Spanning Tree Protocol

 Please be advised that this article is work-in-progress. The information here may be vague, incomplete, misleading or plainly wrong.  -> STP -> definition -> Spanning Tree Protocol -> Layer 2 protocol -> ALLOWS TOPOLOGY REDUNDANCY -> multiple redundant links can be connected between devices (in a Mesh manner) -> the Spanning Tree Algorithm is executed -> only one link is forwarding while redundant links are blocked -> a tree logical topology is created and layer 2 loops are prevented -> if the forwarding link fails, another redundant link is automatically unblocked and starts forwarding traffic -> Layer 2 loops -> caused by redundant links -> may result in broadcast and multicast frames to loop endlessly -> this causes MAC ADDRESS TABLE INSTABILITY -> high resource utilization on intermediary devices -> high resources on end devices -> a high number (build-up) of broadcasts during a period of time -> BROADCAST STORM -> unknown unicast frames will loop but are eventually resolved -> still results in DUPLICATE FRAMES -> function -> STP -> Select the root bridge -> Blocks redundant paths -> Loop-free topology -> link failure causes recalculation -> dynamically unblocks ports to reestablish connectivity -> basically places redundant ports in either Forwarding or Blocking state to prevent loops -> works in 4 steps (STA) -> ELECT THE ROOT BRIDGE -> it is the root of the spanning tree and most important switch in the layer 2 topology -> the switches advertise themselves as the root bridge -> when a switch hears a hello with a better Root BID -> it stops advertising itself as root bridge -> it starts advertising the lower BID and the new rooth path cost to the identified root bridge -> eventually all switches agree on the lowest Root BID -> the switch with the lowest Root BID is elected ROOT BRIDGE -> ELECT THE ROOT PORTS -> it is only one port per nonroot switch -> actually there is one port per VLAN on a switch -> one port may be root port for more VLANs, but a VLAN may have only one root port per switch -> it is the port with the lowest COST to the Root Bridge -> connects to the root bridge or upstream router in the tree -> the sum of the costs of all switchports the frame would EXIT to the Root Bridge. -> know as internal root path cost -> the calculation of the cost ignores the inbound interfaces -> A switch calculates the internal root path cost by adding its own interface's cost to the cost received in Hello BPDU -> by default, the cost of a switchport is based on its operating speed (not maximum) -> the formula of calculating the cost changed over standards -> short mode -> 802.1D: no idea what the original formula was -> it was changed in another standard 802.1T to another formula that I have no idea what it is -> anyway the cost was stored as a 16 bit value with a reference value of 20 Gbps. -> costs -> 20 Gbps (or more) -> STP cost: 1 -> 10 Gbps -> STP Cost: 2 ->  2 Gbps -> STP Cost: 3 ->  1 Gbps -> STP Cost: 4 -> 100 Mbps -> STP Cost: 19 -> 10 Mbps -> STP Cost: 100 ->  4 Mbps -> STP Cost: 250 -> long mode -> due to the old formula being ineffective to speeds of 20Gbps and more, another formula 20Tbps / bandwidth is used (both speeds in kbps). -> these values are stored as 32 bits values, using a reference speed of 20 Tbps -> as such, costs are as follows: ->  1 Tbps -> Cost: 20 -> 100 Gbps -> Cost: 200 -> 10 Gbps -> Cost: 2000 ->  2 Gbps -> Cost: 10000 ->  1 Gbps -> Cost: 20000 -> 100 Mbps -> Cost: 200000 -> 10 Mbps -> Cost: 2000000 ->  4 Mbps -> Cost: 5000000 -> if there are more paths with equal costs switches use tiebreakers -> lowest neighbor BID -> root port will be chosen the port connected to the neighbour with the lower BID -> lowest neighbor Port Priority -> default port priority is 128																				  | -> root port will be chosen the port connected to a neighbour's port having lower priority                     | -> these two situations occur when two switches are connected between themselves with -> lowest neighbor internal port number -> root port is chosen the port connected to a neighbour's port having lower porn number (fa0/4 < fa0/5) |   with more than one link, and they don't use link aggregation. -> these costs are stored and updated using BPDUs. When a Root port link fails, the switch will immediately assing the next