The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network.
The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.
Spanning Tree Protocol (STP) is standardized as IEEE 802.1D.
STP-enabled switches communicate to form a topology of the entire switching network, and then shutting down (or blocking) a port if a loop exists. The blocked port can be reactivated if another link on the switching network goes down, thus preserving fault-tolerance. Once all switches agree
on the topology database, the switches are considered converged.
STP switches send BPDU’s (Bridge Protocol Data Units) to each other to form their topology databases. BPDU’s are sent out all ports every two seconds, are forwarded to a specific MAC multicast address:
0180.c200.0000
The STP Process
To maintain a loop-free environment, STP performs the following functions:
• A Root Bridge is elected
• Root Ports are identified
• Designated Ports are identified
• If a loop exists, a port is placed in Blocking state. If the loop is
removed the blocked port is activated again.
If multiple loops exist in the switching environment, multiple ports will be placed in a blocking state.
Electing an STP Root Bridge
The first step in the STP process is electing a Root Bridge, which serves as the centralized point of the STP topology. Good design practice dictates that the Root Bridge be placed closest to the center of the STP topology.
The Root Bridge is determined by a switch’s priority. The default priority is 32,768, and the lowest priority wins. In case of a tie in priority, the switch with the lowest MAC address will be elected root bridge. The combination of a switch’s priority and MAC address make up that switch’s Bridge ID.
Identifying Root Ports
The second step in the STP process is identifying Root Ports, or the port on
each downstream switch that has the lowest path cost to get to the Root Bridge. Each
switch has only one Root Port, and the Root Bridge cannot have a Root Port.
Path Cost is a cumulative cost based on the bandwidth of the links. The
higher the bandwidth, the lower the Path Cost:
Bandwidth ------Cost
4 Mbps ----------250
10 Mbps ---------100
16 Mbps----------- 62
100 Mbps ----------19
1 Gbps ---------------4
Identifying Designated Ports
The third and final step in the STP process is to identify Designated Ports in the upstream switch.
Each network segment requires a single Designated Port, which has the lowest path cost leading to the Root Bridge. This port will not be placed in a blocking state. A port cannot be both a Designated Port and a Root Port.
Others functionalites are explained as below:
Port ID
In certain circumstances, a tie will occur in both Path Cost and Bridge ID.
If the bandwidth of both links are equal, then both of Switch 2’s interfaces have an equal path cost to the Root Bridge. Which interface will become the Root Port? The tiebreaker should be the lowest Bridge ID, but that cannot be used in this circumstance .
In this circumstance, Port ID will be used as the tiebreaker. An interface’s Port ID consists of two parts - a 6-bit port priority value, and the MAC address for that port. Whichever interface has the lowest Port ID will become the Root Port.
STP Port States
Switch ports participating in STP progress through five port states:
Blocking – The default state of an STP port when a switch is powered on, and when a port is shut down to eliminate a loop. Ports in a blocking state do not forward frames or learn MAC addresses. It will still listen for BPDUs from other switches, to learn about changes to the switching topology.
Listening – A port will progress from a Blocking to a Listening state only if the switch believes that the port will not be shut down to eliminate a loop.
The port will listen for BPDU’s to participate in the election of a Root Bridge, Root Ports, and Designated Ports. Ports in a listening state will not forward frames or learn MAC addresses.
Learning – After a brief period of time, called a Forward Delay, a port in a listening state will be elected either a Root Port or Designated Port, and placed in a learning state. Ports in a learning state listen for BPDUs, and also begin to learn MAC addresses. However, ports in a learning state will still
not forward frames.
(Note: If a port in a listening state is not kept as a Root or a Designated Port, it will be placed into a blocking state and not a learning state.)
Forwarding – After another Forward Delay, a port in learning mode will be placed in forwarding mode. Ports in a forwarding state can send and receive all data frames, and continue to build the MAC address table. All designated, root, and non-uplink ports will eventually be placed in a forwarding state.
Disabled – A port in disabled state has been administratively shut down, and does not participate in STP or forward frames at all.
