Hello time. MAC addresses associated with the nonedge designated ports are flushed from the CAM table. All neighboring switches that receive the TC messages also must flush the MAC addresses learned on all ports except the one that received the TC message. Those switches then must send TC messages out their nonedge designated ports.

RSTP Configuration

Switch(config-if)# spanning-tree portfast
Switch(config-if)# spanning-tree link-type point-to-point

RPVST+

Switch(config)# spanning-tree mode rapid-pvst

MSTP (IEEE 802.1s)

    If two switches have the same set of attributes, they belong to the same MST region. If not, they belong to two independent regions:

  • MST configuration name (32 characters)
  • MST configuration revision number (0 to 65535)
  • MST instance-to-VLAN mapping table (4096 entries)

    The entire MST instance-to-VLAN mapping table is not sent in the BPDUs because the instance mappings must be configured on each switch. Instead, a digest, or a hash code computed from the table contents, is sent.

    Within a single MST region, an Internal Spanning Tree (IST) instance runs to work out a loop-free topology between the links where CST meets the region boundary and all switches inside the region.

    Inside a region, the actual MST instances (MSTI) exist alongside the IST. Cisco supports a maximum of 16 MSTIs in each region. The IST always exists as MSTI number 0, leaving MSTIs 1 through 15 available for use.

MST Configuration

Switch(config)# spanning-tree mode mst
Switch(config)# spanning-tree mst configuration
Switch(config-mst)# name name
Switch(config-mst)# revision version
Switch(config-mst)# instance instance-id vlan vlan-list
Switch(config-mst)# show pending

Aggregating Switch Links

    Two to eight links can be bundled. This bundle provides a full-duplex bandwidth of up to 1600 Mbps (eight links of Fast Ethernet), 16 Gbps (eight links of GE), or 160 Gbps (eight links of 10GE).

    All bundled ports first must:

  • belong to the same VLAN
  • same trunking mode
  • same native VLAN
  • same set of VLANs
  • have speed
  • have duplex
  • identical spanning tree settings.

    Hashing algorithms:

  • src-ip - Bits
  • dst-ip - Bits
  • src-dst-ip - XOR
  • src-mac - Bits
  • dst-mac - Bits
  • src-dst-mac - XOR
  • src-port - Bits
  • dst-port - Bits
  • src-dst-port - XOR
Switch(config)# port-channel load-balance method

    To verify how effectively a configured load-balancing method is performing:

Switch#show etherchannel port-channel

    Each link in the channel is displayed, along with a hex “Load” value. Although this information is not intuitive, you can use the hex values to get an idea of each link’s traffic loads relative to the others. 

EtherChannel Negotiation Protocols

Negotiation Mode Negotiation Packets Sent Characteristics
PAgP LACP    
On On No All ports channeling
Auto Passive Yes Waits to channel until asked
Desirable Active Yes Actively asks to form a channel

PAgP

    Ports that have the same neighbor device ID and port group capability are bundled together as a bidirectional, point-to-point EtherChannel link. If the configured VLAN, speed, or duplex mode of a port in an established bundle is changed, PAgP reconfigures that parameter for all ports in the bundle.

LACP (IEEE 802.3ad)

    The switch with the lowest system priority (a 2-byte priority value followed by a 6-byte switch MAC address) is allowed to make decisions about what ports actively are participating in the EtherChannel at a given time.

    Ports are selected and become active according to their port priority value (a 2-byte priority followed by a 2-byte port number), where a low value indicates a higher priority. A set of up to 16 potential links can be defined for each EtherChannel. Through LACP, a switch selects up to eight of these having the lowest port priorities as active EtherChannel links at any given time. The other links are placed in a standby state and will be enabled in the EtherChannel if one of the active links goes down.

EtherChannel Configuration

Switch(config)# interface type member/module/number
Switch(config-if)# channel-protocol pagp
Switch(config-if)# channel-group number mode { on | {{ auto | desirable } [ non-silent ]}}

    The silent submode listens for any PAgP packets from the far end, looking to negotiate a channel. If none is received, silent submode assumes that a channel should be built anyway, so no more PAgP packets are expected from the far end. 

    If you expect a PAgP-capable switch to be on the far end, you should add the non-silent keyword to the desirable or auto mode. This requires each port to receive PAgP packets before adding them to a channel. If PAgP is not heard on an active port, the port remains in the up state, but PAgP reports to the Spanning Tree Protocol (STP) that the port is down.

Switch(config)# lacp system-priority priority
Switch(config)# interface type member/module/number
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group number mode { on | passive | active }
Switch(config-if)# lacp port-priority priority

EtherChannel Guard (enable by default)

    Suppose that you configure two interfaces on Switch A to form an unconditional EtherChannel that carries all active VLANs. Your associate configures Switch B for the same set of two interfaces, but manages to plug the cables into the
wrong two interfaces. It is entirely possible that a bridging loop might form over the dual links because an EtherChannel has not formed on both ends. STP will not operate consistently on all interfaces because Switch A is expecting a working EtherChannel.

    An EtherChannel will not be built if it cannot be negotiated on all member links on the switches at both ends.

Switch(config)# [ no ] spanning-tree etherchannel guard misconfig

 

Leave a Comment: