802.1d

802.1d

STP uses messaging between switches to stabilize the network into logical, loop-free topology. To do so, STP causes some interfaces (popularly called ports when discussing STP) to simply not forward or receive traffic, ports are put into blocking state. The remaining ports in a STP forwarding state, together provide a loop-free path to ever Ethernet segment in the network.

Common Spanning Tree (CST) assumes one 802.1D spanning-tree instance for the entire bridged network, regardless of the number of VLANs. Because there is only one instance, the CPU and memory requirements for this version are lower than the others. However, because there is only one instance, there is only one root bridge and one tree. This means that traffic for all VLANs flows over the same path. This can lead to suboptimal traffic flows. Also the network is slow in converging after topology changes due to inherent 802.1D timing mechanisms.

STP uses the concepts of root bridges, root ports, designated, and nondesignated ports to establish a loop-free path through the network. 802.1D and its successor protocols provide loop resolution by managing the physical paths to given network segments. STP enables physical path redundancy while preventing the undesirable effects of active loops in the network. STP is an IEEE committee standard defined as 802.1D.

STP behavior;

  • STP forces certain ports into a standby state so that they do not listen to, forward, or flood data frames. The overall effect is that there is only one path to each network segment that is active at any time.
  • If there is a problem with connectivity to any of the segments within the network, STP reestablishes connectivity by automatically activating a previously inactive path, if one exists.

STP initially converges on a logically loop-free network topology by performing these steps:

  1. Elect the root switch – The switch with the lowest bridge ID wins; the standard bridge IDis 2-byte priority followed by a MAC address unique to that switch.
  2. Determine each switch’s Root Port – The one port on each switch with the least cost path back to the root.
  3. Determine the Designated Port for each segment – When multiple switches connect to the same segment, this is the switch that forwards the least cost Hello onto a segment.

Electing a Root Switch:Only one switch can be the root of the spanning tree. To select the root, the switches hold an election. This is done by, each switch beginning its STP logic by creating and sending an STP Hello bridge protocol data unit (BPDU) message, claiming to be the root switch. If a switch hears a superior Hello—a Hello with a lower bridge ID, it will stop sending out it own Hellos message claiming to be the root. Instead the switch will now forward the superior Hellos it is receiving from the upstream switch, on downstream to any other switch which are connected to him. Eventually, all switches except the switch with the best bridge ID cease to originate their own Hellos. The switch with the superior Hellos wins the election to become the root bridge for that LAN.

BPDU Frame;

  • Protocol ID – This is always set to 0
  • Version – Always set to 0
  • Type – Determines which BPDU format is contained in the frame (CBPDU, TCN BPDU or TCA)
  • Flags – Used to handle changes in the active topology
  • Root ID – The Bridge ID of the Root Bridge. After STP convergence all CBPDUs in the network should contacin the same value for this field
  • Root Path Cost – The cost of the links to the Root Bridge
  • Bridge ID – The BID of the switch that has forwarded on the BPDU, usually the upstream switch.
  • Port ID – Contains a unique value for every port, port 1/1 value would be 0x8001, port 1/2 0x8002 and so on..
  • Message Age – Records the time that the Root Bridge generated the BPDU.
  • Maximum Time – Maximum time that BPDU is saved. Also influences the CAM table aging timer during the TCN process.
  • Hello Time – Time between periodic Configuration BPDUs. The Root Bridge sends a CBPDU on every active port every Hello Time (2sec default). This causes other switches to send the BPDU throughout the LAN segment.
  • Forward Delay – Time spent in the Listening and Learning states.

Three Types of BPDUs:

  1. Configuration BPDU (CBPDU)
  2. Topology Change Notification (TCN) BPDU
  3. Topology Change Notification Acknowledgment (TCA)

Original IEEE802.1d bridge ID is made up of two fields:

  • The 2-byte Priority field, which was designed to be configured on the various switches to affect the results of the STP election process.
  • A 6-byte MAC Address field, which was included as a tiebreaker, because each switch’s
    bridge ID includes a MAC address value that should be unique to each switch. As a result, some switch must win the root election.

The format of the original 802.1d bridge ID has been redefined. The format still have the original two fields, Priority which is now made up of 4 bits and MAC Address field, but it also has an extend field named System ID Extension, Typically Holds VLAN ID, this field is made up 12bits. The format was changed mainly due to the advent of multiple spanning trees as supported by Per VLAN Spanning Tree Plus (PVST+) and IEEE 802.1s Multiple Spanning Trees (MST).

The System ID Extension allows a network to use multiple instances of STP, even one per VLAN. The System ID Extension field allows the VLAN ID to be placed into what was formerly the last 12 bits of the Priority field. A switch can use a single MAC address to build bridge IDs, and with the VLAN number in the System ID Extension field still have a unique bridge ID in each VLAN.

Determining the Root Port: Once the root is elected, the rest of the switches now need to determine their Root Port (RP). This is done by following the process,

  1. The root creates and sends a Hello every Hello timer (2 seconds default).
  2. Each switch that receives a Hello forwards the Hello after updating the following fields in the Hello: the cost, the forwarding switch’s bridge ID, forwarder’s port priority, and forwarder’s port number.
  3. Switches do not forward Hellos out ports that stabilize into a blocking state.
  4. Of all the ports in which a switch receives Hellos, the port with the least calculated cost to the root is the RP.

