4_STP

Network Training Module 4 – Spanning Tree Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Objectives • Understand the operation of the original IEEE 802.1D standard (pre- 2004) • Recognize the enhancements included in RSTP • Understand the implementation of PVST+ • List the components and load sharing benefits of MSTP • Configure MSTP • Configure STP security features Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Spanning Tree Protocol • 802.1D • RSTP • PVST+ • MSTP • STP Security Features Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Layer 2 Loop Issues Segment-1 • Multiple frame copies PC-A • Broadcast storms • Mislearning MAC addresses Port-1 Port-1 Switch-A Switch-B Port-2 Port-2 PC-B Segment-2 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

IEEE 802.1D (Pre-2004) Overview • Originally developed at DEC • Components: − Bridge Protocol Data Units • Used to communicate STP information with other switches • Must be sent out untagged (even on trunk/multi-VLAN ports) − Root switch: switch with the lowest bridge/switch ID − Root ports: best port on a switch to reach the root which is placed in a forwarding state − Designated ports: for a segment, the connected switch that has the best path to the root and is placed in a forwarding state − Blocking or discarding ports: redundant links that are logically blocked Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Root Election • Each switch has a LAN Segment-B bridge or switch ID: E 20 − Priority (0-65,535), A 10 Switch 2 defaults to 32,768 Switch-5 0001.0001.0001 F 10 0000.0001.A134 B 10 − Switch MAC LAN Segment-C J 10 10 address LAN Segment-D C 10 I • Election process: G 40 Switch-3 Switch-1 0000.0001.1234 Switch with the Switch-4 0001.0000.AC1D D 20 Root lowest bridge ID is 0000.0001.1787 H 20 LAN Segment-A Port Costs elected Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Root Port Selection LAN Segment-B RP E 20 1. Path with lowest Switch-5 A 10 Switch 2 accumulated costs 0000.0001.A134 0001.0001.0001 F 10 RP 2. If a tie, neighbor with B 10 J 10 lowest switch ID LAN Segment-C RP 10 C 10 I 3. If a tie, the port with LAN Segment-D the lowest priority Switch-3 Switch-1 value G 40 0000.0001.1234 0001.0000.AC1D D 20 4. If a tie, the lowest port Switch-4 Root number LAN Segment-A 0000.0001.1787 H 20 Port Costs RP Example for Switch-4, port H A. 0 from Switch-1 (root) out of port I B. Add 10 entering Switch-3 on port C C. Add 20 entering Switch-4 o port H D. Total cost for Port H: 30 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Designated Port Selection 1. Path with lowest RP LAN Segment-B accumulated costs A 10 E 20 2. If a tie, neighbor with Switch-5 DP Switch 2 lowest switch ID 0000.0001.A134 B 10 J 10 0001.0001.0001 F 10 DP 10 3. If a tie, the port with DP RP I LAN Segment-D LAN Segment-C Switch-1 the lowest priority G 40 RP 0000.0001.1234 value C 10 Root 4. If a tie, the lowest Switch-4 Switch-3 port number 0000.0001.1787 H 20 0001.0000.AC1D D 20 DP RP LAN Segment-A Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Non-Root and Non-Designated Ports Placed in a blocking RP LAN Segment-B / discarding state to A 10 BLK E 20 remove loops Switch-5 DP Switch 2 0000.0001.A134 B 10 J 10 0001.0001.0001 F 10 DP 10 DP RP I LAN Segment-D LAN Segment-C Switch-1 BLK RP 0000.0001.1234 G 40 C 10 Root Switch-4 Switch-3 0000.0001.1787 H 20 0001.0000.AC1D D 20 DP RP LAN Segment-A Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

STP Activity S0 priority 0 Please Find: • The Root Switch • On all other switches: S1 S2 • The root port • On all segments: 3 • Designated ports • Blocked Ports 2 S3 S4 S5 Assume the following: • Cost of all links is equal =4 • Switches priority 32768 • MAC address is equal to the switch # • Each port is numbered 1 through 4 S6 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

STP Activity: Answers S0 priority 0 (becomes root) DP DP RP RP S1 S2 DP DP RP BLK 3 DP DP DP 2 RP S3 BLK RP S4 S5 DP DP BLK RP S6 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

