STP: Spanning Tree Protocol Part 3
Hello once again, and I'm now going to continue with my discussion with STP -mainly on PVST and other PVST variants. Been quite busy with lots of big things (maybe I'll blog about these 'things' one day).
PVST or Per VLAN Spanning-tree is a propreitary protocol by Cisco, and soon came the time wherein lots of manufacturers needed to support this protocol. When such propreitary protocol becomes so prevalent, IEEE comes to the rescue by creating some standard protocols to be used by all. The following IEEE STP variants are: RSTP (rapid spanning-tree protocol) and the MSTP (multiple spanning-tree protocol). Though IEEE made such standard protocols, it didn't stop Cisco from creating more of their own STP variants: PVST+, and rapid PVST+. Now, lets get into details of each variant of STP.
PVST is Cisco's propreitary protocol that uses Cisco's propreitary ISL trunking protocol to determine which trunks to be in FORWARDING state for some VLANs and BLOCKING for others. With PVST, each VLAN has its own STP instance. So the STP instance for VLAN 10 will be different for VLAN 20. Since each VLAN would have their own instance of STP, every VLAN could also have their own ROOT BRIDGE. So the ROOT BRIDGE for one VLAN doesn't necessarily mean that it is the same for the rest, unless all switches in the network are in its factory default settings. What happens now with ports participating in STP is that a port could be in a FORWARDING state for a particular VLAN and in a BLOCKING STATE for another. So don't be surprised if all pilot lights of ports participating in STP are indicated as GREEN and not AMBER, because may be there are different ROOT BRIDGES for different VLANS and all STP ports are in FORWARDING state, not just for all VLANS. The PVST+ is just the same as PVST, only that it was developed to support the 802.1q trunking protocol. PVST+ are running by default on Cisco Catalyst 2960.
Ok, some PVST BID (Bridge ID) discussion. Remember that a standard 802.1d BID is composed of 2bytes Bridge Priority and 6bytes MAC address. Let's focus a bit on the Bridge Priority part. The Bridge Priority is composed of 4bits as the PRIORITY number, and the 12bits as the EXTENDED SYSTEM ID. With the standard STP is used, only the 4bits is used (PRIORITY NUMBER). The 12bits EXTENDED SYSTEM ID is where the the VLAN ID is indicated.
Now for configuring PVST+ on your Catalyst switches, first we want to make sure that we know which switches are going to be the ROOT BRIDGE for each VLAN. Most likely ROOT bridges are placed in the distribution layer so that convergence would be faster since the BPDU would reach almost all switches in the network since it is in between the CORE and ACCESS layers -faster access.
First we choose which routers becomes the PRIMARY and the SECONDARY ROOT BRIDGES. We set the spanning-tree mode to PVST by the command:
S1(config)#spanning-tree mode pvst
Then we configure the the PRIMARY and SECODARY priority of each switch per VLAN by this command:
S1(config)#spanning-tree vlan
or
S1(config)#spanning-tree vlan
Then just check your spanning-tree configuration by the commands in the privelage mode:
S1#show spanning-tree active
and
S1# show running-config
RSTP or Rapid Spanning-tree Protocol is known as the IEEE 802.1w and is the evolution of the IEEE 802.1d. Ok, you may ask, what is the difference between the two (802.1d & 802.1w)? With the 802.1d, we have 5 port states: the learning, listening, blocking, forwarding, and disabled. With the 802.1w, we have 3 port states: the discarding, learning and forwarding. So, with RSTP, it redefines the ports states and type. Now wonder why it is called rapid? It's because it has only 3 port states, there would only be 3 transition states rather than 5. Moreover, it allows port states to change from DISCARDING to FORWARDING immediately without relying on timers. With the DISCARDING state, we see this state in both the active and sync topology state and is the one responsible for breaking the loops by not allowing frames to be forwarded. With the LEARNING state, we see this state also both in the active and syn topology state, and this state accepts frames to populate the MAC table. Lastly, with the FORWARDING state, we only see this state in the active topology state, and this state determines the entire network topology since this ports are the ones that forward frames. Now that we have defined the port states for RSTP, let check out the port roles. With RSTP we also have 4 port roles: ROOT, DESIGNATED, BACKUP and ALTERNATE ports. The ROOT port roles appears on non-ROOT bridges, and this are the ports that are connected or is selected as the path to the ROOT bridge. There could only be one ROOT port per non-ROOT bridge. The DESIGNATED port roles on the other hand are ports that receive frames going to the ROOT bridge. They appear on all switches and there are atleast one DESIGNATED ports in a given segment. The ALTERNATE port roles are the ports that offer an alternate route to the ROOT bridge. They assume the DISCARDING state and immediately transitions to the FORWARDING state and become the DESIGNATED port if the first DESIGNATED port fails. The BACKUP port roles are ports on a designated bridge that has a redundant or another link to a segment where it is designated. This port role assume the DISCARDING state, and turns to FORWARDING state when the DESIGNATED port fails.
