So I've read through the Certification Guide and Routing TCP/IP Volume 1 and now it's time to go through and make some notes to ensure that I touch on all of the areas on the written blueprint.
Anthony Sequeira has a good list of the topics and links to the DocCD.
Today's rundown will be focusing on Section 1.10 Implementing Layer 2 Technologies, Spanning Tree Protocol, these areas don't necessarily drill down into all the components of these technologies, these are more my own cheat sheets for things I don't remember so clearly....
Blue Print Topics Covered This Post
1.00 Implement Layer 2 Technologies
1.10 Implement Spanning Tree Protocol (STP)
(a) 802.1d
(b) 802.1w
(c) 802.1s
(d) Loop guard
(e) Root guard
(f) Bridge protocol data unit (BPDU) guard
(g) Storm control
(h) Unicast flooding
(i) Port roles, failure propagation, and loop guard operation
802.1d Spanning Tree Protocol
Hello BPDUs are used to advertise cost that the switch has to reach the Root Bridge.
The Root bridge is determined by the lowest Bridge ID.
The Bridge ID consists of 4 bits of Priority 12 bits of VLAN ID and The 48 bits of Bridge MAC Address (Historically older versions of the standard the Priority was 12 bits - to attempt to have different PVST instances, the Bridge needed to have as many MAC Addresses as VLAN instances - this MAC address reduction situation makes more effective use of MAC address table space)
The default bridge priority is 32768 (The 4 bits representing priority are multiplied by 4096)
Costs are associated with interfaces and their bandwidths, faster interfaces typically have lower values than slower interfaces, however these can be changed from the defaults to deterministically select where block occurs.
The Root Port (RP) is a port on a bridge that is not the root bridge that has the lowest cost to reach the root bridge. This cost is what is advertised to other switches through Designated Ports.
A Designated Port (DP). On each LAN segment, only one switch (the designated switch - which has the lowest cost to reach the Root) will send Hello BPDUs and Configuration BPDUs to downstream switches
Note: All switches initially send Hello BPDUs out with their costs to the root, if they realise they are advertising an inferior root cost, they stop sending Hellos
Default Times:
- Hello time = 2 seconds (how often Hello BPDUs get transmitted)
- MaxAge = 10 x Hello time i.e. 20 seconds (How long to wait if Hello BPDUs haven't arrived before attempting to converge - used for switches that are distant from the root bridge)
- Forwarding Delay = 15 seconds (Used to ensure we don't get duplicate frames while converging and assembling a bridging table)
It can take roughly 50 seconds for the topology to converge on a link failure and a backup path become able to forward frames:
t = 0
Determine there's a problem - such as no hello BPDUs to the RP (Wait MaxAge to age out the last received BPDU)
t = 20
Previously Blocked Port enters Listening State (in listening state for Forwarding Delay)
t = 35
Port in Listening State Enters Learning State (in learning state for Forwarding Delay)
t = 50
Port is now forwarding (Convergence complete)
Failure Propogation
A switch that detects a change that will impact the switch topology needs to notify the Root Bridge. The switch will send a Topology Change Notification (TCN) message out of its RP. The peer switch that learnt this through its DP will send back a Topology Change Acknowledgement (TCA) in the Hello BPDU. The peer switch will onforward the TCN to the Root Bridge.
Once the TCN hits the Root Bridge, it replies to the peer switch with a TCA and then it will inform the rest of the network topology of a change by setting the Topology Change (TC) Flag in it's next configuration BPDU (this forces all switches to set the aging time of the MAC addresses in their Bridging tables from the default of 300s to the Forwarding Delay time - default 15s).