802.1D Port States and Convergence • Port states − Blocking: drop user traffic, but not BPDUs − Listening: examine BPDUs − Learning: examine BPDUs and build MAC address table − Forwarding: examine BPDUs, build MAC address table, and forward user traffic − Disabled: port is physically disabled • Convergence issues: − Time: • Blocking state: 20 seconds • Listening state: 15 seconds • Learning state: 15 seconds • Forwarding: can take from 30-50 seconds to converge − Any port, even a PC or printer connection to a switch, can cause STP to recalculate Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Spanning Tree Protocol • 802.1D • RSTP • PVST+ • MSTP • STP Security Features Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

RSTP Overview Final Port • Provides very quick convergence STP State RSTP - MSTP • Port states: Root Port Root Port Forwarding Discarding Forwarding − Discarding Designated Port Edge Port − Learning Designated Port Alternate Port − Forwarding Backup Port • Port roles Disabled − Root and alternate ports − Designated and backup ports No Role Blocking − Discarding port • Edge ports − Always kept in a forwarding state − Changes on edge ports will not cause STP to recalculate − Typically non-switch-to-switch ports (PC, server, printers, etc.) Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

RSTP Port States and Roles Root Bridge Roles: BID=10 BID=20 RP = Root Port SW2 DP = Designated Port SW1 DP RP Alt = Alternate Port F F BP = Backup Port EP = Edge Port E1/0/1 E1/0/1 States: E1/0/4 DP E1/0/2 DP F = Forwarding F F D = Discarding E1/0/1 RP RP DP F F F EP E1/0/2 BP F E1/0/3 D E1/0/3 DP Alt SW3 SW4 BID=40 F D BID=30 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Lab 4.1 • Observing STP default behaviour • Lab Setup: next slide Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Spanning Tree Protocol • 802.1D • RSTP • PVST+ • MSTP • STP Security Features Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Problems with 802.1D and RSTP • Doesn’t guarantee an Root optimized topology for all VLANs in a network Default gateway Switch-A Switch-B Default gateway for VLAN 2 • Not all available for VLAN 1 bandwidth in network is utilized Discarding Switch-C Forwarding VLAN 1 and 2 users Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

