Half-duplex transmission is the traditional means of transporting Ethernet frames. Because data is transmitted in one direction at a time over a shared medium, such as a hub, collisions are possible. The CSMA/CD algorithm is used to handle collisions. A hub uses shared media and supports half-duplex only. 10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions and as such the effective throughput is only 3 to 4 Mb. Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementations also require a point-to-point connection between each send and receiver port. Therefore a switch with 8 ports would have each of the 8 ports connected to the rest of the ports via a dedicated set of wires. This ensures that there is no shared medium and collision is not possible. Because data can be transmitted bidirectionally, the effective rate of a 10-Mb full-duplex transmission is 20 Mb (i.e., 10 Mb each way). Hence full-duplex transmissions are more efficient than half-duplex. Switches and routers usually support full-duplex transmissions. When devices such as switches and hubs are interconnected, care must be taken to ensure that the proper transmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set to half-duplex because the hub only supports half-duplex. For switch-to- switch, switch-to-host, or switch-to-router connections, full-duplex can be used.
The CSMA/CD access rules are summarized by the protocol’s acronym . Carrier Sense means that a host that wants to transmit data will first monitor the link, and if it does not sense the transmission signal of another host , it will transmit its data. If the waiting host senses another host transmission signal, the waiting host will continue to wait until the link goes silent. Multiple Access means many hosts share the same medium. Collision Detection means that hosts monitor the medium while transmitting to detect another host that is transmitting while they are transmitting. This means that only one host can transmit at once, as shown in the figure above. In this scenario: All the hosts are listening to the line. Host A decides to transmit because there is no message transmitted by any other host (idle line). Hosts B, C, and D listen to host A transmitting and will not transmit data until host A has transmitted the data. Host A’s message is transmitted on all hub ports. The procedure above reduces the chance of collisions but does not prevent them. Both hosts A and B could decide to transmit at once because no other hosts are transmitting a message on the line (idle line).
When host A and host B transmit frames at the same time, they will both detect collision or corruption of the data. Both host A and host B will generate a jam signal, which will be received by other hosts so that they discard the data that was just corrupted by a collision. A random back-off timer is then started on the transmitting hosts. Afterward, either host A or host B will initiate a transmission after they detect no other transmission on the line.
Full-duplex operation is an optional MAC layer capability that allows simultaneous two-way transmission over point - to - point links. Full-duplex transmission involves no media contention, no collisions, and no need to schedule retransmissions. There are exactly two hosts connected on a full-duplex point - to - point link. The link bandwidth is effectively doubled because each link can now support full-rate, simultaneous, two - way transmission.
Auto-negotiation is a mechanism that takes control of the cable when a connection to a network device is established. Auto-negotiation detects the various modes that exist in the device on the other end of the wire (the link partner) and advertises its own abilities to automatically configure the highest performance mode of interoperation. Auto-negotiation was first defined in 1995 as an optional feature for 10 and 100 Mb/s twisted-pair Ethernet, clause 28 of 802.3u. 1000Base-T requires auto-negotiation to establish signal timing control to make the link operational. Basically, an auto-negotiation device advertises its abilities and detects the abilities of the remote device that it is connected to, known as the link partner. After auto-negotiation has received the link partner's abilities in a robust manner and it receives acknowledgment that its abilities have also been received by the link partner, auto-negotiation compares the two sets of abilities and decides which technology to connect. This decision is based upon a previously agreed priority of technologies. Auto-negotiation attaches the highest-performance common technology to the medium and becomes transparent until the link goes down or is reset.
A collision domain is a group of Ethernet or fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and that compete for access in the network. Only one device in the collision domain may transmit at any one time, and the other devices in the domain listen to the network to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment. A broadcast domain is a restricted area in which information can be transmitted for all devices in the domain to receive. More specifically, Ethernet LANs are broadcast domains. Any devices attached to the LAN can transmit frames to any other device because the medium is a shared transmission system. Frames are normally addressed to a specific destination device in the network. While all devices detect the frame transmission in the network, only the device to which the frame is addressed actually receives it. A special broadcast address consisting of all 1s is used to send frames to all devices in the network.
Ethernet switches use the MAC address of the host. The switch dynamically learns which host MAC addresses are associated with an interface and enters the address information into a MAC FDB. When the switch receives an Ethernet frame, it looks at the destination MAC address of the frame, compares it to the entries in its MAC FDB, and then transmits the frame out of the appropriate interface. If no entry is found, the switch floods the frame out of all its interfaces.
