Detailed explanation of STP
Problems with redundant links
As shown in the figure, there are two lines connected between LSW1 and LSW2. If any link between them fails, the other line can immediately replace the failed link, which can solve the problem caused by a single link failure. The network is down, but before that there are three issues to consider.
(Time To Live) like the Layer 3 packets transmitted by routers . If there is a loop, the Layer 2 frames cannot be properly terminated, and they will be forever between switches. Pass on endlessly. Combined with the working principle of the switch, let’s see how the broadcast storm is formed in the above topology:
- PC1 sends a broadcast frame (possibly an ARP query) , LSW1 receives the broadcast frame, and LSW1 forwards the broadcast frame from ports other than the receiving port (that is, to G0/0/2, G0/0/ 3. G0/0/4) .
- LSW2 will receive the same broadcast frame sent by SW1 from its own G0/0/1 and G0/0/2, and then LSW2 will send the broadcast frame from all other interfaces except the receiving port (LSW2 will The broadcast frame received by G0/0/2 is sent to the other three ports G0/0/1, G0/0/3, G0/0/4, and the broadcast frame received from fa0/24 is also sent to the other three ports G0/ 0/1, G0/0/3, G0/0/4) .
- In this way, the broadcast frame is sent back to LSW1 from G0/0/1 and G0/0/2, and LSW1 is sent back to LSW2 in the same way. Unless the physical line is destroyed, PC1-4 will continue to receive it. Broadcast frames, eventually causing network congestion or even paralysis.
MAC address table is unstable
In addition to generating a large amount of traffic, broadcast storms will also cause instability in the MAC address table. During the formation of broadcast storms:
- When the broadcast frame sent by PC1 reaches LSW1, LSW1 will learn according to the source MAC, and LSW1 will write the MAC of PC1 and the corresponding port G0/0/1 into the MAC cache table.
- LSW1 forwards this broadcast frame from other ports except the receiving port, and LSW2 receives two broadcasts from LSW1 (from G0/0/1 and G0/0/2) , assuming G0/0/2 first After receiving this broadcast frame, LSW2 learns according to the source MAC and stores the MAC of PC1 and the receiving port G0/0/2 in its own MAC cache table, but at this time it receives this broadcast frame from G0/0/1, LSW1 Store the MAC of PC1 and the corresponding G0/0/1 interface in its own MAC cache table.
- LSW2 sends the broadcast frame back to LSW1 from its two interfaces respectively, so that the MAC address of PC1 will be kept in G0/0/1 and G0/0/2 (G0/0) of the two switches. /3, G0/0/4) , and the MAC address cache table is constantly refreshed, which affects the performance of the switch.
duplicate frame copy
In addition to the broadcast storm and the instability of the MAC address, the redundant topology will also cause repeated frame copies:
- Suppose PC1 sends a unicast frame to PC3, and the unicast frame arrives at LSW1. Assuming that there is no MAC address of PC3 on LSW1, according to the principle of the switch, the unknown unicast frame is flooded and forwarded, that is, it is sent to the port other than the receiving port. All other ports (fa0/2, fa0/23, fa0/24) .
- LSW2 receives the unicast frame from its own G0/0/1 and G0/0/2. LSW2 knows that PC3 is connected to its own G0/0/4 interface, so LSW1 sends the two unicast frames. Forward to PC3.
- PC1 only sent one unicast frame, but PC3 received two unicast frames, which would cause inaccurate calculation problems in some network environments such as traffic statistics.
Introduction to STP
Based on these problems existing in redundant links, STP is designed to solve these problems. The working principle of STP is described below.
The default stp versions on the switch are mstp (multi-instance spanning tree), stp (spanning tree) , and rstp (rapid spanning tree) .
STP ensures that there is only one logical path to any destination address by congesting some ports on redundant paths. STP borrows the exchange of BPDUs (Bridge Protocol Data Units) to prevent loops, which contain BIDs (Bridge IDs). ) is used to identify which computer sent the BPDU.
In the case of STP running, although there is no loop logically, there is still a loop on the physical line, but some ports on the physical line are disabled to prevent the loop from occurring. If the link being used fails, the STP Recalculated, partially disabled ports are re-enabled to provide redundancy
STP uses STA (Spanning Tree Algorithm, spanning tree algorithm) to determine which ports on the switch are blocked to prevent loops from occurring. STA selects a switch as the root switch, called the root bridge (Root Bridge) . All paths are calculated as reference points.
Election: root bridge, root port, designated port, non-designated port
① Root bridge (root switch) – In a spanning tree instance, there is only one switch that is root
Compare the bridge id (priority + MAC address) of each switch, the smaller the better
Default priority : 32768
Change the priority to a multiple of 4096[System] stp mode stp Modify the mode of stp
Stp priority 4096 Modify the priority
(shortest, star) closest to the root bridge receives BPDUs from the root bridge and forwards user traffic (this interface not blocking)
Path cost value: compare the minimum cost value when entering through this interface after being sent from the root bridge;
Peer bridge id: The inbound cost value is the same. Compare the BID of the peer device on the interface.