lowest cost port as Root Port and will begin the transitioning through the STP states (LISTENING and LEARNING) -> ELECT THE DESGINATED PORTS -> basically it is a port that provides connectivity to downstream devices -> there should be only one per active link. -> is the port on a two-switches segment that has the best path to RECEIVE traffic. -> in other words, the port on a 2-switch segment that advertises the lowest cost -> root ports always have on the other end of the link a designated port -> all Root Bridge ports are designated ports (since its ports always advertise the lowest path cost to itself). -> if two ports advertise the same cost on a LAN segment, designated port will be the port belonging to the switch with lowest BID -> ELECT ALTERNATE PORTS -> ports which are not Root or Designated, become Alternate (blocking) ports. -> ports in this state do not forward frames -> BPDU -> Bridge Protocol Data Units -> messages used by switches to communicate STP information -> format -> ETHERNET -> destination address -> layer 2 multicast based on the iteration of the protocol -> IEEE standards use 01:80:c2:00:00:01 (IEEE Spanning-Tree) -> Cisco versions use 01:00:0c:cc:cc:cd (Cisco Spanning-Tree) -?> these BPDUs are link frames. They are not forwarded, nor relayed. -> IEEE uses the IEEE 802.3 LLC format where DSAP and SSAP fields indicate the Spanning Tree BPDU -> Cisco uses the Ethernet II header format -> 802.1Q -> IEEE: dot1q header is not used (not even for MST) -> Cisco: uses a dot1q header for its proprietary protocol versions. -> STP -> Cisco -> uses an extra TLV to identify the originating VLAN -> it should be noted that Cisco also uses the 802.1s MST implementation, therefore it respects the standardized frame format. -> contains a BRIDGE ID (BID) -> unique identifier for each switch -> used for the election process -> consists of three fields -> BRIDGE PRIORITY -> 4 bits -> 0 - 61440																										-> 32768 default -> 4096 increments or decrements -> 0 priority is over all other priorities -> lower is better -> EXTENDED SYSTEM ID -> 12 bits -> identifies the VLAN ID																										  -> this value adds to the BRIDGE PRIORITY resulting in a 16 bits number -> 4 most significant bits identifies the PRIORITY -> highest priority is (binary) 1111 corresponding to 2^15 - 2^12 bits which is 61440 -> lowest priority is 0 -> the other 12 bits is the actual VLAN ID also called Extended system ID -> highest ESID is 2^12 = 4096 corresponding to the highest possible number of VLANs -> the actual priority is given by Bridge Priority + ESID. So for a switch with default priority in the default VLAN, the priority would be 32769 -> MAC ADDRESS -> the BID is the concatenation of Bridge Priority + Mac Address. Example: 32769.0200.0000.1111 -> in the election process -> lower bridge priority is better -> in case of equal bridge priorities, the lowest MAC is better. -> overall the lowest BID wins -> the most common bpdu is the HELLO BPDU -> fields -> Root Bridge ID -> the BID of the switch the sender currently believes is the root switch -> Sender's Bridge ID -> the BID of the sender -> Sender's root cost -> the STP cost between the sender and the current root -> Timer values on root switch -> Hello timer -> 2 seconds default -> MaxAge timer -> 10x the Hello timer (20 seconds) -> how long a switch waits before trying to change the STP topology if Hellos aren't received on any interface -> if this timer expires then the switch restarts the whole STP process -> Forward delay timer -> 15 seconds default -> time spent in the Learning and Listening states (STP; 30 seconds for both) -> when a topology change occurs, switches instruct each other to time out MAC Table Entries using this timer -> flow -> created by the Root Bridge and sent every 2 seconds -> received by nonroot switches -> changes info in the packet and forwards it on designated ports. -> if Hellos aren't received and the MaxAge timer expires, then the switch restarts the STP process. -> the whole STP convergence may take between 30 and 50 seconds using default timers -> 30 seconds when the port goes from blocking to forwarding. If the Root port is shut down, the Blocking port immediately enters Listening state. -> some say 50 sconds at switch boot because at first initialization, a port needs 20 seconds to