In order to improve network reliability, redundant links are usually used in switch networks. Redundant links can bring loop risks to switches and lead to problems such as broadcast storms and MAC address table instability. Spanning Tree Protocol STP (Spanning Tree Protocol) can improve reliability while avoiding various problems caused by loops.
According to the forwarding principle of the switch, if the switch receives a broadcast frame from a port, or a unicast frame with an unknown destination MAC address, it will forward the frame to a port other than the source port. All other ports are forwarded. If there is a loop in the switching network, the frame will be forwarded indefinitely, a broadcast storm will form, and the network will be flooded with duplicate data frames.
The main function of STP: Use the spanning tree algorithm to create a spanning tree with a port of a switch as the root in the Ethernet network, automatically blocking one or more redundant ports logically port to avoid loops.
The basic working principle of STP is to transmit the conditions required for STP calculation through the interaction of BPDU (Bridge Protocol Data Unit), and then block specific ports according to a specific algorithm, thereby obtaining Acyclic tree topology.
In order to calculate spanning tree, switches need to exchange relevant information and parameters, which are encapsulated in BPDU (Bridge Protocol Data Unit).
There are two types of BPDU: configuration BPDU and TCN BPDU (topology change BPDU).
The election of the root bridge in STP is based on the bridge ID. Each switch in STP will have a bridge ID. The bridge ID consists of a 16-bit Bridge Priority and a 48-bit MAC address. In the STP network, the bridge priority is configurable. The value range is 0~65535, and the default value is 32768. The device with the highest priority (the smaller the value, the higher the priority) will be elected as the root bridge. If the priorities are the same, the MAC addresses will be compared. The smaller the MAC address, the higher the priority.
When a non-root switch elects a root port, it is based on the port's root path cost, peer BID (Bridge ID), peer PID (Port ID), and local PID.
Each port of the switch has a Port Cost parameter, which represents the cost value of the port in STP. By default, the cost of a port is related to the bandwidth of the port. The higher the bandwidth, the smaller the cost. There may be multiple paths from a non-root bridge to the root bridge. Each path has a total cost value. This cost value is the sum of the port costs of all ports that receive BPDUs on the path (that is, the incoming port of the BPDU). called path cost. The non-root bridge selects the shortest path to the root bridge by comparing the path costs of multiple paths. The path cost of this shortest path is called RPC (Root Path Cost), and generates a loop-free tree network. The root path cost of the root bridge is 0.
If the calculated cumulative path costs of two or more ports are the same, then the port with the smallest BID from the sender is selected as the root port.
Each port running an STP switch has a port ID, which consists of the port priority and the port number. The port priority value range is 0 to 240, with a step size of 16, that is, the value must be an integer multiple of 16. By default, the port priority is 128. Port ID (Port ID) can be used to determine the port role, and the one with the smaller value takes precedence.
The port that suppresses other ports (whether your own or other devices) from sending BPDU messages on a network segment is the designated port of the network segment.
Each port on the root bridge is always a designated port.
The ports corresponding to the root port (that is, the ports directly connected to the root port) are all designated ports.
The designated port is elected by first comparing the cumulative path cost. The port with the smallest cumulative path cost is the designated port. If the cumulative path costs are the same, the bridge IDs of the switches where the ports are located are compared, and the port with the smallest bridge ID is elected as the designated port. If the port cannot be selected based on the cumulative path cost and bridge ID, the port ID will be compared and the port with the smallest port ID will be elected as the designated port. (Same root port election)
After the network converges, only the designated port and the root port can forward data. Other ports are reserve ports, which are blocked and cannot forward data. They can only receive BPDU messages from the designated switch on the connected network segment and use this to monitor the link status.
1. Forwarding: forwarding status. The port can forward both user traffic and BPDU packets. Only the root port or designated port can enter the Forwarding state.
2. Learning: learning state. The port can build a MAC address table based on received user traffic, but does not forward user traffic. The Learning state is added to prevent temporary loops.
3. Listening: listening state. The port can forward BPDU packets, but cannot forward user traffic.
4. Blocking: blocking state. The port can only receive and process BPDUs, but cannot forward BPDUs or user traffic. This state is the final state of the standby port.