In a network with built-in redundancy and no STP, the likelihood of receiving multiple copies of a frame is high. Most protocols cannot recognize duplicate transmissions. The protocols that do use a numbered sequencing to track transmitted packets will think that the numbers have reset or are recycled.
Redundant networks without STP can also cause database instability. In the figure above, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of the frame arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with the new entry for Host A, mapping it to Port 1. This activity causes an unstable database as Switch 2 tries to keep up with the actual location of Host A.
Networks that are designed with redundancy and no STP are vulnerable to the transmission of broadcast frames because the switch receives multiple copies of a frame. Because the switch receives multiple frames, it floods broadcast frames out of all ports with the exception of the port the frame was received on. In a redundant network, this broadcast frame would perpetuate itself until the switch resets because it gets overwhelmed with activity.
Each port on a switch that uses STP exists in one of the following five states . Blocking — A port in the blocking state does not participate in any frame forwarding. A switch always enters the blocking state following switch initialization. Listening — This is the state that a port enters into after the blocking state when the STP has decided that this port should participate in frame forwarding. Learning — A port enters into the learning state after the listening state. This is to prepare the forwarding tables for frame forwarding. Forwarding — A port in the forwarding state forwards frames. Disabled — A port in the disabled state is non-operational.
A port in the blocking state performs as follows: Discards frames received from the attached segment. Discards frames switched from another port for forwarding. Does not incorporate station location into its address database. (There is no learning at this point, so there is no address database update.) Receives BPDUs and directs them to the system module. Does not transmit BPDUs received from the system module.
In this example, the two bridges/switches with the same priority will use their MAC addresses to decide which will be root. In this case, it is the topmost bridge/switch that has the lower MAC address and is therefore the root.
To summarize, three values are used in the STP port calculations : Port priority (has a default value but is configurable) Per interface cost (dependent on bandwidth but is configurable) Port MAC address Root port — Shortest path toward the root on a leaf, facing the root Designated port — Sends and receives frames on that segment Blocked port — Does not forward any frames
In the blocking state, after STP has determined that the port will participate in frame forwarding, it puts the port into the listening state. While in the listening state, the port can perform the following functions: Discard any frames it receives from an attached Ethernet segment Discard any frames another port on the bridge/switch passes to it to forward Does not update the FDB when it receives updated BIDs Receives and processes BPDUs both from the link and from the bridge/switch Receives and processes network management traffic
Learning is the state that a port enters just before getting ready to participate in frame forwarding. The primary function is to incorporate MAC addresses in the FDB. In the learning state, the port does the following: Discards frames received from an attached segment Discards frames received from another port for forwarding Updates its FDB with new address information Receives and processes BPDUs both from the link and from the bridge/switch Receives and processes network management traffic
A port in the forwarding state forwards frames. It enters this state from the learning state. While in the forwarding state, the port can perform the following functions: Forward any frames that it receives from an attached Ethernet segment Forward any frames that another port in the bridge/switch passes to it to forward Updates the FDB when it receives updated BIDs Receives and processes BPDUs both from the link and from the bridge/switch Receives and processes network management traffic
Given the topology above, the following actions occur when the link between switches A and C breaks. BPDUs are sent by the root bridge every 2 seconds. When the link between A and C breaks, the root port on C will wait for the maximum age time (20 seconds) before deciding that the path between C and A is no longer operational. During the maximum age time, the BPDUs received at C’s blocked port from D are discarded because C considers these BPDUs to be inferior. After the maximum age time, C realizes that it does have a path to the root bridge via its port through D. Switch C ages out all its protocol information and decides to declare the port to D as the root port. Switch C then cycles the root port through the listening and learning states (15 seconds each) before forwarding traffic out of that port. At the same time, D transitions its blocked port to C into a designated port. Data is now forwarded. The total time required for convergence is: Max Age Time + Listening + Learning = 20 + 15 + 15 = 50 seconds
In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2. The following actions occur: The changes in port costs result in C and D sending BPDUs that advertise the new cost to root switch A. Switch B does not act on the BPDU sent via C. Root switch A relays this information by sending BPDUs (with topology change notification bit set to On) back to B, C, and D. All ports on A, B, C, and D are placed in the listening state, followed by the learning state (15 seconds each). The ports between C and D change to the forwarding state and the ports between B and C are now blocked.
