Tag Archives: STP

Spanning Tree Protocol (STP)

The 3 major steps traditional 802.1d STP uses to stabilise the network are;

Elect the root switch – Only a single switch can be the root switch in a STP domain, each switch will send STP Bridge Protocol Data Units (BPDUs) listing itself as the root switch which is sent across the Layer 2 domain. If the switch receives BPDU with a lower bridge ID, it accepts that as the root switch and BPDUs sent from the switch will list the Bridge ID or the root switch in their BPDUs. Eventually all switches in an STP domain will have the same root switch, after the election period a new root switch will not be elected until hello frames sent from the root switch have stopped being received.

The Bridge ID originally consisted of a 2 byte priority and a 6 byte system ID (MAC Address), but the first 2 bytes were altered to supported technologies which require the VLAN information to be sent in BPDUs such as Multiple Spanning Tree (MST). So now the first 2 bytes consist of 4 bits for bridge priority (as these are the high order bits hence only multiples of 4096 are accepted values), and 12 bits to hold the Vlan information the new 12 bits is called the System ID extension. There is an older post I made about why the STP priority must be a multiple of 4096 here, this bit limitation is also the reason why there is a maximum vlan ID of 4095.

Determine the root port for each switch – After the root switch is elected every other switch apart from the root switch determines the port with the lowest cost to reach the root switch. The root switch sends out hellos and each port receiving the hello adds the port cost using the table below to the hello.

Original IEEE Cost Updated IEEE Cost
10Mbps 100 100
100Mbps 10 19
1Gbps 1 4
10Gbps 1 2

I think that it might have been a bit short sighted stopping the updated costs at 10Gbps, my organisation is running lots of 40 Gbps links and has just finished a field trial of 100 Gbps.

The ports on a non root switch which received the hello and has the lowest cost to to root switch is elected the root port. If 2 ports have the same cost to reach the root bridge the tiebreaker is the forwarding switches Bridge ID, and then an administratively defined port priority and finally the lowest internal port number.

Select the designated port for each segment – Only 1 switch in a spanning tree domain is allowed to forward frames to each LAN segment, this is called the Designated Port. Each switch port will send hellos and with the cost of its root port, this will be received by other switches on the segment and and the port with the lowest cost will become the DR while the other port will move to the blocking state. For tiebreakers the lowest forwarders Bridge ID, then lowest port priority and finally lowest port number is used just like the tiebreakers for the root port.

Detecting when bad things happen – The root switch will send out periodic hellos which will be received, updated and forwarded out of every designated port. The maxage timer is reset every time a hello is sent but if the maxage timer expires (default is 10x the hello therefore 20seconds) the switches elect a new root switch.

If a trunk goes down, a switch will sent a Topology Change Notification (TCN) BPDU out of its root port and will continue doing so every hello time until it receives a Topology Change Acknowledgement (TCA) which is a bit set in the BPDU. When a switch receives a TCN BPDU it will send back a TCA BPDU and the switches will continue forwarding on the root ports until it reaches the root switch. Once the root switch receives the TCN BPDU it will send out the next few BPDUs with the TCA bit set, when a switch receives this BPDU it will time out entries in the CAM

802.1d Interface States -During a topology change there is a risk of causing Layer 2 loops to prevent this the interfaces cycle through the usual blocking, listening, learning, forwarding or disabled states.

Personal Note – Im not going to blogging in such depth and breadth any more as it takes to much time and will cover topics which are more interesting or I struggle a bit on.

Why the STP bridge priority must be a multiple of 4096

It came up very briefly at work today why the STP bridge priority must be a multiple of 4096 so I thought I would post my response on here.

There was only 2 fields in the original STP Bridge ID this was a 2 byte priority which allowed any value for the priority to be set from 0 to 65,535, followed by 6 bytes for the MAC address for those tie breaker situations.

But when multiple spanning trees instances started to appear on networks due to technologies such as PVST+ and MST this caused the switch to have a single BID for all the VLANs as it could not differentiate between the VLANs. So switch vendors like Cisco used a unique MAC address for each VLAN, but this caused a wastage of MAC addresses as each switch could have to reserve up to 4094 addresses if non standard VLANs were used (Im sure there must have been a limit to the amount each switch could reserve, but this was before my time so I don’t have any practical information on this).

Therefore to prevent the overuse of the MAC addresses they turned the 2 bytes which was used in the priority field of the Bridge ID into a 4 bit priority and used the remaining 12 bits for the vlan, the extra information which is used to carry the VLAN number is called the Extended System ID, and this process is sometimes called MAC address reduction as it reduces the number of reserved MAC addresses needed. The 12 bits of extra VLAN information allows support for 4096 VLANs, so there is full support for extended range VLANs. Therefore because of the use of the Extended System ID in the Bridge ID, there is only the first 4 bits of the original 2 byte number to be used for the bridge priority so it only allows multiplies of 4096.

RSTP – Rapid Spanning Tree Protocol

I covered RSTP again last week and had a few notes on it, these notes are far from conclusive, but here goes.

RSTP is defined by IEEE 802.1w and improves upon STP which is defined in IEEE 802.1d. In a nutshell RSTP converges networks more “Rapidly” than STP.

Traditional STP sends hellos every 2 seconds and has a max age timer of 20 seconds, therefore 10 hellos would go missing before STP would start to converge. RSTP only waits for 3 times the hello time, the hello timer is still 2 seconds by default but as with traditional STP this can be changed. With traditional STP BDPUs are only sent from the root bridge and relayed by the other switches, with RSTP every switch sends it own BPDUs even if the root bridge is down, they are sent every hello timer.

Cisco created some cool features for traditional STP to help it converge quicker these are PortFast, UplinkFast, & BackboneFast, these are standardised in RSTP.

RSTP also defines some additional port roles;

  • Root Port – Same as in STP
  • Designated Port – Same as in STP
  • Alternate Port – An alternative Root Port for a segment, same as Cisco UplinkFast feature
  • Backup Port – A backup Designated Port for a shared segment.

RSTP also classifies the links in one of 3 types

  • Point to Point – Fully Duplex links between 2 switches where hellos are exchanged are treated as Point to Point
  • Shared – A Shared link is a port which connects to a hub
  • Edge – A switch port which connects to an end system

If RSTP fails to receive a hello on a Point to Point link it immediately asks the other switch about its status, if its path to the root is down it immediately starts to converge. This is a standardised version of BackboneFast.

Traditional STP has 5 port states, Disabled, Blocking, Listening, Learning & Forwarding, RSTP on the other hand only has 3, Discarding, Learning & Forwarding. It converges faster as it does not need to go through the Listening stage as it actively queries its neighbors ensuring there are no loops.

RSTP helps networks achieve far speedier convergence times, traditional STP networks take around 30 to 50 seconds to converge where as RSTP can converge (dependant on topology) less than a second.

A fantastic link on RSTP – http://www.cisco.com/warp/public/473/146.html

PVST+ Regions seperated by a CST Region

On page 69 of the CCIE Routing & Switching Exam Certification Guide 3rd edition, there is an interesting topology where there are 2 PVST+ regions of Cisco switches separated by a CST region of non Cisco Switches. PVST+ cannot be supported on non Cisco devices. To get around this the PVST+ regions treat the path through a CST region as a single link and tunnel through the region using multicast frames.

The 2 PVST+ regions tunnel by sending BPDUs to the mulitcast MAC of 0100.0CCC.CCCD, the non cisco switches treat the frame as multicast and not as a BPDU and forward it. The PVST+ devices on the edge of the CST region listen on that address to receive the frames and forward them into the PVST+ region. Hurrah the PVST+ regions can communicate!