The Working Mechanics of VTP

The Working Mechanics of VTP

The VLAN Trunking Protocol developed by Cisco operates as a Layer 2 protocol for Catalyst products. When transmitting VTP messages to other Catalysts in a network, a Catalyst encapsulates the VTP message in a trunking protocol frame, such as ISL or 802.1Q. Figure 12-5 shows the generic encapsulation for VTP within an ISL frame. The ISL encapsulation starts with the header information detailed in Chapter 8, “Trunking Technologies and Applications.” The VTP header varies depending upon the type of VTP message discussed, but generally, four items are found in all VTP messages:

  • VTP protocol version— Either version 1 or 2
  • VTP message type— Indicates one of four types
  • Management domain name length— Indicates the size of the name that follows
  • Management domain name— The name configured for the management domain

Additional details on the VTP messages are in the following sections. VTP messages always travel over the default VLAN for the media. For example, on an Ethernet trunk, VTP transports over VLAN 1; on FDDI, it transports over VLAN 1002; and over ATM, VTP transports over ELAN default. Because you cannot delete any of the default VLANs, VTP messages always propagate over LAN trunk ports. However, VTP does not always transport over ATM trunks. ELAN default must be enabled for VTP to cross ATM. But, this ELAN does not automatically exist. You must explicitly enable this ELAN if you want VTP messages to cross the ATM link.

Figure 12-5. VTP Encapsulation over ISL Trunks
The Working Mechanics of VTP-12.5

Although Cisco routers understand trunking protocols like ISL, LANE, and 802.1Q, they currently do not participate in VTP; routers ignore VTP messages and discard them at the router interface. Therefore, VTP messages propagate no further than a router interface, or to another Catalyst that belongs to a different VTP management domain. Figure 12-6 shows a system with three management domains isolated through varied domain assignments and through a router. Domain 1 has three management domain border points, one to the router and two into Domain 2.

Figure 12-6. VTP Boundaries
The Working Mechanics of VTP-12.6

When Cat-A in Domain 1 issues a VTP message, the message gets distributed to all of the other Catalysts in the domain. Cat-B and Cat-C receive the message and forward it to the two Catalysts in Domain 2. However, these Catalysts see that the source domain differs from their own and, therefore, discard the VTP message.

The VTP message generated in Domain 1 also propagates to the router. But the router does not participate with VTP and discards the message.

Likewise, VTP messages generated in Domain 2 or Domain 3 never affect devices outside of their domain.

VTP defines four message types:

  • Summary advertisements
  • Subset advertisements
  • Advertisement requests
  • VTP join messages

The first three message types describe interactions between VTP servers and clients for the distribution of VLAN information. These messages occur by default whenever you enable a trunk between Catalysts configured as servers and/or clients. The fourth message is disabled by default and is only enabled whenever you turn on VTP pruning. The section in this chapter, “VTP Pruning: Advanced Traffic Management,” describes VTP pruning; therefore, the discussion on the fourth message type is deferred until then.

VTP Configuration Revision Number

Whenever you make a VLAN change on a server Catalyst, the Catalyst issues VTP messages so that other Catalysts can update their VLAN configurations. It is, however, important that the Catalysts keep track of what information is newer than others. Therefore, VTP keeps a configuration revision number that increments whenever you add, delete, or suspend a VLAN. Catalysts in a management domain compare the revision number to determine if the announcement contains newer or obsolete information.

With a fresh configuration, the Catalyst has a revision number of zero. The revision number in the management domain continues to increment until it reaches 2,147,483,648, at which point the counter wraps back to zero.

  • Tip
    You can quickly and easily reset the configuration revision number with the set vtp domain name command. Changing the domain name sets the configuration revision number to zero. Or, you can make 2,147,483,684 VLAN changes to your system to force the counter to roll back to zero. Unfortunately, this could take a very long time to accomplish.

Summary Advertisements

By default, server and client Catalysts issue summary advertisements every five minutes. Summary advertisements inform neighbor Catalysts what they believe to be the current VTP configuration revision number and management domain membership. The receiving Catalyst compares the domain names and, if they differ, ignores the message. If the domain names match, the receiving server or client Catalyst compares the configuration revision number. If the advertisement contains a higher revision number than the receiving Catalyst currently has, the receiving Catalyst issues an advertisement request for new VLAN information.

Figure 12-7 shows the protocol format for a summary advertisement.

Figure 12-7. VTP Summary Advertisement Format
The Working Mechanics of VTP-12.7

Each row in Figure 12-7 is four octets long. The Version, Type, Number of Subnet Advertisement Messages, and Domain Name Length Fields are all one octet long. Some of the fields can extend beyond four octets and are indicated in the figure. A description of each of the fields follows the decode in Figure 12-8.

Figure 12-8 decodes a summary advertisement packet encapsulated in an ISL trunking protocol frame. If the trunk uses 802.1Q rather than ISL, the VTP message is exactly the same, only encapsulated in an 802.1Q frame.