What happens when a new switch is added to the existing topology? In the figure above, a new switch E is added to the top right of the existing topology. This switch has a lower MAC address than the current root. The following actions occur: As soon as switch E starts, it sets its ports to the blocking state. Thinking that it is the root, it then advertises BPDUs to neighboring switches A and D. Switch A also sends BPDUs to E because A is still the root in the original topology. Because E has a lower MAC address than A and its root bridge priority is the same as that of A, E becomes the new root and starts advertising BPDUs to all other switches in the topology. All other switches in the topology set their ports to the listening state, in which no data traffic is forwarded. After all BPDUs have converged and the roots and designated ports have been assigned, the switches transition their ports from the listening state to the learning state. Note: In the figure above, the link between switch A and D no longer exists once switch E is added.
STP performance is directly related to the root bridge/switch timer settings, which are outlined above in the final three fields of the BPDU: Maximum age, hello time, and forwarding delay. Maximum age — Defines the maximum amount of time that any received STP information is kept. When this timer is exhausted, the STP information is discarded. (typically 20 seconds) Hello time — Determines the frequency of transmitted hello messages to other bridges or switches (typically 2 seconds) Forwarding delay — Defines the amount of time the port stays in the learning and listening states (typically 15 seconds) The setting of all these values affects how quickly the network converges to a stable, frame-forwarding topology.
Steps to add Switch D to the existing Topology Ports on switch D are automatically set to blocked BPDUs are sent on each of the two ports and received from switches B and C simultaneously BPDUs send via Switch B and C to the root Root switch (Switch A) will send BPDU with Topology bit set to all ports All switches set their ports to the blocked state upon receiving the BPDU from the root All Switch ports transition through the listening and the learning state while the new Topology is being calculated Port between C and D is now blocked
The major advantage of RSTP over STP is rapid convergence: the network takes less than 5 seconds to converge to a forwarding topology. STP can take up to a minute for a similar-sized network. RSTP was the natural evolution of STP. As the demands on the network became more critical, the existing STP convergence time was no longer adequate. The terminology used with RSTP remains basically unchanged.
In STP, the port states were confusing because STP mixed the state of the port (blocking or forwarding traffic) with the role it played in the topology (root port, designated port, or neither). For example, ports in the blocking state and listening state are operationally similar: they both discard frames and do not learn MAC addresses. In addition, when a port is in the forwarding state, there is no way to infer that it is a root or designated port.
The major difference between STP and RSTP is that the port roles are configurable in RSTP, while in STP they were determined by the algorithm. This adds more time for the network topology to converge in STP when there is a change in the topology due to failure or redesign. In STP, the port roles were either forwarding or blocking. RSTP is granular when approaching the roles of the ports. The switch is now able to define which forwarding port is a root port or a designated port. The switch can also elect backup and alternate ports for faster recovery from a failure.
The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The alternate port resides on a different switch than the designated port.
The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The backup port resides on the same switch as the designated port.
In the slide above, only the shaded fields have been changed to support RTSP. As shown, the major change is with the Flags field. In STP, only bits 0 and 7 were identified. RTSP now makes full use of the entire octet. The message type is now 2, and the version is 2 (this allows 802.1w bridges to detect legacy 802.1d bridges).
BPDU handling — STP only generates a BPDU when it receives one on its root port. This is time-consuming as it renders bridges more as BPDU relayers than generators. This change in RSTP greatly improves BPDU handling efficiency. Aging — In RSTP, due to the way BPDUs are now handled, they can serve as keepalive timers from bridge/switch to bridge/switch. If 3 BPDUs are missed in a row, the bridge/switch considers either the direct neighbor or the designated bridge/switch as unreachable. This results in much faster failure detection. In STP, this would not be possible, and if the max age expires, the neighbor cannot be assumed to be down. It would only indicate that somewhere along the path from the port with the max age expired to the root bridge/switch, there is a failure. Accepting inferior BPDUs — This concept is new to RSTP and does not exist in STP. Inferior BPDUs are control information received on a switch that is older than the control information stored on the switch. Accepting inferior information from the designated or root bridge/switch means that the network can recover far more quickly from topology failures. Transition to forwarding state — This RSTP feature is the key factor in the improvement of topology convergence. This topic is covered in more detail on the next slide.
