Spanning Tree Protocol (STP)

 

The Spanning Tree Protocol (STP) is an important concept and Technology in switched Ethernet. The purpose of this Protocol is to achieve redundant connections between switches while avoiding the emergence of network loops, achieve high network reliability. It transmits the Bridge Protocol Data Unit (BPDU) between switches to inform each other of information such as the bridge ID, link nature, and root bridge ID of the switch, to determine the root bridge, determine which ports are in the forwarding status and which ports are in the blocking status, so as to avoid network loops. when there are multiple VLANs between switches, the trunk line load will be too heavy. In this case, you need to set multiple trunk ports, but this will form a network loop. The STP protocol can solve this problem. you can configure the STP port weight stp path value to achieve load balancing. if the STP port weight is used for configuration, the trunks of the two Server Load balancer instances must be connected to the same switch. If the path value is used, the same vswitch can be connected to different vswitches.
Load Balancing using STP port Weights
When two ports of the same vswitch form a loop, the STP port weight is used to determine that port is enable and that port is blocked. you can configure the port weight to determine the VLANs that each pair of trunk uses. A port with a higher weight (with a smaller number) is in the forwarding status, if the same VLAN has a lower weight (a large number) on the other trunk, the VLAN is in the blocking state. That is, the same VLAN is sent and accepted only on one trunk. Configure STP weight (default weight 128) Switch # C onfig Terminal
Switch (config) # interface F0/1 // enter port 1 Configuration Mode
Switch (config-If) # spanning-tree VLAN port-Priority 10 // set the VLAN port weight to 10
Switch (config-If) # exit configure stp path value (default path value 19) Switch # C onfig Terminal
Switch (config) # interface F0/1 // enter port 1 Configuration Mode
Switch (config-If) # spanning-tree VLAN cost 30 // set the VLAN Spanning Tree PATH value to 30
Switch (config-If) # exit

 

Redundant Network Loops

Three major problems: 1: multiple copies/Multi-frame replication 2: unstable Mac database instability/MAC address database/port drift 3: Broadcast storms/broadcast storm

Solution: stpstp is a link management protocol that places a specific port in a blocking state to implement a network with neither loops nor redundancy.

STP core:
Provides a loop-free redundant network topoloty, by placing certain ports in the blocking state. STP information is a Bridge Protocol Data Unit (BPDU) transmitted through BPDU ). function: it is sent by the root bridge Rb (root bridge) in the Exchange Network for STP calculation and convergence. The sending cycle is 2 seconds. There are two types: the configuration dpdu is sent at periodic intervals by the root bridge on all ports; TCN (topology change notification) when the switch detects a topology change, the BPDU is generated (the TC sending time lasts for 35 seconds, that is, the delay time + The BPDU aging time ). tasks completed by BPDU:
Election root bridge
Determine the location of the redundant path
Blocking specific ports to prevent Loops
Announcement of network topology changes
The status protocol ID (0) of the Monitoring Spanning Tree indicates the Protocol 802.1d
Version (0) STP version, 802.1d version is 0
BPDU type configuration BPDU = 0, tcn bpdu = 80
The number of seconds after a BPDU is sent from the root bridge. Every time a bridge passes through a network, the number of hops reaches the bridge.
The marked domain includes the topological change (TC) bit. When the bit is set, it indicates that the BPDU is a topology change notice or topology change validation (chloroform) bit.

Handling of BPDU by a vswitch: If a vswitch receives a BPDU with a higher priority from an interface, it will save the BPDU and the interface will no longer send BPDU;
During convergence, only the root bridge generates BPDU, and other switches can only receive BPDU from the RP before sending them out from the DP. In this way, non-root bridges may receive BPDU from the DP or NDP;
If the switch receives a low-priority bdpu from the DP, it will discard it and send its new BPDU to the source MAC. If the switch receives a low-priority BPDU from the NDP, it will only discard it.

Port Status: blocked (Block, default 20 s): only listening for inbound BPDU
Listener (Listen, 15 s by default): listener and send BPDU (root bridge, root port, specified port election is completed at this stage, if the interface is not DP, return to the block):
Learning (15 s by default): listens to and sends BPDU, and learns the MAC address of inbound frames on this interface.
Forwarding: listens for and sends BPDU, and learns the MAC address of the inbound frame on this interface to receive and forward data frames.
Disabled: No STP is involved and no data can be forwarded. STP Timer: Hello time (2 S) is used to determine how long the root switch broadcasts the configuration BPDU to other switches. forward delay (15 s) monitors the time spent on the learning and listening status of each port. Max age (20 s) controls the port to save the maximum time for configuring BPDU information: give the network enough time to obtain correct information about the topology and determine whether redundant links exist. the default maximum lifetime timer of STP is 7, indicating that the maximum network diameter can reach 7 devices. therefore, the forward delay of the BPDU is 20 seconds.
BPDU is broadcast for 2 s at a time, and three packets are allowed to be lost for 6 s. If the maximum value is 7 hops, a total of 20 s is used. Therefore, the BPDU effective time is 20 s:
(Config) # spanning-tree VLAN 2 Hello-time 2 // range: 1-10 s
Spanning-tree VLAN 2 Forwad-time 4 // range: 4-30 s
Spanning-tree VLAN 2 max-age 6

