Scribd
Upload
67 views162 pages

07 Spanning Tree - Details - v6 0

Uploaded by

Shabd Prakash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views162 pages

07 Spanning Tree - Details - v6 0

Uploaded by

Shabd Prakash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 162

Spanning-Tree Protocol

LAN Design

Spanning Tree Protocol (IEEE 802.1D 1998),


Rapid STP (IEEE 802.1D 2004), Cisco PVST+, MSTP
STP Tuning – LAN Network Design
Agenda
•  Spanning Tree Protocol (STP)
–  Introduction
–  Details
–  Convergence
–  Some more details
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 2


Problem Description
•  We want redundant links in bridged networks
•  But transparent bridging cannot deal with
redundancy
–  Broadcast storms and other problems
•  Solution: STP (Spanning Tree Protocol)
–  Allows for redundant paths
–  Ensures non-redundant active paths
•  Invented by Radia Perlman as general "mesh-to-
tree" algorithm
•  Only one purpose:
cut off redundant paths with highest costs

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 3


Algorhyme

I think that I shall never see


a graph more lovely than a tree
a graph whose crucial property
is loop-free connectivity.
A tree which must be sure to span
so packets can reach every lan.
first the root must be selected
by ID it is elected.
least cost paths to root are traced,
and in the tree these paths are place.
mesh is made by folks like me;
bridges find a spanning tree.

Radia Perlman

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 4


STP in Action (1)
No Broadcast Storm
DA = Broadcast
address or not-
existent host
address
1

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 5


STP in Action (2)
Bridge Failure – New STP Topology
DA = Broadcast
address or not-
existent host
address
1

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 6


Agenda
•  Spanning Tree Protocol (STP)
–  Introduction
–  Details
–  Convergence
–  Some more details
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 7


Spanning Tree Protocol
•  Takes care that there is always exact only one
active path between any 2 stations
•  Implemented by a special communication
protocol between the bridges
–  Using BPDU (Bridge Protocol Data Unit) frames with
MAC-multicast address as destination address
•  Three important STP parameters determine the
resulting tree topology in a meshed network:
–  Bridge-ID
–  Interface-Cost
–  Port-ID

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 8


Parameters for STP 1

•  Bridge Identifier (Bridge ID)


–  Consists of a priority number and the MAC-address of a
bridge
•  Bridge-ID = Priority# (2 Byte) + MAC# (6 Byte)

–  Priority number may be configured by the network


administrator
•  Default value is 32768

–  Lowest Bridge ID has highest priority

–  If you keep default values


•  The bridge with the lowest MAC address will have the highest
priority

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 9


Parameters for STP 2

•  Port Cost (C)


–  Costs in order to access local interface
–  Inverse proportional to the transmission rate
–  Default cost = 1000 / transmission rate in Mbit/s
•  With occurrence of 1Gbit/s Ethernet the rule was slightly adapted
•  May be configured to a different value by the network
administrator
•  Port Identifier (Port ID)
–  Consists of a priority number and the port number
•  Port-ID = port priority#.port#
•  Default value for port priority is 128
•  Port priority may be configured to a different value by the network
administrator

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 10


Comparison Table For Port Costs:

OriginalCost
Speed [Mbit/s] 802.1D-1998 802.1D-2004
(1000/Speed)
10 100 100 2000000
100 10 19 200000
155 6 14 (129032 ?)
622 1 6 (32154 ?)
1000 1 4 20000
10000 1 2 2000

•  Also different cost values might be used


–  See recommendations in the IEEE 802.1D-2004 standard to comply
with RSTP and MSTP
–  802.1D-2004 operates with 32-bit cost values instead of 16-bit

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 11


STP Parameter Example (1)

LAN 2 C=10 C=05

B-ID 45 B-ID 57
C=10
C=10 C=05
B-ID 42 LAN 5 C=05
C=10

B-ID 83
C=05
LAN 1
C=10

B-ID 97
LAN 3 C=05 C=05 LAN 4
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 12
Spanning Tree Algorithm Summary
•  Select the root bridge
–  Bridge with the lowest Bridge Identifier

•  Select the root ports


–  By computation of the shortest path from any non-root bridge to the
root bridge
–  Root port points to the shortest path towards the root

•  Select one designated bridge for every LAN segment


which can be reached by more than one bridge
–  Bridge with lowest root path costs on the root port side
–  Corresponding port on other side is called designated port

•  Set the designated and root ports in forwarding state

•  Set all other ports in blocking state


© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 13
STP Parameter Example (2)

LAN 2 Root Port C=10 C=05 Root Port


Designated
B-ID 45 B-ID 57 Bridge
C=10 Designated Port
C=10 C=05 Designated Port
Root
Bridge B-ID 42 LAN 5 C=05
C=10 Designated Port

B-ID 83
Root Port C=05
LAN 1
Root Port C=10
Designated Bridge Designated Bridge
for LAN 3 B-ID 97 for LAN 4
LAN 3 Designated Port C=05 C=05 Designated Port LAN 4
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 14
BPDU Format
•  Each bridge sends periodically BPDUs carried in
Ethernet multicast frames
–  Hello time default: 2 seconds
•  Contains all information necessary for building Spanning
Tree

Prot. Prot. BPDU Flags Root ID Root Bridge ID Port ID Msg Max Hello Fwd.
ID Vers. Type (R-ID) Path (O-ID) (P-ID) Age Age Time Delay
Costs
(RPC)
2 Byte 1 Byte 1 Byte 1 Byte 8 Byte 4 Byte 8 Byte 2 Byte 2 Byte 2 Byte 2 Byte 2 Byte

The Bridge I The total cost I see My own ID


regard as root toward the root

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 15


BPDU Fields in Detail (1)
–  Protocol Identifier:
–  0000 (hex) for STP 802.1D
–  Protocol Version:
–  00 (hex) for version 802.1D (1998)
–  02 (hex) for version 802.1D (2004) - RSTP
–  BPDU Type:
–  00 (hex) for Configuration BPDU
–  80 (hex) for Topology Change Notification (TCN) BPDU
–  Root Identifier:
–  2 bytes for priority (default 32768)
–  6 bytes for MAC-address
–  Root Path Costs in binary representation:
–  range 1-65535
–  Bridge Identifier:
–  Structure like Root Identifier
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 16
BPDU Fields in Detail (2)
–  Port Identifier:
–  1 byte priority (default 128)
–  1 byte port number
–  Message Age (range 1-10s):
–  Age of Configuration BPDU
–  Transmitted by root-bridge initially using zero value, each passing-
on (by designated bridge) increases this number
–  Max Age (range 6-40s):
–  Aging limit for information obtained from Configuration BPDU
–  Basic parameter for detecting idle failures (e.g. root bridge = dead)
–  Default 20 seconds
–  Hello Time (range 1-10s):
–  Time interval for generation of periodic Configuration BPDUs by root
bridge
–  Default 2 seconds

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 17


BPDU Fields in Detail (3)
–  Forward Delay (range 4-30s):
–  Time delay for putting a port in the forwarding state
–  Default 15 seconds
–  That actually means:
–  15 seconds LISTENING for allowing STP topology to
converge after a topology change
–  plus
–  15 seconds LEARNING to fill the empty MAC address table
with locally seen MAC addresses in order to avoid flooding
for any local MAC addresses
–  After that the ports are set to forwarding
–  Hello Time, Max Age, Forward Delay are specified by
Root-Bridge
–  Maximum Bridge Diameter
•  Maximum number of bridges between any two end systems is 7
using default values for hello time, forward delay and max age
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 18
BPDU Fields in Detail (4)
–  Flags (a "1" indicates the function):
–  Bit 8 ... Topology Change Acknowledgement (TCA)
–  Bit 1 ... Topology Change (TC)
–  Used in TCN BPDUs for signaling topology changes
–  TCN … Topology Change Notification
–  The bridge recognizing the topology change sends a TCN BPDU on the
root port until a CONF BPDU with TCA is received on its root port
–  Bridge one hop closer to the root passes TCN BPDU on towards the root
bridge and acknowledges locally to the initiating bridge by usage of
CONF BPDU with TCA
–  When the root bridge is reached a flushing of all bridging table is
triggered by the root bridge by usage of CONF BPDUs with TC and TCA
set
–  Now the new location (port) can be dynamically relearned by the actual
user traffic
–  Note: In case of a topology change the MAC addresses should change
quickly to another port of the corresponding bridging table
(convergence) in order to avoid forwarding of frames to the wrong port/
direction and not waiting for the natural timeout of the dynamic entry

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 19


BPDU MAC Addresses / LLC DSAP-SSAP
•  Bridges use for STP-communication:
–  Multicast address:
0180 C200 0000 hex
0180 C200 0001 to 0180 C200 000F are reserved
0180 C200 0010 hex All LAN Bridges Management Group Address
–  Note :
•  All addresses in Ethernet canonical format
–  The DSAP/SSAP of LLC header
42 hex … Bridge Spanning Tree Protocol