Figure 12-8. VTP Summary Advertisement Analyzer Decode
The Working Mechanics of VTP-12.8

The decode starts with the SNAP header that follows the other headers shown in Figure 12-5. Although VTP uses the same Ethernet multicast address as CDP, the SNAP value differs between the two. CDP uses a SNAP value of 0x2000, but VTP uses a SNAP value of 0x2003. This allows the receiving Catalysts to distinguish the protocols.

The VTP header contains the VTP version in use. All Catalysts in the management domain must run the same version. In this case, they are running VTP version 1. If there are Token Ring switch ports in your domain, this would have to be VTP version 2. The message type value indicates which of the four VTP messages listed earlier was transmitted by the source Catalyst.

The following field, Number of Subset Advertisement Messages, indicates how many VTP type 2 messages follow the summary advertisement frame. This value can range from zero to 255. Zero indicates that no subset advertisements follow. A Catalyst only transmits the subset advertisement if there is a change in the system, or in response to an advertisement request message.

The domain length and name follows this field along with any padding bytes necessary to complete the Domain Name field.

The source also transmits the VTP configuration revision number and identifies itself through its IP address. Remember from the earlier section, “VTP Configuration Revision Number,” that the receiving Catalyst compares the configuration revision number with its internal number to determine if the source has new configuration information or not.

The message includes a timestamp which indicates the time the configuration revision number incremented to its current value. The timestamp has the format of yymmddhhmmss which represents year/month/day and hour/minute/second.

Finally, the source performs an MD5 one-way hash on the header information. An MD5 (message digest type 5) hash algorithm is frequently used in security systems as a non-reversible encryption process. The receiving Catalyst also performs a hash and compares the result to detect any corruptions in the frame. If the hashes do not match, the receiving Catalyst discards the VTP message.

Subset Advertisements

Whenever you change a VLAN in the management domain, the server Catalyst where you configured the change issues a summary advertisement followed by one or more subset advertisement messages. Changes that trigger the subset advertisement include:

  • Creating or deleting a VLAN
  • Suspending or activating a VLAN
  • Changing the name of a VLAN
  • Changing the MTU of a VLAN

Figure 12-9 shows the VTP subset advertisement packet format.

Figure 12-9. VTP Subset Advertisement Format
The Working Mechanics of VTP-12.9

The summary advertisement has a Seq-Number field in the header indicating the number of subset advertisements that follow. If you have a long VLAN list, VTP might need to send the entire list over multiple subset advertisements.

Figure 12-10 shows a subset advertisement (partial listing). As with the summary advertisement, the message includes the VTP version type, the domain name and related fields, and the configuration revision number. The header sequence number indicates the identity of the subset advertisement. If multiple subset advertisements follow the summary advertisement, this number indicates the subset instance sent by the updater. The sequence numbering starts with 1. The receiving Catalyst uses this value to ensure that it receives all subset advertisements and, if not, can request a resend starting with a specific subset advertisement.

Figure 12-10. VTP Subset Advertisement Analyzer Decode
The Working Mechanics of VTP-12.10

The summary advertisement then lists all of the VLANs in the management domain along with the following information for each:

  • Length of the VLAN description field
  • Status of the VLAN. The VLAN can be active or suspended
  • VLAN type. Is it Ethernet, Token Ring, FDDI, or other?
  • MTU (maximum transmission unit) for the VLAN. What is the maximum frame size supported on this VLAN?
  • Length of the VLAN name
  • The VLAN number for this named VLAN
  • The SAID value to use if the frame is passed over an FDDI trunk
  • The VLAN name

The VTP subset advertisement individually lists this information for each VLAN, even the default VLANs.

Advertisement Requests

A Catalyst issuing the third VTP message type, an advertisement request, solicits summary and subset advertisements from a server in the management domain. Catalysts transmit an advertisement request whenever you reset the Catalyst, whenever you change its VTP domain membership, or whenever it hears a VTP summary advertisement with a higher configuration revision number than it currently has. This can happen if a Catalyst is temporarily partitioned from the network and a change occurs in the domain.

Figure 12-11 shows a VTP advertisement request frame format.

Figure 12-11. VTP Advertisement Request Format
The Working Mechanics of VTP-12.11

An advertisement request includes six fields. The Version field identifies the VTP version used by the device. The Code field identifies this as an advertisement request. The reserved (Rsvd) portion is set to zero. The Management Domain Length field (MgmtD Len) indicates the length of the domain name in the following field. These four fields are followed by the Management Domain Name. Finally, if the Catalyst expected to receive subset advertisements but failed to receive one or more, it can request a resend starting at a particular subset instance value. This is signaled in the Start-Value field. For example, if the Catalyst expected to see three subset advertisements but only received instances 1 and 3, it can request a resend starting at instance 2.

Figure 12-12 shows an advertisement request captured on an analyzer.

Figure 12-12. VTP Advertisement Request Analyzer Decode
The Working Mechanics of VTP-12.12

The advertisement request in Figure 12-12 requests all subset advertisements for the management domain testvtp. This is recognized because the start value is zero.

About the author


Leave a Comment