One of the enhancements that RSTP gave is that the BPDU messages sent carries information about the port status of their neighboring ports only. Remember how the BPDU looks like? (If not refer to STP part1) The RSTP BPDU has the PROTOCOL VERSION ID set to 2, and the BPDU type set to 2. Also, it uses the FLAG field, which is only a byte long to determine if there is a topology change and carries the information of the port roles and states. So pretty much an RSTP enabled switch could still communicate with switches that has 802.1D enabled since there aren't changes in the BPDU format. RSTP uses the BPDU as a keep-alive mechanism, if the port doesn't receive BPDU three consecutive times (which is 6 seconds since HELLO timers are 2 seconds), it means that the connection to the root bridge or neighboring bridge is lost. With the fast aging time, this is what makes RSTP detect failures in the network faster.
I've also got to mention another factor why RSTP converges faster than STP (802.1D). It's because RSTP doesn't rely on its timers when a port has been chosen to be a DESIGNATED port, rather it relies on link-by-link basis. If RSTP had to rely on timers, then when the STA has chosen a DESIGNATED port, it should wait for twice FORWARD DELAY timer before transitioning to the FORWARDING state. With RSTP, bridges goes through a process of proposing and agreeing on which port is to be set to ALTERNATE, DESIGNATED, & ROOT. The proposal and agreement is based on the path cost going to the ROOT bridge, the higher the better. When a bridge receives this proposal and sees that it has a better path cost going to the ROOT bridge, it blocks all non-edge ports then transitions the port that received the BPDU as a ROOT port. All EDGE ports and point-to-point links transitions immediately to the FORWARDING state.
Oh yeah, I've got to mention the RSTP EDGE ports. These are ports that are not connected to any switches, rather to end devices. Edge ports is similar with Cisco PortFast technology, wherein the switch port immediately transitions to the forwarding state when enabled -cutting the time for the end device to get connected. What's nice with Edge ports is that when they receive BPDUs, they automatically become a port that participates in the spanning-tree. Unlike with PortFast though, you have to make sure that the port with PortFast will not have a switch connected or else loops will occur. To enable Edge port on Cisco switches using RSTP, just use type:
S1(config)#spanning-tree portfast
rapid PVST+ is another Cisco propreitary protocol which is based on the 802.1w standard and is known to be faster than the 802.1d standard. rapid PVST+ is Cisco's version of IEEE's RSTP. I'll not be explaining this much in detail since it works pretty much the same with RSTP. So I'll go ahead and show you how to configure RSTP and rapid PVST+ on your Catalyst Switch.
To enable RSTP or rapid PVST+, enter:
S1(config)#spanning-tree mode rapid-pvst
S1(config)#spanning-tree mode rstp
To configure a port/s as point-to-point, enter:
S1(config-if)#spanning-tree link-type point-to-point
After all configuration, erase all STP detected protocols by:
S1#clear spanning-tree detected-protocols
To verify your configuration, type: S1#show spanning-tree vlan
Ok, enough of these technical stuff, and now I'll just go ahead and give you some design pointers for you not to mess up your network. First, don't let STP decide which is the ROOT bridge, go and configure the primary and secondary ROOT bridge. Why? It'll be hard to debug STP in your network if you don't know. And another reminder to knowing where your ROOT bridge is supposed to be, it is better to place the ROOT bridge wherein all devices can reach the ROOT bridge with equal and minimal hops -meaning at the center of your network. This is to reduce the hop counts and traversing time.
Second, when designing your network and you have redundancy kept in mind (which is supposed to be), have a network diagram ready to know which ports are in the blocking and forwarding state. So when a problem occurs such as a loop, you will know where it originated. And oh, always use VTP pruning to avoid unecessary use of bandwidth!
Third, if it is possible to use L3 switches for you CORE layer switches, go and do so. Because you will not need a router to connect all your VLANs and the forwarding speed is as fast as a L2 switch.
Fourth, don't disable STP even though your network doesn't need it yet. STP doesn't take much processing power and doesn't eat bandwidth.
Alright ladies and gentlemen, this concludes my discussion regarding STP. There might be added topics that I'll be writing soon that are related to STP: like BackboneFast, UplinkFast, Portfast, BPDU guards and ROOT guards. So until next time, I'll be writing about new stuff too.
For any CCNA or Cisco knowledgable peeps who are reading this, please do check if what I wrote is correct (including typos or wrong grammar haha). And if you guys have any questions regarding STP, please do ask, I'll be glad to help and find the answers.