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 20


Selection of Root Bridge

C=10 Port 1 C=05


R-ID=42 R-ID=45 R-ID=57
RPC=0 RPC=0 RPC=0
O-ID=42
P-ID=1
O-ID=45 B-ID 45 B-ID 57 O-ID=57
C=10 Port 1 P-ID=1 P-ID=1

R-ID=45
C=10 Port 2 C=05
RPC=0
B-ID 42 O-ID=45
P-ID=2 R-ID=83
C=05
R-ID=42 C=10 Port 2 RPC=0
R-ID=83
RPC=0 RPC=0
O-ID=83
O-ID=42
P-ID=2
B-ID 83 O-ID=83
P-ID=2 P-ID=1
C=05
C=10 R-ID=97
RPC=0
R-ID=97 O-ID=97
RPC=0 B-ID 97 P-ID=2
O-ID=97
P-ID=1 C=05 C=05

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 21


Root Bridge Selected,
Triggers RPC Calculation

C=10 C=05
R-ID=42
RPC=0
O-ID=42
P-ID=1
B-ID 45 B-ID 57
C=10 Port 1
C=10 C=05
B-ID 42 Root Bridge
C=05
R-ID=42 C=10 Port 2
RPC=0
O-ID=42 B-ID 83
P-ID=2
C=05
C=10

B-ID 97
C=05 C=05

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 22


Root Port Selection based on RPC (1)

R-ID=42 C=10 RPC=10 RPC=5 C=05 R-ID=42


R-ID=42 RPC=10 RPC=5
RPC=0
O-ID=45 O-ID=57
O-ID=42
P-ID=1
P-ID=2 B-ID 45 B-ID 57 P-ID=2
C=10 Port 1
C=10 C=05
B-ID 42 RPC=0
C=05
R-ID=42 C=10 Port 2 R-ID=42
RPC=0
RPC=5 RPC=5
O-ID=42
O-ID=83 B-ID 83
P-ID=2
P-ID=1
C=05
C=10
R-ID=42 RPC=10 R-ID=42
RPC=10 RPC=10
O-ID=97 O-ID=97
P-ID=3 B-ID 97 P-ID=2
C=05 C=05

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 23


Root Port Selection based on RPC (2)

R-ID=42 C=10 Root Port Root Port C=05 R-ID=42


R-ID=42 RPC=10 RPC=5
RPC=0
O-ID=45 O-ID=57
O-ID=42
P-ID=1
P-ID=2 B-ID 45 B-ID 57 P-ID=2
C=10 Port 1
C=10 C=05
B-ID 42
C=05
R-ID=42 C=10 Port 2 R-ID=42
RPC=0
RPC=5
O-ID=42
O-ID=83 B-ID 83
P-ID=2
P-ID=1
C=05 Root Port

R-ID=42
C=10Root Port R-ID=42
RPC=10 RPC=10
O-ID=97 O-ID=97
P-ID=3 B-ID 97 P-ID=2
C=05 C=05

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 24


Designated Bridge Selection
(based on O-ID)
Designated
C=10 Bridge C=05 R-ID=42
R-ID=42 RPC=5
RPC=0
O-ID=57
O-ID=42
P-ID=1
B-ID 45 B-ID 57 P-ID=2
C=10 Port 1
C=10 C=05
B-ID 42
C=05
R-ID=42 C=10 Port 2 R-ID=42
RPC=0
RPC=5
O-ID=42
O-ID=83 B-ID 83
P-ID=2
P-ID=1
C=05

R-ID=42
C=10 R-ID=42
RPC=10 RPC=10
O-ID=97 O-ID=97
P-ID=3 B-ID 97 P-ID=2
C=05 C=05

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 25


Final Topology
RPC=10 RPC=5

C=10 Root Port Root Port C=05 R-ID=42


R-ID=42 RPC=5
RPC=0
O-ID=57
O-ID=42
P-ID=1
B-ID 45 B-ID 57 P-ID=2
C=10 Port 1 Designated Port
Designated Port C=05
RPC=0
B-ID 42 Designated
R-ID=42 C=10 Port 2 Designated Port Bridge
RPC=0
O-ID=42 RPC=5 B-ID 83
P-ID=2
C=05 Root Port

R-ID=42
C=10Root Port R-ID=42
RPC=10 RPC=10
O-ID=97 O-ID=97
P-ID=3 B-ID 97 P-ID=2
C=05 C=05

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 26


Port States
Start here
(topology changed)

Blocking Listening Learning Forwarding

Give STP time Populate bridging


to converge table for that new
topology

•  At each time, a port is in one of the following states:


–  Blocking, Listening, Learning, Forwarding, or Disabled
•  Only Blocking or Forwarding are final states (for enabled ports)
•  Transition states
–  15 s Listening state is used to converge STP
–  15 s Learning state is used to learn MAC addresses for the new topology
•  Therefore it lasts 30 seconds until a port is placed in forwarding
state

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 27


Agenda
•  Spanning Tree Protocol (STP)
–  Introduction
–  Details
–  Convergence
–  Some more details
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 28


STP Error Detection
•  The root bridge generates (triggers)
–  Every 1-10 seconds (hello time interval) a Configuration
BPDU to be received on the root port of every other bridge
and carried on through the designated ports
–  Bridges which are not designated are still listening to such
messages on blocked ports
•  If triggering ages out two scenarios are possible
–  Root bridge failure
•  A new root bridge will be selected based on the lowest Bridge-ID
and the whole spanning tree may be modified
–  Designated bridge failure
•  If there is an other bridge which can support a LAN segment this
bridge will become the new designated bridge

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 29


STP Convergence Time – Failure at
Designated Bridge
LAN 2 C=10
RP RP C=05

C=10
B-ID 45 B-ID 57
C=10 C=05
BP DP
B-ID 42 LAN 5
BP C=05
C=10

B-ID 83
C=05
LAN 1 RP

B-ID 97
LAN 3 LAN 4

•  Time = max age (20 sec) to be waited until new STP is


triggered
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 30
STP Convergence Time – Failure at
Designated Bridge – New Topology
LAN 2 C=10
RP C=05

RPC = 10
C=10
B-ID 45 B-ID 57
C=10
BP
B-ID 42 LAN 5
DP C=05
C=10 New
Designated RPC = 5 !!!
Bridge for B-ID 83
LAN 5 C=05
LAN 1 RP

B-ID 97
LAN 3 LAN 4

•  Convergence time = max age (20 sec) + 2 * forward delay


(15 sec Listening + 15 sec Learning) = 50 sec
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 31
STP Convergence Time – Failure of Root
Bridge
LAN 2 C=10
RP RP C=05

C=10
B-ID 45 B-ID 57
C=10 C=05
BP DP
B-ID 42 LAN 5
BP C=05
C=10

B-ID 83
C=05
LAN 1 RP
RP
Bridge 2
B-ID 97
LAN 3 DP DP LAN 4

•  Time = max age (20 sec) + 2*forward delay (15 sec


Listening + 15 sec Learning) = 50 sec
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 32
STP Convergence Time – Failure of Root
Bridge – New Topology
LAN 2 C=10
DP RP C=05
Port-ID=1 !!!
New Route
Bridge B-ID 45 B-ID 57
C=10 C=05
DP BP Port-ID=2
LAN 5
RP C=05

B-ID 83
C=05
LAN 1 DP
RP

B-ID 97
LAN 3 DP DP LAN 4

•  Time = max age (20 sec) + 2*forward delay (15 sec


Listening + 15 sec Learning) = 50 sec
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 33
STP Convergence Time – Failure of Root
Port
LAN 2 MAC D
RP C=05

MAC A
C=10
MAC A B-ID 57

Route DP C=05

Bridge B-ID 42 LAN 5 C=05 MAC A


BP
C=10 New
Designated
Bridge for B-ID 83
LAN 5 C=05
LAN 1 RP

B-ID 97
LAN 3 LAN 4

•  Time = max age (20 sec) has not to be waited until new
STP is triggered
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 34
STP Convergence Time – Failure of Root
Port - Interruption of Connectivity D->A
LAN 2 MAC D

Filtering for MAC A


MAC A until
C=10
MAC A B-ID 57
entry ages out data D A L2
C=05
Route RP
Bridge B-ID 42 LAN 5 MAC A
DP
C=10

B-ID 83
C=05
LAN 1 RP

B-ID 97
LAN 3 LAN 4

•  Convergence Time = 2*forward delay (15 sec Listening +


15 sec Learning) = 30 sec
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 35
STP Convergence Time – Failure of Root
Port – Topology Change Notification (TCN)
LAN 2 MAC D

MAC A
C=10
B-ID 57

Route RP
Bridge B-ID 42 LAN 5 MAC A
C=10 MAC A
TCN to flush MAC entries
in Bridging Table B-ID 83
LAN 1 RP

