Skip to main content

Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) Overview:

  • STP (802.1D): Builds a loop-free Layer 2 topology by blocking redundant paths.
  • STP Types:
    • 802.1D: Legacy STP.
    • 802.1w: Rapid Spanning Tree Protocol (RSTP).
    • 802.1s: Multiple Spanning Tree Protocol (MSTP).
  • Root Bridge: The central switch in the STP topology; all ports are forwarding.
  • BPDU (Bridge Protocol Data Units): Used to exchange STP information.
    • Configuration BPDU: Identifies root, root ports, designated ports, and blocking ports.
    • Topology Change Notification (TCN) BPDU: Notifies other switches of topology changes.

Key STP Terms:

  • Root Path Cost: The cumulative cost from a switch to the root bridge.
  • System Priority: Used in root bridge selection, default is 32,768.
  • Max Age: Time BPDU information remains valid (default 20 seconds).
  • Hello Time: Interval for BPDU advertisement (default 2 seconds).
  • Forward Delay: Time a port remains in learning and listening states (default 15 seconds).

STP Port States (802.1D):

  1. Disabled: Port is administratively off.
  2. Blocking: Port enabled but only receives BPDUs.
  3. Listening: Port receives and transmits BPDUs, no data forwarding.
  4. Learning: Port learns MAC addresses but does not forward traffic.
  5. Forwarding: Port forwards data and updates MAC address table.
  6. Broken: Port detects a major issue and discards packets.

Root Bridge Election:

  • Lowest Bridge ID is elected root.
  • Root path cost increments based on port costs as BPDUs are received.
  • Ports not designated root or designated ports enter the Blocking state.

STP Timers:

  • Changing the network diameter on the root bridge recalculates timers for convergence.

STP Topology Changes:

  • Detected when a port moves between forwarding and blocking states.
  • Affected switches send TCN BPDUs to notify the root bridge.

RSTP (802.1w):

  • Faster convergence (<1 second) compared to traditional STP (30-50 seconds).
  • Port Roles:
    • Root Port: Best path to the root bridge.
    • Designated Port: Forwarding port for downstream switches.
    • Alternate Port: Backup to the root port.
    • Backup Port: Backup to the designated port.
  • Port Types:
    • Edge Port: Directly connected to end devices (PortFast).
    • Point-to-Point Port: Connects to another switch (full duplex).
  • Proposal/Agreement Process: Used for point-to-point links, accelerating convergence.

STP Optimizations:

  • PortFast: Immediate transition to forwarding state for edge ports.
  • UplinkFast: Improves convergence when an uplink fails.
  • BackboneFast: Speeds up convergence after an indirect failure.

STP Security and Loop Prevention:

  • BPDU Guard: Disables ports receiving BPDUs, protecting against rogue switches.
  • Root Guard: Prevents a port from becoming the root if a superior BPDU is received.
  • Loop Guard: Protects against unidirectional links by monitoring BPDUs.
  • UDLD: Detects and disables unidirectional fiber links.

STP Elements: Switch Priority, Port Priority, Path Cost, and Timers

  • Port Priority: A 16-bit value (8 bits for port priority, 8 bits for port number). Default priority is 128; can be adjusted from 0 to 255. Determines which port forwards in case of tie with path cost.
  • Path Cost: Each interface has a cost for spanning tree calculations, based on link speed. Uses either short or long path cost methods. Consistency across all switches is crucial for accurate topology calculations.
  • STP Timers: Max Age and Forward Delay timers are dictated by the root bridge and propagated through BPDUs. Convergence Time can take up to 52 seconds in some failure scenarios, combining Max Age, listening, and learning states.

PortFast, BPDU Guard, BPDU Filter

  • PortFast: Bypasses the usual STP states (listening, learning) to move ports directly to forwarding. Useful for access ports connected to single hosts (e.g., servers). On trunk ports, ensure no other switch is connected to avoid loops.
  • BPDU Guard: Works with PortFast; automatically places the port in an err-disabled state if it receives a BPDU. Prevents switches from being plugged into access ports, protecting the network from rogue switches.
  • BPDU Filter: Prevents BPDUs from being sent or received on PortFast-enabled interfaces. Disables STP on the port but can re-enable it if BPDUs are detected (when globally configured). Be careful, as it can disable STP protections, introducing potential loops.

