Improving Performance with Spanning Tree
Most complex networks include redundant devices to avoid single points of failure. Although a redundant topology eliminates some problems, it can introduce other problems. STP is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in a switched network. It is a standard protocol as defined by IEEE 802.1D.
This section identifies the problems caused by redundant switched-network topologies and the functionality of STP to prevent these problems.
Building a Redundant Switched Topology
One of the key characteristics of a well-built communications network is that it is resilient. This means that the network needs to be able to handle a device or link failure. To accomplish this, you will need to select the best interconnection technologies.
Choosing Interconnection Technologies
A number of technologies are available to interconnect devices in a switched network. The interconnection technology that you select depends on the amount of traffic the link must carry. You will likely use a mixture of copper and fiber-optic cabling based on distances, noise immunity requirements, security, and other business requirements. Figure 2-14 illustrates different connectivity for network devices providing services in the enterprise. Some of the more common interconnection technologies are as follows:
- FastEthernet (100-Mbps Ethernet): This LAN specification (IEEE 802.3u) operates at 100 Mbps over twisted-pair cable. The FastEthernet standard raises the speed of Ethernet from 10 Mbps to 100 Mbps with only minimal changes to the existing cable structure. A switch that has ports that function at both 10 Mbps and 100 Mbps can move frames between ports without Layer 2 protocol translation.
- Gigabit Ethernet: An extension of the IEEE 802.3 Ethernet standard, Gigabit Ethernet increases speed tenfold over that of FastEthernet, to 1000 Mbps, or 1 Gbps. IEEE 802.3z specifies operations over fiber optics, and IEEE 802.3ab specifies operations over twisted-pair cable.
Figure 2-14 Interconnectivity at the User Level
- 10-Gigabit Ethernet: 10-Gigabit Ethernet was formally ratified as an 802.3 Ethernet standard (IEEE 802.3ae) in June 2002. This technology is the next step for scaling the performance and functionality of an enterprise. With the deployment of Gigabit Ethernet becoming more common, 10-Gigabit Ethernet will become typical for uplinks.
- EtherChannel: This feature provides link aggregation of bandwidth over Layer 2 links between two switches. EtherChannel bundles individual Ethernet ports into a single logical port or link. All interfaces in each EtherChannel bundle must be configured with similar speed, duplex, and VLAN membership.
Determining Equipment and Cabling Needs
The design of any high-performance network has four objectives: security, availability, scalability, and manageability. This list describes the equipment and cabling decisions that you should consider when altering the infrastructure:
- Replace hubs and legacy switches with new switches at the building access layer. Select equipment with the appropriate port density at the access layer to support the current user base while preparing for growth. Some designers begin by planning for about 30 percent growth. If the budget allows, use modular access switches to accommodate future expansion. Consider planning for the support of inline power and QoS if you think you might implement IP telephony in the future.
- When building the cable plant from the building access layer to the building distribution layer devices, remember that these links will carry aggregate traffic from the end nodes at the access layer to the building distribution switches. Ensure that these links have adequate bandwidth capability. You can use EtherChannel bundles here to add bandwidth as necessary.
- At the distribution layer, select switches with adequate performance to handle the load of the current access layer. In addition, plan some port density for adding trunks later to support new access layer devices. The devices at this layer should be multilayer (Layer 2 and Layer 3) switches that support routing between the workgroup VLANs and network resources. Depending on the size of the network, the building distribution layer devices can be fixed chassis or modular. Plan for redundancy in the chassis and in the connections to the access and core layers, as business objectives dictate.
- The campus backbone equipment must support high-speed data communications between other distribution modules. Be sure to size the backbone for scalability, and plan for redundancy. Cisco has online tools to help designers make the proper selection of devices and uplink ports based on business and technology needs. Some suggested oversubscription ratios that you can use to plan bandwidth requirements between key devices on a network with average traffic flows are as follows:
- Access to distribution layer links: The oversubscription ratio should be no higher than 20:1. That is, the link can be 1/20 of the total bandwidth available cumulatively to all end devices using that link.
- Distribution to core links: The oversubscription ratio should be no higher than 4:1.
- Between core devices: Little to no oversubscription should be planned here. That is, the links between core devices should be able to carry traffic at the speed represented by the aggregate-number bandwidth of all the distribution uplinks into the core.
