9 Enhanced Switched Technologies Flashcards
Spanning Tree Protocol (STP)
Spanning Tree Protocol (STP) achieves its primary objective of preventing network loops on layer 2 network bridges or switches by monitoring the network to track all links and shut down the redundant ones. STP uses the spanning-tree algorithm (STA) to create a topology database and then search out and disable redundant links. With STP running, frames will be forwarded on only premium, STP-chosen links.
Root bridge
The root bridge is the bridge with the lowest and, therefore, the best bridge ID. The switches within the STP network elect a root bridge, which becomes the focal point in the network. All other decisions in the network, like which ports on the non-root bridges should be blocked or put in forwarding mode, are made from the perspective of the root bridge. Once it has been elected, all other bridges must create a single path to it. The port with the best path to the root bridge is called the root port.
Non-root bridges
These are all bridges that aren’t the root bridge. Non-root bridges exchange BPDUs with all the other bridges and update the STP topology database on all switches. This prevents loops and helps prevent link failures.
BPDU
All switches exchange information to use for the subsequent configuration of the network. Each switch compares the parameters in the Bridge Protocol Data Unit (BPDU)
that it sends to a neighbor with the parameters in the BPDU that it receives from other neighbors. Inside the BPDU is the bridge ID.
Bridge ID
The bridge ID is how STP keeps track of all the switches in the network. It’s determined by a combination of the bridge priority, 32,768 by default on all Cisco switches, and the base MAC address. The bridge with the lowest bridge ID becomes the root bridge in the network. Once the root bridge is established, every other switch must make a single path to it. Most networks benefit by forcing a specific bridge or switch to be the Root Bridge by setting its bridge priority lower than the default value.
Port cost
Port cost determines the best path when multiple links are used between two switches. The cost of a link is determined by the bandwidth of a link, and this path cost is the deciding factor used by every bridge to find the most efficient path to the root bridge.
Path cost
A switch may encounter one or more switches on its path to the root bridge, and there may be more than one possible path to it. All unique paths are analyzed individually
and a path cost is calculated for each by adding the individual port costs encountered on the way to the root bridge.
Root port
The root port is the link with the lowest path cost to the root bridge. If more than one link connects to the root bridge, then a port cost is found by checking the bandwidth of each link. The higher the link speed, the lower the related cost of the link, and then the lowest cost port becomes the root port. When multiple links connect to the same device, the port connected to the lowest port number on the upstream switch will be the one that’s used. The root bridge can never have a root port designation, while every other switch in a network must have only one root port.
Designated port
A designated port is one that’s been determined to have the best (lowest) cost to get to on a given network segment compared to other ports on that segment. A designated port will be marked as a forwarding port, and you can have only one forwarding port per network segment.
Non-designated port
A non-designated port is one with a higher cost than the designated port. These are basically the ones left over after the root ports and designated ports have been determined. Non-designated ports are put in blocking or discarding mode—they are not forwarding ports!
Forwarding port
A forwarding port forwards frames and will be either a root port or a designated port.
Blocked port
A blocked port won’t forward frames in order to prevent loops. A blocked port will still always listen to BPDU frames from neighbor switches, but it will drop any and all other frames received and will never transmit a frame.
Alternate port
This corresponds to the blocking state of 802.1d and is a term used with the newer 802.1w (Cisco Rapid Spanning Tree Protocol). An alternative port is located on a switch connected to a LAN segment with two or more switches connected, and one of the other switches holds the designated port.
Backup port
This corresponds to the blocking state of 802.1d and is a term now used with 802.1w. A backup port is connected to a LAN segment wherein another port on that switch is acting as the designated port.
The ports on a bridge or switch running IEEE 802.1d STP can transition through five different states:
Disabled
(technically, not a transition state) A port in the administratively disabled state doesn’t participate in frame forwarding or STP. A port in the disabled state is virtually nonoperational.
Blocking
As I mentioned, a blocked port won’t forward frames—it just listens to BPDUs. The purpose of the blocking state is to prevent the use of looped paths. All ports are in blocking state by default when the switch is powered up.
Listening
This port listens to BPDUs to make sure no loops occur on the network before passing data frames. A port in listening state prepares to forward data frames without populating the MAC address table.