On average, a port in a blocking state will take 30 to 50 seconds to reach a
forwarding state.
STP Timers
STP utilizes three timers to ensure all switches remain synchronized, and to
allow enough time for the Spanning Tree process to ensure a loop-free
environment.
• Hello Timer – Default is 2 seconds. Indicates how often BPDU’s are sent by switches.
• Forward Delay – Default is 15 seconds. Indicates a delay period in both the listening and learning states of a port, for a total of 30 seconds. This delay ensures STP has ample time to detect and
eliminate loops.
• Max Age – Default is 20 seconds. Indicates how long a switch will keep BPDU information from a neighboring switch before discarding it. In other words, if a switch fails to receive BPDU’s from a
neighboring switch for the Max Age period, it will remove that switch’s information from the STP topology database.
All timer values can be adjusted, and should only be adjusted on the Root Bridge. The Root Bridge will propagate the changed timers to all other switches participating in STP. Non-Root switches will ignore their locally configured timers.
STP Topology Changes
An STP topology change will occur under two circumstances:
• When an interface is placed into a Forwarding state.
• When an interface already in a Forwarding or Learning state is placed into a Blocking state.
The switch recognizing this topology change will send out a TCN (Topology Change Notification) BPDU, destined for the Root Bridge. The TCN BPDU does not contain any data about the actual change – it only indicates that a change occurred.
STP PortFast
PortFast allows switch ports that connect a host device (such as a printer or
a workstation), to bypass the usual progression of STP states. Theoretically,
a port connecting to a host device can never create a switching loop.
STP UplinkFast
Switches can have multiple uplinks to other upstream switches. If the
multiple links are not placed in an EtherChannel, then at least one of the
ports is placed into a blocking state to eliminate the loop.
If a directly-connected interface goes down, STP needs to perform a
recalculation to bring the other interface out of a blocking state. As stated
earlier, this calculation can take from 30 to 50 seconds.
UplinkFast allows the port in a blocking state to be held in standby-mode,
and activated immediately if the forwarding interface fails. If multiple ports
are in a blocking state, whichever port has the lowest Root Path Cost will
become unblocked. The Root Bridge cannot have UplinkFast enabled.
STP BackboneFast
While UplinkFast allows faster convergence if a directly-connected interface
fails, BackboneFast provides the same benefit is an indirectly-connected
interface fails.
For example, if the Root Bridge fails, another switch will be elected the
Root. A switch learning about the new Root Bridge must wait its Max Age
timer to flush out the old information, before it will accept the updated info.
By default, the Max Age timer is 20 seconds.
BackboneFast allows a switch to bypass the Max Age timer if it detects an
indirect failure on the network. It will update itself with the new Root info
immediately.
Protecting STP
STP is vulnerable to attack for two reasons:
• STP builds its topology information by accepting a neighboring
switch’s BPDU’s.
• The Root Bridge is always determined by the lowest Bridge ID.
three mechanisms to protect the STP topology:
• Root Guard
Root Guard prevents an unauthorized switch from advertising itself as a Root Bridge
• BPDU Guard
BPDU Guard is employed on interfaces that are PortFast-enabled
• BPDU Filtering
BPDU Filtering essentially disables STP on a particular interface, by preventing it from sending or receiving BPDU’s
Unidirectional Link Detection (UDLD)
Most communication in a switching network is bi-directional. STP requires that switches send BPDU’s bi-directionally to build the topology database. If a malfunctioning switch port only allows traffic one way, and the switch still sees that port as up, a loop can form without the switch realizing it.
Unidirectional Link Detection (UDLD) periodically tests ports to ensure bi-directional communication is maintained. UDLD sends out ID frames on a port, and waits for the remote switch to respond with its own ID frame. If the remote switch does not respond, UDLD assumes the interface has
malfunctioned and become unidirectional.
Rapid Spanning Tree Protocol (RSTP)
To further alleviate the 30 to 50 second convergence delays with STP, enhancements were made to the original IEEE 802.1D standard. The result was 802.1w, or Rapid Spanning Tree Protocol (RSTP).
