Spanning Tree Protocol4-*
Builds loop-free paths in redundant Layer 2 networks
Automatically rebuilds tree when topology changes
B
A
Bridge ID: Unique identifier for each switch
Root bridge: Switch with lowest bridge ID
Root port: Port closest to root bridge
Designated bridge: Switch representing the LAN segment
Designated port: Designated bridge’s port on the LAN segment
Bridge protocol data unit (BPDU): Packets used to exchange
information between switches
Configuration BPDU
*
Port states:
Listening
Port is transitioning and will be used in active topology
Learning
Port is transitioning, switch is learning MAC addresses
Forwarding
*
Switches exchange BPDUs
Root bridge is elected based on BPDU information
Criterion for election is bridge ID, which includes a configurable
priority and a unique identifier
The election process reviews priority first; lowest priority
wins
If priority values are the same, unique device identifiers are
reviewed; lowest identifier wins
A1 is elected as the root bridge based on BPDU information
A
B
A3
A1
A2
Root
Building a Spanning Tree (2 of 3)
Port role is determined by the least-cost path calculation to the
root bridge; port state is determined by the port role
Ports on root bridge assume designated port role and forwarding
state
Root ports on nonroot switches are placed in forwarding state
Designated ports on designated bridges are placed in forwarding
state
All other ports are placed in blocking state
A
B
A3
A1
A2
Tree is considered fully converged
All traffic flows through the root bridge (A1)
A
B
A1
A2
A3
Root
F
F
F
F
F
F
Steps:
Bridge E sends TCN
continues every 2 seconds until the
TCN ACK is received on the root port
Bridge B acknowledges TCN
Bridge B sends TCN
Bridge A acknowledges TCN
Steps (contd.):
Root bridge sets topology change (TC) flag and sends updated
configuration BPDU
Bridges B and C relay TC flag
to downstream switches
table aging timer to equal forwarding delay time
(default: 15 seconds)
*
First defined in IEEE 802.1w; later incorporated into IEEE
802.1D-2004
Convergence improvements include:
Point-to-point link designation
Edge port designation
*
Alternate port:
Blocks traffic while receiving superior BPDUs from neighboring
switch
Backup port:
Provides redundant path to a segment (designated switches
only)
Blocks traffic while a more preferred port functions as designated
port
RSTP continues to use root and designated port roles
(Root)
RSTP Port States
RSTP (802.1D-2004) uses fewer states than STP (802.1D-1998) but has
the same functionality
Alternate, backup, and disabled ports
Root and designated ports
Act as keepalives
RSTP bridges send BPDUs every hello time (default of 2
seconds)
Provide faster failure detection
If no BPDU is received within 3 times the hello interval
*
Takes 30 seconds before ports start forwarding traffic
after being enabled
Uses proposal/agreement handshake on point-to-point links instead
of timers
Root and edge ports transition to forwarding state
immediately
Nonedge-designated ports transition to forwarding state once
explicit agreement is received
*
Topology Change Reconvergence
Topology changes occur only when nonedge ports transition to the
forwarding state
Port transitions to the discarding state no longer trigger
TCN
TCNs are flooded out all designated ports as well as out the root
port by the initiator
Switches flush the majority of MAC addresses in the MAC address
forwarding table
MAC addresses learned from edge ports are not flushed
*
When an indirect link failure occurs:
Switch A’s root port fails; it assumes it is the new root
Switch B receives inferior BPDUs from Switch A; it moves the
alternate port to the designated port role
Switch A receives superior BPDUs, knows it is not the root, and
designates the port connecting to Switch B as the
root port
When a direct link failure occurs:
The alternate port transitions to the forwarding state; it assumes
the new root port role following the failure of the old root
port
Switches running RSTP send MAC flush messages out of the new root
port to trigger upstream switches to relearn the MAC
addresses
Root
R
R
D
A
STP and RSTP interoperability considerations:
If switch supports only the 802.1D-1998 STP protocol, it discards
any RSTP BPDUs received
*
Originally defined in IEEE 802.1s; later merged into IEEE
802.1Q-2003
Provides extensions to RSTP
Separate topology tree for each MSTI
Resource friendly—maps VLANs to one or more instances; provides for
load balancing over available links
All links are utilized
F
F
F
*
Multiple Spanning Tree Region
An MST region is a group of switches with the same region name,
revision level, and VLAN-to-instance mapping
Max of 64 MSTIs per region
One regional root bridge per instance
Backward compatible with STP and RSTP through common spanning tree
(CST)
MST
One root bridge for CST
Each MST region appears as a virtual bridge
Common and internal spanning tree (CIST) extends CST into
regions
CST
CST =
Blocking =
B
B
B
STP summary:
STP (802.1D-1998) is used in Layer 2 networks to prevent logical
loops
Automated—user selects root switch and STP does the rest
STP is slow to converge and can be difficult to troubleshoot
RSTP (802.1D-2004) reduces link-convergence time to subseconds on
point-to-point links
STP and RSTP support a single STP instance
Lacks load-balancing mechanism; creates underutilized links
MSTP (802.1Q-2003) supports up to 64 instances
Overcomes the shortcomings of a single spanning tree
*
bridge-priority Priority of the bridge (in increments of 4k -
0,4k,8k,..60k)
disable Disable STP
forward-delay Time spent in listening or learning state (4..30
seconds)
hello-time Time interval between configuration BPDUs (1..10
seconds)
> interface
> traceoptions Tracing options for debugging protocol
operation
[edit protocols stp]
*
Excludes interface from participating in RSTP
Default priority value (used to influence downstream device’s
least-cost path calculation to root bridge—lower is better)
Default interface mode for interfaces operating in full-duplex
mode
Default interface mode for interfaces operating in half-duplex
mode
Default cost value for interfaces operating at 1 Gbps
Default value for interfaces that do not connect to
STP-enabled devices
user@switch> show spanning-tree ?