Learning
The switch port listens to BPDUs and learns all the paths in the switched network. A port in learning state populates the MAC address table but still doesn’t forward data frames. Forward delay refers to the time it takes to transition a port from listening to learning mode, or from learning to forwarding mode, which is set to 15 seconds by default and can be seen in the show spanning-tree output.
Forwarding
This port sends and receives all data frames on the bridged port. If the port is still a designated or root port at the end of the learning state, it will enter the forwarding state.
Convergence
Convergence occurs when all ports on bridges and switches have transitioned to either forwarding or blocking modes. No data will be forwarded until convergence is complete. When STP is converging, all host data stops transmitting through the switches! Convergence is vital because it ensures that all devices have a coherent database. Making sure this happens efficiently definitely requires your time and attention. The original STP (802.1d) takes 50 seconds to go from blocking to forwarding mode by default. You can adjust those timers for a large network, but the better solution is simply to opt out of using 802.1d completely.
Link Costs
Port cost is based on the speed of the link. Port cost is the cost of a single link, whereas path cost is the sum of the various port costs to the root bridge.
Speed Cost
10 Mb/s 100
100 Mb/s 19
1000 Mb/s 4
10,000 Mb/s 2
Spanning-Tree Operations
Basically, STP’s job is to find all the links in the network and shut down any redundant ones, thereby preventing network loops from occurring. It achieves this by first electing a root bridge that will have all ports forwarding and will also act as a point of reference for all other devices within the STP domain. Once all switches agree on the root bridge, they must then determine their one and only root port—the single path to the root bridge. It’s really important to remember that a bridge can go through many other bridges to get to the root, so it’s not always the shortest path that’ll be chosen. That role will be given to the port that offers the highest, fastest bandwidth. Every port on the root bridge is a designated, or forwarding, port for a segment. After the dust settles on all other non-root bridges, any port connection between switches that isn’t either a root port or a designated port will predictably become a non-designated port. These will again be put into the blocking state to prevent switching loops.
Selecting the Root Bridge
The bridge ID is used to elect the root bridge in the STP domain and to determine the root port for each of the remaining devices when there’s more than one potential root port available because they have equal-cost paths. This key bridge ID is 8 bytes long and includes both the priority and the MAC address of the device. The default priority on all devices running the IEEE STP version is 32,768. If two switches or bridges happen to have the same priority value, the MAC address becomes the tiebreaker for figuring out which one has the lowest and, therefore, best ID.
Types of Spanning-Tree Protocols
IEEE 802.1d
The original standard for bridging and STP, which is really slow but requires very little bridge resources. It’s also referred to as Common Spanning Tree (CST).
PVST+
(Cisco default version) The Cisco proprietary enhancement for STP that provides a separate 802.1d spanning-tree instance for each VLAN. Know that this is just as slow as the CST protocol, but with it, we get to have multiple root bridges. This creates more efficiency of the links in the network, but it does use more bridge resources than CST does.
IEEE 802.1w
Also called Rapid Spanning Tree Protocol (RSTP), this iteration enhanced the BPDU exchange and paved the way for much faster network convergence. But it still only allows for one root bridge per network like CST. The bridge resources used with RSTP are higher than CST’s but less than PVST+.
802.1s (MSTP)
This is the IEEE standard that started out as Cisco propriety MISTP. It maps multiple VLANs into the same spanning-tree instance to save processing on the switch. It’s basically a spanning-tree protocol that rides on top of another spanning-tree protocol.
Rapid PVST+
This is Cisco’s version of RSTP that also uses PVST+ and provides a separate instance of 802.1w per VLAN. It offers up really fast convergence times and optimal traffic flow but predictably requires the most CPU and memory of all.
Common Spanning Tree
If you’re running Common Spanning Tree (CST) in your switched network with redundant links, there will be an election to choose what STP considers to be the best root bridge for your network. That switch will also become the root for all VLANs in your network, and all bridges in your network will create a single path to it. You can manually override this selection and pick whichever bridge you want if it makes sense for your particular network.