EtherChannel Overview
The increasing deployment of switched Ethernet to the desktop can be attributed to the proliferation of bandwidth-intensive applications. Any-to-any communications of new applications, such as video to the desktop, interactive messaging, and collaborative whiteboarding, increase the need for scalable bandwidth. At the same time, mission-critical applications call for resilient network designs. With the wide deployment of faster switched Ethernet links in the campus, organizations either need to aggregate their existing resources or upgrade the speed in their uplinks and core to scale performance across the network backbone.
EtherChannel is a technology that Cisco originally developed as a LAN switch-to-switch technique of inverse multiplexing of multiple FastEthernet or Gigabit Ethernet switch ports into one logical channel. Figure 2-15 shows some common EtherChannel deployment points.
The benefit of EtherChannel is that it is cheaper than higher-speed media while using existing switch ports. The following are advantages of EtherChannel:
- It enables the creation of a high-bandwidth logical link.
- It load-shares among the physical links involved.
- It provides automatic failover.
- It simplifies subsequent logical configuration. (Configuration is per logical link instead of per physical link.)
Figure 2-15 EtherChannel
EtherChannel technology provides bandwidth scalability in the campus by offering the following aggregate bandwidth:
- FastEthernet: Up to 800 Mbps
- Gigabit Ethernet: Up to 8 Gbps
- 10-Gigabit Ethernet: Up to 80 Gbps
Each of these connection speeds can vary in amounts equal to the speed of the links used (100 Mbps, 1 Gbps, or 10 Gbps). Even in the most bandwidth-demanding situations, EtherChannel technology helps aggregate traffic and keeps oversubscription to a minimum, while providing effective link-resiliency mechanisms.
Redundant Topology
Redundant topology can be accomplished using multiple links, multiple devices, or both. The key is to provide multiple pathways and eliminate a single point of failure. Figure 2-16 shows a simple redundant topology between segment 1 and segment 2.
Figure 2-16 Redundant Topology
Although redundant designs can eliminate the possibility of a single point of failure causing a loss of function for the entire switched or bridged network, you must consider problems that redundant designs can cause. Some of the problems that can occur with redundant links and devices in switched or bridged networks are as follows:
- Broadcast storms: Without some loop-avoidance process in operation, each switch or bridge floods broadcasts endlessly. This situation is commonly called a broadcast storm.
- Multiple frame transmission: Multiple copies of unicast frames may be delivered to destination stations. Many protocols expect to receive only a single copy of each transmission. Multiple copies of the same frame can cause unrecoverable errors.
- MAC database instability: Instability in the content of the MAC address table results from copies of the same frame being received on different ports of the switch. Data forwarding can be impaired when the switch consumes the resources that are coping with instability in the MAC address table.
Layer 2 LAN protocols, such as Ethernet, lack a mechanism to recognize and eliminate endlessly looping frames. Some Layer 3 protocols like IP implement a Time-To-Live (TTL) mechanism that limits the number of times a Layer 3 networking device can retransmit a packet. Lacking such a mechanism, Layer 2 devices continue to retransmit looping traffic indefinitely.
A loop-avoidance mechanism is required to solve each of these problems.
Recognizing Issues of a Redundant Switched Topology
Because of the simple algorithms that a Layer 2 device uses to forward frames, numerous issues must be managed in a redundant topology. Although these issues are managed with technology built into the devices, a failure in these technologies may create network outages. It is important to understand these issues in more detail.
Switch Behavior with Broadcast Frames
Switches handle broadcast and multicast frames differently from the way they handle unicast frames. Because broadcast and multicast frames may be of interest to all stations, the switch or bridge normally floods broadcast and multicast frames to all ports except the originating port. A switch or bridge never learns a broadcast or multicast address because broadcast and multicast addresses never appear as the source address of a frame. This flooding of broadcast and multicast frames can cause a problem in a redundant switched topology. Figure 2-17 shows how a broadcast frame from PC D would be flooded out all ports on the switch.
Figure 2-17 Broadcast Flooding
Broadcast Storms
A broadcast storm occurs when each switch on a redundant network floods broadcast frames endlessly. Switches flood broadcast frames to all ports except the port on which the frame was received.
Example: Broadcast Storms
Figure 2-18 illustrates the problem of a broadcast storm.
