Cisco CCNP Enterprise 300-410 ENARSI – CCNP ENCOR (350-401) : SPANNING-TREE PROTOCOL
- 4_1- Spanning-Tree Protocol Overview
The first slide is talking about why we need spanning tree. Ethernet frames don’t have a TTL value so they can move between swedes eternally. Because of that we can face with broadcast storms. For example, let’s say that PC one sends broadcast to our network because of that broadcast packet. Our switch takes the packet and flutes it from its all ports. This traffic comes to the switch Two. Switch two also takes the packet and flutes it from here and switch three also takes this packet and because of that it’s a broadcast packet. This is going to flute this also and another flute wheel you can also on that way. And as you can see that we can face with the broadcast storms to in a topology like that because ethernet frames don’t have a time to leave volume.
The another thing that when we need spanning tree the another answer to this question is we can face with the uniqueest duplicate frames. For example PC one tries to send a frame to PC Two. Switch one knows that PC One is on its fast ethernet one port but switch one has no idea about PC Two. Because of that, switch One will float the traffic out from its other ports the traffic will go in that way and will go in this way also after packet frame will come to the switch two and switch two also will send the packet to switch three and switch three will send the packet to PC Two. But from here we have the same frame to coming to Switch Three. Switch three will also send this packet frame to PC Two. So we are going to face with the unicast duplicate frames on the switch sorry PC Two.
So what spanning three protocol is that’s building a logical loop free topology for ethernet networks by blocking sum of ports spanning three protocol allows a network design to include redundant links to provide automatic backup pads if an active link fails. Also let’s think that we are sending a broadcast again from PC One. Switch one takes the traffic and flutes it from this port and also it’s going to be floated from this port. But because of this port is blocked by spanning three the traffic will not pass through this way and it won’t go to the switch three from this way. So only the green traffic will come to the switch Three and will affect the PC Two. We have three roles, three port roles in spanning three. The first one is the root port, closest port to the root bridge is root port but please pay attention to that.
Closest to the root bridge in terms of pet cost, is the root bridge, which I’m going to tell you about this, what is pet cost? And we have also designated ports, which means the ports that are going to have to forwarding the traffic and we have non designated port, which means a blocked port, as you can see that in here. First, ethernet rule one is blocked, so that role is non designated fast Ethernet, zero, two, three and four are designated ports which continue to forward the traffic. And these are the root ports because they are closest to the root bridge in terms of pet cost value. So let’s take a look to how we can elect the root bridge. To elect the root bridge in a red network, we need to define the lowest bridge ID. To find the bridge ID, we are using priority value and Mac address and we are using an extended system ID to support VLAN for FTP.
But in most cases, we are not going to use this value to calculate the bridge ID. Please keep in mind that default priority value for switch is this one. And bridge use spatial data frames called Bpdu to exchange information about bridge IDs and root path costs. So let’s take a look at this example and let’s try to determine the root bridge. The first thing we need to check is priority value. As you can see that in the figure, priority values are same for switch. So second thing we need to check is Mac address. Because we need to find the lowest breach ID. We need to find the lowest Mac address. This, which has the lowest Mac address, will be our route bridging scenario. If you check here, this Mac address is 0017, this is zero 00:24, which is bigger.So I eliminated this.
This is beginning with five and I eliminate this also. And this is beginning with zero zero one. This is seven, but this is A. A is coming after nine at the hexadecimal format. So I’m eliminating this. And because of this, switch has the lowest Mac address. It’s the root bridge. So now let’s take a look to the spanning three spanning three path cost spanning three cost value is inversely proportional to the associated bandwidth of the pet and therefore a pet with a low cost value is more preferable than a pet with a high cost value. As you can determine from this chapter, a higher link speed shows us a lower cost pet value. Okay, as you can see that in the picture in STP, I’m taking a ten gigabit per second link as a cost value of one, and I’m taking a one gigabit also a cost value of one.
But I’m taking a ten megabit per second, which is a slower pad, has a higher cost value. As you can see that we have a reverse logic in here. So if you check the pet one, the cost of pet one is according to the reversed IAAA specifications. These values were reversed. So we are accepting this one now. So let’s take a look to the cost of pet one. Pet one has two fast Ethernet links, so its best value, its cost value is 19. Let’s take a look to the pet two. We have two phase internet links together and we have another phase of two festival that links together which means we have cost value of 19 for bot and the whole cost value of pet two is 38. So pet one is preferred over pet two. So we have a question in here, which switch is the root and determine the port roles.
