Try   HackMD
Spanning Tree Protocol

Overview

Spanning Tree Protocol (STP) is a loop-prevention network protocol that allows for redundancy while creating a loop-free Layer 2 topology.

Without STP enabled, Layer 2 loops can form, causing broadcast, multicast and unknown unicast frames to loop endlessly. This can bring down a network within a very short amount of time.

All switches that participate in STP exchange BPDU frames to determine which switch has the lowest bridge ID (BID) on the network. The switch with the lowest BID automatically becomes the root bridge for the spanning tree algorithm calculations. Each switch uses the spanning tree algorithm to determine which ports to block, in order to create the shortest path to the root bridge.

When the spanning tree algorithm has determined which paths are most desirable relative to each switch, it assigns port roles to the participating switch ports. The STP port roles are:

  • Alternate – Alternate or backup ports are automatically placed in a blocking state to prevent loops. Alternate ports are selected only on trunk links where neither end is a root port.
  • Root – Root ports are switch ports that are closest to the root bridge.
  • Designated – Designated ports are all non-root ports that STP permits to forward traffic on the network. If one end of a trunk is a root port, then the other end will be a designated port. All ports on the root bridge are designated ports.

A port that is administratively shut down is referred to as a disabled port.

BPDU Frames

A BPDU is a messaging frame that is exchanged by switches for STP. Each BPDU contains a Bridge ID (BID) that identifies the switch that sent the BPDU. The BID contains a priority value, the MAC address of the sending switch, and an optional extended system ID. The lowest BID value is determined by the combination of these three fields.

Root Bridge Election

All switches in the broadcast domain participate in the election process:

  1. After a switch boots, it begins to send out BPDU frames every two seconds. These BPDU frames contain the switch BID and the root ID.
  2. As the switch forwards its BPDU frames, other switches in the broadcast domain read the root ID information from the BPDU frames. If the root ID from a BPDU that has been received is lower than the root ID on the receiving switch, then the receiving switch updates its root ID, which identifies the adjacent switch as the root bridge.
  3. The switch now forwards new BPDU frames with the lower root ID to the other switches. Eventually, the switch with the lowest BID ends up being identified as the root bridge for the spanning tree instance.

There is a root bridge elected for each spanning tree instance. Therefore, it is possible to have multiple distinct root bridges within a LAN.

STP Path Cost

When the root bridge has been elected for the spanning tree instance, the spanning tree algorithm starts the process of determining the best paths to the root bridge from all destinations in the broadcast domain.

The path information is determined by summing up the individual port costs along the path from each starting point within the network, to the root bridge. Paths with the lowest cost become preferred, and all other redundant paths are blocked.

The default port costs are defined by the speed at which the port operates:

Link Speed Current Cost Original Cost
10 Gb/s 2 1
1 Gb/s 4 1
100 Mb/s 19 10
10 Mb/s 100 100

As newer, faster Ethernet technologies become available, the path cost values may change to accommodate the new speeds. The non-linear numbers in the table accommodate some improvements to the older Ethernet standard.

Although switch ports have a default port cost associated with them, the port cost is configurable. The ability to configure individual port costs gives the administrator the flexibility to manually control the spanning tree paths to the root bridge.

To configure the port cost of an interface, use the spanning-tree cost value interface configuration command. The value can be between 1 and 200'000'000.

To verify the port and path cost to the root bridge, enter the show spanning-tree command. The Cost field is the total path cost to the root bridge.

Root Bridge Configuration

When an administrator wants a specific switch to become a root bridge, the bridge priority value must be adjusted to ensure it is lower than the bridge priority values of all the other switches on the network.

There are two ways to configure the bridge priority value of a switch:

To manually configure the bridge priority value, use the spanning-tree vlan vlan-id priority value global configuration mode command. This command gives more granular control over the bridge priority value. The priority value is configured in increments of 4'096 between 0 and 61'440.

To automatically ensure that the switch has the lowest bridge priority value, use the spanning-tree vlan vlan-id root primary global configuration command. The priority for the switch will be set to the predefined value of 24'576 or to the highest multiple of 4,096 that is less than the lowest bridge priority detected on the network.

If an alternate root bridge is desired, use the spanning-tree vlan vlan-id root secondary global configuration mode command. This command sets the priority for the switch to the predefined value of 28'672. This option assumes that the rest of the switches in the network have the default 32'768 priority value defined.

Last changed by 
Faelin Landy
0
238

Read more

Ruby on Rails Tutorial, pt. 1 – Ruby

Overview of the "Ruby" part of Ruby on Rails

Jan 25, 2024
ASA Firewall Configuration

ASA Firewall Configuration [toc] --- Getting Started ASA CLI Overview The ASA command line interface has a similar look and feel to the Cisco router IOS. However, the ASA CLI also has different commands. This table contrasts common IOS router and ASA commands.

Nov 21, 2021
Network Security Configuration

Network Security Configuration [toc] --- {%hackmd r8ZvM3noSwKf-NviH6Qb3Q %} Dynamic Routing Protocol Security Routing systems can be attacked by disrupting peer network routers, or by falsifying or spoofing the information carried within the routing protocols. Spoofing routing information may generally be used to cause systems to misinform each other, cause a DoS attack, or cause traffic to follow a path it would not normally follow.

Nov 21, 2021
VPN Configuration

VPN Configuration [toc] --- Overview To secure network traffic between sites and users, organizations use virtual private networks (VPNs) to create end-to-end private network connections. VPNs are private in that traffic over a VPN is encrypted to keep the data confidential while it is transported across a public network. :::info The first types of VPNs were strictly IP tunnels that did not include authentication or encryption of the data. For example, Generic Routing Encapsulation (GRE), which does not include encryption services, is used to encapsulate IPv4 and IPv6 traffic inside an IP tunnel to create a virtual point-to-point link.

Nov 18, 2021
Read more from Faelin Landy
Published on HackMD