Skip to main content

Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) Overview:

  • STP (802.1D): Builds a loop-free Layer 2 topology by blocking redundant paths.
  • STP Types:
    • 802.1D: Legacy STP.
    • 802.1w: Rapid Spanning Tree Protocol (RSTP).
    • 802.1s: Multiple Spanning Tree Protocol (MSTP).
  • Root Bridge: The central switch in the STP topology; all ports are forwarding.
  • BPDU (Bridge Protocol Data Units): Used to exchange STP information.
    • Configuration BPDU: Identifies root, root ports, designated ports, and blocking ports.
    • Topology Change Notification (TCN) BPDU: Notifies other switches of topology changes.

Key STP Terms:

  • Root Path Cost: The cumulative cost from a switch to the root bridge.
  • System Priority: Used in root bridge selection, default is 32,768.
  • Max Age: Time BPDU information remains valid (default 20 seconds).
  • Hello Time: Interval for BPDU advertisement (default 2 seconds).
  • Forward Delay: Time a port remains in learning and listening states (default 15 seconds).

STP Port States (802.1D):

  1. Disabled: Port is administratively off.
  2. Blocking: Port enabled but only receives BPDUs.
  3. Listening: Port receives and transmits BPDUs, no data forwarding.
  4. Learning: Port learns MAC addresses but does not forward traffic.
  5. Forwarding: Port forwards data and updates MAC address table.
  6. Broken: Port detects a major issue and discards packets.

Root Bridge Election:

  • Lowest Bridge ID is elected root.
  • Root path cost increments based on port costs as BPDUs are received.
  • Ports not designated root or designated ports enter the Blocking state.

STP Timers:

  • Changing the network diameter on the root bridge recalculates timers for convergence.

STP Topology Changes:

  • Detected when a port moves between forwarding and blocking states.
  • Affected switches send TCN BPDUs to notify the root bridge.

RSTP (802.1w):

  • Faster convergence (<1 second) compared to traditional STP (30-50 seconds).
  • Port Roles:
    • Root Port: Best path to the root bridge.
    • Designated Port: Forwarding port for downstream switches.
    • Alternate Port: Backup to the root port.
    • Backup Port: Backup to the designated port.
  • Port Types:
    • Edge Port: Directly connected to end devices (PortFast).
    • Point-to-Point Port: Connects to another switch (full duplex).
  • Proposal/Agreement Process: Used for point-to-point links, accelerating convergence.

STP Optimizations:

  • PortFast: Immediate transition to forwarding state for edge ports.
  • UplinkFast: Improves convergence when an uplink fails.
  • BackboneFast: Speeds up convergence after an indirect failure.

STP Security and Loop Prevention:

  • BPDU Guard: Disables ports receiving BPDUs, protecting against rogue switches.
  • Root Guard: Prevents a port from becoming the root if a superior BPDU is received.
  • Loop Guard: Protects against unidirectional links by monitoring BPDUs.
  • UDLD: Detects and disables unidirectional fiber links.

STP Elements: Switch Priority, Port Priority, Path Cost, and Timers

  • Port Priority: A 16-bit value (8 bits for port priority, 8 bits for port number). Default priority is 128; can be adjusted from 0 to 255. Determines which port forwards in case of tie with path cost.
  • Path Cost: Each interface has a cost for spanning tree calculations, based on link speed. Uses either short or long path cost methods. Consistency across all switches is crucial for accurate topology calculations.
  • STP Timers: Max Age and Forward Delay timers are dictated by the root bridge and propagated through BPDUs. Convergence Time can take up to 52 seconds in some failure scenarios, combining Max Age, listening, and learning states.

PortFast, BPDU Guard, BPDU Filter

  • PortFast: Bypasses the usual STP states (listening, learning) to move ports directly to forwarding. Useful for access ports connected to single hosts (e.g., servers). On trunk ports, ensure no other switch is connected to avoid loops.
  • BPDU Guard: Works with PortFast; automatically places the port in an err-disabled state if it receives a BPDU. Prevents switches from being plugged into access ports, protecting the network from rogue switches.
  • BPDU Filter: Prevents BPDUs from being sent or received on PortFast-enabled interfaces. Disables STP on the port but can re-enable it if BPDUs are detected (when globally configured). Be careful, as it can disable STP protections, introducing potential loops.

