2302-Ch05: Spanning Tree Protocol (STP) Concepts

Questions and Answers

What can a Layer 2 loop cause on switches?

• Decreased CPU utilization
• Increased network security
• Improved network convergence
• MAC address table instability (correct)

Which protocol is designed to prevent Layer 2 loops in an Ethernet network?

• ICMP
• STP (correct)
• ARP
• DHCP

What is the primary purpose of Spanning Tree Protocol (STP)?

• To increase network bandwidth
• To allow for redundancy while preventing Layer 2 loops (correct)
• To eliminate the need for redundant network paths
• To improve network security

What type of frames, when sent onto a looped network, can result in duplicate frames arriving at the destination device?

Unknown unicast frames (B)

What problem can redundancy in a hierarchical network design potentially create?

Layer 2 loops (C)

What is the default priority value for all Cisco switches?

32768 (A)

What is used to share information about switches and their connections during STA and STP functions?

BPDUs (A)

What is the original IEEE standard for Spanning Tree Protocol?

IEEE 802.1D (D)

What is a consequence of a Layer 2 loop in an Ethernet LAN?

Continued propagation of Ethernet frames (D)

What is the primary benefit of having redundant switches and paths in a Layer 2 network?

Ensured uninterrupted service in case of switch failure (B)

What is the default interval between Bridge Protocol Data Units (BPDUs) being sent?

2 seconds (C)

What is the default priority value that can cause a tie in root bridge election?

32768 (B)

What happens after a switch boots up regarding BPDUs?

It sends out BPDU frames every two seconds. (A)

What does the Spanning Tree Algorithm (STA) designate as the reference point for all path calculations?

The root bridge (D)

What is the default time spent in the listening and learning states?

15 seconds (B)

Which factor is used to determine the root bridge if two switches have the same priority?

Lowest MAC address (C)

What is the role of alternate ports in spanning tree protocol?

Prevent loops (A)

What is the deciding factor when a switch has multiple equal-cost paths to the root bridge?

Lowest sender port ID (C)

Which STP port state does NOT forward frames or learn MAC addresses?

Blocking (A)

Which of the following is a function of the STP listening state?

Listening to BPDU frames (D)

What action does a switch take in the STP learning state?

It learns MAC addresses. (D)

What is the function of a port in the STP forwarding state?

Both B and C (C)

What is the purpose of PVST+?

Running a separate instance of STP for each VLAN (D)

Which protocol does IEEE-802-1D-2004 compliant devices use instead of the original STP?

RSTP (C)

What does the RSTP discarding state combine from the original 802.1D STP?

Disabled, Blocking and Listening (A)

Flashcards

Network Redundancy

Extra paths in a network to ensure availability if one path fails.

Layer 2 Loop

A situation where data frames circulate endlessly in a network, causing congestion.

Spanning Tree Protocol (STP)

A network protocol, avoiding loops, creates a loop-free Layer 2 topology.

IEEE 802.1D

The original IEEE standard for Spanning Tree Protocol.

Loop-free Topology

Requires a single path between any two devices.

Broadcast Storm

An abnormally high number of broadcasts that overwhelm the network, disabling switches and end devices.

Bridge Protocol Data Units (BPDUs)

Data units used by switches to share information during STA, electing the root bridge and determining port roles.

Bridge Priority

Part of the BID, a numerical value that helps determine the root bridge; lower values are preferred.

Extended System ID

Allows STP to have different root bridges for different sets of VLANs, enabling redundant links.

Root Bridge Election

The switch with the lowest Bridge ID (BID) becomes the root bridge.

Tiebreaker for Root Bridge Election

Lowest MAC address takes precedence.

Internal Root Path Cost

The sum of all port costs along the path from the switch to the root bridge.

Root Port

The port on a non-root switch with the lowest cost path to the root bridge.

Designated Port

The port on a segment with the lowest internal root path cost to the root bridge.

Alternate (Blocked) Ports

Ports that are blocked to prevent loops.

Hello Timer

Interval between Bridge Protocol Data Units (BPDUs); default is 2 seconds.

Blocking State

The inactive state of a port preventing forwarding and learning to avoid network loops.

Listening State

The port state that listens to BPDUs, to ensure no loops and begins to learn MAC addresses.

Learning State

The port state that begins learning MAC addresses without forwarding frames, to populate the MAC address table.

Forwarding State

The fully active port state that forwards frames and learns MAC addresses.

Disabled State

An administratively disabled port state.

