Sei sulla pagina 1di 46

Spanning Tree

Protocol

4-1
Copyright 2005 Juniper Networks, Inc.

Proprietary and Confidential

www.juniper.net

Spanning Tree Protocol


Spanning Tree Protocol
Defined in the IEEE 802.1D-1998 specification
Builds loop-free paths in redundant Layer 2
networks
Automatically rebuilds tree when topology
changes
A
B
Segment 1
Broadcast

Segment 2
C

2008 Juniper Networks, Inc. All rights reserved.

Terms and Concepts (1 of 2)


Key terms and concepts of STP:
Bridge ID: Unique identifier for each switch
Root bridge: Switch with lowest bridge ID
Root port: Port closest to root bridge
Designated bridge: Switch representing the LAN
segment
Designated port: Designated bridges port on the
LAN segment
Bridge protocol data unit (BPDU): Packets used to
exchange information between switches
Configuration BPDU
Topology change notification (TCN) BPDU

2008 Juniper Networks, Inc. All rights reserved.

Terms and Concepts (2 of 2)


Port states:
Blocking
Drops all data packets, listens to BPDUs
Port is not used in active topology

Listening
Drops all data packets, listens to BPDUs
Port is transitioning and will be used in active topology

Learning
Drops all data packets, listens to BPDUs
Port is transitioning, switch is learning MAC addresses

Forwarding
Receives and forwards data packets, sends and receives
BPDUs
Port has transitioned, switch continues to learn MAC
addresses
2008 Juniper Networks, Inc. All rights reserved.

Building a Spanning Tree (1 of 3)


A

Root

Switches exchange
BPDUs

A1

A1 is elected as the root


bridge based on BPDU
information

A2

A3

Switches exchange BPDUs


Root bridge is elected based on BPDU information
Criterion for election is bridge ID, which includes a configurable priority and a
unique identifier
The election process reviews priority first; lowest priority wins
If priority values are the same, unique device identifiers are reviewed; lowest identifier wins

2008 Juniper Networks, Inc. All rights reserved.

Building a Spanning Tree (2 of 3)


A
Root
Bridg
e
F

F
F

A2

Designated Ports

Root Ports

A1

A3

B
F

=
Blocking
=
Forwardi
ng

Port role is determined by the least-cost path calculation to


the root bridge; port state is determined by the port role
Ports on root bridge assume designated port role and forwarding state
Root ports on nonroot switches are placed in forwarding state
Designated ports on designated bridges are placed in forwarding state
All other ports are placed in blocking state

2008 Juniper Networks, Inc. All rights reserved.

Building a Spanning Tree (3 of 3)


A

Root
F
F

A1
F

F
F

A2

A3

Tree is considered fully converged


All traffic flows through the root bridge (A1)

2008 Juniper Networks, Inc. All rights reserved.

Reconvergence Example (1 of 2)
Steps:
Root
A
C

TC
N

N
TC

K
AC

4. Bridge B acknowledges TCN


5. Bridge B sends TCN
6. Bridge A acknowledges TCN

N
TC

TCN is always sent out the root port;


continues every 2 seconds until the
TCN ACK is received on the root port
D

TC
N

AC
K

1. Bridge G fails
2. Bridge Es port leaves forwarding state
3. Bridge E sends TCN
B

Port leaves
forwarding state

te
Bridge fails

2008 Juniper Networks, Inc. All rights reserved.

Reconvergence Example (2 of 2)
Steps (contd.):

g
Fla
TC

Fla
g
TC

MAC Fwd
Table
Aging Time
15 sec

g
Fla

MAC Fwd
Table Aging
Time 15 sec

TC

A
g
F la

MAC Fwd
Table Aging
Time 15
sec

TC

MAC Fwd
Table Aging
Time 15
sec

g
F la

2008 Juniper Networks, Inc. All rights reserved.

Root

TC

7. Root bridge sets topology


change (TC) flag and sends
updated configuration BPDU
8. Bridges B and C relay TC
flag
to downstream switches
9. All nonroot bridges change
MAC address forwarding
table aging timer to equal
forwarding delay time
(default: 15 seconds)