In the figure above, VLANs subdivide the Ethernet switch into multiple switches. Note that there are no logical interconnections between these internal switches. Therefore, the broadcast traffic that is generated by a host in a VLAN stays within that VLAN, making the VLAN its own broadcast domain. Because broadcast traffic for a particular VLAN remains within that VLAN’s borders, inter-VLAN or broadcast domain communication must occur through a layer 3 device such as a router. Hosts are not VLAN - aware, and therefore no 802.1q configuration is required on the hosts. The VLAN configuration is done within the switch and ports are assigned on a VLAN - by - VLAN basis .
In the figure above, Host 1 sends out a broadcast. Because Host 4 is the only other member of the VLAN , it is the only host to receive the broadcast. The FDB entries behave much the same way in the VLAN model as they do in the switch model: they are updated based on the source address. In the figure above, the source address of the broadcast frame is only learned by VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 transmits its broadcast packet. Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In the example above, this means that VLAN 101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at layer 3.
The standard that governs VLAN identification between switches (also known as tagging) is 802.1q. This standard stipulates that a 4-octet header/tag be inserted in the Ethernet frame between the source address and the type/length fields. Tags are the key component that allows 802.1q to function, and they are the method with which Ethernet frames can be associated with a VLAN segment.
The sharing of VLANs between switches is achieved by the insertion of a header with a 12-bit VID, which allows for 4094 possible VLAN destinations for each Ethernet frame. A VID must be assigned for each VLAN. Assigning the same VID to VLANs on different connected switches can extend the VLAN (broadcast domain) across a network. The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet frame of all network traffic of the VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses the VID to determine which FDB it will use to find the destination. After a frame reaches the destination switch port, the VLAN header is removed.
VLAN trunking provides efficient inter-switch forwarding of VLAN frames. In the previous example, each VLAN required its own inter-switch connections to forward frames from one switch to another. VLAN trunking allows a single Ethernet port to carry frames from multiple VLANs. This allows the use of a single high-bandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switches instead of multiple fast Ethernet ports. VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB at the destination switch designates the destination VLAN for the traffic on the VLAN trunk.
The VLAN header can be broken down into two parts: the VLAN tag type and the tag control information. The tag type is a fixed value that is an indicator of a VLAN tag. It indicates that the Length/Type field can be found a further 4 bytes into the frame. Because the frame is a Q-tag frame and is longer, it needs to indicate that the Length/Type field is offset from the traditional location by 4 bytes. The tag control information has three parts: Priority value — A 3-bit value that specifies a frames priority. CFI — A single bit. A setting of 0 means that the MAC address information is in its simplest form. Currently no other value is supported. VID — A 12-bit value that identifies the VLAN that the frame belongs to. If the VID is 0, the tag header contains only priority information.
In a common spanning tree, all VLANs are mapped to the same spanning tree instance. This leads to under-utilized links and possible communication interruptions.
With MSTP, each VLAN or range of VLANs is mapped to a separate instance of STP. This allows for better utilization of the network. As shown in the figure above, MSTP permits multiple root switches in a network. In one instance of the spanning tree a port may be blocking, but another instance may use that port for forwarding.
I the above example: Configuring SW2 as the Root Bridge the network will blocking either the link between SW1 and SW3 or SW4 and SW3, and full reachability of all switches and VLAN’s is achieved. A problem would occur if the trunk link between switches 2 and 4 fails. Switch three does not have VLAN 3 created and does not switch VLAN 3 frames between the trunk links. As a result VLAN 3 on switch 4 becomes isolated from VLAN 3 nodes on switches 1 and 2. Solution: Create ALL VLAN’s on all switches, then, if for a particular VLAN no Access Ports are required on a switch, associate only the trunk links with that VLAN
Building Up the MAC Forward/Filter Table 1/2 1/1 1/3 1/4 Host A 0000.8c01.000A Host B 0000.8c01.000B Host C 0000.8c01.000C Host D 0000.8c01.000D Step 1: Host A sends a frame to Host B. Step 2: The switch receives the frame on 1/1 and places source in MAC table. Step 3: The destination is not in the MAC table so the switch forwards the frame to all ports except the source. Step 4: Host B responds to Host A. The switch adds the source address of Host B to the MAC table. Step 5: Host A and Host B can now send unicast frames bidirectionally. Step 6: Similarly, Host C and Host D will send frames and populate the MAC table. Step 2 Step 4 0000.8c01.000A 0000.8c01.000B 0000.8c01.000C 0000.8c01.000D Step 6 1/1 1/2 1/3 1/4
Layer 2 has no mechanism to stop looping as layer 3 has with TTL
Receiving Multiple Copies Segment 1 Segment 2 Host X Host Y Switch 1 Switch 2
Database Instability Segment 1 Segment 2 Host A Unicast Unicast Port 0 Port 1 Port 0 Port 1 Host B MAC Address DB Host A Port 0 MAC Address DB Host A Port 0 Host A Port 0 Host A Port 1 Switch 1 Switch 2
Broadcast Storms Segment 1 Segment 2 Host X Broadcast Host Y Switch 1 Switch 2
STP Port States and Activities STP port state Part of active topology Learning of MAC addresses Disabled No No Blocking Listening Learning No Yes Forwarding Yes Yes
STP in Action: State 2 — Root Bridge/Switch Election
Root bridge/switch election calculation:
After bridges/switches have initialized and all ports are in blocking mode, root bridge election occurs.
