Spanning Tree Protocol Topic Notes

thebitbucket.co.uk/ccie/topic-notes/switching/spanning-tree-protocol-topic-notes/

STP Overview Summary

Spanning-Tree Protocol Overview Summary

Provides a loop-free Layer 2 topology
Uses the concept of a Root Bridge
All Layer 2 traffic is forwarded towards the Root Bridge

Name Standard Resources Convergence VLANs

Time

CST Common Spanning Tree 802.1d Low Slow All

VLANs

PVST+ Per-VLAN Spanning Tree Cisco High Slow Per

VLAN

RSTP Rapid Spanning Tree 802.1w Medium Fast All

VLANs

PVRST+ Per-VLAN Rapid Spanning Cisco Very High Fast Per

Tree VLAN

MSTP Multiple Spanning Tree 802.1s Medium or Fast VLAN

High List

STP Topology

STP Topology
Process to build the STP topology:
Elect a Root Bridge
Elect Non-Root Bridges Root ports
Elect Designated ports

Bridge Protocol Data Units (BPDUs)

Bridge Protocol Data Units

2 types of BPDUs
Configuration BPDU
Topology Change Notification (TCN) BPDU
Both types sent in STP Hello BPDUs

1/25
Configuration BPDUs Topology Change Notification BPDUs

Field Length(Bytes) Value Field Length(Bytes) Value

Protocol 2 0x0000 Protocol 2 0x0000

Identifier Identifier

Protocol 1 0x00 Protocol 1 0x00

Version Version

BPDU Type 1 0x00 BPDU Type 1 0x80

Flags 1 Indicates message

information

Root Bridge 8 RBID

ID

Root Path 4 RPC

Cost

Sending 8 SBID
Bridge ID

Sending port 2 SPID

ID

Message 2 Age since originated from

Age RB

Max Age 2 When current

configuration
message should be
deleted

Hello Time 2 Time between Hello’s

Forward 2 Time to wait before

Delay transitioning
to a new state after
topology change

Further field information:

Version ID:
0x00 Config & TCN
0x02 RST
0x03 MSTP
0x04 SPT
BPDU Type:
0x00 Config BPDU
0x80 TCN BPDU
0x02 RST BPDU
Flags:
1:
1 = Topology Change
2:
2/25
 1 = Proposal
3-4 :
01 = Alternate/Backup Port Role
10 = Root Port Role
11 = Designated Port Role
5:
1 = Learning
6:
1 = Forwarding
7:
1 = Agreement
8:
1 = Topology Change Acknowledgement
Sending Bridge ID:
CIST Regional Root ID in MST/SPT BPDU
Message Age:
2 bytes in 1/256 secs
Max Age:
2 bytes in 1/256 secs
Hello Time:
2 bytes in 1/256 secs
Forward Delay:
2 bytes in 1/256 secs

Bridge ID (BID)
Bridge ID
Original 802.1d format Bridge ID

Priority System ID

(0 – 65535) MAC Address

2 Bytes 6 Bytes

Current Format with System Extension Bridge ID

Priority System ID Extension System ID

Multiple of 4096 Contains VLAN 1-4096 MAC Address

4 bits 12 bits 6 Bytes

3/25
 Bridge ID consists of:
Bridge Priority
Value of 0 – 61440
Set in increments of 4096
Default is 32768
Lower value is preferred
4 bits
System ID Extension
Value of 0 – 4095
VLAN ID
12 Bits
MAC Address
6 Bytes (48 bits)

Bridge ID (BID) can be set manually

With specific priority value
Command:
(config)#spanning-tree vlan <vlan> priority <1 – 61440>
Using root bridge macro
Command:
(config)#spanning-tree vlan <vlan> root [primary | secondary]
Sets the priority number based on the current Root Bridge priority
4096 lower than current Root Bridge