B-ID 97
LAN 3 LAN 4

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 36


STP Disadvantages

•  Active paths are always calculated from the root, but the
actual information flow of the network may use other
paths
–  Note: network-manager can control this via Bridge Priority, Path Costs
und Port Priority to achieve a certain topology under normal operation
–  Hence STP should be designed to overcome plug and play behavior
resulted by default values
•  Redundant paths cannot be used for load balancing
–  Redundant bridges may be never used if there is no failure of the
currently active components
–  For remote bridging via WAN the same is true for redundant WAN
links
•  Convergence time between 30 and 50 seconds
–  Note: in order to improve convergence time Rapid Spanning Tree
Protocol has been developed (802.1D version 2004)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 37


Agenda
•  Spanning Tree Protocol (STP)
–  Introduction
–  Details
–  Convergence
–  Some more details
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 38


Usage for a Port-ID
•  The Port-ID is only used as last tie-breaker
•  Typical situation in highly redundant topologies:
Multiple links between each two switches
–  Same BID and Costs announced on each link
–  Only local Port-ID can choose a single link

Both links are


BID=00-00:00-ca-fe-ba-be-77 identical but gi0/1
Root Path Cost = 0 has a lower Port-ID
Root Bridge so I will use that
gi0/1 link

gi0/2

BID=00-00:00-ca-fe-ba-be-77
Root Path Cost = 0

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 39


Importance of details…
•  Many people think STP is a simple thing – until
they encounter practical problems in real
networks
•  Important Details
–  STP State Machine
–  BPDU format details
–  TCN mechanism
–  RSTP
–  MSTP

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 40


Note: STP is a port-based algorithm
•  Only the root-bridge election is done on the
bridge-level
•  All other processing is port-based
–  To establish the spanning tree, each enabled port is either
forwarding or blocking
–  Additionally two transition states have been defined

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 41


STP State Machine: Port Transition Rules
Remained
Designated or Root
Port for more than
15 seconds
Finally starts
The three STP Still remained sending and
steps are Designated or Root
Transition States receiving
performed there Port

Root Port or
20s aging over Designated Port
Building Topology Building Bridging Table

Nondesignated Port Blocking Listening Learning Forwarding


Port disabled
or fails

Disabled
Lost Designated Link comes up
Port election Administratively down Additional 15 seconds learning state in
order to reduce amount of flooding
when forwarding begins

Port ceases to be a Root or Designated Port


Cisco: PortFast

Cisco: UplinkFast

•  STP is completely performed in the Listening state 802.1d defines port roles and states:
–  Blocking ports still receive BPDUs (but don‘t send)
Port Roles Port States
•  Default convergence time is 30-50 s Root Disabled
–  20s aging, (15+15)s transition time
Designated Blocking
•  Timer tuning: Better don't do it !
–  Only modify timers of the root bridge Nondesignated Listening
–  Don't forget values on supposed backup root bridge Learning
Forwarding

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 42


Example with L2 Switches
Three steps to create spanning tree:
1.  Elect Root Bridge (Each L2-network has exactly one Root Bridge)
2.  Elect Root Ports (Each non-root bridge has exactly one Root Port)
3.  Elect Designated Ports (Each segment has exactly one Designated Port)
To determine root port and designated port:
1.  Determine lowest (cumulative) Path Cost to Root Bridge
2.  Determine lowest Bridge ID
3.  Determine lowest Port ID

Designated Designated
Port BID=1:MAC_A Port

Cost=19 Cost=19
=> Root Port => Root Port

FE: Cost=19 BID=200:MAC_C


BID=100:MAC_B B C
Cost=19
Has lower Bridge-ID than C,
Cost=38 Cost=19 Cost=38
therefore B becomes Designated
Bridge (i. e. has Designated Port for
this segment) Designated Nondesignated
Port Port -> Blocked

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 43


Components of the Bridge-ID

Default: 32768
2 Bytes 6 Bytes

Old: Priority Lowest MAC Address

4 Bits 12 Bits 6 Bytes

New: Priority Extended System ID Lowest MAC Address

Typically derived from


To allow distinct BIDs per VLAN as Backplane or
used by Supervisor module
MSTP or Cisco per VLAN-STP

•  The recent 802.1D-2004 standard requires only 4-bits for priority


and 12 bits to distinguish multiple STP instances
–  Typically used for MSTP, where each set of VLANs has its own STP
topology
•  Therefore, ascending priority values are 0, 4096, 8192, …
–  Typically still configured as 0, 1, 2, 3 …

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 44


Detailed BPDU Format

Bytes

A TCN-BPDU only Protocol ID 2 Always zero


When first consists of these 3 Version Always zero
1
booted, fields !!!
Message Type 1 Configuration (0x00) or TCN BPDU (0x80)
Root-ID == BID
Flags 1 LSB = Topology change flag (TC), MSB = TC Ack flag (TCA)
Root ID 8 Who is Root Bridge?
If value increases, Root Path Cost 4 How far away is Root Bridge?
then the originating
Bridge ID 8 ID of bridge that sent this BPDU
bridge lost
connectivity to Root Port ID 2 Port-ID of sending bridge (unique: Port1/1=0x8001, 1/2=0x8002, ...)
Bridge Message Age Time since Root generated this BPDU
2
Maximum Age = 20 2 BPDU is discarded if older than this value (default: 20 seconds)
•  Predetermined by root bridge
•  Affect convergence time Hello Time = 2 2 Broadcast interval of BPDUs (default: 2 seconds)
•  Misconfigurations cause loops Forward Delay = 15 2 Time spent in learning and listening states (default: 15 seconds)

•  BPDUs are sent in 802.3 frames


–  DA = 01-80-C2-00-00-00
–  LLC has DSAP=SSAP = 0x42 ("the answer")
•  Configuration BPDUs
–  Originated by Root Bridge periodically (2 sec Hello Time), flow downstream

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 45


Topology Change Notification (TCN)
•  Special BPDUs, used as alert by any bridge
–  Flow upstream (through Root Port)
–  Only consists of the first three standard header fields!
–  It is transported as TCN BPDU
•  Sent upon
–  Transition of a port into Forwarding state and at least one Designated
Port exists
–  Transition of a port into Blocking state (from either Forwarding or
Learning state)
•  Sent until acknowledged by TC Acknowledge (TCA)
–  Which is actually a Conf BPDU from the upstream bridge

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 46


Topology Change Notification (TCN)
•  Only the Designated Ports of upstream bridges
processes TCN-BPDUs and send TC-Ack (TCA)
downstream
•  Finally the Root Bridge receives the TC and sends
Configuration BPDUs with the TC and TCA flag set to 1
(=TCA) downstream for (Forward Delay + Max Age = 35)
seconds
–  This instructs all bridges to reduce the default bridging table aging
(300 s) to the current Forward Delay value (15 s)
–  Thus bridging tables can adapt to the new topology

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 47


Cisco Port Fast
•  Optimizes switch ports connected to end-station devices
–  Usually, if PC boots, NIC establishes L2-link, and switch port goes
from Disabled=>Blocking=>Listening=>Learning=>Forwarding state ...
30 seconds!!!
•  Port Fast allows a port to immediately enter the
Forwarding state
–  STP is NOT disabled on that port!
•  Port Fast only works once after link comes up!
–  If port is then forced into Blocking state and later returns into
Forwarding state, then the normal transition takes place!
–  Ignored on trunk ports
•  Alternatives:
–  Disable STP (often a bad idea)
–  Use a hub in between => switch port is always active

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 48


Cisco Uplink Fast (1)
•  Accelerates STP to converge within 1-3 seconds
–  Cisco patent
–  Marks some blocking ports as backup uplink
•  Typically used on access layer switches
–  Only works on non-root bridges
–  Requires some blocked ports
–  Enabled for entire switch (and not for individual VLANs)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 49


Cisco Uplink Fast (2): The Problem
•  When link to root bridge fails, STP requires (at
least) 30 seconds until alternate root port
becomes active

BPDU
Backup root
Root

BPDU BPDU

Root Port g0/1 g0/1 blocked

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 50


Cisco Uplink Fast (3): Idea
•  When a port receives a BPDU, we know that it has a path to the root
bridge
–  Put all root port candidates to a so-called "Uplink Group"
•  Upon uplink failure, immediately put best port of Uplink group into
forwarding state
–  There cannot be a loop because previous uplink is still down

BPDU
Backup root
Root

BPDU BPDU

Root Port g0/1 g0/1 Immediately placed in forwarding state

Access Switch with


Uplink Fast

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 51


Cisco Uplink Fast (4):
Incorrect Bridging Tables
•  But upstream bridges still require 30 s to learn new
topology
•  Bridging table entries in upstream bridges may be
incorrect

MAC B is
at g1/3

Packet for Packet for


MAC B MAC B
g1/3 MAC A
g3/17

g0/1
forwaring state

MAC B
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 52
Cisco Uplink Fast (5):
Actively Correct Tables
•  Uplink Fast corrects the bridging tables of upstream bridges
•  Sends 15 multicast frames (one every 100 ms) for each MAC
address in its bridging table (i. e. for each downstream hosts)
–  Using SA=MAC: All other bridges quickly reconfigure their tables; dead
links are no longer used
–  DA=01-00-0C-CD-CD-CD, flooded throughout the network

MAC B is
at g3/17
DA=01-00-0C-CD-CD-CD
SA=MAC B Packet for
MAC B
g1/3 MAC A
Packet for g3/17
MAC B
DA=01-00-0C-CD-CD-CD
SA=MAC B

MAC B
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 53
Cisco Uplink Fast (6):
Additional Details
•  When broken link becomes up again, Uplink Fast waits until traffic is
seen
–  That is, 30 seconds plus 5 seconds to support other protocols to converge (e.
g. Etherchannel, DTP, …)
•  Flapping links would trigger uplink fast too often which causes too
much additional traffic
–  Therefore the port is "hold down" for another 35 seconds before Uplink Fast
mechanism is available for that port again
•  Several STP parameters are modified automatically
–  Bridge Priority = 49152 (don't want to be root)
–  All Port Costs += 3000 (don't want to be designated port)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 54


Cisco Backbone Fast (1)
•  Complementary to Uplink Fast
•  Safes 20 seconds when recovering from indirect
link failures in core area
–  Issues Max Age timer expiration
–  Reduce failover performance from 50 to 30 seconds
–  Cannot eliminate Forwarding Delay
•  Should be enabled on every switch!