Each bridge/switch has a user-assigned bridge priority.
The bridge priority ranges from 0 to 65 535 (default is 32 768).
Each bridge/switch sends its BID to every other bridge/switch. The BID is 8 bytes: 2 for bridge priority and 6 that contain the MAC address of the bridge/switch.
Election of the root bridge is determined using the Bridge ID, which is made up of the Priority and MAC address
the switch with lowest Bridge ID value is selected
Any subsequent physical change in the network after election of the root bridge will cause an STP recalculation.
STP in Action: State 2 B A C D Host A Host B Boot Up Boot Up Boot Up Boot Up State 2 — Blocking BPDU BPDU BPDU BPDU BPDU BPDU BPDU BPDU Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch
STP in Action: State 2 — Root Bridge/Switch Election Host A Host B State 2 — Blocking Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch Root Bridge/Switch Priority - 32 MAC - 00-80-21-00-00-10 Priority - 16 MAC - 00-80-21-00-00-30 Priority - 48 MAC - 00-80-21-00-00-20 Priority - 16 MAC - 00-80-21-00-00-40 B A C D
STP in Action: State 2 — Root Bridge/Switch Election Host A Host B Root Bridge/Switch Leaf Bridge/Switch Leaf Bridge/Switch Leaf Bridge/Switch Priority - 32 MAC - 00-80-21-00-00-10 Priority - 16 MAC - 00-80-21-00-00-30 Priority - 48 MAC - 00-80-21-00-00-20 Priority - 16 MAC - 00-80-21-00-00-40 BPDU BPDU BPDU BPDU BPDU BPDU BPDU BPDU B A C D
STP in Action: State 2 — Path Calculation Host A Host B Root Leaf Leaf Leaf BPDU BPDU BPDU BPDU BPDU BPDU BPDU BPDU B A C D Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
STP in Action: State 2 — Calculating Forwarding Paths Host A Host B Root Leaf Leaf Leaf Root Port Designated Port Designated Port Designated Ports Root Port Root Port B A C D Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
STP in Action: State 3 — Listening State Forwarded Traffic BPDUs NM Messages Bridge/Switch
STP in Action: State 4 — Learning State Forwarded Traffic BPDUs NM Messages Bridge/Switch
STP in Action: State 5 — Final Forwarding Paths Host A Host B Root Leaf Leaf Leaf B A C D Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
STP in Action — Topology Change (Deleting a Link) Host A Host B Root Leaf Leaf Leaf A B C D Wait 20 seconds (Max age time) BPDU BPDU Designated Ports Root Port Listen (15 seconds) Learn (15 seconds) Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10
STP in Action — Topology Change (Path Cost Change) Host A Host B Root Leaf Leaf Leaf Path Cost 2 Path Cost Path Cost Change 1 — TCN BPDU sent to Root 2 — Reply w/TCA BPDU set 3 — Topology changed 10 BPDU BPDU TBPDU TBPDU BPDU BPDU BPDU TBPDU TBPDU TBPDU TBPDU Listen (15 seconds) Learn (15 seconds) B A D C Path Cost 10 Path Cost 10
STP in Action — Topology Change (Adding a Switch) Host A Host B Root Leaf Leaf Leaf Priority - 16 MAC - 00-80-21-00-00-30 Priority - 16 MAC - 00-80-21-00-00-10 BPDU BPDU BPDU B D C E A New Root BPDU BPDU BPDU BPDU Designated Ports Root Port Leaf New switch E added All ports in listening state New BPDUs sent New root switch elected Final topology Path Cost 2 Path Cost 10 Path Cost 10 Path Cost 10 Path Cost 10 Path Cost 10
The root bridge/switch sends STP messages via BPDUs to the branches/leaves.