5. Disabled: disabled state. The port neither processes nor forwards BPDU packets nor forwards user traffic.
In a stable STP topology, non-root bridges will regularly receive BPDU messages from the root bridge. If the root bridge fails and stops sending BPDU messages, the downstream switch will not be able to receive BPDU messages from the root bridge. If the downstream switch never receives BPDU messages, the Max Age timer will time out (the default value of Max Age is 20 seconds), causing the received BPDU messages to become invalid. At this time, non-root switches will send configurations to each other. BPDU message to re-elect a new root bridge. Root bridge failure will result in a recovery time of about 50 seconds, which is approximately equal to Max Age plus twice the Forward Delay convergence time.
1. SWA and SWB use two links to interconnect, one of which is the main link and the other is the backup link. After the spanning tree converges normally, if the SWB detects a physical failure on the link of the root port, its Alternate port will migrate to the Listening, Learning, and Forwarding states, and return to the forwarding state after twice the Forward Delay.
2. SWB is interconnected with SWA through two links through the hub. When the active link fails, SWB has not detected signal loss, so it remains in the original state. However, the root port can no longer receive data. When a BPDU message arrives at the root bridge, after T=Max_Age-Message_Age, the original BPDU message expires, and the Alternate port of the SWB will migrate to the Listening, Learning, and Forwarding states, and return to the forwarding state after twice the Forward Delay. Therefore, the link recovers after 2xForward_Time + (Max_Age-Message_Age) time.
Some kind of failure occurred in the link between SWB and SWA (non-physical layer failure), so SWB never received BPDU messages from SWA. After waiting for the Max Age timer to expire, SWB will think that the root bridge SWA is no longer valid and that it is the root bridge, so it will start sending its own BPDU messages to SWC to notify SWC that it is the new root bridge. During this period, the Alternate port of the SWC can no longer receive BPDU messages containing the original root bridge ID. After its Max Age timer times out, the SWC will switch the Alternate port to the designated port and forward the BPDU messages from its root port to the SWB. Therefore, after the Max Age timer times out, SWB and SWC will receive BPDUs from the other party almost at the same time. After STP recalculation, SWB gives up claiming to be the root bridge and redetermines the port role. After an indirect link fails, it takes about 50 seconds for the port to return to the forwarding state due to the need to wait for the Max Age plus twice the Forward Delay time.
The experimental topology is shown in the figure above. The IP address of PCA is 2.2.2.1/24, and the IP address of PCB is configured as 2.2.2.2/24.
Due to the existence of a loop in the network, you can see that the indicators of all interconnection ports of the switch and the ports connected to the host flash rapidly, indicating that a broadcast storm has formed. At this time, PCA cannot ping PCB.
On SW1, run the stp mode command to configure the spanning tree protocol mode to RSTP, and run the stp enable command to enable the spanning tree protocol on the switch.
The configurations of SW2, SW3, and SW4 are the same as SW1. After enabling the spanning tree protocol, you can see that the indicator lights on each port of the switch stop flashing rapidly and the network returns to normal. At this time, the PCA can ping the PCB.
Use the display stp brief command to view the STP status and port role of each port of the switch:
From the above, we can see that the root port of each switch is the port connected to SW3, and SW3 does not exist. Root port, indicating that SW3 is the root bridge in the network.
It is known in 2 that SW3 is the current root bridge. We can specify the root bridge through the following command:
This configuration sets SW1 as the root bridge and SW2 as the backup root bridge. We can also control the election of the root bridge by changing the bridge priority, changing the priority of SW3 to 8192 and the priority of SW2 to 4096.
View STP information:
You can see that SW2 has become the new root bridge.
After step 3, the GigabitEthernet0/0/3 port of SW3 is the root port and is interconnected with the root bridge SW2. The default port priority is 128. The larger the value, the lower the priority.
Set the GigabitEthernet0/0/3 port priority of SW2 to 32 and the GigabitEthernet0/0/6 port priority to 16:
Note: This is to modify SW2 Port priority, rather than modifying the port priority of SW3.
Check the port role on SW3:
The GigabitEthernet0/0/6 port of SW3 has become the root port.
GigabitEthernet0/0/3 of SW4 is the replacement port, GigabitEthernet0/0/3 of SW1 is the designated port, and the path cost of GigabitEthernet0/0/2 of SW1 port is modified to 2000000.
View current port role information.
STP can provide a loop-free network, but the convergence speed is slow. If the topology of the STP network changes frequently, the network will also frequently lose connectivity, causing frequent interruptions in user communications. Rapid Spanning Tree Protocol RSTP uses the Proposal/Agreement mechanism to ensure timely link negotiation, thereby effectively preventing the convergence timer from expiring before spanning tree convergence.
There are four types of RSTP port roles: root port, designated port, Alternate port and Backup port.