MAC Fwd
Table
Aging
Time 15
sec

Rapid STP
First defined in IEEE 802.1w; later
incorporated into IEEE 802.1D-2004
Convergence improvements include:
Point-to-point link designation
Edge port designation
Direct and indirect link failure and recovery

2008 Juniper Networks, Inc. All rights reserved.

10

RSTP Port Roles


RSTP introduces new port roles:

(Root)

Alternate port:
Provides alternate path to root bridge
(nondesignated switches)
Blocks traffic while receiving superior
BPDUs from neighboring switch

Backup port:
Provides redundant path to a
segment (designated switches only)
Blocks traffic while a more preferred
port functions as designated port

RSTP continues to use root and


designated port roles

2008 Juniper Networks, Inc. All rights reserved.

Switch A

R
R

B
A Switch

Root Port = R
Designated Port = D
Alternate Port = A
Backup Port = B

11

RSTP Port States


RSTP (802.1D-2004) uses fewer states than
STP (802.1D-1998) but has the same
functionality
802.1D-1998
STP

802.1D-2004
RSTP

Alternate,
backup, and
disabled ports

Disabled
Blocking

Discarding
Root and designated
ports

Listening

2008 Juniper Networks, Inc. All rights reserved.

Learning

Learning

Forwarding

Forwarding

12

RSTP BPDUs
RSTP BPDUs
Act as keepalives
RSTP bridges send BPDUs every hello time (default of 2
seconds)

Provide faster failure detection


If no BPDU is received within 3 times the hello interval
(3 x 2 = 6 seconds), connectivity to neighbor is
assumed to be faulty

2008 Juniper Networks, Inc. All rights reserved.

13

Transitioning to Forwarding State


Original Spanning Tree Protocol (802.1D1998)
Takes 30 seconds before ports start forwarding
traffic
after being enabled
2x forwarding delay (listening + learning)

Rapid Spanning Tree Protocol (802.1D-2004)


Uses proposal/agreement handshake on point-topoint links instead of timers
Root and edge ports transition to forwarding state
immediately
Nonedge-designated ports transition to forwarding state
once explicit agreement is received
2008 Juniper Networks, Inc. All rights reserved.

14

Topology Change Reconvergence


Topology changes occur only when nonedge
ports transition to the forwarding state
Port transitions to the discarding state no longer
trigger TCN
TCNs are flooded out all designated ports as well
as out the root port by the initiator
Switches flush the majority of MAC addresses in
the MAC address forwarding table
MAC addresses learned from edge ports are not flushed

2008 Juniper Networks, Inc. All rights reserved.

15

Indirect Link Failure


When an indirect link failure occurs:
Switch As root port fails; it assumes it is the
new root
Switch B receives inferior BPDUs from Switch A;
it moves the alternate port to the designated
port role
Switch A receives superior BPDUs, knows it is
not
the root, and designates
the port connecting
Root
Root
F
to Switch
BF as the
F
Switch B
root port Switch B F R
F RForwarding =

Blocking =

Root Port =

Designated Port =

Alternate Port =

F
D

Switch A

F
Infe
rior

Switch A
BPD
U

2008 Juniper Networks, Inc. All rights reserved.

F
Supe
rior
BPD
U

F D

16

Direct Link Failure


When a direct link failure occurs:
The alternate port transitions to the forwarding
state; it assumes the new root port role following
the failure of the old root port
Switches running RSTP send MAC flush messages
out of the new root port to trigger upstream
switches to relearn the MAC addresses
Root

Root
Switch B

F R

Switch B
F
F

Switch A

R
F

Switch A

R F

Forwarding =

Blocking =

Root Port =

Designated Port = D
Alternate Port =

2008 Juniper Networks, Inc. All rights reserved.

17

RSTP Interoperability with STP


STP and RSTP interoperability considerations:
If switch supports only the 802.1D-1998 STP
protocol, it discards any RSTP BPDUs received
If RSTP-capable switch receives 802.1D-1998
BPDUs, it reverts to 802.1D-1998 STP mode

2008 Juniper Networks, Inc. All rights reserved.

18

Multiple STP
Each switch maintains
a topology for the
Orange and Purple
instances