The following describes the sequence of events that start a broadcast storm:
- When host X sends a broadcast frame, such as an Address Resolution Protocol (ARP) for its default gateway (Router Y), switch A receives the frame.
Figure 2-18 Broadcast Storm
- Switch A examines the destination address field in the frame and determines that the frame must be flooded onto the lower Ethernet link, segment 2.
- When this copy of the frame arrives at switch B, the process repeats, and the frame is forwarded to the upper Ethernet segment, which is segment 1, near switch B.
- Because the original copy of the frame also arrives at switch B from the upper Ethernet link, these frames travel around the loop in both directions, even after the destination station has received a copy of the frame.
A broadcast storm can disrupt normal traffic flow. It can also disrupt all the devices on the switched or bridged network because the CPU in each device on the segment must process the broadcasts; thus, a broadcast storm can lock up the PCs and servers that try to process all the broadcast frames.
A loop avoidance mechanism eliminates this problem by preventing one of the four interfaces from transmitting frames during normal operation, thereby breaking the loop.
Multiple Frame Transmissions
In a redundant topology, multiple copies of the same frame can arrive at the intended host, potentially causing problems with the receiving protocol. Most protocols are not designed to recognize or cope with duplicate transmissions. In general, protocols that use a sequencenumbering mechanism like TCP assume that many transmissions have failed and that the sequence number has recycled. Other protocols attempt to hand the duplicate transmission to the appropriate upper-layer protocol (ULP), with unpredictable results.
Example: Multiple Transmissions
Figure 2-19 illustrates how multiple transmissions can occur.
Figure 2-19 Multiple Frame Transmissions
The following describes how multiple copies of the same frame can arrive at the intended host:
- When host X sends a unicast frame to Router Y, one copy is received over the direct Ethernet connection, segment 1. At more or less the same time, switch A receives a copy of the frame and puts it into its buffers.
- If switch A examines the destination address field in the frame and finds no entry in the MAC address table for router Y, switch A floods the frame on all ports except the originating port.
- When switch B receives a copy of the frame through switch A on segment 2, switch B also forwards a copy of the frame to segment 1 if it cannot locate an entry in the MAC address table for Router Y.
- Router Y receives a copy of the same frame for the second time. A loop-avoidance mechanism eliminates this problem by preventing one of the four interfaces from transmitting frames during normal operation, thereby breaking the loop.
MAC Database Instability
MAC database instability results when multiple copies of a frame arrive on different ports of a switch. This subtopic describes how MAC database instability can arise and explains what problems can result.
Figure 2-20 illustrates this problem: switch B installs a database entry, mapping the MAC address of host X to port 1. Sometime later, when the copy of the frame transmitted through switch A arrives at port 2 of switch B, switch B removes the first entry and installs an entry that incorrectly maps the MAC address of host X to port 2, which connects to segment 2.
Figure 2-20 MAC Database Instability
Depending on its internal architecture, the switch in question may or may not cope well with rapid changes in its MAC database. Again, a loop-avoidance mechanism eliminates this problem by preventing one of the four interfaces from transmitting frames during normal operation, thereby breaking the loop.
Resolving Issues with STP
STP provides loop resolution by managing the physical paths to given network segments. STP allows physical path redundancy while preventing the undesirable effects of active loops in the network. STP is an IEEE committee standard defined as 802.1D. Figure 2-21 illustrates how a blocked port would prevent traffic flow between the segments.
Figure 2-21 Blocking on a Port
STP behaves as follows:
- STP forces certain ports into a standby state so that they do not listen to, forward, or flood data frames. The overall effect is that there is only one path to each network segment that is active at any one time
- If any of the segments in the network have a connectivity problem, STP reestablishes connectivity by automatically activating a previously inactive path, if one exists. Figure 2-22 shows the final state of a Layer 2 network after spanning tree has performed the operations to eliminate loops.
Figure 2-22 Loop Avoidance
Spanning-Tree Operation
STP performs three steps to provide a loop-free logical network topology:
- Elects one root bridge: STP has a process to elect a root bridge. Only one bridge can act as the root bridge in a given network. On the root bridge, all ports are designated ports. Designated ports are in the forwarding state and are designated to forward traffic for a given segment. When in the forwarding state, a port can send and receive traffic. In Figure 2-22, switch X is elected as the root bridge.