Root Bridge
STP Root Bridge
Used as a reference point for other Non-Root Bridges to determine path
Only a single Root Bridge is elected in Layer 2 network
Only the Root Bridge Generates BPDUs
All other bridges forward them on
Root Bridge sets timers
All other bridges use these timer settings
Can set manually on NON-Root bridges but unless that switch becomes the
Root Bridge, the timers are ignored
Timers include:
Hello timer
Fordwarding Delay timer
Max_Age timer

Root Bridge Election

1. All switches begin by sending STP Hello BPDUs claiming to be the Root Bridge
2. If a switch receives a superior Hello BPDU (Lower BID), it stops claiming to be the
4/25
 Root Bridge by stopping originating Hello BPDUs
3. Switch starts forwarding the superior Hello BPDUs received
4. Eventually all switches stop forwarding Hello BPDUs except the Root Bridge’s Hello
BPUs
5. Switch with lowest Bridge ID in the network becomes the Root Bridge.

Figure 1 – STP Bridge Election

In the above diagram, all priorities being equal, SW1 will become the Root Bridge as
it has the lowest MAC address,
Therefore the lowest Bridge ID

Root Port Election

Root Port Election
Once Root Bridge elected, the following happens:
All Non-Root Bridges elect a Root Port
All Non-Root Bridges elect their Designated Ports
All Non-Root Bridges put all other ports as Alternate Ports

Process:

1. Each Non-Root Bridge adds the local port cost to the Root Path Cost (RPC) of
received BPDUs
2. Lowest or superior RPC is now set to Root Port
3. Hellos received on Root Port are forwarded through Designated Ports
1. Updates RPC, Sender Bridge ID, Sender Port ID and MessageAge
5/25
 2. Hellos received on other ports of Non-Root Bridge are processed but not
forwarded
4. Do not forward Hellos out Root Ports or blocking ports

Selection:
Prefer neighbor advertising lowest cost to root (RPC)
Equal cost tie breakers:
1. Prefer neighbor with lowest Bridge ID (BID)
2. Prefer the lowest Sender Port ID (SPID)
1. Default value is 128 + port number
1. 1st port will be 128.1
2. 20th port will be 128.20 etc

Figure 2 – Root Bridge Cost Advertisement

6/25
Figure 3 – Port Priority used for tie-breaker

Figure 4 – Port Role allocation

7/25
 Figure 5 – Port Role Allocation in 3 Switch Topology

Designated Port Election

Designated Port Election
Only the Designated Port forwards Hellos on to a segment
On the Root Bridge, all ports are Designated Ports
Designated Ports face away from the Root Bridge
To become a Designated Port a switch must send superior BPDUs on a LAN
segment
Uses same selection process as Root Port election:
Prefer neighbor advertising lowest cost to root (RPC)
Equal cost tie breakers:
Prefer neighbor with lowest Bridge ID (BID)
Prefer the lowest Sender Port ID (SPID)

Refer to Figure 4 and 5 for Port Role allocation on topology example

STP Timers
Spanning Tree Timers
3 main timers are used by Spanning Tree
Hello timer
Default is 2 seconds
Time between each BPDU sent on port
Originated by Root Bridge
8/25
 Sent out all DP
Received on all RP
Can be configured manually on Root Bridge only
Command:
(config)#spanning-tree vlan <vlan-id> hello-time <1-10
seconds>
Forward Delay timer
Default of 15 seconds
Time to spend in Listening and Learning port states
Can be configured manually on Root Bridge only
Command:
(config)#spanning-tree vlan <vlan-id> forward-time <4-30
seconds>
Max Age timer
Default of 20 seconds
Length of time to wait before initiating a topology change if stops
receiving Hllo BPDUs
Can be configured manually on Root Bridge only
Command:
(config)#spanning-tree vlan <vlan-id> max-age <6-40>