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 55


Cisco Backbone Fast (2):
The Problem
•  Consider initial situation
•  Note that blocked port (g0/1) always remembers
"best seen" BPDU – which has best (=lowest)
Root-BID

BPDU: Root has BID=R Backup root


Root
BID=R BID=B

BPDU: Root has BID=R BPDU: Root has BID=R

Root Port g0/1 g0/1

BID=A

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 56


Cisco Backbone Fast (3):
The Problem (cont.)

•  Now backup-root bridge looses connectivity to root


bridge and assumes root role
•  Port g0/1 does not see the BPDUs from the original
root bridge any more
•  But for MaxAge=20 seconds, any inferior BPDU is
ignored

Root Backup root


BID=R BID=B

BPDU: Root has BID=R BPDU: Root has BID=B

Root Port g0/1 g0/1


No, I
remember a
BID=A better BPDU

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 57


Cisco Backbone Fast (4):
The Problem (cont.)
•  Only after 20 seconds port g0/1 enters listening state
again
•  Finally, bridge A unblocks g0/1 and forwards the better
BPDUs to bridge B
•  Total process lasts 20+15+15 seconds

Root Backup root


BID=R BID=B

BPDU: Root has BID=R BPDU: Root has BID=R

Root Port g0/1 g0/1

BID=A

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 58


Cisco Backbone Fast (5):
The Solution
•  If an inferior BPDU is originated from the local segment's
Designated Bridge, then this probably indicates an indirect failure
–  (Bridge B was Designated Bridge in our example)
•  To be sure, we ask other Designated Bridges (over our other
blocked ports and the root port) what they think which bridge the
root is
–  Using Root Link Query (RLQ) BPDU
•  If at least one reply contains the "old" root bridge, we know that an
indirect link failure occurred
–  Immediately expire Max Age timer and enter Listening state

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 59


Other CISCO STP Tuning Options
•  BPDU Guard
–  Shuts down PortFast-configured interfaces that receive BPDUs, preventing a
potential bridging loop
•  Root Guard
–  Forces an interface to become a designated port to prevent surrounding
switches from becoming the root switch
•  BPDU Filter
•  BPDU Skew Detection
–  Report late BPDUs via Syslog
–  Indicate STP stability issues, usually due to CPU problems
•  Unidirectional Link Detection (UDLD)
–  Detects and shuts down unidirectional links
•  Loop Guard

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 60


Agenda
•  Spanning Tree Protocol (STP)
–  Introduction
–  Details
–  Convergence
–  Some more details
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 61


Introduction
•  RSTP is part of the IEEE 802.1D-2004 standard
–  Originally defined in IEEE 802.1w
–  Old STP IEEE 802.1D-1998 is now superseded by RSTP

•  Computation of the Spanning Tree is identical between STP and


RSTP
–  Conf-BPDU and TCN-BPDU still remain
–  New BPDU type "RSTP" has been added
•  Version=2, type=2

•  RSTP BPDUs can be used to negotiate port roles on a particular link


–  Only done if neighbor bridge supports RSTP (otherwise only Conf-BPDUs are
sent
–  Using a Proposal/Agreement handshake

•  Designed to be compatible and interoperable with the traditional


STP – without additional management requirements

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 62


Major Features
•  BPDUs are no longer triggered by root bridge
–  Instead, each bridge can generate BPDUs independently
and immediately (on-demand)
•  Much faster convergence
–  Few seconds (typically within 1 – 5 seconds)
•  Better scalability
–  No network diameter limit
•  New port roles and port states
–  Non-Designated Port role split in Alternate and Backup
–  Root Port and Designated Port role still remain the same
–  Port state discarding instead of disabled, learning and
blocking
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 63
Port States Comparison

STP (802.1d) RSTP (802.1w) Is Port included Is Port learning


Port State Port State in active MAC addresses?
Topology?
disabled discarding No No
blocking discarding No No
listening discarding Yes No
learning learning Yes Yes
forwarding forwarding Yes Yes

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 64


Backup and Alternate Ports
•  If a port is neither Root Port nor Designated Port
–  It is a Backup Port – if this bridge is a Designated Bridge
for that LAN
–  Or an Alternate Port otherwise

Backup and Alternate Ports:

DP DP

RP RP

AP DP BP

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 65


BPDU Types (Old and New)
Configuration BPDU Topology Change BPDU RSTP BPDU
1 all set to zero means RSTP but also STP!
Protocol ID Protocol ID Protocol ID 2
Protocol Version Protocol Version Protocol Version 3 λ STP BPDU: 0000 0000 λ RSTP BPDU: 0000 0010
BPDU Type 1000 0000 BPDU Type 4
5 TCAck agree fwd learn prop TCN
6
Flags 7
Root Bridge ID Root Bridge ID
8 Port Role:
(BID of bridge (BID of bridge
9 0 0 = Unknown
believed to be the believed to be the 10 0 1 = Alternate or Backup
root by the root by the
transmitter) NOTE: transmitter)
11 1 0 = Root
The RSTP BPDU 12 1 1 = Designated
13
replaces the
14
Configuration BPDU
15
Root Path Cost and the Topology Root Path Cost 16
Change BPDU
17
18
19
20
Bridge ID Bridge ID
21
(of transmitting (of transmitting
22
bridge) bridge) 23
24
25
26 of the Port through which the message was transmitted
Port ID Port ID 27
28
Message Age Message Age λ must be less than Max Age
29
30
Maximum Age Maximum Age 20 seconds
31
32
Hello Time Hello Time 2 seconds
33
34
Forward Delay Forward Delay 15 seconds
35
1 byte Version 1 Length 36 0000 0000 indicates that there is no Version 1 protocol information present

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 66


BPDU Flag Field – New Values
–  TC and TCA were already introduced by old STP
–  Other bits were unused by old STP
–  RSTP also uses the 6 remaining bits

0 1 2 3 4 5 6 7

Topology Change ACK (TCA)


Agreement

Forwarding
Learning

Port role 00 Unknown


01 Alternate/Backup
Proposal
10 Root
Topology Change (TC) 11 Designated

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 67


Proposal/Agreement Sequence
•  Suppose a new link is created between the root
and switch A and a new switch B is inserted
Root 1. Proposal A

P1 P2

2. Agreement
P1 Designated Port
--> Forwarding State
P2 Root Port
Root A B
1. Proposal

P1 P2 P3 P4

2. Agreement
P3 Designated Port
--> Forwarding State
P4 Root Port
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 68
NEW BPDU Handling
•  Faster Failure Detection
–  BPDUs acting now as keepalives messages
•  Different to the 802.1D STP a bridge now sends a BPDU with its
current information every <hello-time> seconds (2 by default),
even if it does not receive any BPDU from the root bridge
–  If hellos are not received for 3 consecutive times, port
information is invalidated
•  Because BPDU's are now used as keepalive mechanism between
bridges
•  If a bridge fails to receive BPDUs from a neighbor, the connection
has been lost
–  Max age not used anymore
•  For listening and waiting for STP to converge

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 69


Algorithm Overview
•  Designated Ports transmit Configuration BPDUs
periodically to detect and repair failures
–  Blocking (aka Discarding) ports send Conf-BPDUs only upon topology
change
•  Every Bridge accepts "better" BPDUs
–  From any Bridge on a LAN or revised information from the prior
Designated Bridge for that LAN
•  To ensure that old information does not endlessly
circulate through redundant paths in the network and
prevent propagation of new information
–  Each Configuration Message includes a message age and a
maximum age
•  Transitions to Forwarding is now confirmed by
downstream bridge
–  Therefore no Forward-Delay is necessary!
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 70
Link Types and Edge Port
•  Shared Link (Half Duplex !!!)
–  Are not supported by RSTP (ambiguous negotiations
could result)
–  Instead slow standard STP is used here
•  Point-to-point Link (Full Duplex !!!)
–  Supports proposal-agreement process
•  Edge Port
–  Hosts reside here
–  Transitions directly to the Forwarding Port State, since
there is no possibility of it participating in a loop
–  May change their role as soon as a BPDU is seen
•  RSTP fast transition
–  Only possible on edge ports or point-to-point links
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 71
Main Differences to STP

•  BPDUs are sent every hello-time, and


not simply relayed anymore
–  Immediate aging if three consecutive BPDUs
are missing
•  When a bridge receives better
information ("I am root") from its DB,
it immediately accepts it and replaces
the one previously stored BackboneFast-like behavior:

–  But if the RB is still alive, this bridge will notify Root

the other via BPDUs

DP RP
I am root

No, you are not!