Root: Orange
VLANs 1100

All links are utilize

F F
F B
F F
F

B F

Root: Purple
VLANs 101200

Originally defined in IEEE 802.1s; later merged into IEEE 802.1Q2003


Provides extensions to RSTP
Separate topology tree for each MSTI
Resource friendlymaps VLANs to one or more instances; provides for
load balancing over available links

2008 Juniper Networks, Inc. All rights reserved.

19

Multiple Spanning Tree Region


An MST region is a group of switches with the
same region name, revision level, and VLANto-instance mapping
Max of 64 MSTIs per region
One regional root bridge per instance

Backward compatible with STP and RSTP


through
common
spanning tree (CST)
MST
CST

Region A

MST
Region B

2008 Juniper Networks, Inc. All rights reserved.

20

Common Spanning Tree


Common spanning tree across all MST regions
One root bridge for CST
Each MST region appears as a virtual bridge
Common and internal spanning tree (CIST) extends CST
into regions

CST
B

CST =
Blocking =

B
B

2008 Juniper Networks, Inc. All rights reserved.

21

Spanning Tree Protocol Summary


STP summary:
STP (802.1D-1998) is used in Layer 2 networks to
prevent logical loops
Automateduser selects root switch and STP does the
rest
STP is slow to converge and can be difficult to
troubleshoot

RSTP (802.1D-2004) reduces link-convergence time


to subseconds on point-to-point links
STP and RSTP support a single STP instance
Lacks load-balancing mechanism; creates underutilized
links

MSTP (802.1Q-2003) supports up to 64 instances


Overcomes the shortcomings of a single spanning tree
2008 Juniper Networks, Inc. All rights reserved.

22

Configuring STP
[edit protocols stp]
user@switch# set ?
Possible completions:
+ apply-groups
+ apply-groups-except
bridge-priority
disable
forward-delay
hello-time
> interface
max-age
> traceoptions

[edit protocols stp]


user@switch# show
bridge-priority 32k;
max-age 20;
hello-time 2;
forward-delay 15;

2008 Juniper Networks, Inc. All rights reserved.

Groups from which to inherit configuration data


Don't inherit configuration data from these groups
Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)
Disable STP
Time spent in listening or learning state (4..30 seconds)
Time interval between configuration BPDUs (1..10 seconds)
Maximum age of received protocol bpdu (6..40 seconds)
Tracing options for debugging protocol operation

Configuration example illustrates default STP s

23

Configuring RSTP
[edit protocols rstp]
user@switch# show
bridge-priority 32k;
max-age 20;
hello-time 2;
forward-delay 15;
interface ge-0/0/10.0 {
disable;
}
interface ge-0/0/13.0 {
priority 128;
mode point-to-point;
}
interface ge-0/0/14.0 {
cost 20000;
mode shared;
}
interface ge-0/0/2.0 {
edge;
}

2008 Juniper Networks, Inc. All rights reserved.

Default RSTP settings


Excludes interface from participating in RSTP

Default priority value (used to influence


downstream devices least-cost path
calculation to root bridgelower is better)
Default interface mode for interfaces operating in
full-duplex mode
Default cost value for interfaces operating at 1 Gbps

Default interface mode for interfaces operating in ha


Default value for interfaces that do
not connect to
STP-enabled devices

24

Monitoring STP and RSTP (1 of 2)


user@switch> show spanning-tree ?
Possible completions:
bridge
Show STP bridge parameters
interface
Show STP interface parameters
mstp
Show Multiple Spanning Tree Protocol information
statistics
Show STP statistics

user@switch> show spanning-tree bridge


Root Bridges ID
STP bridge parameters
Context ID
: 0
Cumulative
Enabled protocol
: RSTP
Cost to Root
Root ID
: 4096.00:19:e2:55:36:00
Root cost
: 40000
Bridge
Root port
: ge-0/0/13.0
Root
Hello time
: 2 seconds
Port
Maximum age
: 20 seconds
Forward delay
: 15 seconds
Message age
: 2
Local Devices Bridge ID
Number of topology changes
: 2
Time since last topology change
: 72 seconds
Local parameters
Bridge ID
: 32768.00:19:e2:55:1d:40
Extended system ID
: 0
Internal instance ID
: 0
2008 Juniper Networks, Inc. All rights reserved.