Per-VLAN Spanning Tree (PVST)

A spanning tree instance for each VLAN, with a root bridge elected individually.

Alternate Port (RSTP)

An RSTP port that provides an alternate path to the root bridge.

Study Notes

• A well-designed Layer 2 network incorporates redundant switches and paths to prevent service disruption in case of a switch failure.
• Redundancy in hierarchical network design eliminates single points of failure, but can introduce Layer 2 loops.
• Layer 2 loops can cause network chaos, similar to a feedback loop between a microphone and loudspeaker, quickly rendering the network unusable.
• Spanning Tree Protocol (STP) is specifically designed to prevent Layer 2 loops.

Redundancy in Layer 2 Switched Networks

• Redundancy is crucial in hierarchical design to eliminate single points of failure.
• Redundant networks need both physical and logical redundancy.
• Alternate physical paths ensure network resource access despite disruptions.
• Redundant paths in Ethernet networks can cause physical and logical Layer 2 loops.
• Ethernet LANs require a loop-free topology with single paths between devices.
• Loops can cause continuous frame propagation until a link is disrupted.

Spanning Tree Protocol

• Spanning Tree Protocol (STP) prevents loops.
• It allows redundancy.
• It creates a loop-free Layer 2 topology.
• IEEE 802.1D is the original IEEE MAC Bridging standard for STP.

Issues with Redundant Switch Links

• Path redundancy enhances network services by preventing single points of failure.
• Layer 2 loops occur when multiple paths exist between devices without spanning tree implementation.
• Consequences of Layer 2 loops include MAC address table instability, link saturation, and high CPU utilization, making the network unusable.
• Unlike Layer 3 protocols (IPv4/IPv6), Ethernet lacks a mechanism to eliminate endlessly looping frames.
• IPv4 and IPv6 limit packet retransmissions using TTL and Hop Limit fields, respectively.
• Ethernet switches have no comparable mechanism for limiting Layer 2 frame retransmissions.
• STP was developed as a loop prevention mechanism for Layer 2 Ethernet.

Layer 2 Loops

• Without STP, Layer 2 loops can form, causing broadcast, multicast, and unknown unicast frames to loop endlessly.
• These loops can quickly disrupt a network.
• Broadcast frames (e.g., ARP Requests) are forwarded out all switch ports, except the ingress port.
• Multiple paths for frame forwarding can lead to endless loops.
• Loops cause constant MAC address table updates from broadcast frames, resulting in MAC database instability and high CPU utilization which disables the switch.
• Unknown unicast frames sent onto a looped network can result in duplicate frames arriving at the destination device.
• An unknown unicast frame is when the switch does not have the destination MAC address in its MAC address table and must forward the frame out all ports, except the ingress port.

Broadcast Storm

• A broadcast storm is an abnormally high number of broadcasts overwhelming the network in a specific time.
• Broadcast storms can disable networks within seconds by overwhelming switches and end devices.
• Causes include hardware problems like faulty NICs or Layer 2 loops.
• Layer 2 broadcasts (e.g., ARP Requests) are common
• Layer 2 multicasts are typically forwarded in the same manner as broadcasts by switches.
• IPv6 packets are never forwarded as a Layer 2 broadcast, ICMPv6 Neighbor Discovery uses Layer 2 multicasts.
• Spanning tree should be enabled on redundant networks to prevent such issues, which is enabled by default on Cisco switches.

The Spanning Tree Algorithm

• STP is based on an algorithm by Radia Perlman from the 1985 paper "An Algorithm for Distributed Computation of a Spanning Tree in an Extended LAN.”
• The spanning tree algorithm (STA) creates a loop-free topology by selecting a single root bridge.
• All other switches determine a single least-cost path to the root bridge.
• Loops would render a redundant switch network inoperable without a loop prevention protocol.
• STP prevents loops by configuring a loop-free path using strategically placed "blocking-state" ports.
• Switches running STP compensate for failures by dynamically unblocking previously blocked ports, allowing traffic to traverse alternate paths.

Steps to a Loop-Free Topology

• The STA builds a loop-free topology in a four-step process:
  • Elect the root bridge.
  • Elect the root ports.
  • Elect designated ports.
  • Elect alternate (blocked) ports.
• Switches use Bridge Protocol Data Units (BPDUs) to share information during STA and STP functions.
• BPDUs help elect the root bridge, root ports, designated ports, and alternate ports.
• Each BPDU contains a bridge ID (BID), identifying the sending switch.
• The BID is involved in STA decisions, including root bridge and port roles.
• The BID contains a priority value, an extended system ID, and the MAC address of the switch.
• The lowest BID value is determined by the combination of these three fields.

