STP: Spanning Tree Protocol Part 2

OK, just to recap on what we have discussed on the previous blog: We've covered basically what STP does in our network and how it helps us in our design for redundancy. We've covered in detail regarding the BPDUs and the BID that are found in the BPDUs. We've also discussed how STP uses the STA (spanning-tree algorithm) to select the shortest/best path to the root bridge without creating a loop.

Now, what we're gonna talk now is about a little bit of port roles and BPDU timers. After which we'll go ahead and start discussing PVST (per VLAN spanning-tree). We'll end with some important CLI commands to configure and verify STP on our switches.

If you had read Part 1 my STP blog, you are pretty much knowledgable about STP. I agree some things could be left out, but then again, more knowledge means you can make decisions better. Let's start with port roles.

Ok, I've written before that there are four roles that a port could be playing, but I'll just put in key points about each roles.
1. root port - the switch port that is the best path to the root bridge
- there could only be one root port per bridge
- could populate the MAC address table
2. designated port - the switchport that forward frames to the root bridge
- there could only be one per segment
- all ports of the root bridge are designated ports
- exists on both root and non-root bridge
- could populate the MAC address table
3. non-designated port - the switchport that blocks frames
- could not populate the MAC address table
4. disabled port - the interface has the 'shutdown' configuration, it's administratively down
Now you ask, how does the switch know what roles to assign to a port? The STA does that. It tells the switch what port is the closest to the root port, and the port closest to the root bridge is the root ports. The rest of the ports that participates in STP are either designated ports or non-designated ports. The best path is chosen by the number of hops going to the root bridge multiplied by the port cost (refer to part 1). The lowest path cost will be chosen.

Now let's discuss port states. You might ask, what's the difference? Well port roles is how we redundant ports should behave. While port states are what the ports are doing. Example, the port is a root port(port role) so it should be forwarding(port state). Another example would be, the port is a non-designated port(port role) so it should be blocking(port state). Get it? Ok. There are five port states: forwarding, learning, blocking, listening, and disabled. Ports transitions to these different states in order to have a loop free network.
- forwarding - port is able to forward frames
- learning - port is ready to participate in frame forwarding, populating MAC table
- listening - port has just been determined that it could participate in frame forwarding. prepares to go to learning state
- blocking - port is cannot forward frames, but can receive BPDU frames to know where the root bridge and the other port roles
- disabled - port is not active, adminstratively down

Now we're done with port roles and port states, we'll head over to a short discussion of the BPDU timers, and why are they significant.

There are three timers we need to focus on: the hello time, forward delay, and the maximum age. The hello time is the time interval before the port sends another BPDU frame. The default is 2 seconds and can be tuned from 1 to 10 seconds. The forward delay timers are generally the time a port spends in the listening and learning state. The default is 15 seconds, but can be tuned to 4 to 30 seconds. The use of the forward delay timer is to allow all switches to decide the correct port roles to have a loop free network. The maximum age timer is to tell the switch how long it should keep the BPDU information. The default is 20 seconds and can be tuned from 6 to 40 seconds.

Just a note: STP only functions on networks with the diameter size of seven. Diameter is the number of switches a frame has to travel to reach another node. With that note, it brings me telling you that though we could tune all of these timers, it is advised not to, since it is already optimized by default with the network diameter size of 7 so that you wouldn't mess up the convergence(state where in STP has already calculated the best path and all ports are in their proper roles).

To view or verify the spanning-tree status type in show spanning-tree on the privelage mode of the switch CLI (command line interface). There you will see the following:
- the root bridge ID (you will know if the switch your accessing is the root bridge because it will indicate there: "this bridge is the root".
- priority value
- MAC address
- BPDU timers
- the bridge ID
- priority value
- extended systed id
- MAC address
- BPDU timers
- the interfaces that participates in STP, you will be able to see:
- the roles they are currently on
- the path cost going to the root bridge
- the status that the port currently have

To configure STP on a switch, we must be in the global-configuration mode of the switch
1. change BID of the switch
- spanning-tree vlan priority <1>
2. change switch priority
- spanning-tree vlan root , if it is set to seconday, the priority value will be set to 28672. if primary, always 4096 interval lower than the lowest priority value found.
3. change cost of a port (you must be in the interface-configuration mode of that port)
- spanning-tree cost
4. setting the STP diameter
- spanning-tree vlan root primary diameter <0>
5. changing the port priority (you must be in the interface-configuration mode of that port)
- spanning-tree port-priority <0-240,>

OK boy and girls, I think my brain can't take anymore writing at the moment. Forgot that I have to do my labs and my thesis paper still. Yes, I'm not done discussing PVST and some scenarios to help your network design. Guess there would be a part 3 for STP. It'll take some time for me to finish on STP part 3, since I've got to read about stuff related to my thesis. Anyway, it's another review day for me.