Alternate port: A port blocked due to learning of better configuration BPDU messages sent by other bridges; used as a backup port for the root port.
Backup port: A port blocked due to learning of the better configuration BPDU message sent by itself; used as a backup port for the designated port.
Discarding state, the port neither forwards user traffic nor learns MAC addresses.
Learning state, the port does not forward user traffic but learns MAC addresses.
Forwarding state, the port forwards user traffic and learns MAC addresses.
RSTP convergence follows the basic principles of STP. When the network is initialized, all RSTP switches in the network consider themselves to be the "root bridge" and set each port as a designated port. At this time, the port is in the Discarding state.
Each switch that considers itself to be the "root bridge" generates an RST BPDU message to negotiate the port status of the specified network segment. The Proposal bit in the Flags field of this RST BPDU message needs to be set. When a port receives an RST BPDU message, the port compares the received RST BPDU message with the local RST BPDU message. If the local RST BPDU message is better than the received RST BPDU message, the port will discard the received RST BPDU message and send a local RST BPDU message with Proposal set to reply to the peer device.
After confirming that the downstream designated port has transitioned to the Discarding state, the device sends an RST BPDU message to reply to the Proposal message sent by the upstream switch. During this process, the port has been confirmed as the root port, so the Agreement flag bit and root port role are set in the Flags field of the RST BPDU message.
In the final stage of the P/A process, after the upstream switch receives the RST BPDU message with the Agreement set, the designated port immediately transitions from the Discarding state to the Forwarding state, and then the downstream network segment begins to use the same The P/A process negotiates port roles.
First of all, RSTP defines changes in network topology as changes in port roles, because changes in network topology can be described as transitions between forwarding/blocking states of some network ports, and RSTP combines port roles and port roles. The port status is clearly defined (this is where RSTP is superior to STP).
Secondly, changes in RSTP port roles directly affect changes in port status. R-Port, D-Port, and Edge Port are in the Forwarding state; Alternated Port (hereinafter referred to as A-Port) and Backup Port are in the Discarding state.
If a link fails, the ports at both ends of the link change from the forwarding state to the blocking state. From the purpose of Spanning Tree Protocol, it does not cause the network to form a loop. RSTP only needs to find a suitable port in the blocking state and convert it to the forwarding state to reconnect the topology. Since RSTP has already allocated the backup port A-Port of the R-Port during calculation, if the R-Port changes from the forwarding state to the blocking state, the corresponding A-Port will be changed to the forwarding state; similarly, D- The port color can also be achieved by setting the corresponding Backup Port to forwarding. The Edge Port does not affect the calculation of the spanning tree, so it is ignored. In this way, when the status of a certain port(s) changes from forwarding to blocking, there is no need to recalculate for RSTP (is it a bit familiar? I seem to have seen an algorithm that directly uses the backup path without calculation. If you are smart, you must have thought of: DUAL ).
Due to the connectivity of a certain link, the spanning tree domain may form a loop. In RSTP, this behavior is defined as the D-Port converting from blocking state to forwarding state. The corresponding checking mechanism should be the P/A mechanism, that is, from the D-Port that needs to enter the forwarding state, it is recommended that the other end perform synchronization. After confirmation, enter the forwarding state.
After receiving the "Advice" message, the peer Bridge blocks all its own D-Ports and returns an "Agree" message to the sender of the "Advice" message; on the other hand, it blocks its own port synchronous. There are two types of synchronization: if the port is an E-Port, or it was originally in a non-forwarding state, it is "synchronized"; if the port was originally in a forwarding state, and it re-enters the forwarding state, it will "advise" the other end and wait. confirm.
The following will demonstrate the process of the P/A mechanism with the illustration:
1. Establish a new link between B and E. First, select the port role;
2. B and E exchange BPDUs through this link. Since the BPDUs sent by port B are superior, the role of port B is D-Port. At the same time, E receives more BPDUs from B than from C. The received one is better, so E converts the port connected to B to Root Port, and at the same time, the port connected to C is converted to A-Port. It should be noted that RSTP has improved root port forwarding compared to STP. Once the old R-Port non-forwarding state is determined and the new R-Port is determined, the new R-Port immediately enters the forwarding state; p>
3. At this moment, port B is still in the Discarding state and expects to enter the Forwarding state, so it will send the configuration BPDU with "Proposal" set from the D-Port to E; after E receives the BPDU, it enters synchronization Status: Convert all forwarding state ports to discard and check port synchronization;
4. From the synchronization principle, only the port connected to D in E is in the forwarding state, so E continues to block the port and Returns a BPDU with "Agree" set to B. Since then, the B-E link has been synchronized and traffic is forwarded immediately; and since the port connected to E by D is A-Port, BPDUs are not forwarded, so the "Proposal" set BPDU sent by E will not be set by the "Agreement" BPDU response. The port will remain blocked.