On individual branches and leaves, the user can specify IDs and path costs.
The root bridge/switch sets the forwarding delay, hello time, and maximum age.
BPDU is sent in Ethernet frame with the port’s address as source and the STP Multicast address 01:80:C2:00:00:00 as destination
BPDU Packet Protocol ID (2 bytes) Version (1 byte) Message type (1 byte) Flags (1 byte) Root ID ( 8 bytes) Path cost (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message age (2 bytes) Maximum age (2 bytes) Hello time (2 bytes) Forwarding delay (2 bytes)
BPDU Packet Details Configurable on each bridge Configurable on root bridge Protocol ID Always set to 0 Version Always set to 0 Message type Determines which of two BPDU types; configuration or TCN Flags Handle changes in the active topology Root ID Contains the bridge ID of root bridge (after convergence, all BPDUs should contain the same value) Root path cost Cumulative path cost of all links to the root bridge Bridge ID Identifies the bridge that is transmitting the current configuration message Port ID Contains a unique value for each port Message age Time stamp since the root bridge created this BPDU Maximum age Maximum amount of time this BPDU is saved Hello time Time between configuration BPDUs Forwarding delay Time spent in the listening and learning states
An evolution to the loop prevention algorithm (STP) from 802.1d
New IEEE specification is 802.1w
Achieves rapid failover and convergence times
Unlike STP, RSTP is not timer-based
Allows backward compatibility with 802.1d STP
Why do we need RSTP?
Network topology convergence is significantly faster than STP
STP vs. RSTP — Port States STP port state RSTP port state Part of active topology Learning of MAC addresses Disabled Discard No No Blocking Listening Learning Learning No Yes Forwarding Forwarding Yes Yes
STP vs. RSTP — Port Roles Port states STP port role (assigned by STP algorithm) RSTP port role (configurable) Forwarding Root Root Designated Designated Blocking Blocked Backup Blocked Alternate
Alternate Port Root Root Port Root Port Designated Port Designated Port Designated Port Alternate Port BPDU
Backup Port Root Root Port Root Port Designated Port Designated Port Designated Port Alternate Port Backup Port BPDU
RSTP BPDU Format Configurable Configurable on root bridge Protocol ID (2 bytes) Version (1 byte) Message type (1 byte) Flags (1 byte) Root ID ( 8 bytes) Path cost (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message age (2 bytes) Maximum age (2 bytes) Hello time (2 bytes) Forwarding delay (2 bytes) Version 1 length (2 bytes) Bit 0 – Topology change Bit 1 – Proposal
Bit 2, 3 – Port role
0 0 Unknown
0 1 Alternate/backup
1 0 Root
1 1 Designated
Bit 4 – Learning Bit 5 – Forwarding Bit 6 – Agreement Bit 7 – Topology change ACK
STP vs. RSTP — BPDUs STP RSTP BPDU handling Non-root bridge only transmits BPDUs when it receives one on the root port Bridge sends BPDU at hello time intervals Aging BPDU is aged after the max-age timer expires (and no BPDU is received on the port) BPDUs are used like keepalive messages (after 3 BPDUs in a row are missed it ages it out) Accepting inferior BPDUs — Inferior BPDU is accepted and previously stored information is replaced Transition to forwarding state Based on timers (Forward Delay and Max-Age) Uses a feedback mechanism (no timers involved)
STP vs. RSTP — Topology STP RSTP Topology change notification Sends TCN BPDUs toward root Sends BPDUs (with TC bit set) on all designated and root ports Topology ACKs Replies with BPDU with TCA bit set No acknowledgement (clears MAC addresses on all ports) Topology change First sent to root bridge/switch, then relayed from root all the way to the leaf bridge/switch 1-step process (topology change flooded quickly across the network)
A VLAN permits a group of ports to share a common broadcast domain regardless of physical location.
A VLAN can reside on 1 switch or on many switches.
A port that is not in a specific VLAN is in a default VLAN, and thus in a different broadcast domain.
Each VLAN is identified by a VLAN ID.
Devices in different VLANs can only communicate with each other if the frame is first sent to a layer 3 device (a router).