STP Topology Change

Spanning Tree Topology Change

Happens when:
Receives Topology Change Notification (TCN) BPDU on DP
Port moves from Learning or Forwarding to Blocking
A switch becomes the Root Bridge
Port moves to Forwarding and has at least 1 DP
When Topology Change happens, the CAM table needs to be flushed due to invalid
entries
All switches notified to flush CAM
Each switch uses a short timer equivalent to Forward Delay to time out CAM
table entries

9/25
 Figure 6 – STP Topology Change Process

1. Topology change event

2. Each switch generates a TCN BPDU sent out its Root Port towards the Root Bridge
for every Hello time until receives acknowledgement.
3. Once received TCN BPDU, each switch sends back an acknowledgement through its
next forwarded BPDU by setting the TCA bit in the flags field
4. Once TCN reaches Root Bridge, RB floods throughout network with TC bit set, for
MaxAge + Forward Delay. Informs other switches to reduce CAM age time to
Forward Delay value

STP Path Cost

Spanning Tree Path Cost

STP Path Cost is accumulated based on bandwidth
The higher the bandwidth of a link, the lower the cost
The cost is all relative to the Root Bridge

10/25
Default Costs

802.1D-1998 802.1D-2004

Port Speed CST/RSTP MSTP

10Mbps 100 2000000

100Mbps 19 200000

1Gbps 4 20000

10Gbps 2 2000

802.1d-2004 costs can be enabled manually for RSTP or PVST

Command:
(config)#spanning-tree pathcost method long
Default command is:
(config)#spanning-tree pathcost method short

STP Modes

STP Mode: Common Spanning Tree (CST)

Common Spanning Tree

Original STP specification
802.1D standard
Legacy protocol
Not recommended for use
All VLANs under single instance
Flags field only uses 2 out of the 8 bits
Bit 1: Topology Change
Bit 8: Topology Change Acknowledgement

CST Port Roles

CST Port Roles

1. Root Port
Forwarding state
Only on Non-Root Bridges
Only single port towards Root Bridge
Forwards traffic to Root Bridge
2. Designated Port
Forwarding state
On Root and Non-Root Bridges
11/25
 Ports facing away from Root Bridge
Receives traffic going towards Root
On Root Bridge all ports are Designated
3. Non-Designated Port
Blocking state
Only on Non-Root Bridges
Receives BPDUs
Discards all other traffic
Unable to send traffic

4. Disabled
Shutdown port
Doesn’t participate in STP

Figure 7 – Port Role allocation with CST

As all priorities are equal and MAC addresses will be the same for both links,
the selection is made on Port priority which is 128 plus the port number.
Lower value is preferred

To manually change a Port Role:

Modify the cost of the port on an interface
This changes the default cost added to BPDUs Root Path Cost in the
inbound direction
Command:
(config-if)#spanning-tree vlan <vlan> cost
(config-if)#bandwidth <kbps>
Modify the Port ID
12/25
 If the costs are equal, this will advertise a different port priority to
neighbor.
Command:
(config-if)#spanning-tree vlan <vlan> port-priority <port-priority>
<port-priority> must be in increments of 64 (0-192)

CST Port States

CST Port States

1. Blocking
Receives BPDUs to determine location of Root Bridge
Would cause a loop if active
Time in state set by MaxAge timer
Default 20 seconds
2. Listening
Receives and transmits BPDUs
Doesn’t populate MAC table
Doesn’t forward frames
Time in state set by Forward Delay timer
Default 15 seconds
3. Learning
Prepares to participate in forwarding
Doesn’t forward frames
Populates CAM table
Time in state set by Forward Delay time
Default 15 seconds
4. Forwarding
Considered part of the active topology
Populates CAM table
Sends and receives BPDUs
Forwards frames
5. Disabled
Doesn’t participate in STP
Doesn’t forward frames

STP Mode: RSTP

Rapid Spanning-Tree (RSTP)