transition from Blocking to Listening, but I couldn't reproduce this -> 50 seconds if a switch doesn't receives Hellos on a blocking port. 20 seconds for the MaxAge to expire, the 15 in Listening and 15 in Learning. -> ENCOR -> uses destination MAC 01:80:c2:00:00:00 -> types -> configuration BPDU -> used to identify the root bridge, root ports, designated ports, and blocking ports. -> fields STP type, root path cost, root bridge identifier, local bridge identifier, max age, hello time, and forward delay -> Topology change notification -> used to communicate changes in the topology to the other switches -> steps -> a switch that detects a link status change sends a TCN BPDU out of its root port, towards the root bridge. -> if a nonroot upstream switch receives the TCN, it replies with an acknowledgement and forwards the CN out of its RP to the root bridge -> when root bridge receives a TCN BPDU -> creates a configuration BPDU with Topology Change flag set -> this BPDU is flooded to all switches -> when all the other switches receive the BPDU from root -> MAC address timer is set to forwarding delay timer, essentially timing out inactive (for 15 seconds) CAM entries -> this MAC address flush prevents switches from sending traffic to hosts no longer reachable by that port. However, the amount of unknown unicast flood is increased until topology convergence -> after a second configuration BPDU is received, the MAC address timer is set back to normal (default 300 seconds) -> are generated on a VLAN basis -> 				  -> Port STATES -> up								  -> BLOCKING -> it is the state that blocks data traffic, thus preventing switching loops -> receives BPDU to determine the location and ID of the root bridge -> ports in this state can not modify the MAC address table -Q1> if ports in this state can not modify the MAC address table, then no entries on this port should be present. How then, after the port transitions to Listening, the purpose of List state is to time out MAC table entries for which no frames are receieved? What entries if there should be none? I saw that Listening port is for stability, that would make more sense. -?> determines which ports should assume the designated and root roles -> when the MaxAge timer expires the port moves into blocking state -> LISTENING -> data traffic is still discarded -> Root and Designated ports move in this state after Blocking -> MAC Table entries for which no frames are received in this state are removed from the table. Although I am not sure, I suppose that -> the timing out of the MAC address entries applies to the whole table, not only to the entries of the newly Listening port. -> this probably happen because the topology change may be big enough that the path a frame originally followed is changed completly. So, in order to avoid frames being sent on wrong Forwarding links, the entries are flushed. Although this isn't reproducible on simple -> doesn't learn new MACs                    topologies, I guess that if the topology is beig enough, it may happen. -> it is a state whose purpose is to make sure that the topology is stable. -> receives BPDUs and sends its own BPDUs to inform the other neighbors that this port is preparing to participate in the active topology. -> LEARNING -> receives frames and populates the MAC table but doesn't forward traffic -> receives BPDUs to prepare for frame forwarding -> sends its own BPDUs -> I guess that learning of MACs is needed for situations where multiple switchports are in Designated - Fowarding state, like multiple tree branches having a common point towards the root. -> FORWARDING -> receives and sends BPDUs -> forwards frames -> DISABLED -> (config-if)# shutdown (administratively disabled) -> BROKEN -> not sure if Cisco specific -> the switch detected a problem which may have major effects -> all packets are discarded (except maybe BPDUs) -> RSTP -> definition -> Rapid STP -> 802.1w (RSTP - pre 2004); 802.1Q today -> port roles -> Root Port -> Alternate Port -> second best option for a root port -> acts as a backup for the Root Port -> doesn't forward frames -> when the root port fails, this port becomes new root without waiting on timers -> although Cisco shows for PVST+ the port role as Alternate, it is NOT a 'second best option'. It is just Blocking. -> in Cisco's Rapid-PVST, it is a 'second