(see this BPDU)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 72


Slow Convergence with Legacy STP 1
A new link between A and Root is being added to the bridged network

New port activated,


Root
BPDUs start traveling

New port coming up on the


root will immediately cause
switch A to enter the listening
A state hence blocking all traffic
BPDU's from the root start
propagating towards the
leaves through A hence
blocking also downstream
links
B C
Current Spanning Tree

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 73


Slow Convergence with Legacy STP 2

BPDUs
Root

Very quickly, the BPDUs


from the root bridge reach
A D that immediately blocks
BPDUs
its port P1.
BPDUs BPDUs The topology has now
converged, but the
network is disrupted for
B C twice forward delay
because all switches
P1 needs time for listening
(STP convergence time)
and learning
D
BPDUs
30 seconds no network
connectivity !!!

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 74


Slow Convergence with Legacy STP 3

Root

A
New Spanning Tree

B C

P1
D

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 75


Fast Convergence with RSTP 1
A new link between A and Root is being added to the bridged network

1 Root

Both ports on link between


A and the root are put in so
called designated blocking
A as soon as they come up.

Current As soon as A receives the


roots BPDU, it blocks its
Spanning
non-edge designated ports
Tree until synchronization is
achieved. Through the
B C agreement A explicitly
authorizes the root bridge
to put its port in forwarding

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 76


Fast Convergence with RSTP 2

Root Now the link between switch A


and the root is put in forwarding
state.
The network below switch A is
still blocking until port roles are
A negotiated at the next stage
between switch A and switch B
New or A and C.
Spanning
2 Switch B and C will enter the
Tree t1
new spanning tree and A will put
its ports in the forwarding state
B C and the negotiations will proceed
between C and D

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 77


Fast Convergence with RSTP 3

Root Switch C blocks its port to D


because it root path costs of D
are better than the root path
costs of C
We have reached the final
A topology, which means that port
P1 on D ends up blocking. It's
New
the same final topology as for
Spanning the STP example.
Tree t2
But we got this topology just
time necessary for the new
B C BPDU's to travel down the tree.
No timer has been involved in
P1 this quick convergence.

3 D Convergence Time < 1 second

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 78


Rapid Transition in Detail
Basic Principle •  Legacy STP:
– 
Details
Upon receiving a (better) BPDU on a
More Details
blocked/previously-disabled port, 15+15
•  The new rapid STP is able to seconds transition time needed until
actively confirm that a port can forwarding state reached
safely transition to forwarding –  But received BPDUs are propagated
without relying on any timer immediately downstream: some bridges
configuration below may detect a new Root Port
–  Feedback mechanism candidate and also require 15+15 seconds
transition time
•  Edge Ports connect hosts –  Network in between is unreachable for 30
–  Cannot create bridging loops seconds!!!
–  Immediate transition to forwarding •  NEW: Sync Operation
possible
–  Not the Root Port candidates are blocked,
–  No more Edge Port upon receiving but the designated ports downstream—this
BPDU avoids potential loops, too!
•  Rapid transition only possible if –  Bridge explicitly authorizes upstream bridge
Link Type is point-to-point to put Designated Port in forwarding state
–  No half-duplex (=shared media) (sync)
1)  A new link is created between the root and
–  Then the sync-procedure propagates Switch A.
downstream 2)  Both ports on this link are put in a designated
blocking state until they receive a BPDU from
their counterpart.
3)  Port p0 of the root bridge sets "proposal bit"
in the BPDU (step 1)
New link 4)  Switch A then starts a sync to ensure that all
Root Bridge of its ports are in-sync with this new
Candidate RP information (only blocking and edge-ports are
currently in-sync). Switch A just needs to
block port p3, assigning it the discarding
state (step 2).
5)  Switch A can now unblock its newly selected
root port p1 and reply to the root by sending
an agreement message (Step 3, same BPDU
Candidate RP with agreement bit set)
6)  Once p0 receives that agreement, it can
immediately transition to forwarding.
7)  Now port 3 will send a proposal downwards,
and the same procedure repeats.

30 seconds
unreachable

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 79


Topology Change
BPDU with TC-bit set (green) must
first reach root which will
redistribute this information
802.1d Behavior: 802.1w Behavior:
through whole network (black)

Topology
Change:
New Link!

•  802.1d: When a bridge detects a topology change


–  A TCN is sent to towards the root
–  Root sends Conf-BPDU with TC-bit downstream (for 10 BPDUs)
–  All other bridges can receive it and will reduce their bridging-table aging time to forward-delay
seconds, ensuring a relatively quick flushing of stale information
•  RSTP: Only non-edge ports moving to the forwarding state cause a TCN
–  Loss of connectivity NOT regarded as topology change any more
–  TCN is immediately flooded throughout whole domain
–  Every bridge flushes MAC addresses and sends TCN upstream (RP) and downstream (DPs)
–  Other bridges do the same: Now, the TCN-process is a one-step procedure, as the TCNs do not
need to reach the root first and require the root for re-origination downstream

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 80


RSTP Summary
Bytes
TCA
New flags for 802.1w
TC Backup and Alternate Ports:
2 Protocol ID
1 Version
7 6 5 4 3 2 1 0
1 Message Type DP DP
1 Flags
8 Root ID
4 Root Path Cost RP RP
Proposal
8 Bridge ID
Learning
2 Port ID AP DP BP
Port Role:
2 Message Age 0 0 = Unknown
Forwarding
2 Maximum Age = 20 0 1 = Alternate/Backup
1 0 = Root
2 Hello Time = 2
Agreement 1 1 = Designated
2 Forward Delay = 15 Backbone Fast-like behavior:
•  IEEE 802.1w is an improvement of 802.1d
–  Vendor-independent (Cisco's Uplink Fast, Backbone Fast, and Port Fast are proprietary) Root
•  The three 802.1d states disabled, blocking, and listening have been merged into a unique
802.1w discarding state
•  Nondesignated ports on a LAN segment are split into alternate ports and backup ports
–  A backup port receives better BPDUs from the same switch
–  An alternate port receives better BPDUs from another switch
•  Other changes:
–  BPDU are sent every hello-time, and not simply relayed anymore.
–  Immediate aging if three consecutive BPDUs are missing
–  When a bridge receives inferior information ("I am root") from its DB, it immediately accepts it and
replaces the one previously stored. If the RB is still alive, this bridge will notify the other via BPDUs. DP RP
I am root

No, you are not!


(see this BPDU)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 81


Agenda
•  Spanning Tree Protocol (STP)
–  Introduction
–  Details
–  Convergence
–  Some more details
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 82


About
•  In over 70% of all enterprise networks you will
encounter Cisco switches
•  Cisco extended STP and RSTP with a per-VLAN
approach: "Per-VLAN Spanning Tree"
•  Advantages:
–  Better (per-VLAN) topologies possible
–  STP-Attacks only affect current VLAN
•  Disadvantages:
–  Interoperability problems might occur
–  Resource consumption (800 VLANs means 800 STP
instances)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 83


Example

Root for VLAN 1 Root for VLAN 5

Root for VLAN 8

•  Remember that root bridge should realize the center of the


LAN
–  Attracts all traffic
–  Typically servers or Internet-connectivty resides there
•  Different VLANs might have different cores
•  PVST+ allows for different topologies
–  Admin should at least configure ideal root bridge BID manually

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 84


Scalability Problem

Root for
Root for VLANs 1-200 VLANs 301-400

Root for VLANs 201-300

•  Typically the number of VLANs is much larger than the number


of switches
•  Results in many identical topologies
•  In the above example we have 400 VLANs but only three
different logical topologies
–  400 Spanning Tree instances
–  400 times more BPDUs running over the network

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 85


PVST (Classical, OLD!)
•  Cisco proprietary (of course)
•  Interoperability problems when also standard
CST is used in the network (different trunking
requirements)
•  Provides dedicated STP for every VLAN
•  Requires ISL
–  Inter Switch Link (Cisco's alternative to 802.1Q)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 86


PVST+
•  Today standard in Cisco switches
–  Default mode
–  Interoperable with CST
•  The PVST BPDUs are also called SSTP BPDUs
•  The messages are identical to the 802.1d BPDU
but uses SNAP instead of LLC plus a special
TLV at the end