The experimental topology is shown in the figure above. Each port of the switch belongs to VLAN1, the IP address of PCA is 2.2.2.1/24, and the IP address of PCB is configured as 2.2.2.2/24.
Test the connectivity between SW2 and SW3:
Check the port role of SW2
GigabitEthernet0/0/3 of SW2 is the root port, use ping to test S1 to S2 connectivity 20 times.
Tip: SW2 immediately closes the GigabitEthernet0/0/3 interface of SW3 after performing the ping operation.
View the port role of SW2
GigabitEthernet0/0/6 of SW2 becomes the root port, the port enters the FORWARDING state, and 1 packet times out.
On SW1, run the stp mode command to configure the spanning tree protocol mode to RSTP, and run the stp enable command to enable the spanning tree protocol on the switch.
The configurations of SW2, SW3, and SW4 are the same as SW1.
Configure SW2 as STP spanning tree, and keep other configurations unchanged.
View SW2 port role information
GigabitEthernet0/0/3 of SW2 is the root port. Use ping to test the connectivity from S1 to S2 30 times.
Tip: SW2 immediately closes the GigabitEthernet0/0/3 interface of SW3 after performing the ping operation.
View SW2 port information
GigabitEthernet0/0/6 of SW2 becomes the root port, the port enters the FORWARDING state, and 16 packets time out.
RSTP is compatible with STP, but the convergence mode operates in STP mode.
Regardless of whether it is STP or RSTP, VLAN is not considered when calculating spanning tree in the network. They all apply to a single spanning tree instance. In other words, all VLANs in STP and RSTP share the same spanning tree.
In order to solve this problem, Cisco proposed the second generation spanning tree - PVST, PVST+. According to the PVST protocol, each VLAN has a spanning tree, and a BPDU is sent every 2 seconds. For a network with tens of millions of VLANs, it is difficult to maintain so many spanning trees. On the other hand, sending a BPDU every 2 seconds for each VLAN is also overwhelming for the switch.
In order to solve the difficulties caused by PVST, Cisco proposed the third generation spanning tree - MST (MSTP) Multiple Spanning Tree Protocol. MSTP can group numerous VLANs in the network and assign VLANs into groups. The group here is the MST instance (Instance) mentioned later. There is one spanning tree for each instance, and BPDUs are sent only to the instance. This achieves load balancing.
Multiple Spanning Tree Protocol (MSTP) is a new spanning tree protocol defined in IEEE 802.1s. To put it simply, STP/RSTP is based on ports, PVST+ is based on VLAN, and MSTP is based on instances. Compared with STP/RSTP and PVST+, MSTP introduces the concepts of "Instance" and "Region".
The so-called "instance" is a collection of multiple VLANs. This method of bundling multiple VLANs into one instance can save communication overhead and resource usage. The calculation of the MSTP topology is independent, and load balancing can be achieved on these instances. VLANs with the same topology are mapped to a certain instance, and the forwarding status of these VLANs on the port will depend on the forwarding status of the corresponding instance in MSTP.
The so-called "region" is the MST Region. ), consisting of domain name (Configuration Name), revision level (Revision Level), format selector (Configuration Identifier Format Selector), mapping of VLAN and instance (mapping of VIDs to spanning trees), in which domain name, format selector and revision level There are related fields in the BPDU message, and the mapping relationship between VLAN and instance shows summary information (Configuration Digest) in the BPDU message. The digest is a 16-byte signature calculated based on the mapping relationship. Only the above four are included. Switches that are the same and connected to each other are considered to be in the same domain.
As shown in the figure above, all switches in each domain have the same MST domain configuration (have the same domain name; have the same VLAN to spanning tree instance mapping configuration; have the same MSTP revision level configuration). By default, the domain name is the switch's bridge MAC address, the revision level is equal to 0, the format selector is equal to 0, and all VLANs are mapped to instance 0.