4-step decision sequence of STP execution
Determine the root switch lowest root bid
Minimum path overhead calculated to the root switch lowest path cost to root bridge
Determine the minimum sender Bid Lowest sender bid
Determine the minimum port ID lowest port ID

Lab1: root bridge election
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reference Principle 1:
The lowest bid vswitch is root bridge. Bid :( bridge ID)
Consists of the network management MAC address of the switch, and the switch priority, a total of 8 bytes hexadecimal. Step1: view the MAC address corresponding to the network management IP address of the switch
SW1 # Show version
Base Ethernet MAC address: 00: 07: EC: A8: 4b: 80step2:
View STP information: (view the bid of the local machine)
Sw3 # Show spanning-tree switch STP priority. The default value is 0x8000 (32768) boot ID/Bridge ID. If root id = bridge ID of the switch, this vswitch is the root bridge. step 3: manually control root bridge Election (control root bridge/backup root bridge election) sw3 (config) # spanning-tree VLAN 1 Priority 0 (0x0000)
SW1 (config) # spanning-tree VLAN 1 Priority 4096 (0x1000) SW-A (config) # spanning-tree VLAN 1 root priority
(24576 = 0x6000)
SW-B (config) # spanning-tree VLAN 1 root secondary
(28672 = 0x7000)

Lab2: select the root port of a non-root bridge switch:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
Reference Principle 2:
Lowest path cost to root bridgespanning-tree path cost root Port:
On a non-root bridge switch, the path overhead required to reach the root bridge, the minimum port, the link bandwidth and the cost
How is cost superimposed? Each non-root bridge has only one root port. SW1 # Show interface statussw1 (config) # int fa 0/12
Speed 10
SW1 # Show spanning-tree interface fastethernet 0/12 detail
Port path cost 100 root bridge, no root port, "all ports connected to the switch" are "specified ports" (config-If) # spanning-tree VLAN 1 cost? // Modify the port overhead

Designated port
Lab3: the options on each segment:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reference Principle 3:
Lowest sender bidstep1: Determine the segment between sw3 of SW1, which is the D-PORT? (8) Step 2:
SW1 (config) # spanning-tree VLAN 1 Priority 36864
(0x9000) lanb4: When the sender bid is the same, select the designated port:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~ If the sender bid is the same, the reference Principle 4: Lowest (the other party's) Port idstep1:
Sw2 (root bridge) # view port-ID of the port
Show spanning-tree interface fastethernet 0/12 detail
Port identifier 128.12sw2 (config-If) # spanning-Tree Port-priority 32 (hexadecimal)

Lab5: Observe the blocked Port
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View all segments:
Observe that all ports except the specified port and the root port are blocked. Show spanning-tree VLAN 1 detail // display the number of BPDU received on each port

STP features: (Cisco private) 1: portfast accelerates the convergence of terminal hosts into the STP network. only applicable to ports that are connected to the host (Computer) on the vswitch and should not be used on the ports of network devices that are connected to the vswitch, vro, or hub. interface fastethernet0/1 (the port connecting to the host on the switch)
Switchport Mode Access (access link)
Spanning-tree portfastspanning-tree portfast default // in global mode, enable portfast.2.uplink-fast globally: Configure uplink-fast on all access layer/distribution layer (non-core layer) switches, it is used to accelerate the convergence speed of STP network changes caused by straight-chain faults/straight-chain detection errors. block-forward1 ~ 5ssw1 (config) # spanning-tree uplink-fast // enable uplink-fastshow spanning-tree uplinkfast // view uplinkfast Information

Increase the priority of the bridge by 49152, and increase the overhead of the Spanning Tree ports of all interfaces on the switch by 30003. backbone-fast: accelerates convergence when a non-linear check error occurs: About 30 sindirect link failure on all switches, configure BackBone-Fastsw1/2/3 (config) # spanning-tree backbonefast // enable backbonefastshow spanning-tree backbonefast // view backbonefast information 4. portfast bpduguard (already configured on the portfast port) the "portfast bpduguard" on the switch port refers:
Once the port of the vswitch receives the BPDU package, it immediately closes the port (enters the err-Disable state), avoiding a larger range of broadcast storms.
Shutdown before No sh
Set auto-enable aging time:
(Config) # errdisable recovery cause bpduguard // default 300 seconds
Errdisable recovery interval? // Modify the wait Interval

On the port connecting to the Host:
SW1 (config-If) # spanning-tree bpduguard enablebpduguard don't accept bpdus on this interface5: portfast bpdufilter (configured on the portfast port) prevents the switch from sending BPDU on the "portfast" enabled interface, and discards all received BPDU. configure on a specific portfast Port:
SW1 (config-If) # spanning-tree bpdufilter enable (bpdufilter: Don't send or receive bpdus on this interface) sw3 (config) # spanning-tree portfast bpdufilter default // The Global portfast port takes effect. Note: BPDU filtering may cause loops and is not recommended. protection will not work after filtering is configured. 6: Root guard (recommended for all access ports) forces the interface to a specified port to prevent the surrounding switch from becoming the root switch. (config-If) # spanning-tree guard root show spanning-tree inconsistentports // display "inconsistent root"

Debug spanning-tree eventslogging buffered