A switch must examine the cost value in each Hello, plus the switch’s own STP port costs, in order to determine its least cost path to reach the root.The switch will add the port cost on which it has received the Hello message form the root bridge to the cost from within the Hello message to establish the overall cost to the root bridge.

SW1 is the root of this LAN and is generating the Hellos for this LAN segment. It will generate a Hello with a path cost of 0 to SW2 & SW3. SW3 will receive 2 Hellos, one with a path cost of 0 and the second with a path cost of 38. SW3 will then calculate the path cost to the root bridge by taking the advertised path costs, 0 and 38, and adding his own port path cost, which is 19 and 100, to calculate the best path to the root. Even though SW3 has a direct link to the root bridge, the path cost for that link is a cost of 100. While the path through port Fa0/4 has a overall path cost of 57, 19 + 19 + 19 = 57, and is chosen as the root port (RP) because it has the lower root path cost.

If a switch were to receive a Hello with the same path cost on two different ports the following process will be taken to determine which port will become the RP:

  1. Pick the lowest value of the forwarding switch’s bridge ID.
  2. Use the lowest port priority of the neighboring switch. The neighboring switch added its own port priority to the Hello before forwarding it.
  3. Use the lowest internal port number (of the forwarding switch) as listed inside the received Hellos.

If the first tiebreaker in this list fails to produce an RP, this switch must have multiple links to the same neighboring switch. The last two tiebreakers simply help decide which of the multiple parallel links to use.

Determining the Designated Port: On a converged STP LAN there will be only one switch (root bridge) forwarding Hellos onto the segment. The switch that will forward these Hellos will be call the designated switch, the port that will forward these Hellos will be call designated port (DP). (Note – All ports on a Root Bridge are DP, as they are forwarding Hellos onto the LAN)

To win the right to be the DP, a switch must send the Hello with the lowest advertised cost. The segment between SW3 and SW4  before the DP has been determined on the segment, SW3 would get Hellos directly from SW1 and compute its cost to the root through that path. It would then forward this Hello out to SW4 with a cost of 100. Similarly SW4 will send a Hello to SW3 with a cost of 38, SW4 port will then become the DP because of its lower advertised cost. SW3 will stop sending its inferior Hellos with a cost of 100. Only the DP will forward Hellos onto the LAN segment. When the cost is a tie, STP uses the same tiebreakers to choose the DP as when choosing an RP.

Converging to a New STP Topology: STP logic monitors the normal ongoing Hello process when the network topology is stable; when the Hello process changes, STP then needs to react and converge to a new STP topology. A STP stable topology looks something like this;

  1. The root switch will send out Hellos regularly based on the Hello timer
  2. Each noroot receives these Hellos on it RP.
  3. Each switch updates and forwards the Hello out its DP.
  4. For all blocking ports, the switch regularly receives a copy of the Hello from the DP on that segment.(Switches do not forward Hellos out any blocking interfaces!)

When something outside of these processes happens the STP knows that the topology has changed and that convergence needs to take place. If the root was to drop of the network, there will be no Hellos sent onto the segment and after the Maxage timers expires (default 10 times the Hello timer, which is 20sec) the rest of the switches in that segment will begin the root election process once again.

Topology Change Notification and Updating the CAM: When STP re-convergence occurs some Content Addressable Memory (CAM) entries might become stale and invalid.(Note – CAM is another name for MAC address table, switching table, or bridge table on a switch). The switches would need to update their CAM tables. Two thing will need to happen before the switch recognize that the process needs to begin;

  1. All switches need to be notified to time out their CAM entries
  2. Each switch needs to use a short time, equivalent to the Forward Delay timer (default 15secs) to time out the CAM entries.

For all switch within the LAN segment to notice that a change in the STP topology has taken place, the switch which has noticed the change will send a Topology Change Notification (TCN) upstream (up the tree) to the root for that segment. Once the root receives the TCN it will then notify all the rest of the switches with the LAN segment.

  1. STP port state change sends TCN BPDU out its RP (it repeats this message every Hello time until acknowledged)
  2. Next upstream switch that receives the TCN BPDU will send a acknowledgment within it next forwarded Hello BPDU by marking the TCA (Topology Change Acknowledgment) bit within that Hello.

When the root receives the TCN BPDU it will set the TC flag on the next several Hellos, which are forward to all switches within the network letting them know of the change that has occurred in another part of the network. When a switch receives a Hello with the TC flag set, it will set the short timer (Forward Delay time) to time out the entries in the CAM.

Transitioning from Blocking to Forwarding: When STP reconverges to a new, stable topology, some ports that were blocking might have  been designated as DP or RP, so these ports need to be in a forwarding state. However, the transition from blocking to forwarding state cannot be made immediately without the risk of causing loops.