Instance 0 of MSTP has a special role and is called CIST (Common Internal Spanning Tree), which is the common and internal spanning tree. The other instances are called MSTI (Multiple Spanning Tree Instance), which is Multiple spanning tree instances. CIST consists of a single spanning tree calculated through STP/RSTP and a domain calculated through MSTP to ensure that all bridged LANs are simple and fully connected. CST (Common Spanning Tree) is a single spanning tree calculated by STP/RSTP and MSTP to connect MST domains. IST (Internal Spanning Tree) is the connectivity provided by CIST within a given MST domain. As shown in the figure above, if each MST domain is regarded as a "switch", CST is a spanning tree calculated by these "switches" through STP/RSTP or MSTP protocols. IST is a fragment of CIST in the MST domain and is a special instance of multiple spanning trees.
Compared with STP and RSTP, MSTP introduces the concepts of total root and regional root. The common root is a global concept. There can only be one common root for all interconnected switches running STP/RSTP/MSTP, which is the root of the CIST. The regional root is a local concept, which is relative to a certain domain. For an instance. As shown in the figure above, all connected devices have only one root, and the number of domain roots contained in each domain is related to the number of instances.
Compared with STP and RSTP, MSTP introduces the concepts of external path cost and internal path cost. The external path cost is relative to CIST, and the external path cost within the same domain is the same; the internal path cost is relative to an instance within the domain, and the same port corresponds to different internal path costs for different instances.
Compared with STP and RSTP, MSTP introduces the concepts of domain edge port and master port. Domain edge ports are ports that connect different MST domains, MST domains and areas running STP, and MST domains and areas running RSTP. They are located at the edge of the MST domain. In a domain that does not contain the master root, the Master port is all the border ports. Among them, the port with the minimum cost to reach the main root, that is, the port connecting the MST domain to the main root, is located on the shortest path from the entire domain to the main root; the Alternate port is the backup port of the Master port. If the Master port is blocked, Alternate The port will become the new Master port.
The algorithms and principles used by the MSTP protocol to calculate the spanning tree are similar to those of STP/RSTP. However, because parameters such as domain and internal path cost are introduced in MSTP, the priority vector in MSTP is 7-dimensional. , while STP/RSTP is 5-dimensional.
The priority vector in STP/RSTP is:
{root bridge identifier, root path cost, bridge identifier, sending BPDU message port identifier, receiving BPDU message port identifier}
The priority vector in MSTP is:
{CIST root bridge identifier, CIST external root path cost, CIST domain root identifier, CIST internal root path cost , CIST specifies the bridge identifier, CIST specifies the port identifier, CIST receiving port identifier}
The bridge identifier in STP/RSTP is actually the identifier of the device sending BPDU, which is the same as the one in MSTP. CIST specifies the bridge identifier correspondence. There are two situations for the CIST domain root identifier in MSTP. One is in the domain where the general root is located, and this field in the BPDU message is the identifier of the reference general root. The other situation is in the domain that does not contain the general root. The BPDU message This field is the identifier of the reference master device. When the entity running MSTP is initialized, it considers itself to be the general root and regional root. Through interactive configuration messages, it calculates the CIST spanning tree and MSTI according to the 7-dimensional vector introduced above.
The devices in the network send and receive BPDU messages, and after comparing the configuration messages, select a switch with the highest priority in the entire network as the root of the CIST tree. Within each MST region, MSTP generates IST through calculation; at the same time, MSTP treats each MST region as a single switch and generates CST between MST regions through calculation. As mentioned earlier, CST and IST constitute the CIST of the entire switch network.
In the MST region, MSTP generates different spanning tree instances for different VLANs based on the mapping relationship between VLANs and spanning tree instances.
Each spanning tree is calculated independently, and the calculation process is similar to the spanning tree calculation process of STP/RSTP.
Features of MSTI:
MSTP topology change processing is similar to RSTP topology change processing.
There is only one criterion for detecting whether the topology changes in RSTP: a non-edge port migrates to the Forwarding state.
In this way, RST BPDU flooding will occur in the network.
Define VLAN1-10 to belong to INSTANCE 1, and VLAN11-20 to belong to INSTANCE 2.
Configure the priority of SW2 in instance 1 to 4096, and the priority in instance 2 to 8192.
Configure the priority of SW3 in instance 2 to 4096 and the priority in instance 1 to 8192.
View the status of instance 1 and instance 2
SW2 is the root bridge of instance 1, and SW3 is the root bridge of instance 2.
View the port role of MSTP instance 1
In instance 1, SW2 is the root bridge. Users from VLAN 1 to VLAN10 of SW1 pass through the GigabitEthernet0/0/1 interface and SW2, SW3, User communication from VLAN 1 to VLAN10 of SW4.