RSTP is similar in many respects to STP. BPDU’s are forwarded between switches, and a Root Bridge is elected, based on the lowest Bridge ID. Root Ports and Designated Ports are also elected. RSTP defines five port types:
• Root Port – Switch port on each switch that has the best Path Cost to the Root Bridge (same as STP).
• Alternate Port – A backup Root Port, that has a less desirable Path Cost. An Alternate Port is placed in a discarding state.
• Designated Port – Non-Root port that represents the best Path Cost for each network segment to the Root Bridge (same as STP). Designated ports are also referred to as Point-to-Point ports.
• Backup Port – A backup Designated Port, that has a less desirable Path Cost. A Backup Port is placed in a discarding state.
• Edge Port – A port connecting a host device, which is moved to a Forwarding state immediately. If an Edge Port receives a BPDU, it will lose its Edge Port status and participate in RSTP calculations. On Cisco Catalyst switches, any port configured with PortFast becomes an Edge Port.
The key benefit of RSTP is speedier convergence. Switches no longer require artificial Forwarding Delay timers to ensure a loop-free environment.
Switches instead perform a handshake synchronization to ensure a consistent topology table. During initial convergence, the Root Bridge and its directly-connected switches will place their interfaces in a discarding state. The Root Bridge and those switches will exchange BPDU’s, synchronize their topology tables, and then place their interfaces in a forwarding state.
Each switch will then perform the same handshaking process with their
downstream neighbors. The result is convergence that completes in a few
seconds, as opposed to 30 to 50 seconds.
Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree instance, reducing the number of instances needed to support a large number of VLANs.
It was introduced in IEEE 802.1s as amendment to 802.1Q, 1998 edition. Standard IEEE 802.1Q-2003 now includes MSTP. MSTP provides for multiple forwarding paths for data traffic and enables load balancing.
Ref. Diagram as below:
The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.
Spanning Tree Protocol (STP) is standardized as IEEE 802.1D.
STP-enabled switches communicate to form a topology of the entire switching network, and then shutting down (or blocking) a port if a loop exists. The blocked port can be reactivated if another link on the switching network goes down, thus preserving fault-tolerance. Once all switches agree
on the topology database, the switches are considered converged.
STP switches send BPDU’s (Bridge Protocol Data Units) to each other to form their topology databases. BPDU’s are sent out all ports every two seconds, are forwarded to a specific MAC multicast address:
0180.c200.0000
The STP Process
To maintain a loop-free environment, STP performs the following functions:
• A Root Bridge is elected
• Root Ports are identified
• Designated Ports are identified
• If a loop exists, a port is placed in Blocking state. If the loop is
removed the blocked port is activated again.
If multiple loops exist in the switching environment, multiple ports will be placed in a blocking state.
Electing an STP Root Bridge
The first step in the STP process is electing a Root Bridge, which serves as the centralized point of the STP topology. Good design practice dictates that the Root Bridge be placed closest to the center of the STP topology.
The Root Bridge is determined by a switch’s priority. The default priority is 32,768, and the lowest priority wins. In case of a tie in priority, the switch with the lowest MAC address will be elected root bridge. The combination of a switch’s priority and MAC address make up that switch’s Bridge ID.
Identifying Root Ports
The second step in the STP process is identifying Root Ports, or the port on
each downstream switch that has the lowest path cost to get to the Root Bridge. Each
switch has only one Root Port, and the Root Bridge cannot have a Root Port.
Path Cost is a cumulative cost based on the bandwidth of the links. The
higher the bandwidth, the lower the Path Cost:
Bandwidth ------Cost
4 Mbps ----------250
10 Mbps ---------100
16 Mbps----------- 62
100 Mbps ----------19
1 Gbps ---------------4
Identifying Designated Ports
The third and final step in the STP process is to identify Designated Ports in the upstream switch.