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 87


PVST+ Protocol Details
•  For native VLAN on trunk, normal (untagged) 802.1d
BPDUs are sent
–  Also to the IEEE destination address 0180.c200.0000

•  For tagged VLANs, PVST+ BPDUs use


–  SNAP, OID=00:00:0C, and EtherType 0x010B
–  Destination address 01-00-0c-cc-cc-cd
–  Plus 802.1Q tag

•  Additionally a "PVID" TLV field is added at the end of the


frame
–  This PVID TLV identifies the VLAN ID of the source port
–  The TLV has the format:
•  type (2 bytes) = 0x00 0x34
•  length (2 bytes) = 0x00 0x02
•  VLAN ID (2 bytes)
•  Also usually some padding is appended

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 88


PVST+ Compatibility Issues
•  PVST+ switches can act as translators between
groups of Cisco PVST switches (using ISL) and
groups of CST switches
–  Sent untagged over the native 802.1Q VLAN
–  BPDUs of PVST-based VLANs are practically 'tunneled'
over the CST-based switches using a special multicast
address (the CST based switches will forward but not
interpret these frames)
•  Not important anymore…

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 89


Agenda
•  Spanning Tree Protocol (STP)
–  Introduction
–  Details
–  Convergence
–  Some more details
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 90


Overview
•  Also the MSTP standard contains contributions
from Cisco
–  IEEE 802.1Q-2003 (former 802.1s)
•  Solves the cardinality mismatch between the
number of VLANs and the number of useful
topologies
•  Switches are organized in Regions
•  In each Region sets of VLANs can be
independently assigned to one out of 16
Spanning Tree Instances
•  Each Instance has its own Spanning Tree
topology
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 91
Example

Root for
Root for VLANs 1-199 VLANs 300-400

Root for VLANs 200-299

•  Compared to PVST+ only three Spanning Tree


Topologies (=Instances) required
•  Each STP instance has assigned 200 VLANs
–  Each VLAN can only be member of one instance of course

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 92


MSTP Details
•  Each switch maintains its own MSTP
configuration which contains the following
mandatory attributes:
–  The configuration name (32 chars),
–  The revision number (0..65535),
–  The element table which specifies the VLAN to Instance
mapping
•  All switches in a region must have the same
attributes

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 93


Regions
•  The bridges checks attribute equivalence via a
digest contained in the BPDUs
–  Note that the attributes must be configured manually and
are NOT communicated via the BPDUs
•  If digest does not match then we have a region
boundary port
•  Regions are only interconnected by the Common
Spanning Tree (CST)
–  Instance 0
–  Uses traditional 802.1d STP

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 94


Region Example

Region C Region B

Root Bridge for CST


(i. e. for the whole region)

Region A

•  Only the logical STP topologies are shown (not the physical links)
•  Each region has internal STP instances (red and blue)
•  One CST instance interconnects all regions (black)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 95


Note
•  When enabling MSTP, per default the CST
(instance zero) has all VLANs assigned
•  Each region must be MSTP-aware
–  Since only a subset of VLANs is assigned to the CST
–  Old-STP switched always create a general (all-VLAN)
topology
–  Don't let MSTP-unaware switch become root bridge

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 96


Agenda
•  Spanning Tree Protocol (STP)
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design
–  Design Considerations
–  Design Solution – Best Practices
–  Failover Handling
–  Advanced Techniques - Teaming
–  LAN – WAN Interconnection

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 97


Design Principles
•  Avoiding of “Single Point of Failure”
–  Physical link failure
•  Access link
•  Trunk link (LAN or WAN)
–  Network component failure
•  L2 Switch
•  Router, DHCP Server, DNS Server, Production Server
•  Load balancing in normal situations
•  Server with two or more NIC’s
–  OS must support parallel operation and/or switch over
between cards
•  Clients with two network outlets
–  Two NIC’s and special OS aspects may not economically
be justified
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 98
Physical Layer

WAN-Domain

2 central switches
S1 S2
10GE FO with GEC

LAN-Domain

1GE FO 10GE FO

1GE FO 1GE FO 2 server switches


2 workgroup for server farm
switches on every
floor

FE CU (100m limit) GE CU (100m limit)

Server with 2 NIC’s (2


Network outlets – at least 2 in every room
MAC addresses)
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 99
Spanning Tree Problem Plug & Play 1

S1 S2
10GE FO

1GE FO 10GE FO

1GE FO 1GE FO

Root
Bridge

GE CU
FE CU

One Single VLAN

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 100


Spanning Tree Problem Plug & Play 2

S1 S2
10GE FO

1GE FO 10GE FO

1GE FO

Root
Bridge
Slower trunks are taken and
GE CU
5 hops must be passed in
FE CU
order to reach the server
Possible packet path for packet
coming from inside
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 101
Spanning Tree Problem Plug & Play 3

S1 S2
10GE FO

1GE FO 10GE FO

1GE FO

Root
Bridge
Slower trunks are taken and
GE CU
4 hops must be passed in
FE CU
order to reach the server
Possible packet path for packet
coming from outside
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 102
Figure Out STP in Complex Scenarios

S1 S2

Therefore to limit the complexity


of STP design and the amount of
hops for reaching an other
device on LAN or WAN a layered
design is necessary
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 103
Figure Out STP in Complex Scenarios
Spanning Tree – Good Luck

Root
Bridge
S2
S1

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 104


Figure Out STP in Complex Scenarios
Spanning Tree – Bad Luck with Bridge IDs

ID = 16 ID = 29
S1 S2

ID = 36

Root ID = 22
Bridge ID = 19 ID = 15 ID = 13
ID = 12

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 105


Spanning Tree Problem Unequal Load
Balancing with Single VLAN

Most trunks of S2
S1 = Root Bridge
10GE FO
are unused

1GE FO 10GE FO

1GE FO 1GE FO

Faster trunks are taken and


GE CU
only 3 hops must be passed
FE CU
in the worst case
One Single VLAN

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 106


Improvement on Trunk S1 – S2 by Using
GEC / LCAP

Most trunks of S2
S1 = Root Bridge
are unused
10GE FO with GEC

1GE FO 10GE FO

1GE FO 1GE FO

Faster trunks are taken and


GE CU
only 3 hops must be passed
FE CU
in the worst case
One Single VLAN

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 107


Agenda
•  Spanning Tree Protocol (STP)
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design
–  Design Considerations
–  Design Solution – Best Practices
–  Failover Handling
–  Advanced Techniques - Teaming
–  LAN – WAN Interconnection

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 108


Best Practices
•  Build at least two separated VLAN's
–  In case of IP that means two IP subnets
•  How to achieve?
–  Per VLAN STP (Cisco)
–  MIST (Multiple Instances Spanning Tree)
•  IEEE 802.1d
•  Tune STP parameters
–  In order to use all trunks and all switches in a similar way

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 109


Build STP for VLAN 1

Mac A
S1 = Root Bridge S2
Red VLAN
Mac A

Mac A

W1 W2 WX WY Mac A F2
F1
Mac A

Mac A

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 110


Build STP for VLAN 2

Mac B
S1 S2 = Root Bridge
Mac B Blue VLAN

Mac B Mac B

W1 W2 WX WY F1 F2

Mac B

Mac B

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 111


Solution – Load Balancing using 2 VLAN's

S1 S2

W1 W2 WX WY F1 F2

Load balancing on every trunk if


clients are equally distributed to
workgroup switches and perform
with similar statistic to server farm

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 112


Agenda
•  Spanning Tree Protocol (STP)
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design
–  Design Considerations
–  Design Solution – Best Practices
–  Failover Handling
–  Advanced Techniques - Teaming
–  LAN – WAN Interconnection

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 113


Link Failure (Trunk) 1

Mac B
S1 S2
Mac B

Mac B Mac B

W1 W2 WX WY F1 F2

Mac B

Trunk W1-S2 is down


Red VLAN is not affected

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 114


Link Failure (Trunk) - Solution 2

Mac B
S1 S2
Mac B

Mac B Mac B

W1 W2 WX WY F1 F2

Mac B STP for Blue VLAN will converge to


trunk via W1-S1
Trunk of W1-S1 will additionally
take the load of all affected PC’s
S1, S2 switches will learn MAC
addresses of PC’s with first frames
sent by the PC’s (TCN may help)
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 115
Switch Failure (Access) 1

Mac B Mac A
S1 S2
Mac B

Mac A

Mac B Mac A Mac B

W1 W2 WX WY Mac A F2
F1
Mac A
Mac B

Switch W1 is down
Red VLAN is not affected if
PCs are connected to W2

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 116


Switch Failure (Access) - Solution 2

Mac B
S1 S2

Mac B

Mac B Mac B

W2 WX WY F1 F2

Mac B
Switch PC to the other network
outlet of the given VLAN (Blue)
W2, S2 will learn MAC address of
PC with first frame sent by this PC
and trunk of W2-S2 will take the
additional load of this PC
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 117
Link Failure (Access) 1

