Switching Architectures: Spanning Tree
Enterprise Network 101 Workshop
Switching Loop
Switching Loop
• If there is more than one path between two switches:
– Forwarding tables become unstable
Source MAC addresses are repeatedly seen coming from different ports
– Switches will broadcast each other’s broadcasts
All available bandwidth is utilized
Switch processors cannot handle the load
Switching Loop
Switching Loop
Switching Loop
Switching Loop
Switching Loop
Switching Loop – End Result
Good Switching Loops
• But you can take advantage of loops!
– Redundant paths improve resilience when:
• A switch fails
• Wiring breaks
• How to achieve redundancy without creating dangerous traffic
loops?
What is a Spanning Tree?
• In simple words, Spanning Tree Protocol (STP) is a network feature that helps prevent loops in a switch network
STP works like a traffic controller. It:
Spanning Tree Protocol
• The purpose of the protocol is to have bridges dynamically
discover a subset of the topology that is loop-free (a tree) and yet
has just enough connectivity so that where physically possible,
there is a path between every switch
Spanning Tree Protocol
• Several standard flavors:
– Traditional Spanning Tree (IEEE 802.1d)
– Rapid Spanning Tree or RSTP (IEEE 802.1w)
– Multiple Spanning Tree or MSTP (IEEE 802.1s)
• Proprietary flavors:
– Per-VLAN Spanning Tree or PVST (Cisco)
– Rapid Per-VLAN Spanning Tree or RPVST+ (Cisco)
Traditional Spanning Tree (802.1d)
• Switches exchange messages that allow them to compute the
Spanning Tree
– These messages are called BPDUs (Bridge Protocol Data Units)
�• There are two types of BPDUs:
– Configuration
– Topology Change Notification (TCN)
Traditional Spanning Tree (802.1d)
• First Step:
– Decide on a point of reference: the Root Bridge
– The election process is based on the Bridge ID
– The Bridge ID is composed of:
• The Bridge Priority: A two-byte value that is configurable
• The MAC address: A unique, hardcoded address that cannot be changed.
Traditional Spanning Tree (802.1d)
• Each switch starts by sending out BPDUs with a Root Bridge ID
equal to its own Bridge ID
– I am the root!
• Received BPDUs are analyzed to see if a lower Root Bridge ID is
being announced
– If so, each switch replaces the value of the advertised Root Bridge ID with this new lower ID��• Eventually, they all agree on who the Root Bridge is
Traditional Spanning Tree (802.1d)
Traditional Spanning Tree (802.1d)
Root Port Selection (802.1d)
• Now each switch needs to figure out where it is in relation to the
Root Bridge
– Each switch needs to determine its Root Port
– The key is to find the port with the lowest Root Path Cost�
• The cumulative cost of all the links leading to the Root Bridge
Root Port Selection (802.1d)
Root Port Selection (802.1d)
• Root Path Cost is the accumulation of a link’s Path Cost and the
Path Costs learned from neighboring Switches.
– It answers the question: How much does it cost to reach the Root Bridge through this port?
Root Port Selection (802.1d)
1. Root Bridge sends out BPDUs with a Root Path Cost value of 0
2. Neighbor receives BPDU and adds port’s Path Cost to Root Path
Cost received
3. Neighbor sends out BPDUs with new cumulative value as Root
Path Cost
4. Other neighbors down the line keep adding in the same fashion
Root Port Selection (802.1d)
• On each switch, the port which has the lowest Root Path Cost
becomes the Root Port
– This is the port with the best path to the Root Bridge
Root Port Selection (802.1d)
Root Port Selection (802.1d)
Root Port Selection (802.1d)
Electing Designated Ports (802.1d)
• OK, we now have selected the root ports, but we haven’t solved
the loop problem yet:
– The links are still active!