best option' -> Designated Port -> same as STP -> Backup Port -> is a port on which a switch receives its own BPDU -> provides a backup link to a shared link (Ethernet Hub) -> acts as a backup for a Designated port -> if the Designated port fails, this port becomes new Designated without waiting on timers -> it is encountered on switches with multiple links between them -> Port States -> DISCARDING -> combines Disabled, Blocking and Listening (doesn't actually exist) states -> LEARNING -> FORWARDING -> Port types -> Point-to-Point -> full duplex PortFast disabled links -> usually trunk links between switches -> Point-ot-point edge ports -> full duplex PortFast enabled links -> usually links between a switch and end devices -> shared ports -> ports connected to shared medium devices (hubs) -> all half-duplex links are treated as either a -> shared port -> PortFast disabled -> shared edge port -> PortFast enabled -> other specifics -> MaxAge Timer = 3x Hello Timer -> RSTP switches generates their own hellos -> on topology change, switches flush their MAC tables without timers -> switches can query each other -> a switch tries to establish an RSTP handshake with the device in the other end of the link. If this fails, the device is considered 802.1D -> STP Versions -> STP -> original -> IEEE 802.1D -> one instance for all the VLANs (which is to say, functions for only one VLAN / is VLAN unaware) -> legacy version, slow and NOT to be used. Unsupported by Cisco anyway. -> PVST -> Per-VLAN Spanning Tree -> STP enhancement -> Cisco proprietary -> one STP instance for each VLAN -> used by default on Cisco switches but considered LEGACY -> PVST+ -> Per-VLAN Spanning Tree Plus -> same as PVST but supports 802.1q instead of ISL -> considered LEGACY. -?> if the trunk encapsulation is 802.1q, then this version is used. -> RSTP -> Rapid Spanning Tree -> IEEE 802.1W -> standard version using the RAPID enhancement -> Rapid PVST+ -> Cisco prorietary enhancement of RSTP -> one RSTP instance for each VLAN -> Cisco version that uses the RAPID enhancement -> MST -> Multiple Spanning Tree Protocol -> 802.1S -> Maps multiple VLANs into the same instance -> MSTP -> Multiple Spanning Tree -> Cisco implementation of MST -> multiple RSTP instances but not necessarily each per VLAN. -> PortFast -> ALLOWS A SWITCHPORT TO TRANSITION FROM BLOCKING TO FORWARDING IMMEDIATELY -> bypasses the Learning and Listening states -> to be used on endpoint links -> if used on links with other switches, L2 loops may be created -> BPDU Guard -> DISABLES A PORT IF BPDU ARE RECEIVED -> allows protection against unauthorized STP-able devices -> to be used along with PortFast on edge links -> OBSERVATIONS -> a switch restarts the STP process -> when MaxAge Timer expires -> when the Root Port link is down (automatically assumes Hellos won't be received anymore) -> when the Hello received has different info -> different root path cost -> different sender ID																								  -> different root bridge ID				-> the STP timers are per Switch, not per port -> the nonroot switches configure their timers in accordance with the Root bridge -> a blocking state port still has up/up status -> STP doesn't block a port connected to an endpoint because it doesn't receive BPDUs to advertise a path on that port, which means it can not create a loop -> the terms "bridge" and "switch" are used interchangeably in the context of STP -> STP will block an access port connected to another switch's access port carrying both a data vlan and a voice vlan. -> tagged BPDUs for each vlan (data & voice) would arrive on the access port and STP would see it as a port type mismatch (access to trunk) -> %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GenericInterfaceX/X/X VLANXX.

-> BEST PRACTICES -> the root bridge should be configured manually to meet the network's requirements -> The Rapid version of the protocols (RPVST+ Cisco, RSTP IEEE) should be used instead of the traditional versions. -> PortFast and BPDU Guard should be enabled on edge links ONLY -> the load on the links can be balanced by using different root ports for different vlans. This way, the traffic from different vlans can flow through separate links. -> references -> https://learningnetwork.cisco.com/s/question/0D53i00000Kt0PuCAJ/stp-is-cisco-proprietory-protocol-or-not