802.1W standard
Single STP instance covering all VLAN

Automatically backwards compatible with CST

Shown by “P2P Peer (STP)” on Link Type
13/25
 Will revert to legacy protocol process on this interface
Command:
(config)#spanning-tree mode rapid-pvst
Flags field
Doesn’t use TCA bit
Uses a Proposal/Agreement process
On P2P link
Each switch originates its own BPDUs
Contents based on Root Switch BPDU

RSTP Root Port Election

RSTP Root Port Election
Uses a Proposal/Agreement and Synchronisation operation
When electing a Root port, assume all other Non-Edge ports are Designated
Non-Edge ports are Discarding

Figure 8 – RSTP Proposal/Agreement and Sync process

1. Sends proposal out all Designated ports

Proposal has Port role set to Designated
Contains Root Bridge information
Set to Discarding state
2. Downstream switch reviews and synchronises information
If they don’t have a better path to the Root Bridge, they agree
14/25
 Elects a local Root Port
Blocks all non-edge Designated ports
Starts sync process on all Designated ports (Step 4)
If they have a better path, they announce their information
Local switch changes Root Port
3. Downstream switch sends agreement to upstream switch
When Designated port receives agreement
1. Port is unblocked
2. Moved straight to Forwarding state
4. Proposal sent to next downstream switch
5. Downstream switch reviews and synchronises information
6. Downstream switch sends agreement to upstream switch
7. Process continues…..

RSTP Port Roles

RSTP Port Roles
1. Root Port
Does not use link-type parameter
Same role as 802.1d
Forwarding state
2. Alternate
Does not use link type parameter in most cases
Equivalent of Uplinkfast
Fast Root path recovery
Replacement for Root Port
Discarding state
3. Designated
Uses link type parameter
Rapid transition to forwarding only occurs if link type P2P
Same role as 802.1d
Forwarding state
4. Backup
Replacement for Designated port
Activated if primary Designated Port fails
Discarding state
Not quick transition, driven by timers
5. Edge port
Equivalent of Portfast
Straight to forwarding state
Doesn’t generate TCN if changes state

RSTP Port States

15/25
RSTP Port States
1. Discarding
Outbound BPDUs have Proposal bit set
Default state when newly activated (unless Edge port)
Doesn’t forward or receive frames
Processes BPDUs
Send and receives inter-switch signalling protocols such as LACP, DT< CDP,
VTP, etc
2. Learning
Outbound BPDUs have Proposal bit set
Same functionality as 802.1d Learning state
3. Forwarding
Same functionality as 802.1d Forwarding state
Forwards frames

Ports are put into Designated Blocking state until they receive BPDU from
counterpart

RSTP Link Types

RSTP Link Types
Edge Ports
immediately transitions to Designated Forwarding state
Similar to PortFast
Never have a switch connection
When receives a BPDU
Looses Edge port status and becomes Non-Edge STP port
Generates a TCN

Non-Edge Ports
Default port type on Cisco switches
Point-to-Point
Full Duplex
Single RSTP switch connection
Shared
Half Duplex
Multiple RSTP switch connections

Link-type must be accurate

Can be configured manually
Command:
(config-if)#spanning-tree link-type <point-to-point | shared>
(config-if)#spanning-tree portfast [trunk]
16/25
RSTP Timers
RSTP Timers
Hello timer
Each bridge generates own BPDUs
Every 2 seconds by default
If 3 hellos missed from neighbor, reconvergence begins
Information on port is aged out
6 seconds vs. 20 seconds MaxAge
MaxAge used as hop count
Every bridge sends BPDUs on own
If BPDU MessageAge is equal to or higher than MaxAge, it is discarded
MaxAge also used on Shared ports for legacy CST backwards compatibility
Faults detected faster based on physical layer signalling

RSTP Re-convergence
RSTP Re-convergence
Needs to re-converge if Root port is lost
If there is an Alternate port, it is selected in its place
New Root port then synchronised with downstream bridges
Same functionality as Uplinkfast
If there is no Alternate port and no better information available
Declare local bridge as Root bridge
Synchronise decision
Adapt to better information
Keep topology as small as possible
RSTP suffers from count-to-infinity depending on scale of design