Mac B
S1 S2
Mac B

Mac B Mac B

W1 W2 WX WY F1 F2

Mac B

Link to W1 is down

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 118


Link Failure (Access) - Solution 2

Mac B
S1 S2

Mac B

Mac B Mac B

W1 W2 WX WY F1
F1 F2

Mac B
Switch PC to the other network
outlet of the given VLAN (Blue)
W2, S2 will learn MAC address of
PC with first frame sent by this PC
and trunk of W2-S2 will take the
additional load of this PC
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 119
Switch Failure (Central) 1

Mac B
S1 S2
Mac B

Mac B Mac B

W1 W2 WX WY F1 F2

Mac B

Switch S2 is down
Red VLAN is not affected if
PCs are connected to W2

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 120


Switch Failure (Central) - Solution 2

S1
Mac B

Mac B Mac B
Mac B

W1 W2 WX WY F1 F2

Mac B
STP for Blue VLAN will converge to
new root bridge S1;
All trunks will additionally take the
load of all blue PC’s and all
switches will learn MAC address of
blue PC with first frames sent;
special care for WAN traffic !!!
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 121
Trunk Failure (F-Switches) 1

Mac D
S1 S2
Mac D

Mac D

Mac D

W1 W2 WX WY F1 F2

Mac D

Trunk F1-S2 is down


Red VLAN is not affected

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 122


Trunk Failure (F-Switches) - Solution 2

Mac D
S1 S2
Mac D

Mac D

Mac D

W1 W2 WX WY F1 F2

STP for Blue VLAN will converge to Mac D


trunk via F2-S1
Trunk of F2-S1 will additionally
take the load of all affected PC’s
S1, S2 switches will learn MAC
address of server with first frame
sent by the server (TCN may help)
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 123
Switch Failure (F-Switches) 1

Mac D
S1 S2
Mac D

Mac D

Mac D

W1 W2 WX WY F1 F2

Mac D

Switch F2 is down
Red VLAN is not affected

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 124


Switch Failure (F-Switches) - Solution 2

Mac D
S1 S2
Mac D

Mac D

Mac D

W1 W2 WX WY F1
Switch server to the other network
outlet of the given VLAN (Blue);
In the meantime the server is still
reachable via second port!!!
S2 will learn MAC address of
server with first frame sent by this
server and trunk of F1-S2 will
finally take the load to the server
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 125
Link Failure (F-Switches) 1

Mac D
S1 S2
Mac D

Mac D

Mac D

W1 W2 WX WY F1 F2

Mac D

Switch F2 is down
Red VLAN is not affected

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 126


Link Failure (F-Switches) - Solution 2A

Mac D
S1 S2
Mac D

Mac D

Mac D

W1 W2 WX WY F1 F2

Switch server to the other network


outlet of the given VLAN (Blue);
In the meantime the server is still
reachable via second port!!!
S2 will learn MAC address of
server with first frame sent by this
server and trunk of F1-S2 will
finally take the load to the server
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 127
Link Failure (F-Switches) - Solution 2B

Mac D
S1 S2
Mac D

Mac D

Mac D

W1 W2 WX WY F1 F2

Switch server to the other network


outlet of the given VLAN (Blue);
In the meantime the server is still
reachable via second port !!!
Blue clients must go via router !!!

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 128


Agenda
•  Spanning Tree Protocol (STP)
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design
–  Design Considerations
–  Design Solution – Best Practices
–  Failover Handling
–  Advanced Techniques - Teaming
–  LAN – WAN Interconnection

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 129


Server Connections to F-Switches –
Advanced Techniques

S1 S2

F1 F2

Outlet for F-switch failure


Outlet for link failure
Outlet for normal
operation
Standby NIC’s: can take
over MAC address of
normal NIC (OS support!!!)
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 130
Switch Failure (F-Switches)

S1 S2

F1 F2

Outlet for normal Red VLAN not affected


operation
Server switches to blue backup
NIC – special NIC needed

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 131


New Server Connection for Blue VLAN to F-
Switches

S1 S2

F1 F2
F1 learns MAC of server’s
blue backup NIC
Server switches to blue backup
NIC – special NIC needed
Outlet for normal
operation

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 132


Link Failure (F-Switches)

S1 S2

F1 F2

Outlet for normal Blue VLAN not affected


operation

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 133


New Server Connection for Blue VLAN to F-
Switches

S1 S2

F1 F2

F2 learns MAC of server’s


red backup NIC

Outlet for normal


operation

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 134


Configuration Options for Redundant NIC
VLAN Blue / IP NET Blue VLAN Blue / IP NET Blue

Type-A Type-B

only one NIC active, the


other NIC in standby (will both NIC’s active,
take over in case of failure) load balancing possible

1 server IP address and 1 server MAC 2 server IP addresses and 2 server MAC
address, 1 Default Gateway addresses, 1 Default Gateway, strategy which
NIC to use is necessary

VLAN Red / IP NET Red VLAN Red / IP NET Red

VLAN Blue / IP NET Blue VLAN Blue / IP NET Blue

Type-C
Type-D both NIC’s active and
connected to internal router,
both NIC’s active, load balancing via routing
load balancing possible protocol is possible

2 server IP addresses and 2 server MAC 1 server IP addresses on the loopback


addresses, 2 Default Gateways, strategy which interface, which connects the server to the
NIC to use is necessary internal router
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 135
Redundant NIC Type-A, Intel Teaming 1
Normal In case of
operation primary failure
Intel Teaming Basic AFT (Adapter Fault Tolerance) Feature;
one primary adapter, up to 7 secondary adapters
primary for transmitting and receiving all traffic from and to the
unique server MAC address;
multicast/broadcast probes to ensure a secondary adapter is
available, therefore all links are physically active and all
p s p s secondary adapters have their own MAC address;
secondary will take over in case primary fails that means it
starts sending traffic with the server MAC address and
receiving traffic for the server MAC address;
STP must be switched off
Normal In case of
operation primary failure
Intel Teaming SFT /Switch Fault Tolerance) Feature;
one primary adapter, one secondary adapter
primary for transmitting and receiving all traffic from and for the
unique server MAC address;
multicast/broadcast probes to ensure a secondary adapter is
available, therefore all links are active and all secondary
p s p s adapters have their own MAC address;
secondary will take over in case primary fails that means it
starts sending traffic with the server MAC address and
receiving traffic for the server MAC address;
STP must be switched on

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 136


Redundant NIC Type-A, Intel Teaming
Intel Teaming ALB (Adaptive Load balancing) Feature;
one primary adapter, up to 7 secondary adapters
primary for receiving all traffic to the unique server MAC
??? address and unique server IP address;
secondary are used for balancing the load for transmit traffic;
all links are active and all secondary adapters have their own
MAC address;
p s secondary send with their own MAC address and will not
answer ARP Requests to the server IP address;
thus the server MAC address will not be seen on switch ports
p s leading to secondary adapters
(? Doing so will not solve the ARP cache problem of the client-
PCs because every received Ethernet frame at the client-PC will
refresh/change the ARP cache ?)

Intel Teaming RLB (Receiver Tolerance) Feature;


??? same as ALB, but now secondary answer ARP requests based
on a internal scheduling decision hence populating the ARP
cache of different client-PCs with different MAC addresses for
the same unique server IP address;
Tricky procedure in case the server itself sends an ARP request
p s for a client with its unique server MAC address -> client-PC ARP
caches would be refreshed and traffic would be directed to the
primary -> hence appropriate ARP replies must be sent out to
p s correct ARP cache again
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 137
Redundant NIC Critical Aspect

In case of active / standby it is important that both sides (PC and the switch(es))
have the same sight who is active and who is standby (symmetric view)

switch sees this

server sees this

switch sees this

server sees this

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 138


Intel Advanced Network Services
Software (ANS)
•  What is Intel ANS?
–  Implemented as an
intermediate driver in
the servers driver
stack
–  Windows and Linux
supported

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 139


Teaming Features
•  Fault Tolerance
–  1 or more secondary adapter take over if primary fails
•  Link Aggregation
–  Combine multiple adapters into a single channel
–  Bandwidth increase only available to multiple destination
addresses
–  Must be supported by connected switch!
•  Load balancing
–  Distribution of transmission and reception load among
aggregates network adapters
–  Agent in ANS analyzes traffic and distributes the packets
based on destination addresses

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 140


Teaming Modes 1
•  Adapter Fault Tolerance (AFT)
–  2-8 adapter supported
–  If primary fails -> secondary takes over
–  All adapters must be connected to same network
•  Switch Fault Tolerance (SFT)
–  Failover relationship between 2 Adapters connected to
different switches
–  STP must be enabled on the switches
–  STP must be disabled on connected Ports

