Introduction to Spanning Tree Protocol

Learning the Spanning Tree Protocol, you can try to avoid the failure of the entire LAN due to a switch.
The Spanning Tree Protocol was invented by Dr Radia Perlman, a well-known engineer at Sun Microsystems. The bridge, invented by Dr. Polman, can achieve the ideal realm of layer-2 routing: redundancy and loop-free operation. You can imagine the Spanning Tree Protocol as a tree structure in which each bridge device remembers the process for optimizing and fault-tolerant data transmission.

The problem we want to introduce is described in figure 1.

Figure 1.

If these switches do not use the Spanning Tree Protocol and are connected in this way, each switch will infinitely copy the first packet they receive until the memory is exhausted and the system crashes. On Layer 2, nothing can block this loop. In Figure 1, the Administrator must manually close the red connection line to run the Ethernet network. The Spanning Tree Protocol disables one or more redundant connections when the current available connections are valid. When the current connection fails, these closed redundant connections are enabled. The Spanning Tree Protocol determines which connection to use depends entirely on the network topology.

The idea of the Spanning Tree Protocol topology is that the bridge can automatically discover a subnet with no loops, that is, a spanning tree. The Spanning Tree Protocol can also determine that there are enough connections to each part of the network. It will create a spanning tree for the entire LAN. When the first time the bridge is connected or the topology changes, the bridge will recalculate the spanning tree topology.

When a bridge receives a certain type of "setting information" (a special type of Bridge Protocol Data Unit, BPDU), the bridge starts to implement Tree algorithms from the beginning. This algorithm starts with the choice of the root bridge. Root bridge is the core of the entire topology. All data actually needs to be transmitted through the root bridge. Note that you must pay special attention to the manual setting of the root bridge. For Cisco devices, the selection of the root bridge exposes some problems, which is too simple. Cisco hardware usually uses the lowest MAC address. Devices with these addresses are usually the oldest devices in the network, so the switching speed is usually the slowest, the root bridge has the heaviest load in the network. The next step for building a tree is to let every bridge decide the shortest path to the root bridge, so that each bridge can know how to reach this "center ". This step is performed on each lan. It selects the specified bridge or the bridge closest to the root bridge. The specified bridge sends data from the LAN to the root bridge. The last step is to select a root port for each bridge. The so-called root port is also the port used to send data to the root bridge ". Note that every port on a bridge, or even the port connected to the terminal system (Computer), will be selected for this root port unless you set a port to "ignored ".

The above is the process of generating the tree algorithm. However, this does not explain what the Spanning Tree is actually doing in the real world. We say this computing is destructive. There is no doubt that it does. To perform such calculation, the bridge must stop all communications. The bridge has to go through a series of tests and learning stages, and starts to send data only after the topology is established. The bridge only works when the topology is changed or when the bridge gets a BPDP package. It should be rare to think of this situation. In fact, this calculation occurs more frequently than you think.

The idea of the Spanning Tree Protocol is that you allow a connection error because you have two physical connections between a pair of bridges. The Spanning Tree Protocol blocks a port before it needs to be used. Therefore, we should be able to unplug redundant connections and connect them to other bridges without interrupting communication. Unfortunately, it does not work like this.

When a new bridge of a physical connection is connected, it will send and reset the BPDU, and other connected devices will follow suit. When the Spanning Tree Protocol starts computing, all communications will be stopped for about 50 seconds. These times are worth the money, because you are limited to a very short downtime. If a vswitch is congested or you do not have any redundant paths, a permanent shutdown will occur. In contrast, 50 seconds of downtime is only a very low loss.

In addition, many modern manufacturers have implemented the fast Spanning Tree Protocol, which is an improved version of the old Spanning Tree Protocol and pays more attention to the overhead during topology re-computing, and compatible with earlier versions. In most cases, it can reduce the computing time of up to 50 seconds to less than 3 seconds. From this point of view, anyone should use the new fast Spanning Tree Protocol.

I hope the above introduction is clear enough. We know that enabling the Spanning Tree function allows us to connect two bridges through multiple connections without generating loops. If a bridge in the connection breaks down, we can bypass it and use another bridge. The working principle is that although the current switch blocks its standby connection, it silently listens for BPDU updates and still knows which connection leads to the root bridge. That is to say, if you make the appropriate settings. Remember the trunk in the virtual LAN? What happens if one of the physical connections happens to be a trunkk line in a virtual LAN? If we only have one running Spanning Tree instance, this spanning tree may find that a network in the trunk should not use this connection turnk port aggregation to aggregate multiple physical connections into a larger bandwidth logical connection ). In addition to closing the entire connection, it has no other options.

Now we are going to talk about one spanning Tree Protocol (PVST/per-VLAN spanning trees) for each virtual LAN. When this function is enabled, a bridge runs a spanning tree instance for each virtual LAN on the bridge. If a trunk connection contains Virtual LAN 1, 2, and 3, it can determine which path is not available for Virtual LAN 1 and 2, but still allow virtual LAN 3 to use this path. In a complex network, there are still many situations where virtual LAN 3 has only one egress, probably because the administrator needs to restrict the access range of Virtual LAN 3. If we do not use PVST and the trunk port is blocked by the Spanning Tree, the virtual LAN 3 on the bridge will lose the connection with other aspects of the LAN. Everyone should use PVST.

Finally, you should not forget that any port that sends BPDU data can cause network interruption. This also includes computers running ettercap software and other illegal programs. You must enable technology similar to Cisco's "BPDU-Guard" on all ports to block BPDU packets. These BPDU packets not only cause the Spanning Tree Protocol to be re-computed, but also allow a computer to vote and win this option. You certainly do not want to find that the root of your generation is a computer of someone. When all communications flow to you, this situation can easily complete man-in-the-middle attacks.

There are also some unmentioned BPDU information and other details about the Spanning Tree Protocol that need to be learned. These details are a bit complicated. However, since you have already understood the overview of the Spanning Tree Protocol, these details should be easy to understand. If you want to spend more time learning these details, you will be rewarded in the long run.

Summary

• The Spanning Tree Protocol provides a method to control loops. In this way, when a connection problem occurs, your Ethernet can bypass the faulty connection.

• The root bridge in the Spanning Tree is a logical center that monitors communication across the network. It is best not to rely on the automatic selection of the device to select which bridge will become the root bridge.

• It is painful to recalculate the Spanning Tree Protocol: to properly set the host connection port (this will not cause re-calculation), we recommend using the fast Spanning Tree Protocol.