STP Mode: MSTP

Multiple Spanning-Tree

802.1S standard
Convergence a lot quicker than PVST+
Backward compatible with
802.1D (CST)
802.1W (RSTP)
Inherits all RSTP functionality
If doesn’t hear response from other bridges in MST, falls back to legacy protocol
Displayed as port type P2P Bound (STP)
CIST (Common and Internal Spanning Tree) Root must be within MST domain
Behaves like inter-region MST
17/25
 Maps multiple VLANs to a single Spanning Tree instance
As opposed to 1 instance per VLAN (RSTP) or 1 instance for all VLANs
(CST)
provides better scalability
Decouples VLAN and STP instance
Enables load balancing across multiple paths

MSTP Bridge ID
MSTP Bridge ID
Consists of:
Bridge Priority
4 bits
Increments of 4096
Extended System ID
12 bits
Carries MST instance number instead of VLAN number
MAC Address
6 bytes (48 bits)

MSTP Regions
MSTP Regions

18/25
 Figure 9 – MST Regions

Each switch has a single MST Region configuration

All bridges must agree on configuration
Region Configuration consists of:
Name
32 Bytes
Revision Number
2 bytes
VLAN Association table
VLAN to STP instance mappings
Instance 0 used for CIST (Common Internal Spanning Tree) which is
used for Inter-region root bridge election
This must be configured manually on each switch
VTPv3 supports MST including mappings
VLAN to instance mapping not propagated in BPDUs
If 2 switches differ on 1 or more attributes, they are part of 2 different regions
19/25
 BPDUs contain only a digest of VLAN to instance mapping, revision number and
name

MSTP Intra vs. Inter Region

Intra Region vs Inter Region
Intra region
Details known within MST Region
VLAN to STP instances are manually defined
Undefined VLANs fall into CIST (MST 0)
Inter Region
Details between MST Regions are not known
Different regions see each other as Virtual Bridges (Figure 11)
Simplified Inter-Region calculation
Seen as a single switch
Intra-region MSTs are collapsed into CIST
A Regional Root Bridge is elected internally per Region
CIST Root bridge is elected for all Regions (Figure 10)
Unlikely to see in a real design as scalability/hardware issues
Too many MAC addresses on network
Not enough TCAM memory etc.

Figure 10 – Multiple Regions

20/25
 Figure 11 – MST CIST 0 Virtual Bridges

MSTP Configuration
MSTP Configuration
Real configuration would need to start on Root Bridge and work out

1. Set the Spanning-Tree mode

Command:
(config)#spanning-tree mode mst
2. Enable MST globally
Command:
(config)#spanning-tree mst configuration
3. Define Region Name
Command:
(config-mst)#name <instance name>
4. Define Revision Number
Command:
(config-mst)#revision number <1 – 65535>
5. Define VLAN to instance mappings
Command:
(config-mst)#instance <instance> vlan <vlan IDs>
21/25
 To change the Root Bridge manually
Command:
(config)#spanning-tree mst <instance> priority <priority>

To change Port cost manually

Command:
spanning-tree mst <instance> cost <cost>
To change Port ID manually
Command:
(config)#spanning-tree mst <instance> port-priority <priority>

Cisco STP Toolkit

Cisco STP Toolkit

Portfast
Portfast
Configures interface type as Edge ports
Transitions directly to forwarding state
Effects TCN generation
Spanning Tree not enabled on these ports
Configured in Global mode:
Enables on all ports unless BPDUs received
Transitions to normal STP port
Command:
(config)#spanning-tree portfast default
Configured in Interface mode
Command:
(config-if)#spanning-tree portfast
(config-if)#spanning-tree portfast trunk