Per-VLAN Spanning Tree+
PVST+ is a Cisco proprietary extension to 801.2d STP that provides a separate 802.1 spanning-tree instance for each VLAN configured on your switches. All of Cisco proprietary extensions were created to improve convergence times, which is 50 seconds by default. Cisco IOS switches run 802.1d PVST+ by default, which means you’ll have optimal path selection, but the convergence time will still be slow. Creating a per-VLAN STP instance for each VLAN is worth the increased CPU and memory requirements because it allows for per-VLAN root bridges. This feature allows the STP tree to be optimized for the traffic of each VLAN by allowing you to configure the root bridge in the center of each of them.
Rapid Spanning Tree Protocol 802.1w
Cisco created proprietary extensions to “fix” all the potholes and liabilities with the IEEE 802.1d standard, the main drawback to them being they require extra configuration because they’re Cisco proprietary. But RSTP, the new 802.1w standard, brings us most of the patches needed in one concise solution. RSTP, or IEEE 802.1w, is essentially an evolution of STP that allows for much faster convergence. But even though it does address all the convergence issues, it still only permits a single STP instance, so it doesn’t help to take the edge off suboptimal traffic flow issues. The good news is that Cisco IOS can run the Rapid PVST+ protocol—a Cisco enhancement of RSTP that provides a separate 802.1w spanning-tree instance for each VLAN configured within the network. But all that power needs fuel, and although this version addresses both convergence and traffic flow issues, it also demands the most CPU and memory of all solutions.
RSTP summary
■ RSTP speeds the recalculation of the spanning tree when the layer 2 network topology changes.
■ It’s an IEEE standard that redefines STP port roles, states, and BPDUs.
■ RSTP is extremely proactive and very quick, so it doesn’t need the 802.1d delay timers.
■ RSTP (802.1w) supersedes 802.1d while remaining backward compatible.
■ Much of the 802.1d terminology and most parameters remain unchanged.
■ 802.1w is capable of reverting to 802.1d to interoperate with traditional switches on a per-port basis.
802.1s (MSTP)
Multiple Spanning Tree Protocol (MSTP), also known as IEEE 802.ls, gives us the same fast convergence as RSTP but reduces the number of required STP instances by allowing us to map multiple VLANs with the same traffic flow requirements into the same spanning tree instance. It essentially allows us to create VLAN sets and basically is a spanning-tree protocol that runs on top of another spanning-tree protocol. So clearly, you would opt to use MSTP over RSTP when you’ve got a configuration involving lots of VLANs, resulting in CPU and memory requirements that would be too high otherwise. Though MSTP reduces the demands of Rapid PVST+, you’ve got to configure it correctly because MSTP does nothing by itself!
Spanning-Tree Failure Consequences
Mainly, you’ll just lose connectivity to the networks directly connected to that router, but it usually doesn’t affect the rest of your network. This definitely makes it easier to troubleshoot and fix the issue. There are two failure types with STP. One of them causes the same type of issue I mentioned with a routing protocol, when certain ports have been placed in a blocking state when they should be forwarding on a network segment instead. This situation makes the network segment unusable, but the rest of the network will still be working.
List of the problems that will occur in a failed STP network :
■ The load on all links begins increasing and more and more frames enter the loop. This loop affects all the other links in the network because these frames are always flooded out all ports. This scenario is a little less dire if the loop occurs within a single VLAN. In that case, the snag will be isolated to ports only in that VLAN membership, plus all trunk links that carry information for that VLAN.
■ If you have more than one loop, traffic will increase on the switches because all the circling frames actually get duplicated. Switches basically receive a frame, make a copy of it, and send it out all ports. And they do this over and over and over again with the same frame, as well as for any new ones!
■ The MAC address table is now completely unstable. It no longer knows where any source MAC address hosts are actually located because the same source address comes in via multiple ports on the switch.
■ With the overwhelmingly high load on the links and the CPUs, now possibly at 100% or close to that, the devices become unresponsive, making it impossible to troubleshoot
PortFast
If you have a server or other devices connected into your switch that you’re totally sure won’t create a switching loop if STP is disabled, you can use a Cisco proprietary extension to the 802.1d standard called PortFast on these ports. With this tool, the port won’t spend the usual 50 seconds to come up into forwarding mode while STP is converging. Since ports will transition from blocking to forwarding state immediately, PortFast can prevent our hosts from being potentially unable to receive a DHCP address due to STP’s slow convergence. If the host’s DHCP request times out or if every time you plug a host in you’re just tired of looking at the switch port being amber for almost a minute before it transitions to forwarding state and turns green, PortFast can really help you out.