For any CCNA or Cisco knowledgable peeps who are reading this, please do check if what I wrote is correct (including typos or wrong grammar haha). And if you guys have any questions regarding STP, please do ask, I'll be glad to help and find the answers.

STP: Spanning Tree Protocol Part 1

Alright, another day to review! Gosh this is a long topic!! Today I'm gonna write about STP, and it stands for Spanning Tree Protocol. Without STP, boi, you'll gonna have lots of headaches, you'll know why later. STP is used by switches, and before I go any further, first let me give you an introduction of where STP comes into play on your switched network --redundancy. It's resolves the availability issue in a computer network (crucial networks) by having redundant equipment and connection in case the main line or equipment goes down. For short, redundancy is like having an alternate route. Having multiple paths to a destination allows you to reach the destination even if a route goes down. Implementing redundancy, organizations (e.g. webhosting companies or telephone companies) that depends on computer networks can be assured of business continuity.

Just a side note: redundancy is achieved by having a heirarchical network design (having the access, distribution, and core layers). I'll not write about network design since its a broad topic to talk about. Heck its got its own certification for it: CCDP (Cisco Certified Design Professional). Maybe I'll write something about simple network design and Layer 2 & 3 redundancy next time.

Here's were the problem comes. With redundancy, Layer 2 loops can occur, wherein packets will not stop traversing different switches and will eat up lots of the switch's CPU resources. How does this happen, and what is a Layer 2 loop? Ok, let me try to explain without the use of a diagram. Say we have three switches namely S1, S2, and S3, all connected together using trunk ports. Say PC1 is connected to S1, and PC2 is connected to S3. Here is the thing, remember that switches forward broadcast packets to ALL ports except the port where the broadcast packet came from? If you could visualize the diagram above, you'll get the whole idea. Each switch in the example has 2 trunk ports, and each would be receiving the broadcast message on one trunk port.
Step 1: receive a broadcast packet on a trunk port 1.
Step 2: the switch forwards the packet to all ports except where the packet came from(trunk port 1). Thus each switch will forward it to the other trunk port (trunk port 2).
Step 3: the receiving switch receives the broadcast on the trunk port 2.
Step 4: the switch forwards the packet to all ports except where the packet came from(trunk port 2). Thus each switch will forward it to the other trunk port (trunk port 1).
Step 5: go back to Step 1.
This is what we call the Layer 2 loop or the switching loop, and this occurs in a switched network having redundancy links without STP. If you're thinking that the packet will eventually get dropped when the TTL (time-to-live) expires, you're wrong. Ethernet frames or Layer 2 messages has no TTL field! Switching loops will soon turn out to broadcast storms if more broadcast are sent by different computers to the network. Switching loop can only stop if the physical link (trunk port) goes down. As more and more broadcast are sent, soon you'll find your network useless since all bandwidth is consumed.

Now knowing what disaster Layer 2 loops can do, you'll appreciate why there's STP. You might be wondering too if all switches (different brands/vendors) have STP running. Honestly, I'm not sure. What I can say is that all managed switches has STP. Managed meaning you can configure.

The purpose of STP is to avoid switching loops in your switched network. STP does that by blocking redundant ports dynamically and intentionally to maintain only one logical path to all nodes. STP dynamically unblocks the redundant port if the main path goes down.

STP utilizes the ST (spanning-tree) algorithm. Wherein the algorithm selects the shortest path to all nodes based on path cost without creating a loop. Applying STA, first we need to have our starting point, the root. Every network with switches will need and has to have one for our reference as the starting point. The selection of the root switch happens during the startup of switches (yes, all switches in your network participates in this election). They would send each other messages notifying who would be root. Now, after the election, let's say our switch has multiple paths to a destination, what STA does is it will only select one path, then the switch uses the information from STA to set port roles to the rest of the redundant ports, either blocking, forwarding. This entire process is how STP functions.

Hmm, I've mentioned about port roles, I'll give you a brief explaination about this, then I'll go into detail in part 2. Port roles are basically how a port should perform based on STP. There are four roles: root ports, designated ports, and non-designated ports. The root port is the port closest to the switch. The designated port is the port that allows the forwarding of packets. The non-designated port is the port that blocks all packets, and the disabled port is the port that is administratively down (it has the 'shutdown' configuration).