- Selects the root port on the nonroot bridge: STP establishes one root port on each nonroot bridge. The root port is the lowest-cost path from the nonroot bridge to the root bridge. Root ports are in the forwarding state. Spanning-tree path cost is an accumulated cost calculated on the bandwidth. In Figure 2-22, the lowest-cost path to the root bridge from switch Y is through the 100BASE-T FastEthernet link.
- Selects the designated port on each segment: On each segment, STP establishes one designated port. The designated port is selected on the bridge that has the lowest-cost path to the root bridge. Designated ports are in the forwarding state, forwarding traffic for the segment. In Figure 2-22, the designated port for both segments is on the root bridge because the root bridge is directly connected to both segments. The 10BASE-T Ethernet port on switch Y is a nondesignated port because there is only one designated port per segment. Nondesignated ports are normally in the blocking state to logically break the loop topology. When a port is in the blocking state, it is not forwarding data traffic but can still receive traffic.
Switches and bridges running the Spanning Tree Algorithm exchange configuration messages with other switches and bridges at regular intervals (every 2 seconds by default). Switches and bridges exchange these messages using a multicast frame called the BPDU.
One of the pieces of information included in the BPDU is the bridge ID (BID).
STP calls for each switch or bridge to be assigned a unique BID. Typically, the BID is composed of a priority value (2 bytes) and the bridge MAC address (6 bytes). The default priority, in accordance with IEEE 802.1D, is 32,768 (1000 0000 0000 0000 in binary, or 0x8000 in hex format), which is the midrange value. The root bridge is the bridge with the lowest BID.
Example: Selecting the Root Bridge
In Figure 2-23, both switches use the same default priority. The switch with the lowest MAC address is the root bridge. In the example, switch X is the root bridge, with a BID of 0x8000 (0c00.1111.1111).
Figure 2-23 Root Bridge Selection
There are five STP port states:
- Blocking
- Listening
- Learning
- Forwarding
- Disabled
When STP is enabled, every bridge in the network goes through the blocking state and the transitory states of listening and learning at power-up. If properly configured, the ports then stabilize to the forwarding or blocking state. Forwarding ports provide the lowest-cost path to the root bridge. During a topology change, a port temporarily implements the listening and learning states.
The disabled state is not strictly part of STP; a network administrator can manually disable a port, or a security or an error condition may disable it. An example of a port that is disabled would be a port that is shut down.
Figure 2-24 shows the flow of spanning-tree port states.
Figure 2-24 Spanning-Tree Port States
All bridge ports initially start in the blocking state, from which they listen for BPDUs. When the bridge first boots, it functions as if it were the root bridge and transitions to the listening state. An absence of BPDUs for a certain period is called the maximum age (max_age), which has a default of 20 seconds. If a port is in the blocking state and does not receive a new BPDU within the max_age, the bridge transitions from the blocking state to the listening state. When a port is in the transitional listening state, it can send and receive BPDUs to determine the active topology. At this point, the switch is not passing user data. During the listening state, the bridge performs these three steps:
- Selects the root bridge
- Selects the root ports on the nonroot bridges
- Selects the designated ports on each segment
The time that it takes for a port to transition from the listening state to the learning state or from the learning state to the forwarding state is called the forward delay. The forward delay has a default value of 15 seconds.
The learning state reduces the amount of flooding required when data forwarding begins. If a port is still a designated or root port at the end of the learning state, the port transitions to the forwarding state. In the forwarding state, a port is capable of sending and receiving user data. Ports that are not the designated or root ports transition back to the blocking state.
A port normally transitions from the blocking state to the forwarding state in 30 to 50 seconds. You can tune the spanning-tree timers to adjust the timing, but these timers are meant to be set to the default value. The default values are put in place to give the network enough time to gather all the correct information about the network topology.
Spanning-tree PortFast causes an interface that is configured as a Layer 2 access port to transition immediately from the blocking state to the forwarding state, bypassing the listening and learning states. You can use PortFast on Layer 2 access ports that are connected to a single workstation or server to allow those devices to connect to the network immediately rather than wait for spanning tree to converge. Figure 2-25 shows access ports
connected with PortFast enabled.