S1(config-if)#spanning-tree portfast
BPDU Guard
If you turn on PortFast for a switch port, it’s a really good idea to turn on BPDU Guard as well. This is because if a switch port that has PortFast enabled receives a BPDU on that port, it will place the port into error disabled (shutdown) state, effectively preventing anyone from accidentally connecting another switch or hub port into a switch port configured with
PortFast. Basically, you’re preventing (guarding) your network from being severely crippled or even brought down.
S1(config)# spanning-tree portfast bpduguard default
S1(config-if)#spanning-tree bpduguard enable
EtherChannel
Almost all Ethernet networks today will typically have multiple links between switches because this kind of design provides redundancy and resiliency. On a physical design that includes multiple links between switches, STP will do its job and put a port, or ports, into blocking mode. In addition to that, routing protocols like OSPF and EIGRP could see all these redundant links as individual ones, depending on the configuration, which can mean an increase in routing overhead. We can gain the benefits from multiple links between switches by using port channeling. EtherChannel is a port channel technology that was originally developed by Cisco as a switch-to-switch technique for grouping several Fast Ethernet or Gigabit Ethernet ports into one logical channel. Also important is that once your port channel (EtherChannel) is up and working, layer 2 STP and layer 3 routing protocols will treat those bundled links as a single one, which would stop STP from performing blocking. An additional benefit is that because the routing protocols now only see this as a single link, a single adjacency across the link can be formed. Cisco’s version is called Port Aggregation Protocol (PAgP), and the IEEE 802.3ad standard is called Link Aggregation Control Protocol (LACP). Cisco EtherChannel allows us to bundle up to 8 ports active between switches. The links must have the same speed, duplex setting, and VLAN configuration
Port channeling
Refers to combining two-to-eight Fast Ethernet or two-Gigabit Ethernet ports together between two switches into one aggregated logical link to achieve more bandwidth and resiliency.
PAgP
This is a Cisco proprietary port channel negotiation protocol that aids in the automatic creation for EtherChannel links. All links in the bundle must match the same parameters (speed, duplex, VLAN info), and when PAgP identifies matched links, it groups the links into an EtherChannel. This is then added to STP as a single bridge port. At this point, PAgP’s job is to send packets every 30 seconds to manage the link for consistency, any link additions, and failures.
LACP (802.3ad)
This has the exact same purpose as PAgP, but is nonproprietary so it can work between multi-vendor networks. Channel-group This is a command on Ethernet interfaces used to add the specified interface to a single EtherChannel. The number following this command is the port channel ID.
Interface port-channel Here’s the command that creates the bundled interface. Ports can be added to this interface with the channel-group command. Keep in mind that the interface number must match the group number.
Configuring and Verifying Port Channels
S1(config)#int range g0/1 - 2
S1(config-if-range)#switchport trunk encapsulation dot1q
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#channel-group 1 mode ?
S1(config-if-range)#channel-group 1 mode active
S1(config-if-range)#exit
Layer-3 EtherChannel
You’d use layer 3 EtherChannel when connecting a switch to multiple ports on a router, for example. You wouldn’t put IP addresses under the physical interface, you’d actually add the IP address of the bundle under the logical port-channel interface.
Here’s an example on how to create the logical port channel 1 and assign 20.2.2.2 as its IP address:
Router#config t
Router(config)#int port-channel 1
Router(config-if)#ip address 20.2.2.2 255.255.255.0
Now we need to add the physical port into port channel 1:
Router(config-if)#int range g0/0-1
Router(config-if-range)#channel-group 1
What is the main purpose of the Spanning Tree Protocol in a switched LAN ?
The main purpose of STP is to prevent switching loops in a network with redundant switched paths.
States of STP ?
The purpose of the blocking state is to prevent the use of looped paths.
A port in listening state prepares to forward data frames without populating the MAC address table.
A port in learning state populates the MAC address table but doesn’t forward data frames.
A port in forwarding state sends and receives all data frames on the bridged port.
A port in the disabled state is virtually nonoperational.