25

Monitoring STP and RSTP (2 of 2)


user@switch> show spanning-tree interface
Spanning tree interface parameters for instance 0
Interface
ge-0/0/10.0
ge-0/0/11.0
ge-0/0/12.0
ge-0/0/13.0
ge-0/0/14.0
ge-0/0/15.0

Port ID
128:523
128:524
128:525
128:526
128:527
128:528

Designated
port ID
128:523
128:524
128:525
128:526
128:527
128:528

Designated
bridge ID
32768.0019e2507c00
32768.0019e2507c00
32768.0019e2507c00
32768.0019e2503fe0
32768.0019e2503fe0
32768.0019e2503fe0

Port
Cost
20000
20000
20000
20000
20000
20000

State

Role

BLK
BLK
BLK
FWD
BLK
BLK

ALT
ALT
ALT
ROOT
ALT
ALT

user@switch> show spanning-tree statistics interface


Interface

BPDUs sent

ge-0/0/10.0
ge-0/0/11.0
ge-0/0/12.0
ge-0/0/13.0
ge-0/0/14.0
ge-0/0/15.0

2008 Juniper Networks, Inc. All rights reserved.

7
7
7
7
7
7

BPDUs received
5
5
5
4
5
5

Next BPDU
transmission
0
0
0
0
0
0
26

Configuring MSTP
[edit protocols mstp]
user@switch# show
configuration-name reg1;
revision-level 1;
msti 1 {
bridge-priority 4k;
vlan 1-10;
}
msti 2 {
bridge-priority 8k;
vlan 11-20;
}
msti 3 {
bridge-priority 12k;
vlan 21-30;
}

2008 Juniper Networks, Inc. All rights reserved.

User-defined configurationname and revision-level (must


match on all switches within
the same region)
MSTP instances defined with
individual bridge-priority values
and VLAN ranges

27

Monitoring MSTP (1 of 3)
user@switch> show spanning-tree ?
Possible completions:
bridge
Show STP bridge parameters
interface
Show STP interface parameters
mstp
Show Multiple Spanning Tree Protocol information
statistics
Show STP statistics
user@switch> show spanning-tree mstp configuration
MSTP configuration information
Context identifier
: 0
Region name
: reg1
Revision
: 1
Configuration digest
: 0x476c7ee38f56eea4a9bbe3fa9e7b7979
MSTI
0
1
2
3

Member VLANs
0,31-4094
1-10
11-20
21-30

2008 Juniper Networks, Inc. All rights reserved.

Values must
match for all
switches within
a common MST
region

Configuration
digest is
determined by
contents of MSTI to
VID table
28

Monitoring MSTP (2 of 3)
user@switch> show spanning-tree interface
Spanning tree interface parameters for instance 0
Interface
ge-0/0/10.0

Port ID
128:523

Designated
port ID
128:523

Designated
bridge ID
32768.0019e2507c00

Interfaces and
associated details are
listed by instance
Port
Cost
20000

State

Role

BLK

ALT

Port
Cost
20000

State

Role

FWD

DESG

Port
Cost
20000

State

Role

FWD

ROOT

Spanning tree interface parameters for instance 1


Interface
ge-0/0/13.0

Port ID
128:526

Designated
port ID
128:526

Designated
bridge ID
4097.0019e25082e0

Spanning tree interface parameters for instance 2


Interface
ge-0/0/14.0

Port ID
128:527

2008 Juniper Networks, Inc. All rights reserved.

Designated
port ID
128:527

Designated
bridge ID
12290.0019e2503fe0

29

Monitoring MSTP (3 of 3)
user@switch> show spanning-tree bridge
STP bridge parameters
Context ID
: 0
Enabled protocol
: MSTP
STP bridge parameters for CIST
Root ID
Root cost
Root port
CIST regional root

STP bridge parameters for MSTI 1


MSTI regional root
Hello time
Maximum age
Forward delay
Local parameters
Bridge ID
Extended system ID
Internal instance ID