Peer port id: the peer BID is also the same, compare the PID of the interface of the peer device of the interface
Local port id (hub) : Xiaoyou
Port ID Interface priority (0-240, step size 16, default 128) interface number
③ Designated port—there is one and only one on each physical link where STP exists; forward BPDUs from the root bridge, and also forward user traffic (without blocking) ; by default, all interfaces on the root bridge are designated ports;
Path cost: compare the minimum cost (outbound) when entering this link through this interface after being sent from the root bridge
Local bridge id
Local port id (port priority and port number) The default port priority is 128 interface number
The local port id, the same, directly blocks the port;
④Non-designated ports—-the remaining ports are called blocked ports. The interface is logically blocked, and information can actually be received but not forwarded.
Packet Interaction in STP
BPDU Bridge Protocol Data Unit
① Configure BPDU
Role: used for role (port) election
Maintain the network topology, once every 2 seconds, up to 20 seconds, if there is no response from the root within 20 seconds, the root is considered to be down.
Only the root bridge can send. In the initial state of the switching network, all switches define the local as the root bridge to send BPDUs; so that all switches in the network receive BPDUs from other devices, and then compare based on the parameters in the data. , the root bridge is elected; then all non-root bridges no longer send BPDUs, but only receive and forward BPDUs from the root bridge; the period is 2s, and the hold time is 20s.
② TCN BPDU—Topology change bpdu
Function: When the topology changes, tcn bpdu will be sent
After the local switch link fails, STP reconverges. In order to quickly refresh the MAC tables of all switches in the entire network, TCN will be sent to all local STP interfaces (the TCN bit in the marker bit is 1) . After receiving the TCN, the neighbor switch will first mark it as The ACK bit is a reply, which is used for reliable transmission of messages; then the TCN is forwarded to the root bridge step by step, and the root bridge replies the TC message to all switches step by step; all switches temporarily modify the old time of the MAC table. is 15s (default, forwarding delay) .
1.BPDU Flags identification field
Tca Bit Topology Change Confirmation Bit
Tc bit topology change bit
Set to 1 when there is a change
2.root identifier root bridge id (Root ID)
3.cost of path The cost of reaching the root
4.Bridge ID Bridge ID of this switch
5.Port ID Port ID
The 80 in front of 0x8001 represents priority 128, and 01 represents the port number
6.message age Message age + 1 for each switch that passes through the message life
7.max age maximum lifespan is 20 seconds
8.hello time 2 seconds
9.forward delay forwarding delay 15 seconds
There are three types of BPDU time: Hello Time, Max Age, Forward Delay:
Hello time controls the time interval for sending configuration BPDUs, the default is 2 seconds. This is the interval at which the root switch generates BPDUs and sends them to non-root switches.
The non-root switch receives the BPDU sent by the root switch and forwards it from other ports except the receiving port. If no new BPDU is sent from the root switch due to network failure within 2-20 seconds, the non-root switch will stop sending BPDUs to the root switch. Send out BPDUs received from the root switch. If this situation persists for 20 seconds, which is the maximum lifetime, the non-root switch invalidates the original stored BPDU and starts looking for a new root port. The so-called maximum lifetime is the time that the non-root switch uses to backup and store the BPDU before discarding it.
The forwarding delay is the time it takes the switch from the listening state to the learning state, and the default is 15 seconds.
port status change
Disable feature when stp is enabled: no stp calculation is performed.
blocking Blocked ports directly enter the blocking state.
listening The non-blocking port enters the listening state. Features: Accelerates the aging of the mac address table.
All switches send and receive BPDUs and elect all roles; if the interface role is a non-designated port, it directly enters the blocking state; if it is a designated port and a root port, it enters the next state.
There is an interval of 15 seconds. The purpose is to speed up the aging of the mac address table. The aging time of the mac address table is 300 seconds.
learning learning status
The specified port and the root port learn the MAC addresses of all the devices connected to the interface, and generate a MAC table; then enter the next state.
There is a time interval of 15 seconds in the middle to speed up the learning of the mac address table.
forwarding forwarding status
Note: Only after the interface enters the forwarding state, data packets can be forwarded for users, and no data can be forwarded for the previous 30s.
Initial convergence—30s = 15 listening + 15s learning
- There is a direct connection detection:
There is a blocked port locally. If other ports are disconnected, the blocked port will immediately enter 15 for listening (election) ; if the result is enabled, it will enter another 15s to learn – a total of 30s.
When the blocking port senses a topology change and sends a tcn BPDU, the peer end will reply with a tca=1 topology change confirmation; when the switch receives the root switch Fan Hong’s network change tc=1 configuration BPDU, the original path can be aged out and new paths can be learned. path of.
- No direct connection detection:
There is no blocked port locally. If a port is disconnected, it will send a suboptimal BPDU (with the local as the root) to other neighboring switches. Other switches ignore the data and count the hold time for 20s. When the time comes, the blocked interface enters the 15s listening period. 15s study = 50s total.