• Each network segment needs to have only one switch forwarding
traffic to and from that segment
• Switches then need to identify one Designated Port per network
segment
– The one with the lowest cumulative Root Path Cost to the Root Bridge
Electing Designated Ports (802.1d)
• Two or more ports in a segment having identical Root Path Costs
is possible, which results in a tie condition
• All STP decisions are based on the following sequence of
conditions:
1. Lowest Root Bridge ID
2. Lowest Root Path Cost to Root Bridge
3. Lowest Sender Bridge ID
4. Lowest Sender Port ID
Electing Designated Ports (802.1d)
• Two or more ports in a segment having identical Root Path Costs
is possible, which results in a tie condition
• All STP decisions are based on the following sequence of
conditions:
1. Lowest Root Bridge ID
2. Lowest Root Path Cost to Root Bridge
3. Lowest Sender Bridge ID
4. Lowest Sender Port ID
Electing Designated Ports (802.1d)
Electing Designated Ports (802.1d)
Blocking a port
• Any port that is not elected as either a Root Port, nor a
Designated Port is put into the Blocking State.�
• This step effectively breaks the loop and completes the Spanning
Tree.
Designated Ports on each segment (802.1d)
Blocking a port
• Any port that is not elected as either a Root Port, nor a
Designated Port is put into the Blocking State.�
• This step effectively breaks the loop and completes the Spanning
Tree.
Spanning Tree Protocol States
• Disabled
– Port is shut down
• Blocking
– Not forwarding frames
– Receiving BPDUs
• Listening
– Not forwarding frames
– Sending and receiving BPDUs
Spanning Tree Protocol States
• Learning
– Not forwarding frames
– Sending and receiving BPDUs
– Learning new MAC addresses
• Forwarding
– Forwarding frames
– Sending and receiving BPDUs
– Learning new MAC addresses
• Once a link is detected on a port in a switch configured with spanning tree, it will typically go through all the states presented in order from disabled and stop at either blocking or forwarding depending on STP decisions.
STP Topology Changes
• Switches will recalculate if:
– A new switch is introduced
• It could be the new Root Bridge!
– A switch fails
– A link fails
– A link that failed comes back online
– A new link is introduced
Root Bridge Placement
• Using default STP parameters might result in an undesired
situation
– Traffic will flow in non-optimal ways
– An unstable or slow switch might become the root
• You need to plan your assignment of bridge priorities carefully
Bad Root Bridge Placement
Good Root Bridge Placement
Protecting the STP Topology
• Some vendors have included features that protect the STP
topology:
– Root Guard
– BPDU Guard
– Loop Guard
– UDLD
– Etc.
STP Design Guidelines
• Enable spanning tree even if you don’t have redundant paths
• Always plan and set bridge priorities
– Make the root choice deterministic
– Include an alternative root bridge
• If possible, do not accept BPDUs on end user ports
– Apply BPDU Guard or similar where available
802.1d Convergence Speeds
• Moving from the Blocking state to the Forwarding State takes at
least 2 x Forward Delay time units (~ 30 secs.)
– This can be annoying when connecting end user stations
• Some vendors have added enhancements such as PortFast,
which will reduce this time to a minimum for edge ports
– Never use PortFast or similar in switch-to-switch links
• Topology changes typically take 30 seconds too
– This can be unacceptable in a production network
Rapid Spanning Tree (802.1w)
• Backwards-compatible with 802.1d
• Provides faster convergence
– You may notice alternate root ports, backup designated ports
• Configure which ports are edge ports
– i.e. for end users, not connections to other switches
Multiple Spanning Tree (802.1s)
• Again, backwards-compatible
• Includes the fast convergence from RSTP
• Also lets you configure multiple trees (with different roots) for
different groups of VLANs
– So that load is shared between links
– Usually not worth the complexity
– Recommendation: stick with a single tree (the Common Spanning Tree, instance 0)
Per-VLAN Spanning Tree
PVST is a Cisco-proprietary version of STP that maintains a separate spanning tree instance for each VLAN.
Why Use PVST?
Configuration: Cisco
Configuration: Juniper
Questions?