VTP Pruning: Advanced Traffic Management
A transparent bridge handles LAN frames by filtering (dropping), forwarding, or flooding. Flooding occurs whenever the bridge receives a frame with a destination MAC address for which it has no entry in its bridging table. This happens whenever the bridge never hears from the destination and, therefore, has no entry in the bridge table. Or, no entry can exist because the bridge’s aging timer expired for the MAC address. Frames in these scenarios are unknown unicast. Bridges also flood whenever they receive a frame with a broadcast or multicast destination address. Whenever the bridge floods, it transmits the frame to all ports in the broadcast domain (except for the source port) including trunk ports.
Trunks by default transport traffic for all VLANs unless you restrict the authorized VLAN list with the clear trunk VLAN# command. This command statically defines the VLANs not allowed to transport over the trunk. The Catalyst has features to control flooding of unknown unicast, broadcast, and multicast frames. This section covers the control of unknown unicast and broadcast flooding. Chapter 13 discusses the control of multicast and broadcast flooding. The other bridging modes, forwarding and filtering, continue to operate in standard bridging fashion.
Bridges flood to increase the probability of the frame reaching the destination, even though the bridge doesn’t know where the destination lives. (The other reason bridges flood is because the standards tell them to.) If the destination is alive and well in the broadcast domain, the frame should reach the destination.
Whenever the Catalyst floods the frame, it sends the frame out all trunk ports. Figure 12-15 shows a system with pruning disabled. When PC-1 generates a frame that Cat-A decides to flood, Cat-A sends the frame out all ports. The flooded frame reaches Cat-B which also decides to flood out all ports. Eventually, the flooded frame reaches all Catalysts in the trunk network including Cat-C. Note, however, that PC-1 belongs to VLAN 2. But there are no members of VLAN 2 in Cat-C; yet the flooded traffic crosses all of the trunks and eventually hits Cat-C. This consumes bandwidth on the trunks and consumes bandwidth in the Catalyst’s backplane. (Cat-C discards the frame after the frame crosses the backplane.)
Figure 12-15. Flooding in a Catalyst Network Without Pruning
VTP pruning limits the distribution of the flooded frames to only those Catalysts that have members of VLAN 2. Otherwise, the sending Catalyst blocks flooded traffic from that VLAN.
Cisco introduced VTP pruning with Supervisor engine software release 2.1 as an extension to VTP version 1. VTP pruning defines a fourth VTP message type which announces VLAN membership. Whenever you associate Catalyst ports to a VLAN, the Catalyst sends a message to its neighbor Catalysts informing them that they are interested in receiving traffic for that VLAN. The neighbor Catalyst uses this information to decide if flooded traffic from a VLAN should transit the trunk or not.
An administrator enables pruning in Figure 12-16. When PC-1 generates a broadcast frame with pruning enabled in the Catalysts, the broadcast does not reach Cat-C as it did in Figure 12-15. Cat-B receives the broadcast and normally floods the frame to Cat-C. But Cat-C does not have any ports assigned to VLAN 2. Therefore, Cat-B does not flood the frame out the trunk toward Cat-C. This preserves bandwidth on the trunk and on the Catalyst’s backplane.
Figure 12-16. Flooding with VTP Pruning Enabled
Configuring VTP Pruning
You can enable VTP pruning with the command set vtp pruning enable. By default, this enables the Catalyst to prune all VLANs. But you can elect to prune only a couple of VLANs. Then, you can modify the prune list by first clearing the list with the command clear vtp pruneeligible vlan_range. Next, you can specify which VLANs to prune with the related command, set vtp pruneeligible vlan_range.
Example 12-9 shows a session where an administrator enables pruning, but then modifies the list of pruning eligible VLANs. When you initially enable pruning, the Catalyst considers all VLANs as pruning eligible. The administrator then specifies VLANs 10-20 as pruning ineligible. This means that any flooded traffic in these VLANs propagate to all Catalysts, even if there is no member of the VLAN on the receiving Catalyst. Note that the default VLANs 1, 1001–1005 are always pruning ineligible. Finally, the administrator restores VLAN 15 as pruning eligible. The show vtp domain output in Example 12-9 confirms pruning as enabled and further confirms the list of pruning eligible VLANs. (See the highlighted fields on the output.)
Example 12-9 Configuring VTP Pruning
Console> (enable) set vtp pruning enable
This command will enable the pruning function in the entire management domain.
All devices in the management domain should be pruning-capable before enabling.
Do you want to continue (y/n) [n]? y
VTP domain wally modified
Console> (enable) clear vtp pruneeligible 10-20
Vlans 1,10-20,1001-1005 will not be pruned on this device.
VTP domain Lab_Network modified.
Console> (enable) set vtp pruneeligible 15
Vlans 2-9,15,21-1000 eligible for pruning on this device.
VTP domain Lab_Network modified.
Console> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
wally 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
4 1023 10 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
10.0.0.1 disabled enabled 2-9,15,21-1000