mstp Show Multiple Spanning Tree Protocol information
statistics Show STP statistics
user@switch> show spanning-tree bridge
Time since last topology change : 72 seconds
Local parameters
Root Port
user@switch> show spanning-tree interface
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/10.0 128:523 128:523 32768.0019e2507c00 20000 BLK ALT
ge-0/0/11.0 128:524 128:524 32768.0019e2507c00 20000 BLK ALT
ge-0/0/12.0 128:525 128:525 32768.0019e2507c00 20000 BLK ALT
ge-0/0/13.0 128:526 128:526 32768.0019e2503fe0 20000 FWD ROOT
ge-0/0/14.0 128:527 128:527 32768.0019e2503fe0 20000 BLK ALT
ge-0/0/15.0 128:528 128:528 32768.0019e2503fe0 20000 BLK ALT
user@switch> show spanning-tree statistics interface
Interface BPDUs sent BPDUs received Next BPDU
transmission
*
user@switch> show spanning-tree ?
mstp Show Multiple Spanning Tree Protocol information
statistics Show STP statistics
MSTP configuration information
Context identifier : 0
Region name : reg1
0 0,31-4094
1 1-10
2 11-20
3 21-30
*
Interfaces and associated details are listed by instance
user@switch> show spanning-tree interface
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/10.0 128:523 128:523 32768.0019e2507c00 20000 BLK ALT
…
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/13.0 128:526 128:526 4097.0019e25082e0 20000 FWD DESG
Spanning tree interface parameters for instance 2
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-0/0/14.0 128:527 128:527 12290.0019e2503fe0 20000 FWD ROOT
…
*
user@switch> show spanning-tree bridge
Root ID : 32768.00:19:e2:50:3f:e0
Root cost : 0
Root port : ge-0/0/13.0
MSTI regional root : 4097.00:19:e2:50:82:e0
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
*
Problem:
Bridge applications running on PCs or “personal” switches can
generate BPDU
STP, RSTP, or MSTP running on an EX switch could detect those BPDUs
and trigger STP miscalculations, leading to network outages
Solution:
*
BPDUs
BPDUs
To verify BPDU protection functionality:
Use the show spanning-tree interface command before and after
enabling the BPDU protection feature in STP-running switch
Use the show ethernet-switching interfaces command in a non-STP
switch
Watch for state changes, role changes, or both in the output:
FWD state transitions to BLK
DESG role transitions to DIS (loop inconsistent)
unblocked transitions to blocked
To unblock the interface:
Use the clear ethernet-switching bpdu-error operational mode
command
*
The problem:
Switch hardware and configuration errors could cause an interface
to transition to the blocking state and stop receiving BPDUs
This transition could lead to erroneous interface transitioning
from the blocking state to the forwarding state, resulting in loops
and network outages
The solution:
Enable loop protection on all switch interfaces that have a chance
of becoming root or designated ports
Once enabled, designated ports receive BPDUs, the interface
transitions to a loop-inconsistent state
*
To verify loop protection functionality:
Use the show spanning-tree interface command before and after
enabling the loop protection feature
Watch for state changes, role changes, or both in the interface
output
BLK state remains BLK
ALT role transitions to DIS (loop inconsistent)
*
The problem:
Bridge applications running on PCs can generate BPDUs and interfere
with root port election
Erroneous root port election on a switch
The solution:
Enable root protection on the switch interfaces that should not
receive superior BPDUs from the root bridge and should not be
elected as the root port
The interfaces become designated ports
Once a superior BPDU arrives on a port with root protection
enabled, the port transitions to inconsistency state, blocking the
interface
*
To verify root protection functionality:
Use the show spanning-tree interface command before and after you
enable the root protection feature
Receipt of superior BPDUs on the watched interface triggers root
protection
FWD state changes to BLK
DESG role transitions to DIS (loop inconsistent)
*
Redundant Trunk Group
Redundant trunk group:
Provides quick and simple failover mechanism for redundant Layer 2
links without requiring STP
Primary application is in enterprise environments where each access
switch is dual homed to two distribution switches
*
Active Link
Nonactive Link
Switch A
Switch B
Switch C
Access Layer
Distribution Layer
Configuration Considerations
Redundant trunk group feature and STP are mutually exclusive on a
given port
Access layer (Switch C in the previous example):
Cannot run STP on redundant trunk group links
STP BPDUs received on redundant trunk group links are
discarded
Distribution layer (Switches A and B in previous example):
Redundant trunk group is not configured on distribution
switches
STP is configured on distribution switches without any
restriction
Maximum of 16 redundant trunk groups per switch
*
[edit ethernet-switching-options redundant-trunk-group]
user@switch# commit
error: XSTP : msti 0 STP and RTG cannot be enabled on the same
interface ge-0/0/13.0
commit complete
Interface marked as primary is always active when operational
If the primary knob is omitted from configuration, the
higher-numbered interface initially becomes the active link but
does not preempt lower-numbered interfaces functioning as the
active link in failure and recovery scenarios
*
user@switch> show redundant-trunk-group
name count
ge-0/0/16.0 Up 2008-03-08 12:12:15 UTC (00:00:10 ago) 2
user@switch> show redundant-trunk-group group-name
rtg-group1
Interface State Bandwidth Time of last flap Flap
count
ge-0/0/13.0 Up/Pri/Act 1000 Mbps 2008-03-08 12:12:15 UTC (00:01:43
ago) 2
ge-0/0/16.0 Up 1000 Mbps 2008-03-08 12:12:15 UTC (00:01:43 ago)
2
(Pri) = Primary interface with preemption enabled
(Act) = Active interface currently forwarding traffic