Why VLANs? T here are two main reasons for the development of VLANs: T he amount of broadcast traffic and increased security. Broadcast traffic increased in direct proportion to the number of stations in the LAN. The goal of the VLAN is the isolation of groups of users so that one group is not interrupted by the broadcast traffic of another. VLANs also have the benefit of added security by separating the network into distinct logical networks. Traffic in one VLAN is separated from another VLAN as if they were physically separate networks. If traffic is to pass from one VLAN to another , it must be routed.
How Do VLANs Work? VLAN 101 VLAN 102 VLAN 103 Ethernet switch Internal switch VLAN 101 Internal switch VLAN 102 Internal switch VLAN 103 Port 1 Port 2 Port 3 Port 5 Port 6 Port 7
VLAN Exercise VLAN 101 Host 1 sends out a broadcast. Which hosts will receive the broadcast? Switch 1 VLAN 102 VLAN 102 VLAN 101 Host 1 Host 2 Host 3 Host 4 BPDU BPDU
VLANs over Multiple Switches Switch 1 Switch 2 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103 VLAN 101 VLAN 102 VLAN 103 Separate Physical Interfaces
VLAN Trunking Switch 1 Switch 2 VLAN 101 VLAN 102 VLAN 103 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103 MAC FDB VLAN 101 MAC FDB VLAN 102 MAC FDB VLAN 103
VLAN Tagging SFD Pre- amble DA SA Length /Type P a y l o a d (46 to 1500 bytes) FCS 802.1q tag type (value 81 00) Tag control information 2 bytes 2 bytes CFI (Canonical format: bit ordering can be different) Length of the MAC frame + 4 bytes VLAN tag 802.1q Ethernet Frame User_priority VLAN_ID 3 bits 1 bit 12 bits
Multiple STGs provide multiple data paths, which can be used for load-sharing and redundancy. Enable load sharing between two switches using multiple STGs by configuring each path with a different VLAN and then assigning each VLAN to a separate STG. Each STG is independent. Each STG sends its own Bridge Protocol Data Units (BPDU), and you must independently configure each STG. The tagging for the BPDUs from STG1, or the default STG, is user-configurable (as are tagging settings for all STGs). However, by default STG1 sends only untagged BPDUs to operate with all devices that support only one instance of STP. (By default, STG2 through STG8 are tagged.) The tagging setting for each STG is user-configurable.
With the setup below connectivity to VLAN-4 across the switches is lost.
Solution is to create a trunk links between the switches
STG- 1 STG- 1 Blocked VLAN-3 VLAN-3 VLAN-4 VLAN-4
Spanning Tree Groups and VLANs STG-1 STG-1 STG-1 STG-1 SW1 SW2 SW3 SW4 Root VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4 Trunk Link Failure Port Blocked
Spanning Tree Groups and VLANs STG-1 STG-1 STG-1 STG-1 SW1 SW2 SW3 SW4 Root VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4 Trunk Link Failure Create VLAN-3 Without Access Ports
Why have multiple STG STG-1 STG-1 STG-1 STG-1 SW1 SW2 SW3 SW4 Root Gigabit Link Gigabit Link Gigabit Link Gigabit Link With a single STG configured a Gig port is not utilised as it is in a blocking state VLAN-3 VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4
VLAN-3 Why have multiple STG STG-1 STG-1 STG-1 STG-1 Gigabit Link Gigabit Link Gigabit Link Gigabit Link With VLAN-3 in STG1 and VLAN-4 in STG-2 all links in the network are now being utilised STG- 2 STG- 2 STG- 2 STG- 2 blocking In STG-2 blocking in STG-1 VLAN-3 VLAN-3 VLAN-3 VLAN-4 VLAN-4 VLAN-4 VLAN-4
If you enable Spanning Tree Fast Learning on a port with no other bridges, the port starts more quickly after a switch initialization or a spanning tree change. The port passes through the normal blocking and learning states before the forwarding state, but the hold times for these states is the bridge hello timer (2 seconds by default) instead of the bridge forward delay timer (15 seconds by default). The port configured with Fast Learning can forward data immediately, as soon as the switch learns that the port is enabled.
Fast Learning is intended for access ports in which only one device is connected to the switch (as in workstations with no other spanning tree devices). For these ports, it is not desirable to wait the usual 30 to 35 seconds for spanning tree initialization and bridge learning.