Figure 2-25 PortFast
If an interface that is configured with PortFast receives a BPDU, then spanning tree can transition the port to the blocking state. Using a feature called BPDU guard, the port can be disabled completely when it receives a BPDU to prevent any potential loops caused by PortFast.
CAUTION Because the purpose of PortFast is to minimize the time that access ports must wait for spanning tree to converge, you should use it only on access ports. If you enable PortFast on a port connecting to another switch, you risk creating a spanning-tree loop.
Table 2-10 lists the commands used to implement and verify PortFast on an interface.
Table 2-10 PortFast Commands
Example: Spanning-Tree Operation
The best way to understand how spanning tree operates is to look at an operation example. Figure 2-26 shows a sample network spanning tree topology and the relevant information used by spanning tree.
Figure 2-26 Spanning Tree Topology
The following describes the STP port states illustrated in Figure 2-26:
- The root bridge is switch Z, which has the lowest BID.
- The root port is port 0 on switches X and Y. Port 0 is the lowest-cost path to the root on both switches.
- The designated ports on switch Z are port 0 and port 1. All ports on the root are
designated ports. Port 1 of switch X is a designated port for the segment between switch X and switch Y. Because switch X and switch Y have the same path cost to the root bridge, the designated port is selected to be on switch X because it has a lower BID than switch Y.
- Port 1 on switch Y is the nondesignated port on the segment and is in the blocking state.
- All designated and root ports are in the forwarding state.
Example: Spanning-Tree Path Cost
The spanning-tree path cost is an accumulated total path cost based on the bandwidth of all the links in the path. In the figure, some of the path costs specified in the 802.1D specification are shown. The 802.1D specification has been revised; in the older specification, the cost was calculated based on a bandwidth of 1000 Mbps. The calculation of the new specification uses a nonlinear scale to accommodate higher-speed interfaces.
Table 2-11 describes the spanning-tree path cost calculations based on bandwidth of a link.
Table 2-11 Spanning-Tree Path Costs
When there is a topology change because of a bridge or link failure, spanning tree adjusts the network topology to ensure connectivity by placing blocked ports in the forwarding state.
Example: Spanning-Tree Recalculation
In Figure 2-27, if switch Z (the root bridge) fails and does not send a BPDU to switch Y within the max_age time (default is 20 seconds, which equals 10 missed BPDUs), switch Y detects the missing BPDU from the root bridge. When the max_age timer on switch Y expires before a new BPDU has been received from switch Z, a spanning-tree recalculation is initiated. Switch Y transitions its blocking port (port 1) from the blocking state to the listening state to the learning state, and then finally to the forwarding state.
Figure 2-27 Spanning-Tree Recalculation
After all the switch and bridge ports have transitioned to either a forwarding state or a blocking state, switch X becomes the root bridge and forwards traffic between the segments.
STP Convergence
Convergence in STP is a state in which all the switch and bridge ports have transitioned to either the forwarding or the blocking state. Convergence is necessary for normal network operations. For a switched or bridged network, a key issue is the time required for convergence when the network topology changes.
Fast convergence is a desirable network feature because it reduces the time that bridge and switch ports are in transitional states and not sending user traffic. The normal convergence time is 30 to 50 seconds for 802.1D STP.
Per VLAN Spanning Tree+
The 802.1D standard defines a Common Spanning Tree (CST) that assumes only one spanning-tree instance for the entire switched network, regardless of the number of VLANs. In a network running CST, these statements are true:
- No load sharing is possible; one uplink must block for all VLANs.
- The CPU is spared; only one instance of spanning tree must be computed.
Per VLAN Spanning Tree Plus (PVST+) defines a spanning-tree protocol that has several spanning-tree instances running for the network, one instance of STP per VLAN. Figure 2-28 shows an example of how you can use PVST+ to forward traffic on all network segments but still maintain STP integrity.
Figure 2-28 Per VLAN Spanning Tree+
In a network running several spanning-tree instances, these statements are true:
- Optimum load sharing can result.
- One spanning-tree instance for each VLAN maintained can mean a considerable waste of CPU cycles for all the switches in the network (in addition to the bandwidth used for each instance to send its own BPDUs).
PVST+ Operation
In a Cisco PVST+ environment, you can tune the spanning-tree parameters so that half of the VLANs forward on each uplink trunk. To easily achieve this, you configure one switch to be elected the root bridge for half of the total number of VLANs in the network and a second switch to be elected the root bridge for the other half of the VLANs. Providing different STP root switches per VLAN creates a more redundant network.