The question is saying me that because of the priorities are same, I need to check the lowest Mac address and lowest Mac address is on switch 30 00:11 80. But the third thing is three in here which is the lowest. And that shows us this is our root bridge. As I told you that switch three is the lowest pitch lowest Mac I couldn’t speak switch three is the root bridge because it has the lowest meg and priorities equal. And let’s take a look to the port roles. This is my root bridge. The closest port to the root bridge from a pet cost volume point of view will be the root port for each switch. For example, let’s check the switch one. Here we have a faster than a pet to get here which means my cost is just 19.
But if I want to get from this way, I need to pass first gigaway, gigajigaway and jiggle fast way which means higher cost value for me. And this is the root port for switch one and for switch fourth here this is the root port and for switch two this is the root port because this is a giga and jiga and fast way. But here this is a jiga and fastest way. But this path is fast and fast pad so jigga is faster. So this is our root port. Okay, we determine our root ports. Please keep in mind that for each segment I should have a designated port. And please keep in mind this too. My root bridge ports are always in the designated mode. So I’m going to my root switch and writing the port roles as designated. Okay, I determined this one and what I told you is for each segment for each link between we should have a designated port.
So because of this root port in here, this is going to be the designated port two. Okay, here is okay two. Now we just need to determine these two ports. Now I’m comparing switch one and switch two. I’m going to choose one of these ports as designated and one of these ports will be non designated which means blocked port. To choose where I’m going to block, I’m comparing these two devices priority and I see that they are same and secondly I’m comparing their Mac addresses. The lowest Mac address will not be blocked. As you can see that in the picture, switch one has lower mega breath because of that fast determinant zero two of switch one will be designated port and this part of the switch to it two will be non designated and blocked part.
- 4_2- Modifying Spanning-Tree Protocol
In this section we are going to talk about how we can modify the spanning tree protocol. The first thing we are going to talk about is the spanning tree priority. In spanning tree if all switch have the same priority volumes the root bridge with the lowest Mac is used as you know as the root bridge. The priority volume can be changed to set the root bridge manually and device with the low priority value becomes the root bridge also the spanning three VLAN one root primary command and this is this command as you can see in here change the priority value to 4096 and makes the device to root bridge. We can change the STP pet selection process by changing the port priority and cost values. Pad with the high cost value is less preferred and pad with the higher port priority I’m sorry port with the higher port priority is less preferred port as well.
Let’s take a look to the disconfiguration examples. In here we are defining a spanning through VLAM one cost 16 and in here we are defining a spanning through villain one port priority and an x volley. A higher x volley means less preferred route and if we increase the cost that means this path is less preferred also. And let’s take a look to the STP timers. We have three timers and they are hello timer, forward delay and the max edge. The first one is hello and the duration of each ppdu sent from a port is hello. The default is the 2 seconds. Fourth delay is the time spent in listening and learning situations and this is 15 seconds by default and max h is the maximum time to save port bpdu information. And here is how we can modify the STP timers we are using spanning three VLAN and VLAN ID. For example VLAN four and the other commands are time forward time and max h and we can define the time in seconds after that commands.
- 4_3- Rapid Spanning-Tree Protocol
In this section we’re going to talk about the rapid spanning tree protocol. In standard spanning tree recovery of the network takes about 30 or 50 seconds and when there is a change in topology there is no traffic flow within the devices and in today’s modern networks the spanning tree’s recovery time is very long and that’s unacceptable. Cisco has supported spanning tree with features such as portfest uplink fast and backbone fast to get rid of these problems but these are Cisco specific improvements with RSTP the issue of STP’s lead recovery is resolved and RSTP can only take the designated and root ports in STP from blocking state to forwarding in only a few seconds. And we have five portals in RSTP. They are root designated, alternate disabled, and the backup route ports are ports that non route bridge.