Due to the line failure, Sw2 aged the source path after 20s, thought it was the root, sent bpdu to sw3, and sw3 received two bpdus, so it would detect the link change. Since the path linking s1 is optimal, it sends tcnBPDU to s1 , s1 replies a configuration bpdu with tc=1, the switch ages the original path and learns a new path.
Disadvantages of STP
- Slow convergence
It takes 15s to learn the mac address from learning to forwarding,
It takes 15s to accelerate the aging time from listening to learning,
No matter how many seconds the above takes, the maximum waiting time is always 15s,
It took too long to send tcnBPDU.
- Low link utilization
- RSTP Rapid Spanning Tree
The backup port is only proposed in Huawei.
The backup port backup becomes the designated port.
The reserved port will be reserved as the root port in the future.
The same point as the backup port and the backup port, data forwarding is not performed under normal circumstances.
There are three port states in RSTP, and the first three stp states are combined into one, because no mac is learned and data is not forwarded.
discarding does not learn mac nor forward data.
learning does not forward data but learns mac.
Forwarding means learning mac and forwarding data.
The difference between BPDU stp and rstp:
stp: configure BPDU TCN BPDU
rstp: RST BPDU (Rapid Spanning Tree bpdu)
Tca bit (topology change acknowledgement) topology change acknowledgement bit.
Agreement bit (agreement) .
learning state , which accelerates the learning of the mac address table
Port role (port role) The port role is 11, which proves that the port is the designated port. If it is 10, it means it is the root port, 01 means the spare port or backup port, and 00 means reserved.
Proposal bit (proposal).
Topology change bit (topology change)
RSTP Rapid Spanning Tree:
Convergence is fast:
- Edge Port: The port to which end devices are connected
Advantages: no port role calculation is performed, and it directly becomes the forwarding state
Configure edge ports
Stp edged-port enable
- P/A Mechanism Proposal/Consent Mechanism
Prerequisites: The switch of point-to-point link (full-duplex link) first sends an RST BPDU to the root, and the root compares it after receiving it, and sends its own to the switch. The switch finds that the bridge id is smaller than itself and has priority over itself. A consent bit is sent to the root switch, and the interface on the root switch becomes the designated interface and directly changes to the forwarding state.
When the network changes, Sw3 immediately starts a TC while timer: 2 times the hellp time, directly sends the tcBPDU to s2, and within four seconds, ages the original mac address to form a new address, and repeats the above actions after s2 receives it until it sends to the root switch.
MSTP multi-instance spanning tree
The collection of multiple rstp is mstp
Instance instance: rstp
Disadvantages of a single instance tree:
Some vlan paths are different
Unable to use traffic sharing
would produce suboptimal layer 2 paths
Two trees are established. When pc1 sends data, lsw4 is the root, and when pc2 sends data, lsw5 is the root, so as to solve the drawbacks of a single instance tree.
Basic operation of creating vlan Modify stp version Stp region-configuration Create the range of the domain Region-name Huawei domain name Revision-level 1 (guaranteed to be the same) Instance 1 vlan 10 Instance 2 vlan 20 Active region-configuration Activate mstp configuration for each switch The root of the instance 1 root primary/secondary (primary root/backup root) should be re-configured as long as it is modified. By default, there is instance 0 on the switch. When Mstp and arrp are linked, the primary root of mstp must be the primary of arrp.
When there are mstp and stp rstp in the network, they will finally run with stp. Their modes are still mstp and rstp, but the bpdu message sent is stp.
When the mstp switch is connected to the stp switch, the stp message is sent. When the stp is migrated away and the mstp switch is replaced, it will not automatically return to the mstp.[swb] stp mcheck manually migrates back to mstp.
Configure the maximum number of hops for mstp
The default maximum number of hops is 20 hops
Stu max-hops 30 Modify the maximum number of hops
Five and four protections
Edge Port Protection (BPDU Protection)
Why is there BPDU protection—–The bpdu received from the edge port will directly block the edge port.[System] Stp bpdu-protection (stp, bpdu protection is enabled)
Specifies port protection (root protection)
If a port pbdu with a lower priority than the specified port is received from the specified interface, the switch enters the blocking state and protects itself as the root forever.[Specified interface] Stp root-portection Enable root protection under the specified port
The three switches are connected by optical fiber. Since the optical fiber is composed of two lines, one for receiving and one for sending, once the receiving root port goes down, the sending line is no problem. At this time, when the blocking port is enabled, a loop will be formed.
The solution is to block the port if the bpdu cannot be received for a long time.
TC-BPDU protected TC
If a malicious user keeps sending tc-bpdu, the path in the link will be aging all the time. At this time, a threshold is set, and the bpdu will be discarded if the upper limit is exceeded.
The default accept tc upper limit is 1
Modify the command: stp tc-portection threshold 2
ThinkMo CCNA Dump exam information exchange group：
CCNA/CCNP/CCIE telegram study group：https://t.me/ccie_ei_lab
ThinkMo CCNA 200-301 Tutorial VIP Exclusive：
The complete EVE_NG file, free learning PDF and PPT that can be used directly, as well as video explaining the technical points are all here!