Bridge Priority

• The default priority value for all Cisco switches is the decimal value 32768.
• The range is 0 to 61440 in increments of 4096.
• A lower bridge priority is preferable.
• A bridge priority of 0 takes precedence over all other bridge priorities.

Extended System ID

• The extended system ID value is a decimal value added to the bridge priority value in the BID to identify the VLAN for this BPDU.
• Early implementations of IEEE 802.1D were designed for networks that did not use VLANs.
• Older switches did not include the extended system ID in the BPDUs.
• As VLANs became common for network infrastructure segmentation, 802.1D was enhanced to include support for VLANs, which required that the 12-bit VLAN ID be included in the BPDU frame.
• The extended system ID allows later STP implementations to have different root bridges for different sets of VLANs.

Elect the Root Bridge

• The STA designates a single switch as the root bridge.
• The root bridge is used as the reference point for path calculations.
• Switches exchange BPDUs to build the loop-free topology, starting with selecting the root bridge.
• An election process determines which switch becomes the root bridge.
• All switches in the broadcast domain participate in the election process.
• After a switch boots, it begins to send out BPDU frames every two seconds.
• BPDU frames contain the BID of the sending switch and the BID of the root bridge, known as the Root ID.
• The switch with the lowest BID will become the root bridge.
• At first, all switches declare themselves as the root bridge with their own BID set as the Root ID.
• Eventually, the switches agree on one root bridge through BPDU exchange.

Impact of Default BIDs

• Because the default priority is 32768, it is possible for two or more switches to have the same priority.
• When the priorities are the same, the switch with the lowest MAC address will become the root bridge.
• It is recommended an administrator configure the desired root bridge switch with a lower priority to ensure it is selected.

Determine the Root Path Cost

• When the root bridge has been elected, the STA determines the best paths to the root bridge from all destinations.
• The path information, known as the internal root path cost, is the sum of all individual port costs along the path from the switch to the root bridge.
• The BPDU includes the root path cost, which is the cost of the path from the sending switch to the root bridge.
• When a switch receives the BPDU, it adds the ingress port cost of the segment to determine its internal root path cost.
• The default port costs are defined by the speed at which the port operates.
• Cisco switches default to IEEE 802.1D standard (short path cost) for STP and RSTP.
• The IEEE standard suggests using IEEE-802.1w values (long path cost) for 10 Gbps links and faster.
• The port cost is configurable, allowing administrators to manually control the spanning tree paths to the root bridge.

Elect the Root Ports

• After the root bridge is determined, the STA algorithm selects the root port.
• Every non-root switch selects one root port.
• The root port is the port closest to the root bridge in terms of overall cost to it.
• The overall cost is known as the internal root path cost.
• Paths with the lowest cost become preferred, and all other redundant paths are blocked.

Elect Designated Ports

• After each switch selects a root port, the switches will then select designated ports.
• Every segment between two switches will have one designated port.
• The designated port on the segment has the LOWEST internal root path cost to the root bridge.
• The designated port has the best path to receive traffic leading to the root bridge.

Elect Alternate (Blocked) Ports

• If a port is not a root port or a designated port, then it becomes an alternate port.
• Alternate ports are in discarding or blocking state to prevent loops.
• The end result is a single path from every switch to the root bridge.

Elect a Root Port from Multiple Equal-Cost Paths

• Root port and designated ports are based on the lowest path cost to the root bridge.
• When a switch has multiple equal-cost paths to the root bridge, the switch will determine a port using the following criteria:
  • Lowest sender BID
  • Lowest sender port priority
  • Lowest sender port ID

STP Timers and Port States

• STP convergence requires three timers:
  • Hello Timer: Interval between BPDUs (default is 2 seconds, range 1-10 seconds).
  • Forward Delay Timer: Time spent in listening and learning states (default is 15 seconds, range 4-30 seconds).
  • Max Age Timer: Maximum time a switch waits before changing the STP topology (default is 20 seconds, range 6-40 seconds).
• The default times can be changed on the root bridge, which dictates the value of these timers for the STP domain.
• If a switch port transitions directly from the blocking state to the forwarding state without information about the full topology during the transition, the port can temporarily create a data loop.
• STP facilitates the logical loop-free path through the broadcast domain.
• IEEE recommends a maximum diameter of seven switches when using the default STP timers to avoid problems with convergence.
• STP includes five port states, four of which are operational:
  • Blocking: The port does not participate in frame forwarding or learning.
  • Listening: The port listens to BPDU frames to ensure no loops are forming.
  • Learning: The port still doesn't forward frames, but it starts learning MAC addresses from the frames it receives to populate its MAC table.
  • Forwarding: The port is fully active, forwarding frames and learning MAC addresses.
  • Disabled: Administratively disabled.