Loop Guard and Root Guard

  • Loop Guard: Prevents non-designated ports from moving to the forwarding state if BPDUs are not received. Places ports in a loop-inconsistent state until BPDUs resume. Should be enabled on point-to-point links, nondesignated ports (root or alternate ports).
  • Root Guard: Prevents a port from becoming a root port, ensuring that the current root bridge remains the root. Commonly used in service provider networks to prevent customer devices from becoming the root bridge. Recommended to enable Root Guard on all access ports where a root bridge should not appear.

STP Port Roles: Root and Designated Ports

  • Root Port: The port on a switch with the lowest cost path to the root bridge.
  • Designated Port: The port on a switch that forwards BPDUs to a network segment, typically with the lowest path cost to the root.
  • Determining Designated Ports: Switches on a shared segment advertise their path cost. The switch with the lowest advertised cost becomes the designated switch for that segment.

STP Topology Changes

  • Topology Change Notification (TCN): When a change occurs in the STP topology (such as a port moving to or from forwarding/blocking), a TCN BPDU is sent up to the root bridge. The root then notifies all other switches of the change, ensuring convergence across the network.

Legacy STP vs. RSTP

  • Legacy STP (802.1D): Convergence is timer-based, leading to slower recovery times (up to 50 seconds).
  • RSTP (802.1w): Synchronization-based convergence, enabling much faster recovery (typically under 1 second).

Summary

  • Port and Path Costs are used to determine STP roles and forwarding paths.
  • STP timers (Max Age, Forward Delay) control the timing of convergence across the network.
  • PortFast, BPDU Guard, and BPDU Filter provide mechanisms for optimizing port behavior and protecting the network from loops.
  • Loop Guard and Root Guard enhance network stability by preventing incorrect forwarding decisions and protecting the root bridge.
Labels:

Comments

Post a Comment

Popular posts from this blog

Basic MPLS BGP and L3VPN Lab Setup

In this lab, we’ve set up a basic MPLS, BGP, and L3VPN environment, which is a great foundation for understanding how service providers build scalable networks. The lab uses the EVE-NG simulator along with Router IOS C7200-ADVENTERPRISEK9-M, Version 15.2(4)M8 to emulate a realistic MPLS environment. Below is a summary of the key components and roles of each router in the lab. MPLS Core Routers : The MPLS core consists of the routers responsible for label switching and forwarding customer traffic through the network: PE1 (Provider Edge 1) : Connects customer networks to the MPLS core and handles both MPLS and BGP routing. It also hosts VRF (Virtual Routing and Forwarding) instances for customers. PE2 (Provider Edge 2) : Functions similarly to PE1, connecting another customer network to the MPLS core. P1 (Core Router 1) and P2 (Core Router 2) : These routers serve as MPLS core routers and handle label switching but do not store or process customer routes directly. They simply f
Post a Comment
Read more

OSPF Adjacency Stuck in EXSTART on Cisco IOS XR – Issue and Solution

In a recent lab setup using Cisco IOS XR on EVE-NG, I faced a common but frustrating issue with OSPF adjacencies getting stuck in the EXSTART state. After spending considerable time troubleshooting interface MTUs and configurations, I discovered that the root cause was related to the virtual network interface type being used. This post outlines the issue, troubleshooting steps, and the eventual solution that got everything working. Issue: While configuring OSPF between two routers running Cisco IOS XR in my lab, OSPF adjacencies were getting stuck in the EXSTART state. I verified that interface configurations, MTU settings, and OSPF parameters were correct, but the problem persisted. I tried adjusting the MTU size, using the mtu-ignore command, and even checked for ACLs, but nothing seemed to resolve the issue. Troubleshooting Steps: MTU Settings: I started by verifying that both sides of the OSPF adjacency had matching MTUs. I used the default MTU and even tried different values wit
Post a Comment
Read more

How to Properly Clone an EVE-NG Lab with Configurations

Cloning labs in EVE-NG is a great way to duplicate setups and expand or experiment on a new copy without affecting the original lab. However, if not done correctly, the cloned lab may only copy the topology without configurations. In this guide, I’ll show you how to properly clone a lab in EVE-NG with all configurations using the EVE-NG GUI . Follow these steps to ensure that both the topology and router configurations are retained when cloning your lab. Steps to Clone an EVE-NG Lab with Configurations Save Running Configuration on All Devices In your original lab, make sure all devices have their configurations saved to NVRAM. Go into the CLI of each router and run the command: copy running-config startup-config Export All Configurations (CFGs) On the left sidebar in the EVE-NG Web UI , click on the "More Actions" option. Then select "Export all CFGs" . This step exports the configurations of all devices in the lab. Shutdown All Devices After exporting the confi
Post a Comment
Read more