Jaycee's Networking

May 11, 2009

Spanning Tree

Filed under: IOS — Tags: — Jaycee @ 12:46 am

A. Preventing Loops with Spanning Tree:

1. Spanning tree is designed to prevent loops among bridges. (A bridge is a device that connects multiple segments within a single collision domain: Hubs and switches are both bridges.)

a. Broadcast Storms: Switch is expending most of its processing power forwarding broadcasts through the loop. “show process cpu history” is useful command to troubleshoot a broadcast storm.

sh proc cpu his

b. MAC Address Table Instability: Another problem caused by a lopped environment is MAC address table being constantly updated. (A switch examines each packet that arrives on a port and assigns the packet’s source MAC address to that port in its MAC address table. )

2. Spanning-tree is on by default. It’s a protocol designed to discover network loops and break them before they can cause any damage. It should always be enabled on any network.

3. Having more than one link b/w switches is a good idea in terms of redundancy: the trick is to have only one link active at a time.

B. Designing Spanning Tree:

1. Spanning tree elects a root bridge (switch) in the network. All other bridges need to reach via the shortest path possible.

2. Spanning tree calculates the cost for each path from each bridge in the network to the root bridge.

3. Spanning tree breaks paths by putting ports into a blocking state.

4. Every bridge that supports spanning tree sends out frames called BPDU (bridge protocol data units) every 2 seconds. These frames contains the information to perform the following functions:

a. Elect a root bridge:

(1) Every bridge has a bridge ID which is a combination of the bridge priority and the bridge’s MAC address. Bridge ID = bridge priority + bridge MAC.
(2) When a switch boots, it assumes it’s the root bridge, and sets the root ID to the local bridge ID.
(3) Root ID = root priority + root MAC. The root priority is configured with a value of 32768 (0x8000) by default.

b. Determine the best path to the root bridge: the lowest path cost

c. Determine the root port on each bridge:

(1) on the switch that has the shortest path to the root bridge.
(2) The root bridge doesn’t have root ports, and it only has designated ports.

d. Determine the designated port on each segment

(1) on the segment that has the shortest path to the root bridge.
(2) On segments that are directly connected to the root bridge, the root bridge’s ports are the designated ports.

e. Elect a designated bridge on each segment

(1) The root bridge is the designated bridge for all directly connected segments.
(2) 2 bridges on a segment have root ports, the bridge with the lowest bridge ID becomes the designated bridge.

f. Block nonforwarding ports: still send and receive BPDUs.

5. Always configure a switch to be the root bridge. (Should NOT let networking devices make critical decisions using default values.) The root bridge should generally be one of the core switches in your design.

6. Spanning tree states:

Initializing -> Blocking -> Listeing -> Learning -> Forwarding

a. Blocking: the port receives and processes BPDUs.
b. Listening: BPDUs are sent as well as received.

7. By default, all VLANs will inherit the same values for all spanning tree configurations. Each VLAN can be configured differently. So each VLAN may have a different spanning tree root bridge.

C. PVST (Per-VLAN Spanning Tree) and PVST+ (Per-VLAN Spanning Tree Plus):

1. PVST allows for a spanning tree instance for each VLAN when used with ISL trunks.

2. PVST+ allows for a spanning tree instance for each VLAN when used with 802.1Q trunks.

D. Managing Spanning Tree:

1. Show spanning tree status:

sh spanning-tree

2. Show a summary of spanning tree:

sh spanning-tree sum
Picture 11

3. Shows the information regarding the root bridge for every VLAN:

sh spanning-tree root

E. Additional Features:

1. PortFast:

IOS(config-if)# spanning-tree portfast

a. It allows a port to bypass all of the other spanning tree states and proceed directluy to the forwarding state.
b. It takes about 30 seconds to put a normal port into the forwarding state, which can cause systems using DHCP to time out and not get an IP.

2. BPDU Guard:

IOS(config-if)# spanning-tree bpduguard enable

a. Ports configured for PortFast should never receive BPDUs. BPDU Guard automatically disables a port configured for PortFast in the even that it receives a BPDU and put it into the ErrDisable state.
b. The interface must be reset if this happens.

3. UplinkFast:

IOS(config)# spanning-tree uplinkfast

a. UplinkFast should be configured ONLY on access-layer switches.

b. Allows a blocked uplink port to bypass the listening and learning states when the designated port fails. This allows the network to recover in 5 seconds or less. (Normally takes up to 45 seconds.)

c. This feature affetcs all VLANs on the switch. It also sets the bridge priority to 49,152 to all but ensure that the switch will NOT become the root bridge.

4. BackboneFast:

IOS(config)# spanning-tree backbonefast

a. If the switch stops receiving BPDUs for the better root bridge, it’ll continue to believe that that bridge is the best bridge until the max_age timeout is exceeded. (max_age defaults to 20 seconds.)

b. BackboneFast detects indirect link failures. It actively discovers paths to the root by sending out root link query BPDUs after a link failure. When it discovers a path, it sets the max_age timer to 0.

F. Common Problems:

1. Duplex Mismatch:

a. If a port in the blocking state stops receiving BPDUs, the bridge no longer considers the port to be a path to the root bridge. In this case the port should no longer be blocked, so the bridge puts the port into the forwarding state.

b. When a port is in half-duplex mode, it listens for collisions before transmitting. After a collision, the port will perform the back-off algorithm, and wait to resend the packet that collided. When the data rate gets high, the collision problem gets worse, resulting in frames being dropped, including BPDUs.

c. Always make sure that both sides of an Ethernet link are configured the same way regarding speed and duplex.

2. Unidirectional Links:

a. A link is able to transmit in one direction but not another. It’s most often seen when using fiber. One fiber strand can end up on a different port or switch from the other strand in the pair.

b. In this case, rebooting will not resolve the issue. When shutting down the link, the proof of the unidirectional link is often lost.

c. This problem can be difficult to uncover and it’d cause outage  very quickly because the CPU utilizaoin on network devices can quickly reach 100 percent.

d. With the latest versions of IOS, unidirectional link problems are handled by a protocol called UDLD (Unidiretional Link Detection). UDLD is on by default and it should be left ON.

G. Prevent Spanning Tree Problems:

1. Always suspect that something physical is wrong when diagnosing connectivity problems.

2. Dont assume that it works today just because it worked yesterday. It doesn’t take much for someone to crush a fiber strand when closing a cabinet door.



Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: