"Copyright notice: Original translation articles, translation level is limited, errors are unavoidable, The Translator is not responsible for the consequences of errors or omissions in the article, please be careful to reprint them. Reproduced please retain this statement and source: blog.csdn.net/shallnet, download the English version of the book "
In the most basic scenario, spanning Tree Protocol (STP) is a loop protection protocol that allows the bridge to discover the physical ring in the network by communicating with each other, and then the bridge through the specified algorithm is the network to form a logically loop-free topology, that is, STP creates a tree-shaped structure of leaves and trunks of a non-circular network. The sections that follow describe how each bridge communicates and how the STP algorithm works. There are many reasons for the existence of loops in the network, and you oftenwill beIt is found that the network is artificially connected to a loop in an attempt to provide a redundant backup of the network, and once a link or switch has gone wrong, another link or switch can continue to make the network work. But the ring can also be caused by the use of errors (of course, this will never happen to you). Figure 6-1 shows a typical switch network that provides redundant backups. Figure 6-1. Enable network presence Ring to provide a backup network
Having loops in a bridge network can cause broadcast loops and MAC Address Table exceptions, potentially fatal to the bridge network.
Broadcast Loop Broadcast data combined with a 2-layer loop is quite dangerous, such as 6-2.Figure 6-2 No STP is used and broadcast packets are looped forward to form loops。
Assume that all switches are not running STP. The first step: Host A sends a frame to the broadcast MAC address; the second step: frames are routed through the Ethernet link media to Cat-1 and Cat-2; The third step: when the frame is received on the port PORT-1/1 of Cat-1, Cat-1 performs the transfer-publishing learning algorithm discussed in chapter III Bridge technology and The frame is flooded and the frame is forwarded from the Port PORT1/2; Fourth: The frame continues to transmit all the nodes under Ethernet, and the Cat-2 Port PORT1/2 will also receive the frame; Fifth step: Cat-2 will also take the broadcast frame from the port port1/1 flooding out; Sixth step: Further, the frame continues to be transmitted to the CAT-1 port PORT1/1; Seventh step: Cat-1 as a switch, the normal forwarding of the switch will send the frame from the port port1/2 again; Now you can see that a loop has been formed. Also, the above description of Figure 6-2 also ignores the second step broadcast packet also reached Cat-2, the Cat-2 will also flood the frame and transmission in the following node, it will lead to the above broadcast packet transmission opposite a loop, in a word, remember that this loopback loop will be in two directions will be generated. One important conclusion from figure 6-2 is that the loop of the bridge is much more dangerous than the routing loop. To figure this out, we go back to chapter one, "Desktop Technologies." Discusses the Ethernet frame format. For example, figure 6-3 shows the format of the Dix V2 Ethernet frame.Figure 6-3. Dix version 2 Ethernet format
Note that the Dix version 2 Ethernet format contains only two MAC addresses, a Type field, and a CRC (as the underlying data is added to the back). Not the same, the IP header contains a time-to-Live (TTL) domain, which is sent the host setting of the IP packet and minus one after each route, and when the value is 0 o'clock, the packet is discarded so that the router prevents "spinning" the data message. Ethernet frames do not have a TTL domain like IP packets, so once a frame is formed on the network, the frame will always be forwarded continuously in the network until the following happens:
- A bridge is closed or a link is broken.
- The World destroys < translator note: the Sun novas>.
It doesn't seem so scary, but a network that is more complex than the example in Figure 6-2 actually causes a loop that grows exponentially, each frame is sent from each port of the switch, and the total number of frames grows quite fast. I have witnessed an ARP in twoOC-12 ATM Link ran for 45 minutes (for NON-ATM wizards, each OC-12 sends 622 Mbps in each direction; the is a total of 2.4 Gbps of T Raffic) < translator Note: The last sentence is the original, not yet understood, not translated, for those who have not yet recognized the seriousness of the problem, it is quite bad. Finally, imagine the impact of broadcast storms on simple users like Figure 6-2, who are not only unable to play Doom (a popular little game on campus networks), they can hardly do anything (except go home)! Recall that the second chapter "Segmenting LANs", the broadcast packet must be processed by the CPU, so that all the PC also because of the broadcast storm to be stuck, and then repeatedly on the network of the PC's mouse pointer can not move, until you let the PC is no longer connected to the LAN, Before the PC can be restored to normal operation, once you connect to the LAN again, the broadcast packet will fill up the CPU again. If you've never experienced this before, then when you meet someone who hates you one night, you can just turn a VLAN (VLAN 2, for example) into a physical loop and execute
set spantree 2 disable. Try to have this happen. Of course, if the most annoying person is your boss, don't do it!
Bridge MAC Address Table exceptionMany switch/bridge administrators are aware of the basic issue of broadcast storms discussed above, but few know that even unicast frames can be looped forward indefinitely in the network that contains the ring. Figure 6-4 shows an example of this. Figure 6-4. If STP is not used, even unicast packets are forwarded and the MAC Address table is abnormal
For example, suppose Host-a's ARP tablehave a host-b correspondence information, it intends to send a unicast ping package to host-b, but at this point host-b is temporarily removed from the network and the corresponding MAC address table in the switch is updated. If the switch is not running STP at this point, as in the previous example, the frame is transferred to Port 1/1 (step two) of the two switches; now only from the Cat-1 angle of view, because Host-c is off, Cat-1 has no host-c address cc-cc-cc-cc-cc-cc in Mac forwarding, so the frame is flooded by the switch (step three); fourth, Cat-2 receives the frame at Port 1/2, and two things happen on that node (all bad):
- The Cat-2 flood the frame because the switch did not learn the MAC address cc-cc-cc-cc-cc-cc(fifth Step), which makes the loop form and causes the network to hang out.
- Cat-2 Notice that it only receives a frame with a source address of AA-AA-AA-AA-AA-AA on the port port1/2 and then changes its top Mac forwarding Address table entry to the wrong port!
As the frame spins in the opposite direction (recalling that loop forwarding exists in two directions), you will see that the MAC address of the HOST-A will beswitch back and forth between Port 1/1 and Port 1/2. in short, not only the unicast ping package will continue to fill the entire network, and the bridge MAC address forwarding is also abnormal, remember not only broadcast packets to kill your network.
The classic "Cisco Lan Switching" chapter sixth (ii): What's Spanning tree and why use Spanning tree?