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 141


Teaming Modes 2
•  Adaptive Load Balancing (ALB)
–  Load balancing of transmit traffic
–  Receive Load Balancing (RLB) is advanced feature –
enabled by default
•  Static Link Aggregation (SLA)
–  IEEE 802.3ad static and dynamic mode
•  Needs compatible switch!
–  Intel Link Aggregation (LA), Cisco Fast EtherChannel
(FEC), Gigabit EtherChannel (GEC) replaced by static link
aggregation mode
–  2-8 Adapters – all ports same speed
–  Incorporates AFT and ALB modes

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 142


Teaming Features and Modes

Features Modes

AFT ALB RLB SLA Dynamic 802.3ad


LACP
Fault Tolerance X X X X X

Link Aggregation X X X X

Load Balancing Tx Tx/Rx Tx/Rx Tx/Rx

Layer 3 Address X IP only X X


Aggregation
Layer 2 Address X X
Aggregation
Mixed Speed Adapters X X

source: http://www.intel.com/support/network/sb/cs-009747.htm

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 143


Details – How does it work
•  How To Detect State And Health Of Adapters
–  Probe Packets
•  Adapters send and receive them to determine presence and state
of other adapters
•  Either broadcast or multicast – configurable in software
–  Activity Based Tolerance
•  If probe packets are not used or do not reach their destination ->
sensing activity on the line
–  Link Based Tolerance
•  Used if neither probe packets nor activity based tolerance are
available or successful

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 144


Probe Packets Details
•  2 different types of user configurable probes
•  Each member uses 2 flags – Send and Receive –
to track status
•  When adapter sends probe sets both flags to
Pending state
•  When packet is received by a member of same
team – it sets its receive flag to
ReceiveComplete and sets sending Flag to
SendComplete
•  If Primary Adapter is set to disabled ->
Secondary Adapter takes this role – new
Secondary will be elected
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 145
Server Load Balancing Methods
•  Adaptive Load Balancing (ALB)
–  Receive Load Balancing (RLB) is a subset of ALB
–  Transmit Traffic balanced by Hash Table of last Octet of
receivers IP address
–  New Dataflows are assigned to least loaded team
member
–  After timeout of load bal. timer Dataflows are rebalanced
–  ALB without RLB uses Primary Team Members MAC in
ARP Reply Packets
–  Send Packets include Team Members MAC as source
–  Failover: Secondary Adapter gets MAC of Primary
–  Do not Hotplug Primary and reuse somewhere else until
Server Reboot
© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 146
Receive Load Balancing (RLB)
•  When receiving ARP Request -> Intel ANS
answers with MAC Address of the port which is
chosen to service this client
•  Clients are allocated in a “Round-Robin” manor
•  RLB client table is refreshed after
ReceiveBalancing Interval
•  OS ARP requests are send through primary port
–  Receive load collapses to primary
–  ANS sends gratuitous ARP to all clients in hash to restart
RLB

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 147


Static Link Aggregation (SLA)
•  All Ports share same MAC Address
•  For the switch this is a single link
•  No designated primary port in the team
•  Links must be same speed
•  Switch handles receive load balancing

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 148


802.3ad Dynamic Mode
•  All members share same MAC
•  Switch ports must use LACP protocol
•  Switch communicates with Intel ANS to add or
remove members of team
•  No designated primary – but first teamed port is
initiator to switch
•  Removal of Initiator could lead to packet loss
•  To avoid this -> preconfigure the switch ports for
added or removed members

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 149


Teaming Modes Comparison

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 150


Agenda
•  Spanning Tree Protocol (STP)
•  Rapid Spanning Tree Protocol (RSTP)
•  Cisco PVST, PVST+
•  Multiple Spanning Tree Protocol (MSTP)
•  Spanning Tree Tuning – LAN Design
–  Design Considerations
–  Design Solution – Best Practices
–  Failover Handling
–  Advanced Techniques - Teaming
–  LAN – WAN Interconnection

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 151


LAN – WAN Interconnection
VLAN Interconnection
•  Now let us look to Layer 3 (IP)
•  We need routers
–  For connecting the two VLANs
–  For connecting the LAN infrastructure of a site to the WAN
infrastructure
•  Be very careful to differentiate between
–  L1 look of your network
–  L2 look of your network (VLAN, STP)
–  L3 look of your network (IP, ARP)

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 152


Router Connections 1

R1 Two physical interfaces: R2


one for VLAN Red
one for VLAN Blue

VLAN Red VLAN Blue VLAN Red VLAN Blue

S1 S2

W1 W2 WX WY F1 F2

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 153


Router Connections 2

R1 R2
One physical interface:
Router “on a stick”
with 802.1Q Tagging

S1 S2

W1 W2 WX WY F1 F2

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 154


Layer 3 View Dual Homed Server

WAN-Domain

R1 R2

VLAN Red IP Subnet Red

VLAN Blue

IP Subnet Blue

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 155


Layer 3 View Dual Homed Server
NET-ID, IP Addressing

WAN-Domain

R1 R2
IP: 192.168.1.251/24 IP: 192.168.2.253/24 IP: 192.168.1.252/24 IP: 192.168.2.254/24
Mac: R1_Red Mac: R1_Blue Mac: R2_Red Mac: R2_Blue

IP NET-ID Red: 192.168.1.0/24

VLAN Red IP: 192.168.1.1/24


Mac: S1_Red

IP: 192.168.2.253/24 IP: 192.168.2.1/24


Mac: R2_Blue VLAN Blue Mac: S1_Blue

IP NET-ID Blue: 192.168.2.0/24

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 156


Layer 3 View Dual Homed Server
Routing Table, ARP Cache
Routing Table R1
192.168.1.0/24 Int Vlan Red
R1 R2
192.168.2.0/24 Int Vlan Blue ARP-Cache R1 Red
…… IP Next Hop 192.168.1.1 MAC S1_Red
…… IP Next Hop …… ……

IP: 192.168.1.251/24
Mac: R1_Red
IP NET Red: 192.168.1.0/24

IP: 192.168.1.1/24
Mac: S1_Red

ARP-Cache Client PC Red Routing Table Client PC Red


192.168.1.1 MAC S1_Red 192.168.1.0/24 Int Vlan Red
192.168.1.251 MAC R1_Red 0.0.0.0/0 192.168.1.251

IP NET Blue: 192.168.2.0/24

© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 157


Layer 3 Load Balancing to WAN
Using HSRP

Left WAN-Domain Right

R1 R2
Red VLAN: Blue VLAN: Red VLAN: Blue VLAN:
VR_GR_1 VR_GR_3 VR_GR_2 VR_GR_4
SR_GR_2 SR_GR_4 SR_GR_1 SR_GR_3

Default-GW: Default-GW:
VR_GR_1 VR_GR_2

Default-GW: VR_GR_1 Default-GW: VR_GR_2

Right Domain
Left Domain Default-GW: Default-GW:
VR_GR_3 VR_GR_4

Default-GW: VR_GR_3 Default-GW: VR_GR_4


© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 158
Layer 3 Simple Backup to WAN
Using HSRP 1

WAN-Domain

R1 R2
Red VLAN: Blue VLAN: Red VLAN: Blue VLAN:
VR_GR_1 VR_GR_4 SR_GR_1 SR_GR_4

Default-GW: Default-GW:
VR_GR_1 VR_GR_1

Default-GW: VR_GR_1 Default-GW: VR_GR_1

Default-GW: Default-GW:
VR_GR_4 VR_GR_4

Default-GW: VR_GR_4 Default-GW: VR_GR_4


© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 159
Layer 3 Simple Backup to WAN
Using HSRP 2

WAN-Domain

R1 R2
Red VLAN: Blue VLAN:
VR_GR_1 VR_GR_4

Default-GW: Default-GW:
VR_GR_1 VR_GR_1

Default-GW: VR_GR_1 Default-GW: VR_GR_1

Default-GW: Default-GW:
VR_GR_4 VR_GR_4

Default-GW: VR_GR_4 Default-GW: VR_GR_4


© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 160
Layer 3 Simple Backup &
Load Balancing WAN Using HSRP 1

WAN-Domain

R1 R2
Red VLAN: Blue VLAN: Red VLAN: Blue VLAN:
VR_GR_1 SR_GR_4 SR_GR_1 VR_GR_4

Default-GW: Default-GW:
VR_GR_1 VR_GR_1

Default-GW: VR_GR_1 Default-GW: VR_GR_1

Default-GW: Default-GW:
VR_GR_4 VR_GR_4

Default-GW: VR_GR_4 Default-GW: VR_GR_4


© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 161
Layer 3 Simple Backup &
Load Balancing WAN Using HSRP 2

WAN-Domain

R1 R2
Red VLAN: Blue VLAN:
SR_GR_1 VR_GR_4

Default-GW: Default-GW:
VR_GR_1 VR_GR_1

Default-GW: VR_GR_1 Default-GW: VR_GR_1

Default-GW: Default-GW:
VR_GR_4 VR_GR_4

Default-GW: VR_GR_4 Default-GW: VR_GR_4


© 2016, D.I. Lindner / D.I. Haas Spanning-Tree Details, v6.0 162

You might also like