STP
STP
- The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks.
STP DOES NOT DO LOAD BALANCING
- Switches send Bridge Protocol Data Units (BPDUs) out all ports when they come online to detect potential loops
- The BPDU contains the switch's Bridge ID that uniquely identifies it on the LAN
2. The Bridge ID is comprised of the switch's unique MAC Address and an administrator defined Bridge Priority Value
1. e.g., 32768.1111.2222.3333
3. The default Bridge Priority Value is 32768, and changes in increments of 4096
4. In the case of a Bridge Priority Tie, the switch with the lowest MAC Address will be selected as the Root Bridge - Manually configure a switch to be the Root Bridge for a VLAN
Config# spanning-tree vlan (VLAN ID) root primaryroot secondarysets the Bridge Priority to 28672
- There are three ports in 802.1D STP
- Root Port
- Port with the best path cost
- Non-root bridges can only have one root port
- Designated Port
4. Opposite-ports to Root Ports on neighboring switches
5. All ports on the Root Bridge are Designated Ports - Blocked ports
- Blocking ports sit further down the line, opposite to Designated ports
- STP only blocks one port in the link
- Root Port
- Determining Port Status
- Determine the Root Bridge:
- This is done based on the lowest Bridge ID (Bridge Priority + MAC).
- All ports on the Root Bridge are Designated Ports (DP):
- Every active port on the Root Bridge will forward frames, hence they're all DPs.
- Determine the Root Port (RP) on all non-Root Bridge switches:
- Identify the port with the lowest path cost to the Root Bridge. This cost accounts for the entire path, not just the directly connected link.
- In case of a tie (multiple paths with the same cost):
- Choose the path to the neighboring switch with the lowest Bridge ID.
- If there's still a tie, select the path to the neighboring port with the lowest port priority.
- Lastly, if there's still a tie, select the path to the neighboring port with the lowest port number.
- Determine the Designated Port (DP) for each network segment:
- The switch connected to the segment that has the lowest path cost to the Root Bridge assigns its port as the DP for that segment.
- Determine Non-Designated Ports (NDP):
- Any port on a non-root switch that isn't a Root Port or Designated Port becomes an NDP.
- Ports on non-Root switches that connect to the Root Bridge, but aren't the chosen Root Port, are NDPs.
- For segments between non-Root switches, the switch with the higher path cost to the Root Bridge (or loses tie-breakers) will have its connecting port as the NDP.
- Tie-breakers for Designated Ports on equal cost links:
- Lowest Bridge ID.
- Lowest Port Priority.
- Lowest Port number.
- Determine the Root Bridge:
- The BPDU contains the switch's Bridge ID that uniquely identifies it on the LAN
- Optional Features
- UplinkFast
- Enables a blocked port when the Root Port link is failed
- BackboneFast
- Provides fast convergence
- PortFast allows ports to come online in a Forwarding State by default
- Set all ports to Portfast by default
Config# spanning-tree portfast default
- BPDU Guard prevents broadcast storms on Portfast ports by shutting down immediately upon receipt of a BPDU
Config-if# spanning-tree portfastConfig-if# spanning-tree bpduguard enable
- Root Guard prevents an unintended switch from becoming the root bridge
Config-if# spanning-tree guard root
- UplinkFast
- IEEE Open Standards:
- 802.1D Spanning Tree Protocol (STP)
- Uses one Spanning Tree for all VLANs in the LAN
- Two port states
- Blocking
- When a port first comes online, it will be in a blocking state as STP searches for a loop
- Forwarding
- If no loop is detected, it twill transition to Forwarding
- Blocking
- 802.1w Rapid STP (RSTP)
- Significantly improved convergence time
- All switches originate BPDUs
- Uses one Spanning Tree for all the VLANs
- Three port states
- Discarding (Blocking)
- Learning (Learns MAC address, does not forward information)
- Forwarding (Forwarding)
- Four port roles
- Root Port
- Port with the best path cost