Spanning-tree operation requires that each switch has a unique BID. In the original 802.1D standard, the BID was composed of the bridge priority and the MAC address of the switch, and all VLANs were represented by a CST. Because PVST+ requires that a separate instance of spanning tree runs for each VLAN, the BID field is required to carry VID information. This is accomplished by reusing a portion of the Priority field as the extended system ID to carry a VID. Figure 2-29 shows how modifying the bridge priority offers this support.
Figure 2-29 PVST+ VLAN ID
To accommodate the extended system ID, the original 802.1D 16-bit bridge priority field is
split into two fields, resulting in these components in the BID:
- Bridge priority: A 4-bit field still used to carry bridge priority. Because of the limited bit count, the priority is conveyed in discreet values in increments of 4096 rather than discreet values in increments of 1, as they would be if the full 16-bit field were available. The default priority, in accordance with IEEE 802.1D, is 32,768, which is the midrange value.
- Extended system ID: A 12-bit field carrying, in this case, the VID for PVST+.
- MAC address: A 6-byte field with the MAC address of a single switch.
By virtue of the MAC address, a BID is always unique. When the priority and extended system ID are prepended to the switch MAC address, each VLAN on the switch can be represented by a unique BID.
If no priority has been configured, every switch will have the same default priority, and the election of the root for each VLAN will be based on the MAC address. This method is a random means of selecting the ideal root bridge; for this reason, it is advisable to assign a lower priority to the switch that should serve as the root bridge. The root bridge should be located in the center of your network traffic flow.
Rapid Spanning Tree Protocol
Rapid Spanning Tree Protocol (RSTP), specified in the IEEE 802.1w standard, supersedes STP as specified in 802.1D, while remaining compatible with STP. RSTP can be seen as an evolution of the 802.1D standard rather than a revolution. The 802.1D terminology remains primarily the same. Most parameters have been left unchanged, so users familiar with 802.1D can configure the new protocol comfortably.
RSTP significantly reduces the time to reconverge the active topology of the network when changes to the physical topology or its configuration parameters occur. RSTP defines the additional port roles of alternate and backup, and it defines port states as discarding, learning, or forwarding.
RSTP selects one switch as the root of a spanning-tree active topology and assigns port roles to individual ports on the switch, depending on whether the ports are part of the active topology.
RSTP provides rapid connectivity following the failure of a switch, a switch port, or a LAN. A new root port and the designated port on the other side of the bridge transition to forwarding through an explicit handshake between them. RSTP allows switch port configuration so that the ports can transition to forwarding directly when the switch reinitializes. Figure 2-30 shows an RSTP topology.
Figure 2-30 RSTP Topology
Per VLAN RSTP
The RSTP (802.1w) standard uses CST, which assumes only one spanning-tree instance for the entire switched network, regardless of the number of VLANs. Per VLAN Rapid Spanning Tree Plus (PVRST+) defines a spanning-tree protocol that has one instance of RSTP per VLAN.
Multiple Spanning Tree Protocol
Multiple Spanning Tree Protocol (MSTP), originally defined in IEEE 802.1s and later merged into IEEE 802.1Q-2003, defines a spanning-tree protocol that has several spanningtree instances running for the network. But unlike PVRST+, which has one instance of RSTP per VLAN, MSTP reduces the switch load by allowing a single instance of spanning tree to run for multiple VLANs.
RSTP Port Roles
RSTP defines the port roles as follows:
- Root: A forwarding port elected for the spanning-tree topology.
- Designated: A forwarding port elected for every switched LAN segment.
- Alternate: An alternate path to the root bridge that is different from the path that the root port takes.
- Backup: A backup path that provides a redundant (but less desirable) connection to a segment to which another switch port already connects. Backup ports can exist only where two ports are connected in a loopback by a point-to-point link or bridge with two or more connections to a shared LAN segment.
- Disabled: A port that has no role within the operation of spanning tree. Root and designated port roles include the port in the active topology. Alternate and backup port roles exclude the port from the active topology.
The port state controls the forwarding and learning processes and provides the values of discarding, learning, and forwarding. Table 2-12 compares STP port states with RSTP port states.