Reach to route bridge from the shortest path they can send, transmit and receive Bpdu. And the second is designated. Each switch in the segment has at least one port in the designated role. The designated port can receive frames going to the root bridge. And the third is alternate suggests an alternate port to the root bridge.If the current designated port fails, it takes its place and the ford is disabled. And this type of port does not participate in spanning tree and has no role in the spanning tree. Let’s take a look to the backup. A port that’s blocked in the same device with more user will bpdu package retrieval is a backup port. It’s in the discarding state in the active topology.
And here are the states. Port states of the RSTP in classic spanning tree we have four port states as you remember and they are blocking, listening, learning and forwarding in rapid spinning tree blocking and listening are much to discarding state and the other states are same and they are learning and the forwarding and so let’s take a look at what they mean. The port in the discarding state prevents the creation of a layer two loop in the topology and the second is the learning state and switch starts to accepting frames to create mechanics table in the learning state and the forwarding is the state that in which frames are being transmitted and here is how we can merge to RSTP. There’s really one simple comment to merge from SCP to RSTP and our command is spanning three mode and rapid PVST and we are using this command in the config mode.
- 4_4- Spanning-Tree Stability Mechanisms
In this section we are going to talk about spanning through stability mechanisms. Let’s take a look to the spanningthree protocol toolkit first. These are the tools needed to manage STP better and their main role is providing a faster recovery for the SAP protocol and they are uplink fast. Backbone and the Portfest Features let’s start with the uplink fest. First uplinkfest allows Uplink to be transferred to other link on access switch quickly and that’s a Cisco specific feature. For example when a problem occurs in the root port, the port in the lowest cost value is immediately replaced by the root port in a total of 1 second the link is returned to normal. The second feature is the backbone fest and which allows STP to quickly converge when STP chains on core or distribution switch.
And that’s also Cisco specific feature. And Backbone fest is meant to resolve a connection failure on the backbone. Actually by using this if a switch receives a root Ppdu with the sending switch address as the root, it will know it has a broken link. The receiving switch can send them out a Rltu, which means root link query to see if it still has root itself. If it gets a response to this it can inform the opening switch and the transition will occur faster than the listening plus learning times which is 30 seconds by default. And the third feature is the portfolio which allows access ports to transit in the forwarding state directly from blocking states.
And here is an important point when you’re using portfest, port fest is not used in the trunk port skies. You need to use the port fest in just for the access ports and the configuration for the portfest is pretty simple and that’s just springtrip and portfest. But you need to use this under the access port interfaces. Pbdug feature protects the integrity of the ports that are portfest activated and that’s the important point the port fest activated. Please keep in mind that if a Bpdu packet is received from an access port that has port fest enabled, the port is error disabled. The error disabled mode port is a shutdown port and can be reactivated with just using shut and Noshot commands together. First you need to shut then you need to not shut the ever disabled port to make it active again.
PPG port can be activated under interface or globally as you can see that if you want to activate it under interface mode you can use spanning three Ppdug enable command, but if you want to globally enable it, you can use spanning three portfest. Ppdut default command PPD packets are sent even from portfest enabled ports. Ppdu filter is used to prevent this. The Bpdu filter can be configured globally or under the port like Ppdut. Two when configured under port like this spanning three Bpdu filter enable command, ppdus are not sent and all Bpdus received are ignored. When you globally enable it like this spanning three portfest Dpdu filter default, it affects all portfest enabled ports that have not been configured for Bpdu filter.
If a Bpdu is detected, the port loses its port fest status and STP continues to send and receive Bpdu packets as it does at other ports. And let’s take a look to the rootcard feature too. The result of connecting a misconfigured switch to the network can change your root bridge. However, since the root bridge is a very basic and important part of your network, you must ensure that it never changes. And that’s why root guard is developed. The root guard forces an interface to be the designated port to prevent other nearby switch from becoming root brats. If the switch receives a superior STP Bpd packet from a rootcart enabled port, the switch will stop transmitting traffic from that port and it’s recommended that rootcard to be activated on all access ports.
For example, if an attacker wants to plug in a switch and wants to become a root bridge for your network, and root guard detects it and blocks the traffic. Let’s take a look at the loop guard feature. Now, if you use fiber cabling guys, you may have noticed that there are different connectors for transmitting and receiving the traffic. If one of the cables send or receive does not send or receive a packet, a one way connection error occurs and this may cause a spanning tree loop. There are two protocols that overcome this problem. The first one is loop guard and the second protocol is unidirectional LinkedIn. Act that’s the Udld assume that takes fiber connector of the switch three towards switch one is tombited dozer.