2008 Juniper Networks, Inc. All rights reserved.

:
:
:
:

:
:
:
:

32768.00:19:e2:50:3f:e0
0
ge-0/0/13.0
32768.00:19:e2:50:3f:e0

4097.00:19:e2:50:82:e0
2 seconds
20 seconds
15 seconds

STP details
are listed by
instance

: 4097.00:19:e2:50:82:e0
: 0
: 1

30

Purpose for BPDU Protection


Problem:

Bridge applications running on PCs or personal


switches can generate BPDU
STP, RSTP, or MSTP running on an EX switch could
detect those BPDUs and trigger STP
miscalculations, leading to network outages

Solution:

Enable BPDU protection on EX switch interfaces


connected to user devices or on interfaces on
which no BPDUs are expected
If BPDU is received on a protected interface, the
interface is disabled and stops forwarding frames
by transitioning to a blocking state

2008 Juniper Networks, Inc. All rights reserved.

31

Configuring BPDU Protection (1 of 2)


Switch ASTP

Switch BST

Trunk

BPDUs

BPDUs
Trunk
[edit protocols stp]
user@switch# show
interface ge-0/0/5.0 {
edge;
}
interface ge-0/0/10.0 {
edge;
}
bpdu-block-on-edge;

2008 Juniper Networks, Inc. All rights reserved.

Distribution Lay

Trunk

Access Layer

Switch CSTP
ge-0/0/5
BPDUs

ge-0/0/10
B

Access Ports

BPDUs

32

Configuring BPDU Protection (2 of 2)


Switch ASTP

Switch BST

Trunk

BPDUs

BPDUs
Trunk

Trunk

Distribution Lay
Access Layer

[edit ethernet-switching-options]
user@switch# show

Switch Cnon-STP

bpdu-block {
interface ge-0/0/5.0;
interface ge-0/0/10.0;
}

2008 Juniper Networks, Inc. All rights reserved.

ge-0/0/5
BPDUs

ge-0/0/10
B

Access Ports

BPDUs

33

Verifying BPDU Protection Functionality


To verify BPDU protection functionality:

Use the show spanning-tree interface


command before and after enabling the BPDU
protection feature in STP-running switch
Use the show ethernet-switching interfaces
command in a non-STP switch
Watch for state changes, role changes, or both in
the output:
FWD state transitions to BLK
DESG role transitions to DIS (loop inconsistent)
unblocked transitions to blocked

To unblock the interface:

Use the disable-timeout knob or


Use the clear ethernet-switching bpdu-error
operational mode command

2008 Juniper Networks, Inc. All rights reserved.

34

The Purpose of Loop Protection


The problem:

Switch hardware and configuration errors could cause


an interface to transition to the blocking state and stop
receiving BPDUs
This transition could lead to erroneous interface
transitioning from the blocking state to the forwarding
state, resulting in loops and network outages

The solution:

Enable loop protection on all switch interfaces that


have a chance of becoming root or designated ports
Once enabled, designated ports receive BPDUs, the
interface transitions to a loop-inconsistent state
The interface recovers and transitions back to the
blocking state when it receives a BPDU

2008 Juniper Networks, Inc. All rights reserved.

35

Configuring Loop Protection


Switch Aroot

Distribution Layer
Access Layer

[edit protocols stp]


user@switch# show
interface ge-0/0/10.0 {
bpdu-timeout-action {
block;
}
}

2008 Juniper Networks, Inc. All rights reserved.

BPDUs
ge-0/0/5

BPDUs
Trunk

ge-0/0/10
A

Switch B
Switch C

36

Verifying Loop Protection Functionality


To verify loop protection functionality:
Use the show spanning-tree interface
command before and after enabling the loop
protection feature
Watch for state changes, role changes, or both in
the interface output
BLK state remains BLK
ALT role transitions to DIS (loop inconsistent)

The interface recovers and transitions back to its


original state when it receives BPDUs

2008 Juniper Networks, Inc. All rights reserved.

37

The Purpose of Root Protection


The problem:

Bridge applications running on PCs can generate


BPDUs and interfere with root port election
Erroneous root port election on a switch