Per-VLAN Spanning Tree

• STP can be configured to operate in an environment with multiple VLANs.
• In Per-VLAN Spanning Tree (PVST) versions of STP, there is a root bridge elected for each spanning tree instance.
• STP operates a separate instance of STP for each individual VLAN.
• If all ports on all switches are members of VLAN 1, then there is only one spanning tree instance.

Different Versions of STP

• There are many different versions of STP and other options for loop prevention.
• Many professionals generically use the terms Spanning Tree Protocol and the acronym STP, to refer to the various implementations of spanning tree, such as Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP).
• The latest standard for spanning tree is contained in IEEE-802-1D-2004.
• Switches and bridges that comply with the standard will use Rapid Spanning Tree Protocol (RSTP) instead of the older STP specified in the original 802.1d standard.
• Cisco switches running IOS 15.0 or later, run PVST+ by default.
• Switches must be explicitly configured for rapid spanning tree mode in order to run the rapid spanning tree protocol.

RSTP Concepts

• RSTP (IEEE 802.1w) supersedes the original 802.1D while retaining backward compatibility.
• The 802.1w STP terminology remains primarily the same as the original IEEE 802.1D STP terminology.
• The same spanning tree algorithm is used for both STP and RSTP to determine port roles and topology.
• RSTP increases the speed of the recalculation of the spanning tree when the Layer 2 network topology changes.
• RSTP can achieve much faster convergence in a properly configured network, sometimes in as little as a few hundred milliseconds.
• If a port is configured to be an alternate port it can immediately change to a forwarding state without waiting for the network to converge.
• Rapid PVST+ is the Cisco implementation of RSTP on a per-VLAN basis.

RSTP Port States and Port Roles

• There are only three port states in RSTP that correspond to the three possible operational states in STP.
• The 802.1D disabled, blocking, and listening states are merged into a unique 802.1w discarding state.
• Root ports and designated ports are the same for both STP and RSTP.
• RSTP has two port roles that correspond to the blocking state of STP.
• In STP, a blocked port is defined as not being the designated or root port.
• The alternate port has an alternate path to the root bridge.
• The backup port is a backup to a shared medium, such as a hub.

PortFast and BPDU Guard

• The switch port goes through both the listening and learning states, each time waiting for the Forward Delay timer to expire for 30 seconds.
• This delay can delay DHCP clients from discovering a DHCP server.
• When a switch port is configured with PortFast, that port transitions from blocking to forwarding state immediately, bypassing the usual 802.1D STP transition states and avoiding a 30 second delay.
• Use PortFast on access ports connected to end devices such as clients.
• If you enable PortFast on a port connecting to another switch, you risk creating a spanning tree loop.
• In a valid PortFast configuration, BPDUs should never be received on PortFast-enabled switch ports because that would indicate that another bridge or switch is connected to the port.
• When enabled, BPDU guard immediately puts the switch port in an errdisabled on receipt of any BPDU, and an administrator must manually put the interface back into service.

Alternatives to STP

• Organizations required greater resiliency and availability in the LAN.
• Ethernet LANs went from a few interconnected switches connected to a single router, to a sophisticated hierarchical network design including access, distribution and core layer switches.
• Spanning tree does not offer the same efficiencies and predictabilities provided by routing protocols at Layer 3.
• Layer 3 routing allows for redundant paths and loops in the topology, without blocking ports.
• Some environments are transitioning to Layer 3 everywhere except where devices connect to the access layer switch.
• STP will most likely continue to be used as a loop prevention mechanism in the enterprise, on access layer switches.
• Other technologies are also being used, including:
  • Multi System Link Aggregation (MLAG)
  • Shortest Path Bridging (SPB)
  • Transparent Interconnect of Lots of Links (TRILL)

Description

Explore Layer 2 loops, their causes, and the Spanning Tree Protocol (STP) designed to prevent them. Learn about STP's purpose, BPDU usage, and switch election processes, including default priority values.