In this case, switch three cannot send BPW packets to switch two. And since switch two does not receive BPW packets, the port in alternate state will transit into forwarding state and a one way loop will occur. Loop guard takes place when no Ppdus are received from non designated ports and takes the port to STP loop in consistent mode and blocks traffic on that segment. Here’s how we can configure the loop guard to we are going to interface mode by typing interface, for example, the name of the interface that’s ethernet for this example. And we type spanning tree quad loop and which enables loop guard on a per interface basis.
If we type spanning three loopcard default on the config mode, that enables loopcat globally on all four point to point links. Udld also works with a similar logic to loop guard, and Udld is a layer two protocol that simply behaves like a keypellive mechanism. Udld configured interfaces sent Udld packets to the point to point port on the other end and receive Udld Echo packets from the opposite sides. They sent Udld and the other guy is sending a Udld Echo back. If the answer to the Udld packet does not return, this guy Udld gets that there’s a problem on the link and takes action udld works in two modes and they are normal mode and aggressive mode.
In the normal mode UDLA identifies a problem and marks the problematic interface as in an unspecified state and generates a syslog message about it. But in the aggressive mode when there is a problem the switch starts to check whether the link is up and it generates eight messages in total for this one. If none of this message return a response the port is taking to the error disabled mode and blocked. Here is the configuration of the Udld tool in the global config mode we can use Udld Enable or Aggressive or if you want to configure it other interface we can use Udld port aggressive.
We can verify the configuration by using sharp Udld command and if you want to reset all interfaces that were shut down by Udld we can use the Udld reset command and the last thing we are going to talk about is Flex links. Flexlinks are a payoff layer two ports that are configured to be an alternative to another interface. Flexlinks provide link level redundancy as an alternate to STP. STP is automatically disabled on the Flex links and failover arches in as little as 50 milliseconds to configure Flex links. Example we can go into the festival one first and we use Switchboard backup interface and we define the fastener two as the backup interface. And to verify the configuration we are using show interface switchboard backup command.
- LAB : Spanning Tree Configuration
All right guys, that’s the lap time spanning three configuration lab. Welcome. We have a topology, we have four suites connected to each other and in the first step we need to create the topology above and determine the root bridge. And the question says me that spanning tree mode will be Rapid PBSD. All right. Second, force one of the non root bridge to be a root bridge by changing the priority value. All right. And the last step is force one of the number root breaks to be a root bridge but don’t change the priority value. Okay, let’s go ahead with the first step. What I’m going to do is I will configure spinning three mod rapid PVSD and I will check which is my root bridge. Okay, conte spanning three mode, rapid PBSD is the hook configuration but if I use a question mark I can see that I can also use the PVST.
Two in different chases of suites and different iOS versions can support different types of STP. But in this question it’s saying need that to configure Rapid PBSD and my chassis is supporting this. So I’m using rapid PBSD. I’m going to make the same configuration on switch to and the all right, I changed my configuration and I’m using Rapid PBSD right now. And now it’s time to check who is my root bridge. I want to start with switch three and take a look at if it’s my root bridge or not. To verifying the spanning tree, I’m using short spanning tree command. Oh my God, I’m so lucky. As you can see this, I found the root bridge at my first try. So how I got that because when I typed show spanning tree I saw that this bridge is the root output.
If we check the another switch, for example switch four, it’s not typing okay, it’s typing now. And if I run the short spanning three command as we can see that we don’t see anything that is saying this wages root. So all right, step one accomplished. Let’s take a look to the second step.Force one of the nonroot braids to be a root bridge by changing the priority value. As you can see the default priority value is 32,768. So I’m going to make the switch port of switch four as my route bridge. Now by changing the priority value county spanning three four VLAM and I’m going to set the priority of the switch to a lower value than my default value. But please pay attention that breed per T in increments of 4096 warning.
So it’s okay that I can use 4096 because that’s lower from my default value and lowering the priority means that I’m making I’m forcing that switch to be the root. Okay, I need to wait for a few seconds and let’s do the show spanning to recommend as you can see that from the output this time, switch four is my root bridge. Switch one, switch three was the root bridge before, as you can see that. But now it’s not root anymore. Okay, pretty cool. And let’s get into the last step. The last step of the question is saying me that force one of the non root bridge to be a root bridge, but don’t change the priority value. Let’s make this which one root bridge because of the question saying to me that don’t change the priority value.