Uplinkfast
UplinkFast
Provides 3 to 5 seconds of convergence after a Root port link failure if alternate port
available
Could potentislly change topology as other switches may avoid uplinkfast switch as
metric set high
Not required with PVRST+ or Rapid Spanning Tree
Command:
(config)#spanning-tree uplinkfast

22/25
BackboneFast

BackboneFast
Cuts convergence time by MAX_AGE for an indirect failure
When receives inferrior BPDU
Needs to be enabled everywhere
Not required with PVRST+
Command:
(config)#spanning-tree backbonefast

BPDU Guard
BPDU Guard
Shuts down port if BPDU received
Configured in Global mode
Command:
(config)#spanning-tree portfast bpduguard default
Configured in Interface mode
Command:
(config-if)#spanning-tree bpduguard enable

BPDU Filter
BPDU Filter
Configured in Global mode
Any Portfast port receiving BPDU becomes a standard port
Command
(config)#spanning-tree portfast bpduguard default
Configured in Interface mode
Ignores BPDUs and doesn’t send any
Command:
(config-if)#spanning-tree bpdufilter enable

Root Guard
RootGuard
If receives superior BPDU than current Root Bridge, port is moved to a Root-
Inconsistent state (STP Listening)
Can not be used at the same time as LoopGuard
LoopGuard does opposite of RootGuard
Configure on downstream Designated ports
Command:
(config-if)#spanning-tree guard root

23/25
Loop Guard
Loop Guard
Similar to UDLD
If link isn’t receiving BPDUs, moves to a Loop-Inconsistent state (STP Blocking)
When receives BPDU, transitions normally
Only monitors Non-Designated ports and prevents them from becoming
Designated
Used on unidirectional links
Can not be used at the same time as RootGuard
RootGuard does opposite of LoopGuard
Configured in Global mode:
Command:
(config)#spanning-tree loopguard default
Configured in Interface mode:
Command:
(config-if)#spanning-tree guard loop

STP UDLD

UniDirectional Link Detection

Cisco proprietary feature

UDLD detects when a link is unidirectional and shuts down the affected interface
Layer 2 protocol that works with Layer 1 mechanisms
Periodically transmits UDLD packets on enabled interface
If packets are not echo’d back, link is considered unidirectional
Devices both ends must support UDLD
UDLD uses well-known MAC address 0100.0CCC.CCCC to send frames
Each switch sends its own Device ID, Originator Port ID and timeout value to
neighbor
Remote peer echos back ID of neighbor
If no frame received with device’s own ID for a certain amount of time, port
considered unidirectional
Modes:
Normal
If stops receiving UDLD message but physical port is up, changes port
state to Undetermined.
Doesn’t disable the port
More informational
Doesn’t prevent physical loops
Aggressive
Sends frames 8 times ievery seconds to attempt to re-establish UDLD
If no response port considered Unidirectional
Put in err-disable state
24/25
 Not automatically recovered unless err-disable recovery is configured
Preferred method of UDLD

Subnetwork Access Protocol (SNAP)

High Level Data-Link Control (HDLC) protocol type 0x0111
Globally disabled by default
Per-interface Fiber enabled by default
Per-interface Copper disabled by default

Flex-Links

FlexLinks in access layer

Layer 2 availability feature

Can coexist with STP
Enhancement allows convergence time of less than 50 milliseconds
Active/Standby link pair is defined on a common access switch
Interface can belong to only one flexlink
Different interface types are allowed
Loops are not detected due to no STP
Failover is 1 to 2 seconds
Supported on 4500 and 6500 series switches
Supported on Layer 2 ports and port channels
Not supported on VLAN interface or L3 ports

STP Troubleshooting Commands

Troubleshooting Commands

#show spanning-tree vlan <vlan>

#show spanning-tree root – Displays Root Bridge

#show spanning-tree detail – Shows end-to-end costs

#show spanning-tree interface detail – Shows detailed interface information on spanning

tree

25/25