Each network segment requires a single Designated Port, which has the lowest path cost leading to the Root Bridge. This port will not be placed in a blocking state. A port cannot be both a Designated Port and a Root Port.
Others functionalites are explained as below:
Port ID
In certain circumstances, a tie will occur in both Path Cost and Bridge ID.
If the bandwidth of both links are equal, then both of Switch 2’s interfaces have an equal path cost to the Root Bridge. Which interface will become the Root Port? The tiebreaker should be the lowest Bridge ID, but that cannot be used in this circumstance .
In this circumstance, Port ID will be used as the tiebreaker. An interface’s Port ID consists of two parts - a 6-bit port priority value, and the MAC address for that port. Whichever interface has the lowest Port ID will become the Root Port.
STP Port States
Switch ports participating in STP progress through five port states:
Blocking – The default state of an STP port when a switch is powered on, and when a port is shut down to eliminate a loop. Ports in a blocking state do not forward frames or learn MAC addresses. It will still listen for BPDUs from other switches, to learn about changes to the switching topology.
Listening – A port will progress from a Blocking to a Listening state only if the switch believes that the port will not be shut down to eliminate a loop.
The port will listen for BPDU’s to participate in the election of a Root Bridge, Root Ports, and Designated Ports. Ports in a listening state will not forward frames or learn MAC addresses.
Learning – After a brief period of time, called a Forward Delay, a port in a listening state will be elected either a Root Port or Designated Port, and placed in a learning state. Ports in a learning state listen for BPDUs, and also begin to learn MAC addresses. However, ports in a learning state will still
not forward frames.
(Note: If a port in a listening state is not kept as a Root or a Designated Port, it will be placed into a blocking state and not a learning state.)
Forwarding – After another Forward Delay, a port in learning mode will be placed in forwarding mode. Ports in a forwarding state can send and receive all data frames, and continue to build the MAC address table. All designated, root, and non-uplink ports will eventually be placed in a forwarding state.
Disabled – A port in disabled state has been administratively shut down, and does not participate in STP or forward frames at all.
On average, a port in a blocking state will take 30 to 50 seconds to reach a
forwarding state.
STP Timers
STP utilizes three timers to ensure all switches remain synchronized, and to
allow enough time for the Spanning Tree process to ensure a loop-free
environment.
• Hello Timer – Default is 2 seconds. Indicates how often BPDU’s are sent by switches.
• Forward Delay – Default is 15 seconds. Indicates a delay period in both the listening and learning states of a port, for a total of 30 seconds. This delay ensures STP has ample time to detect and
eliminate loops.
• Max Age – Default is 20 seconds. Indicates how long a switch will keep BPDU information from a neighboring switch before discarding it. In other words, if a switch fails to receive BPDU’s from a
neighboring switch for the Max Age period, it will remove that switch’s information from the STP topology database.
All timer values can be adjusted, and should only be adjusted on the Root Bridge. The Root Bridge will propagate the changed timers to all other switches participating in STP. Non-Root switches will ignore their locally configured timers.
STP Topology Changes
An STP topology change will occur under two circumstances:
• When an interface is placed into a Forwarding state.
• When an interface already in a Forwarding or Learning state is placed into a Blocking state.
The switch recognizing this topology change will send out a TCN (Topology Change Notification) BPDU, destined for the Root Bridge. The TCN BPDU does not contain any data about the actual change – it only indicates that a change occurred.
STP PortFast
PortFast allows switch ports that connect a host device (such as a printer or
a workstation), to bypass the usual progression of STP states. Theoretically,
a port connecting to a host device can never create a switching loop.
STP UplinkFast
Switches can have multiple uplinks to other upstream switches. If the
multiple links are not placed in an EtherChannel, then at least one of the
ports is placed into a blocking state to eliminate the loop.
If a directly-connected interface goes down, STP needs to perform a
recalculation to bring the other interface out of a blocking state. As stated
earlier, this calculation can take from 30 to 50 seconds.