Each Layer 2 port on a switch running STP exists in one of these five port states;

  • Blocking – The Layer 2 port is a nondesignated port and does not participate in frame forwarding.The port receives BPDUs to determine the location and root ID of the root switch and which port roles (root, designated, or nondesignated) each switch port should assume in the final active STP topology. By default, the port spends 20 seconds in this state (max age).
  • Listening –  Spanning tree has determined that the port can participate in frame forwarding according to the BPDUs that the switch has received so far. At this point, the switch port is not only receiving BPDUs, but it is also transmitting its own BPDUs and informing adjacent switches that the switch port is preparing to participate in the active topology. By default, the port spends 15 seconds in this state (forward delay).
  • Learning –  The Layer 2 port prepares to participate in frame forwarding and begins to populate the CAM table. By default, the port spends 15 seconds in this state (forward delay).
  • Forwarding – The Layer 2 port is considered part of the active topology; it forwards frames and also sends and receives BPDUs.
  • Disabled –  The Layer 2 port does not participate in spanning tree and does not forward frames.

When STP logic senses a change in the topology, it converges, possibly picking different ports as RP, DP, or neither. Any switch changing its RPs or DPs sends a TCN BPDU to the root at this point. For the ports newly designated as RP or DP, 802.1d STP first uses the listening and learning states before reaching the forwarding state.

CST Enhancements: The Uplink Fast feature provides faster failover to a redundant link when the primary link fails. The primary purpose of this feature is to improve the convergence time of STP in the event of the failure of an uplink. This feature is of most use on Access switches with redundant uplinks to the Distribution layer, hence the name. When Access layer switches are dual-homed to the Distribution layer, one of the links is placed into a Blocking state by STP to prevent loops. When the primary link to the Distribution layer fails, the port in the Blocking state must transition through the Listening and Learning states before it begins forwarding traffic. This results in a 30-second delay (2xForward Delay by default) before the switch is able to forward frames destined to other network segments.When the Uplink Fast feature is enabled, the backup port to the Distribution layer is immediately placed into a Forwarding state, resulting in no network downtime.

The Backbone Fast feature provides fast failover when an indirect link failure occurs. Failover occurs when the switch receives an inferior BPDU from its designated bridge. An inferior BPDU indicates that the designated bridge has lost its connection to the Root Bridge. The Backbone Fast feature includes a mechanism that allows for an immediate check to see if the BPDU information stored on a port is still valid if an inferior BPDU is received. This is implemented with a new PDU and the Root Link Query, which is referred to as the RLQ PDU. Upon receipt of an inferior BPDU, the switch will send out an RLQ PDU on all Non-Designated Ports, except for the port on which the inferior BPDU was received. If the switch is either the Root Bridge or has lost its connection to the Root Bridge, it will respond to the RLQ. Otherwise, the RLQ will be propagated upstream. If the switch receives an RLQ response on its Root Port, connectivity to the Root Bridge is still intact. If the response is received on a Non-Root Port, it means connectivity to the Root Bridge is lost, and the local switch Spanning Tree must be recalculated on the switch and the Max Age timer expired so that a new Root Port can be found.

There are two types of RLQs: RLQ requests and RLQ responses. RLQ requests are typically sent out on the Root Port to check for connectivity to the Root Bridge. All RLQ responses are sent out on Designated Ports. Because the RLQ request contains the BID of the Bridge that sent it, if another switch in the path to the Root Bridge can still reach the Root Bridge specified in the RLQ response, it will respond back to the sending switch. If this is not the case, the switch simply forwards the query toward the Root Bridge through its Root Port.

Enabling Spanning-Tree on a switch: Spanning-tree is enable by default on nearly all of today’s switches. So if you were to connect two switch together with multiple cables, STP will kick in and determine which switch is the root, lowest BID, then following by what port roles will be assigned, RP & DP, followed by what ports will be put into blocking state.

  • Enabling spanning-tree on a switch;
    switch(config)#spanning-tree mode ?

    mst         Multiple spanning tree mode
    pvst        Per-Vlan spanning tree mode
    rapid-pvst  Per-Vlan rapid spanning tree mode
  • Enabling trunking on a interface:
    switch(config-if)#switchport trunk encapsulation dot1q
  • Show spanning-tree information from the root bridge:
  • Show spanning-tree information from non root bridge:
  • Show spanning-tree detail command from non root bridge:

Other useful troubleshooting commands for spanning-tree;

switch#show spanning-tree root

Root Hello Max  Fwd
Vlan                   Root ID                   Cost Time  Age Delay  Root Port
—————- ——————– —– —- —- —–  —————-
VLAN1            32768 c209.2cda.0003    19    2   20    15  FastEthernet1/12
VLAN12            8192 c209.2cda.0000    19    2   20    15  FastEthernet1/12       VLAN56            8192 c20a.2cda.0008     0    2   20    15  This bridge is root

switch#show spanning-tree summary totals
Switch is in rapid-pvst mode
Root bridge for: none
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default  is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is disabled
EtherChannel misconfig guard is enabled
UplinkFast                   is disabled
BackboneFast                 is disabled
Configured Pathcost method used is short

Name                   Blocking Listening Learning Forwarding STP Active
———————- ——– ——— ——– ———- ———-
38 vlans                    38         0              0             54           92