PortFast, UplinkFast and BackboneFast
PortFast | When an interface first comes up it can be 30 seconds before traffic can start being forwarded by the switch. Portfast skips through the Listening and Learning phases and directly puts the interface into forwarding state. This should only be used on single ended devices like routers or hosts |
UplinkFast | Applied on dual-homed access switches, Uplink fast tracks an alternate RP (which is kept in blocking state as per regular STP methods) If the active RP fails, the switch immediately makes the alternate RP the active RP and directly enters forwarding mode and sends out multicast frames on behalf of all local MAC addresses in order for the rest of the network to learn the new path. When entering this global command, the bridge priority is set to 49152 and the port costs are set to 3,000 in order to influence the STP design so that it is not a transit switch. |
BackboneFast | Used to detect indirect failures. When a switch does not recieve an expected Hello BPDU, it will actively send a Root Link Query (RLQ) out it's root port asking if the upstream switch still has visibility of the root (the response will be another RLQ) this allows faster convergence by bypassing the need to wait for the MaxAge timer to expire. |
PVST+ (Per VLAN Spanning Tree)
Supports individual STP instances for each VLAN allowing individual STP topologies and the ability to load balance VLANs across redundant links. BPDUs are sent per VLAN
802.1w Rapid Spanning Tree Protocol
As the name implies, this is a faster version of STP and interworks with it.
- It takes some of the Cisco propietary features (PortFast, UplinkFast and BackboneFast) and integrates them into the standard.
- The MaxAge is 3 rather than 10 Hello times
- The switch will has a backup DP when multiple ports are on the same LAN segment
It introduces link types:
point-to-point | This is a full-duplex switch to switch link |
shared | This is a port where multiple switches can be seen (for example switches are connected to a hub) |
edge | Connected to a non-STP enabled host |
and Port Roles:
Root Port (RP) | This is the same as the 802.1d RP |
Designated Port (DP) | This is the same as the 802.1d DP |
Alternate Port (ALT) | Backup RP (Like Backbone Fast) |
Backup Port (BAC) | Only on Link Type Shared, this is a Backup DP |
RPVST+ (Rapid Per VLAN Spanning Tree)
802.1w version of PVST+
802.1s Multiple Spanning Tree/Multiple Instance Spanning Tree Protocol
MST takes some of the concepts used in 802.1w - however rather than a STP instance per VLAN, the network supports a number of STP instances which have VLANs mapped to each instance.
A MST Region consists of switches that share:
- The same MST region name
- The same revision number
- The same VLAN to MST instance mappings
An MST Region appears as a single virtual switch to 802.1d switches or other MST Regions.
Root Guard
When configured on an interface, if superior BPDUs are received, the interface will be placed in a Loop Inconsistent State until the superior BPDUs stop arriving- this protects the network from a customer device changing the STP topology.
BPDU Guard
When configured on an interface, the reception of any BPDUs will cause the interface to enter error disabled state and will stay in that state unless configured to auto recover, or is manually configured (shut/no shut)
Loop Guard and UDLD
This functions protect against a unidirectional interface which can cause a bridging loop to occur. With Loop Guard, if BPDUs are no longer received on a non-DP then that port is put into loop inconsistent blocking state.
UDLD identifies the peer of a link and will place an interface into error disable state if the peer no longer responds to Hello BPDUs. Aggressive mode will attend to retry the link 8 times before shutting down.
Storm Control
Storm control is a layer 2 rate-limiting per interface feature that allows setting of thresholds of layer 2 traffic types on ingress.
interface Fastethernet0/1
storm-control broadcast level pps 100 50
pps refers to
packets per second, 100 is the
forwarding limit (100 pps) that once exceeded will stop forwarding broadcast frames until the interface is receiving traffic below the
falling threshold (50 pps)
interface Fastethernet0/1
storm-control multicast level 0.50 0.40
0.50 is the interface rate
percentage forwarding limit (500kbps) that once exceeded will stop forwarding multicast frames until the interface is receiving traffic below the
falling threshold (400kbps)
interface Fastethernet0/1
storm-control unicast level 80
storm-control action trap
80 is the interface rate
percentage forwarding limit (80Mbps) - the action trap comment generates a SNMP trap once storm-control takes an action