I just have one option to make this guy the root. All right. Spanning three, villain one and question mark. As you can see that I can see my option here. Route question mark again, I can set the primary root or secondary root, but I’m going to set the primary route. All right, when I type the show spanning three. Now, this time I should see that switch one is my root bridge. So let’s hit the enter. And yes, I can easily see that this bridge, I mean switch one is the root bridge. Right now, as you can see, that pretty straightforward and so easy to configure the STP. And we can have a few options to change the root bridge. And we completed the three steps through in the configuration lab. And thanks for weaving.
- 4_5- Multi Spanning-Tree (MST) Protocol
In this section we are going to talk about the multispanic three MSG protocol. Let’s say that we have a topology which consists of three switches like this normally switch one, switch two or switch 3 may become a route bridge in three switch topology like this and according to these three different scenarios the ports of the switch will have different port roles. If you were to have 100 different villains for example, it would be unnecessary to calculate this individually for each villan since the result will always be the same and the control plane will have an unnecessary overload. It would be unnecessary to calculate this with the multi spanning three protocol we are removing this handicap from and we are reaching a more effective structure on the network.
One of the biggest advantages of NST is VLAN load balancing. And let’s consider our topology. And our topology consists of toolings and 1000 wheel ends as shown where we are making 1000 spanning tree calculations in spanning three classical spanning tree protocol for a topology like this. But in MST 1000 wheels are mapped to two MST instances just and you get rid of unnecessary calculations. For example you have instance one and instance two for this range and you choose different route bridge for this range and you just apply it to the bridge. This architecture provides multiple routing paths for data traffic and enables load balance as well. MSD converts the network much faster than all the versions like RSTP, PBSD or STP.
And let’s talk about the MSD region concept. Now the MSD region is the switch group that compromises the following parameters. The first parameter is the instance name, the second parameter is the revision number, and the third parameter is the villain to STP instance maps, please keep in mind that details are not shared between different MSP regions, and different regions see each other as virtual bridge. One of these regions is used for interregion communication and that’s called regional root bridge. MST supports multiple instances and instance zero is used to move all internal information about the STP. Let’s take a look to our topology for villain 1030 and for villain 20 to 40 traffic flows through different paths.
For example for villains to ten to 30 this bridge is the root bridge and for instance two which is mapped to villains 20 and 40, this bridge may be the root bridge. The MSD revision number provides a way to track change to the MST region. The revision number is not automatically incremented each time you make the change to the MST configuration. That’s a really really important part to pay attention each time you make the change you need to increment the revision number one by one. And we have MST Extended System ID concept which consists of twelve bits and carries the MST instance number. And here is the most important part of this section we have four different threads as you can see that in our topology we have distribution one, distribution two, access one and access to switch to configure MST.
For all these threads. The first thing we should do is converting the spanning tree mode to MST by typing spanning three mode MST configuration in all this switch. The second thing we need to do is providing the name revision number and willing to STP instances. As you can see that we define ABC as the name revision number three and villain to instance mappings on all these switches. Please pay attention that because of these values are the same. Name revision and villain to instance mappings are the same. These switch all of these switches belong to the same region. Okay but please pay attention that we just have some different configuration for distribution one and distribution two.
For distribution two we have spanning three MST two, priority 8000 and blah blah. And we have spinning three MST two, priority 4000 and blah blah for the distribution two. Which means this guy will be selected as the route. For instance, two, which covers the villains between 100 and 199. On the other hand, we have configured spanning three MSD one prior to 4000 blah blah for this and we have configured 8000 or something for the distribution. Two. And this configuration means for the instance zero and for the instance one, which covers the villains between one and 99, this guy will be the root bridge.
And let’s take a look to the MST root bridge and pet. Cost configuration right now to change the root bridge we can use the spanning three MST one root primary and if we want to define it secondary route we need to use the spanning three MST and instance number and root secondary and if we want to change the cost on a port we need to use spanning tree MST, instance number and cost and the cost value and to verify the MST configuration we can use the short spanning tree MST and instance number for example for MST one villains map are two and three for this example.