PVST+ Overview • Developed by Cisco Default gateway Default gateway • Components for VLAN 1 for VLAN 2 VLAN 2: Root − Spanning tree topology per VLAN VLAN 1: Root Switch-B − Set of BPDUs per VLAN VLAN 1: Discarding − A root switch per VLAN Switch-A VLAN 2: Forwarding − Root, designated, and discarding ports Switch-C per VLAN VLAN 1: Forward • Advantage of PVST+: allows load sharing VLAN 2: Discarding of VLANs on uplinks • Rapid PVST+ has these additional features: − PortFast: similar to 802.1w’s edge ports − UplinkFast: similar to 802.1w’s alternate and backup ports Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Spanning Tree Protocol • 802.1D • RSTP • PVST+ • MSTP • STP Security Features Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Multiple STP (MSTP) Overview • Originally defined as IEEE 802.1s • Backwards compatible with RSTP and pre-2004 802.1D • Quick convergence • Allows load sharing like PVST+, but with less overhead • Terms: − Region: • Group of VLANs using the same STP parameters • VLANs in region, region name, and revision number must match between switches in same region − Common spanning tree (CST): the STP instance for all trees (regions, RSTP and 802.1D) − Internal spanning tree (IST): the STP instance used for VLANs not belonging to a specific region’s instances (referred to as instance 0) Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Operation Switches in an MSTP region Instance 0: all other VLANs must share same configuration setup: Root Secondary • Name: test Root • Revision number: 1 • Instance 1: VLANs 1-999 • Instance 2: VLANs 1000-1999 Instance 1: VLANs 1-999 Instance 2: VLANs 1000-1999 Root Secondary Secondary Root Root Root Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Spanning Tree Between Different MSTP Regions • Between different CIST (common and internal Region A0 spanning tree) Root switch in common STP regions: like Region B0 running RSTP • Normally, there is layer 3 (routing) RST separation when P you have different regions Region D0 Region C0 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Misconfiguration Issues MSTP region configuration Instance 1: VLANs 1-999 •Name: test Root Secondary •Revision #1 Root •Instance 1: VLANs 1-999 •Instance 2: VLANs 1000-1999 MSTP region configuration The switch with the wrong config sees itself as the root in instance 1 or •Name: Test 2 (because it is alone in its own region) •Revision #1 •Instance 1: VLANs 1-999 •Instance 2: VLANs 1000-1999 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Activity • Assume all Switch_A Switch_B Switch_C Switch_D Switch_E Switch_F switches are in the same MSTP region • How many MSTP instances, besides the IST (instance 0) do you need to have effective load sharing? Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Activity • For MSTP, assume all VLANs 1-3 Switch_C switches are in the same Switch_A Switch_B region VLANs 1-2 • Assume all switches have the same port costs • VLAN 1 is untagged, 2 and VLANs 1-3 3 are tagged • If Switch_A were the root, would this affect traffic for VLAN 3 on Switch_C for MSTP? For PVST+? • If Switch_B were the root, would this affect traffic for VLAN 3 on Switch_C for MSTP? For PVST+? Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Defaults • Spanning tree is enabled on all HPE switches, by default • When spanning tree is enabled, the default operation mode is MSTP • Comware switch ports are non-edge, by default Port type Default port cost Fast Ethernet 200 Gigabit Ethernet 20 10 Gigabit Ethernet 2 Enabling MSTP standard port costs stp pathcost-standard dot1t Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Configuration − Enabling STP (MSTP is the default mode) [Comware] stp global enable − Configuring the region: [Comware] stp region-configuration [Comware-mst-region] region-name <name> [Comware-mst-region] revision-level <number> [Comware-mst-region] instance <instance-id> vlan <vlan-list> [Comware-mst-region] check region-configuration [Comware-mst-region] active region-configuration − Changing the switch priority: [Comware] stp instance <instance-id> root {primary | secondary} [Comware] stp [instance <instance-id>] priority <priority> Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Configuration − Changing the default port costs [Comware] stp pathcost-standard dot1t − Defining edge ports [Comware] interface <interface-id> [Comware-<interface-id> stp edged-port enable Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Configuration Example Both distribution layer switches [Distrib] stp global enable [Distrib] stp pathcost-standard dot1t [Distrib] stp region-configuration [Distrib-mst-region] region-name test [Distrib-mst-region] revision-level 1 [Distrib-mst-region] instance 1 vlan 1 to 999 [Distrib-mst-region] instance 2 vlan 1000 to 1999 [Distrib-mst-region] active region-configuration Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Configuration Example Left distribution layer switch [L_Distrib] stp instance 0 root primary [L_Distrib] stp instance 1 root primary [L_Distrib] stp instance 2 root secondary Right distribution layer switch [R_Distrib] stp instance 0 root secondary [R_Distrib] stp instance 1 root secondary [R_Distrib] stp instance 2 root primary Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Verification Display the MSTP configuration [Comware] display stp region-configuration Oper configuration Format selector :0 Region name :test Revision level :1 Instance Vlans Mapped 0 2000 to 4094 1 1 to 999 2 1000 to 1999 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Verification Instance operation [L_Distrib] display stp instance 1 [L_Distrib] display stp instance 2 -------[MSTI 1 Global Info]------- -------[MSTI 2 Global Info]------- MSTI Bridge ID :0.001c-c5bc-2b11 MSTI Bridge ID :4096.001c-c4bc-2bcc MSTI RegRoot/IRPC :0.001c-c5bc-2b11 / 0 MSTI RegRoot/IRPC :4096.001c-c4bc-2bcc / 0 MSTI RootPortId :0.0 MSTI RootPortId :0.2 MSTI Root Type :PRIMARY root MSTI Root Type :SECONDARY root Master Bridge :0.001c-c5bc-2b11 Master Bridge :0.001c-c5bc-2b11 Cost to Master :0 Cost to Master :20000 TC received :4 TC received :0 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

MSTP Verification Port states [Access_Switch] display stp brief MSTID Port Role STP State Protection ROOT FORWARDING NONE 0 GigabitEthernet1/0/1 ALTE DISCARDING NONE ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 ALTE DISCARDING NONE ALTE DISCARDING NONE 1 GigabitEthernet1/0/1 ROOT FORWARDING NONE 1 GigabitEthernet1/0/2 2 GigabitEthernet1/0/1 2 GigabitEthernet1/0/2 Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.

Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.