Loop Guard and Root Guard

  • Loop Guard: Prevents non-designated ports from moving to the forwarding state if BPDUs are not received. Places ports in a loop-inconsistent state until BPDUs resume. Should be enabled on point-to-point links, nondesignated ports (root or alternate ports).
  • Root Guard: Prevents a port from becoming a root port, ensuring that the current root bridge remains the root. Commonly used in service provider networks to prevent customer devices from becoming the root bridge. Recommended to enable Root Guard on all access ports where a root bridge should not appear.

STP Port Roles: Root and Designated Ports

  • Root Port: The port on a switch with the lowest cost path to the root bridge.
  • Designated Port: The port on a switch that forwards BPDUs to a network segment, typically with the lowest path cost to the root.
  • Determining Designated Ports: Switches on a shared segment advertise their path cost. The switch with the lowest advertised cost becomes the designated switch for that segment.

STP Topology Changes

  • Topology Change Notification (TCN): When a change occurs in the STP topology (such as a port moving to or from forwarding/blocking), a TCN BPDU is sent up to the root bridge. The root then notifies all other switches of the change, ensuring convergence across the network.

Legacy STP vs. RSTP

  • Legacy STP (802.1D): Convergence is timer-based, leading to slower recovery times (up to 50 seconds).
  • RSTP (802.1w): Synchronization-based convergence, enabling much faster recovery (typically under 1 second).

Summary

  • Port and Path Costs are used to determine STP roles and forwarding paths.
  • STP timers (Max Age, Forward Delay) control the timing of convergence across the network.
  • PortFast, BPDU Guard, and BPDU Filter provide mechanisms for optimizing port behavior and protecting the network from loops.
  • Loop Guard and Root Guard enhance network stability by preventing incorrect forwarding decisions and protecting the root bridge.
Labels:

Comments

Post a Comment

Popular posts from this blog

How to import Putty Saved Connections to mRemoteNG

Just started using mRemoteNG and its being very cool to connect to different remote connection with different protocols e.g Window Remote Desktop, VNC to Linux, SSH, HTTP connection etc. from a single application. As new user I configured some remote desktop connection which was quite easy to figure out. But when I wanted to add SSH connections, it came in my mind to import all of the saved connections in the putty. But I couldn't figure it out how can it be done, though it was quite easy and here are the steps. Open your mRemoteNG Create a folder if you want segregation of multiple networks Create a new connection Enter the IP address of remote server under connection in Config pane Under the config pane, select protocol " SSH version 2 ".  Once you select protocol to SSH version 2 you are given option to import putty sessions, as shown in the snap below. In the above snap, I have imported CSR-AWS session from my saved sessions in Putty.
1 comment
Read more

Authoritative DNS Servers Delegation and Internal DNS Explained

DNS (Domain Name System) plays a critical role in how users and systems find resources on the internet or within internal networks. Whether it's managing an internal domain in an enterprise or delegating parts of a domain for traffic distribution, DNS setups vary widely depending on needs. In this blog post, we’ll break down the different types of DNS setups, including authoritative DNS servers, DNS delegation, and how internal DNS functions within organizations. 1. Authoritative DNS Server An Authoritative DNS server is the final source of truth for a specific domain. When someone queries a domain (e.g., example.com ), the authoritative DNS server for that domain holds the DNS records (A records, CNAME, MX, etc.) and responds with the corresponding IP address. Key Points: Who can host it? Authoritative DNS servers are often hosted by domain registrars (e.g., GoDaddy, Namecheap) or cloud DNS providers (e.g., AWS Route 53, Cloudflare). However, organizations can also host their ...
Post a Comment
Read more

BGP MED: Managing Inbound Traffic with Multi-Exit Discriminator

The Multi-Exit Discriminator (MED) is used in BGP to control inbound traffic into your AS. It tells a neighboring AS which entry point into your network it should prefer when there are multiple links between your AS and the neighboring AS. The lower the MED value , the more preferred the path. MED is only honored between the same neighboring AS . Example Scenario : You are connected to ISP1 via two routers, CE1 and CE2 , and want to control which router ISP1 uses to send traffic into your AS. Network Topology : CE1 (connected to ISP1): 10.0.1.1/30 CE2 (connected to ISP1): 10.0.2.1/30 iBGP Router (Internal) connected to both CE1 (10.0.1.2/30) and CE2 (10.0.2.2/30). Configuration on CE1 (Lower MED, More Preferred) : Create a route map to set the MED to 50 for CE1: route-map SET_MED permit 10 set metric 50 Apply this route map to the neighbor in the BGP configuration for CE1: router bgp 65001 neighbor 10.0.1.1 remote-as 65000 neighbor 10.0.1.1 route-map SET_MED out Configuratio...
Post a Comment
Read more