To clarify and be more detailed on the election process, the election starts when switches the starts up. All switches initially are root bridges. They'll be sending messages which is BPDU (bridge protocol data unit) every 2 seconds. Inside BPDU will contain the BID (bridge ID), and the BID consists of a priority value, switch's MAC address, and an extended system ID. Each switch will compare their BID with the BID of the other switches, and the lowest BID will be elected as the root. All subsequent BPDUs of the switches that has its root ID change will send the updated root ID so that all other switch will know the lower root ID. We could manipulate te priority value in the BID to manipulate the election process. The default value of the priority value is 32768, and it could range from 1 - 65536. The lower the priority value, the higher the chance that the switch would become the root bridge. The extended system ID is used to support VLANs (I'll write another blog explaining how STP works in per VLAN basis), so it could be ignored if there are no VLANs in the network. Let's say all switches have the default bridge priority value of 32768, switches will use the MAC address as the basis of determining the root bridge. The switch with the lower MAC address will be the root bridge.

Now about the path selection, how what parameters are used to determine which is the best/shortest path to the root bridge? STP sums up all the port costs in a given path to determine the path cost. The path will the lowest path cost is the best/shortest path. The port costs are the following:
10Gbps = 2
1Gbps = 4
100Mbps = 19
10Mbps = 100
These values are the default values set by the IEEE. If your wondering if the port cost could be modified, why yes. They can to give you the flexibility of choosing your path to the root bridge. To configure the port cost you must enter into the interface-configuration mode by selecting the port you want to configure, then enter 'spanning-tree cost '. If you want to reset if back to the default, just type 'no spanning-tree cost' in the interface-configuration mode of that port and your good to go.

Ok, let me give a scenario: Let's say we have to ports with the same path cost going to the root bridge, how does the switch decide what port to block? The answer is simple, the port with the lower port ID will be used. Example, fa0/1 and fa0/24 have both the same path cost to the root bridge. The switch will select fa0/1 since it has the lower port ID. But still, we can override this by changing the port priority for STP. The default value of this is 128. We can configure this by going to the interface-configuration mode of the chosen interface, then type 'spanning-tree port-priority <0-240,>'. To verify the change, type 'show spanning-tree' in the privelage mode and see that the port priority of that port will change from 128 to the priority number you have entered.

The general process of how STP works are the following:
Step 1: a root bridge is elected (BPDU is sent by each switch and each switch compares their root ID with the root ID of others)
Step 2: each switch uses the STA to determine the shortest path to the root bridge
Step 3: each switch takes into account the port speed/bandwidth for which port to block and unblock | path cost is calculated using port speeds/bandwidth also, so if there are two paths to one destination, the path with the lowest cost is selected.
Step 4: port roles are assigned based on the STA calculated path to use.
Step 5: voila, converged!

Reminder: all switch ports are in blocking mode when all switches are calculating the root bridge and determining paths.

Alright, seems to me that we've got the gist of how STP works in switches and in our network, but I'm not done with my review yet since Cisco is also covering the BPDU in detail. If you want to know the details of BPDUs go and read, but if you just want to know how to configure STP on your switches, just skip the BPDU part.

BPDUs has three fields, each fields contains four important information for STP.
The first field:
protocol ID - determines what protocol is used.
version - determines what version of the protocol is used.
message type - determines the type of message sent.
flags - indicates whether there's a topology change and indicates the receipt of a topology change.
The second field:
root id - when a root bridge is already elected, the bridge id of the root bridge will be indicated here. At start up, all switches are root, thus the root id will be their own bridge id.
cost of path - the total path cost of the sender of the BPDU going to the root bridge.
bridge id - the bridge id of the sender of the BPDU.
port id - indicates from what port the BPDU was sent, this allows loop created by multiple connected bridges to be detected and corrected.
The third field:
message age - indicates how much time elapsed from the time the root bridge sent the message of the current configuration.
max age - indicates how long the BPDU should last. If the message age reached the max age, there would be a new election of a root bridge since it assumes the connection is lost from the root. 20 secs by default and can be tuned from 6 - 40 secs.
hello timer - indicates the interval where the root bridge will send another BPDU. 2 secs by default, can be tuned from 1 - 10 secs.
forward delay - indicate the time for bridges to wait before transitioning to a new state.

Alright, I guess I'll stop here for the moment, my head hurts quite a bit already. I'll write part 2 of STP later this evening which includes detail discussion of port roles, BPDU timers, per VLAN STP (PVST), some design tips on STP, and what are the important stuff to configure for STP.