The solution:

Enable root protection on the switch interfaces that


should not receive superior BPDUs from the root bridge
and should not be elected as the root port
The interfaces become designated ports
Once a superior BPDU arrives on a port with root
protection enabled, the port transitions to
inconsistency state, blocking the interface
The interface recovers and transitions back to the
forwarding state when it stops receiving superior BPDU

2008 Juniper Networks, Inc. All rights reserved.

38

Configuring Root Protection


BPDUs

Switch A

A
D

BPDUs

Switch C

Switch Broot

Distribution Lay

ge-0/0/10D

Access Layer

[edit protocols stp]


user@switch# show
interface ge-0/0/10.0 {
no-root-port;
}

2008 Juniper Networks, Inc. All rights reserved.

Superior
BPDUs

Switch D

39

Verifying Root Protection Functionality


To verify root protection functionality:
Use the show spanning-tree interface
command before and after you enable the root
protection feature
Receipt of superior BPDUs on the watched
interface triggers root protection
FWD state changes to BLK
DESG role transitions to DIS (loop inconsistent)

The interface recovers and transitions back to its


original state when it no longer receives superior
BPDUs

2008 Juniper Networks, Inc. All rights reserved.

40

Redundant Trunk Group


Redundant trunk group:
Provides quick and simple failover mechanism for
redundant Layer 2 links without requiring STP
Primary application is in enterprise environments
where each access switch is dual homed to two
distribution switches
Has one active link to forward traffic, while the
other link acts as a backup and does not forward
traffic; when active link fails, backup link becomes
active and forwards traffic

2008 Juniper Networks, Inc. All rights reserved.

41

Redundant Trunk Group Topology


Example
Distribution Layer

Switch A

Switch B

Nonactive Link

Active Link
Access Layer

Switch C
2008 Juniper Networks, Inc. All rights reserved.

42

Configuration Considerations
Redundant trunk group feature and STP are
mutually exclusive on a given port
Access layer (Switch C in the previous example):
Cannot run STP on redundant trunk group links
STP BPDUs received on redundant trunk group links are
discarded

Distribution layer (Switches A and B in previous


example):
Redundant trunk group is not configured on distribution
switches
STP is configured on distribution switches without any
restriction

Maximum of 16 redundant trunk groups per


switch
2008 Juniper Networks, Inc. All rights reserved.

43

Configuring a Redundant Trunk Group


[edit ethernet-switching-options redundant-trunk-group]
user@switch# show
group rtg-group1 {
Interface marked as
interface ge-0/0/13.0 {
primary is always active
primary;
when operational
}
interface ge-0/0/16.0;
}

If the primary knob is omitted from configuration, the higher-numbered interface


initially becomes the active link but does not preempt lower-numbered interfaces
functioning as the active link in failure and recovery scenarios
[edit ethernet-switching-options redundant-trunk-group]
user@switch# commit
error: XSTP : msti 0 STP and RTG cannot be enabled on the same interface ge-0/0/13.0
commit complete

A verification is performed
to ensure that STP is not
running on redundant
trunk group links
2008 Juniper Networks, Inc. All rights reserved.

44

Monitoring a Redundant Trunk Group


user@switch> show redundant-trunk-group
Group
Interface
State
Time of last flap
name
rtg-group1 ge-0/0/13.0 Up/Pri/Act
ge-0/0/16.0 Up

2008-03-08 12:12:15 UTC (00:00:10 ago)


2008-03-08 12:12:15 UTC (00:00:10 ago)

Flap
count
2
2

user@switch> show redundant-trunk-group group-name rtg-group1


Interface

State

ge-0/0/13.0 Up/Pri/Act
ge-0/0/16.0 Up

Bandwidth

Time of last flap

1000 Mbps
1000 Mbps

2008-03-08 12:12:15 UTC (00:01:43 ago)


2008-03-08 12:12:15 UTC (00:01:43 ago)

Flap
count
2
2

(Pri) = Primary interface with preemption enabled


(Act) = Active interface currently forwarding traffic

2008 Juniper Networks, Inc. All rights reserved.

45

Potrebbero piacerti anche