- Non-root bridges can only have one root port
- Designated Port
4. The Root-port pair used as a forwarding port for every LAN segment - Alternate Port
- Backup of the switch's own Root Port
- Discarding port that receives a superior BPDU from another switch
- Backup Port
- Backup of the switch's Designated port
- Discarding port that receives a superior BPDU from the same switch
- Root Port
- 802.1s Multiple Spanning Tree Protocol (MSTP)
- Enables grouping and mapping VLANs into different spanning tree instances for load balancing
- 802.1D Spanning Tree Protocol (STP)
- Cisco Versions
- Cisco released enhancements to the open standards
- Per VLAN Spanning Tree Plus (PVST+)
- Cisco enhancement to 802.1D
- Uses a separate spanning tree for every VLAN
- PVST+ is the default on Cisco Switches
- Rapid Per VLAN Spanning Tree Plus (RPVST+)
- Cisco enhancement to 802.1w RSTP
- Significantly improved convergence time over PVST+
- Uses a separate spanning tree instance for every VLAN
- Per VLAN Spanning Tree Plus (PVST+)
- The Cisco versions do not support grouping multiple VLANs into the same instance
- Cisco released enhancements to the open standards
- Misc
- MAC Flapping or MAC Address Flapping is when the same MAC address is active on two ports within a network.
- Normally when a device disconnects from the network, it's address is immediately purged from the CAM table
- This is almost always an indication of a loop in the network, but could also be an attacker on the network
- Attacks include CAM table poisoning, MAC spoofing, etc.
- MAC Flapping or MAC Address Flapping is when the same MAC address is active on two ports within a network.
STP Cost
(table from PacketLife.net)
Mapping Ports
-
The easy way to figure out which ports are Root, Designated, and Non-Designated (Alternate Root)
-
Determine the Root Bridge first (lowest Bridge ID (Bridge Priority + MAC))
-
All ports on the Root bridge are Designated Ports
-
Determine the Root Ports on the other switches
- Lowest cost to Root Bridge, not always the connected link
- If multiple links, then it's the port whose neighboring Designated port is the lowest
-
Determine Connected Non-designated ports
- Ports connected to the Root Bridge that are not Root Ports are Non-Designated
-
For the remaining links, determine the lowest-cost path to the Root Bridge
- The originating port is the Non-designated port, and the receiving port the Designated port
- Tie-breakers for equal cost links:
- Lowest Bridge ID
- Lowest Port Priority
- Lowest Port number
-
Determine the Root Bridge:
- This is done based on the lowest Bridge ID (Bridge Priority + MAC).
-
All ports on the Root Bridge are Designated Ports (DP):
- Every active port on the Root Bridge will forward frames, hence they're all DPs.
-
Determine the Root Port (RP) on all non-Root Bridge switches:
- Identify the port with the lowest path cost to the Root Bridge. This cost accounts for the entire path, not just the directly connected link.
- In case of a tie (multiple paths with the same cost):
- Choose the path to the neighboring switch with the lowest Bridge ID.
- If there's still a tie, select the path to the neighboring port with the lowest port priority.
- Lastly, if there's still a tie, select the path to the neighboring port with the lowest port number.
-
Determine the Designated Port (DP) for each network segment:
- The switch connected to the segment that has the lowest path cost to the Root Bridge assigns its port as the DP for that segment.
-
Determine Non-Designated Ports (NDP):
- Any port on a non-root switch that isn't a Root Port or Designated Port becomes an NDP.
- Ports on non-Root switches that connect to the Root Bridge, but aren't the chosen Root Port, are NDPs.
- For segments between non-Root switches, the switch with the higher path cost to the Root Bridge (or loses tie-breakers) will have its connecting port as the NDP.
-
Tie-breakers for Designated Ports on equal cost links:
- Lowest Bridge ID.
- Lowest Port Priority.
- Lowest Port number.
Practice networks
Problem
Solution