Table 2-12 Comparing RSTP Port States to STP
In a stable topology, RSTP ensures that every root port and designated port transitions to forwarding, while all alternate ports and backup ports are always in the discarding state.
Configuring RSTP
Cisco Catalyst switches support three types of spanning-tree protocols: PVST+, PVRST+, and MSTP.
- PVST+: Based on the 802.1D standard, this includes Cisco proprietary extensions, such as BackboneFast, UplinkFast, and PortFast, which improve STP convergence time.
- PVRST+: Based on the 802.1w standard, this has a faster convergence than 802.1D.
- MSTP (802.1s): Combines the best aspects of PVST+ and the IEEE standards.
To implement PVRST+, perform these steps:
Step 1 Enable PVRST+.
Step 2 Designate and configure a switch to be the root bridge.
Step 3 Designate and configure a switch to be the secondary (backup) root bridge.
Step 4 Verify the configuration.
Table 2-13 describes the commands that you use to enable and verify PVRST+.
Table 2-13 PVRST+ Commands
Example 2-7 shows how to verify the STP protocol for a given VLAN.
Example 2-7 STP Protocol Verification
SwitchX#show spanning- tree vlan 30 VLAN0030 Spanning tree enabled protocol rstp Root ID Priority 24606 Address 00d0.047b.2800 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24606 (priority 24576 sys-id-ext 30) Address 00d0.047b.2800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type -------- ----- --- --- -------- ---- Gi1/1 Desg FWD 4 128.1 P2p Gi1/2 Desg FWD 4 128.2 P2p Gi5/1 Desg FWD 4 128.257 P2p
In this example, the statement Spanning tree enabled protocol rstp indicates that switch X is running PVRST+, the Cisco RSTP implementation.
Switch X is the root bridge for VLAN 30. Its priority of 24606 is derived from the sum of the assigned priority of 24576 and VLAN 30. The MAC address of switch X, which is 00d0.047b.2800, is appended to the priority, 24606, to make up the bridge ID.
As the root bridge for VLAN 30, all the interfaces of switch X are designated ports in the forwarding state.
If all the switches in a network are enabled with the default spanning-tree settings, the switch with the lowest MAC address becomes the root bridge. However, the default root bridge might not be ideal because of traffic patterns, the number of forwarding interfaces, or link types.
Before you configure STP, select a switch to be the root of the spanning tree. This switch does not need to be the most powerful switch, but it should be the most centralized switch on the network. All data flow across the network occurs from the perspective of this switch. The distribution layer switches often serve as the spanning-tree root because these switches typically do not connect to end stations. In addition, moves and changes within the network are less likely to affect these switches.
By increasing the priority (lowering the numerical value) of the preferred switch so that it becomes the root bridge, you force spanning tree to perform a recalculation that reflects a new topology with the preferred switch as the root.
The switch with the lowest BID becomes the root bridge for spanning tree for a VLAN. You can use specific configuration commands to help determine which switch will become the root bridge.
A Cisco Catalyst switch running PVST+ or PVRST+ maintains an instance of spanning tree for each active VLAN that is configured on the switch. A unique BID is associated with each instance. For each VLAN, the switch with the lowest BID becomes the root bridge for that VLAN. Whenever the bridge priority changes, the BID also changes. This change results in the recomputation of the root bridge for the VLAN.
To configure a switch to become the root bridge for a specified VLAN, use the command spanning-tree vlan vlan-ID root primary. With this command, the switch checks the priority of the root switches for the specified VLAN. Because of the extended system ID support, the switch sets its own priority to 24576 for the specified VLAN if this value will cause the switch to become the root for this VLAN. If another switch for the specified VLAN has a priority lower than 24576, then the switch on which you are configuring the spanning-tree vlan vlan-ID root primary command sets its own priority for the specified VLAN to 4096 less than the lowest switch priority.
A secondary root is a switch that can become the root bridge for a VLAN if the primary root bridge fails. To configure a switch as the secondary root bridge for the VLAN, use the command spanning-tree vlan vlan-ID root secondary.
With this command, the switch priority is modified from the default value of 32768 to 28672. Assuming that the other bridges in the VLAN retain their default STP priority, this switch becomes the root bridge if the primary root bridge fails. You can execute this command on more than one switch to configure multiple backup root bridges.
More Resources