UplinkFast allows the port in a blocking state to be held in standby-mode,
and activated immediately if the forwarding interface fails. If multiple ports
are in a blocking state, whichever port has the lowest Root Path Cost will
become unblocked. The Root Bridge cannot have UplinkFast enabled.
STP BackboneFast
While UplinkFast allows faster convergence if a directly-connected interface
fails, BackboneFast provides the same benefit is an indirectly-connected
interface fails.
For example, if the Root Bridge fails, another switch will be elected the
Root. A switch learning about the new Root Bridge must wait its Max Age
timer to flush out the old information, before it will accept the updated info.
By default, the Max Age timer is 20 seconds.
BackboneFast allows a switch to bypass the Max Age timer if it detects an
indirect failure on the network. It will update itself with the new Root info
immediately.
Protecting STP
STP is vulnerable to attack for two reasons:
• STP builds its topology information by accepting a neighboring
switch’s BPDU’s.
• The Root Bridge is always determined by the lowest Bridge ID.
three mechanisms to protect the STP topology:
• Root Guard
Root Guard prevents an unauthorized switch from advertising itself as a Root Bridge
• BPDU Guard
BPDU Guard is employed on interfaces that are PortFast-enabled
• BPDU Filtering
BPDU Filtering essentially disables STP on a particular interface, by preventing it from sending or receiving BPDU’s
Unidirectional Link Detection (UDLD)
Most communication in a switching network is bi-directional. STP requires that switches send BPDU’s bi-directionally to build the topology database. If a malfunctioning switch port only allows traffic one way, and the switch still sees that port as up, a loop can form without the switch realizing it.
Unidirectional Link Detection (UDLD) periodically tests ports to ensure bi-directional communication is maintained. UDLD sends out ID frames on a port, and waits for the remote switch to respond with its own ID frame. If the remote switch does not respond, UDLD assumes the interface has
malfunctioned and become unidirectional.
Rapid Spanning Tree Protocol (RSTP)
To further alleviate the 30 to 50 second convergence delays with STP, enhancements were made to the original IEEE 802.1D standard. The result was 802.1w, or Rapid Spanning Tree Protocol (RSTP).
RSTP is similar in many respects to STP. BPDU’s are forwarded between switches, and a Root Bridge is elected, based on the lowest Bridge ID. Root Ports and Designated Ports are also elected. RSTP defines five port types:
• Root Port – Switch port on each switch that has the best Path Cost to the Root Bridge (same as STP).
• Alternate Port – A backup Root Port, that has a less desirable Path Cost. An Alternate Port is placed in a discarding state.
• Designated Port – Non-Root port that represents the best Path Cost for each network segment to the Root Bridge (same as STP). Designated ports are also referred to as Point-to-Point ports.
• Backup Port – A backup Designated Port, that has a less desirable Path Cost. A Backup Port is placed in a discarding state.
• Edge Port – A port connecting a host device, which is moved to a Forwarding state immediately. If an Edge Port receives a BPDU, it will lose its Edge Port status and participate in RSTP calculations. On Cisco Catalyst switches, any port configured with PortFast becomes an Edge Port.
The key benefit of RSTP is speedier convergence. Switches no longer require artificial Forwarding Delay timers to ensure a loop-free environment.
Switches instead perform a handshake synchronization to ensure a consistent topology table. During initial convergence, the Root Bridge and its directly-connected switches will place their interfaces in a discarding state. The Root Bridge and those switches will exchange BPDU’s, synchronize their topology tables, and then place their interfaces in a forwarding state.
Each switch will then perform the same handshaking process with their
downstream neighbors. The result is convergence that completes in a few
seconds, as opposed to 30 to 50 seconds.
Multiple STP (MSTP) - Enables multiple VLANs to be mapped to the same spanning-tree instance, reducing the number of instances needed to support a large number of VLANs.
It was introduced in IEEE 802.1s as amendment to 802.1Q, 1998 edition. Standard IEEE 802.1Q-2003 now includes MSTP. MSTP provides for multiple forwarding paths for data traffic and enables load balancing.
Ref. Diagram as below:
No comments:
Post a Comment