I "love" financial year end, its like second new year without the party but with the headache
Monthly Archive for April, 2008
This subject ties into the Campus Network Model and ECNM
Default Gateways
Typically when a default gateway is configured on network devices there is no means to configure a second default gateway (not always the case). On end-devices a single default gateway is typically configured (single IP Address) that does not change when the IP topology changes due to failure. If (or when) the router that is acting as default gateway fails the end device cannot send packets off the local network segment this would be the case even if there exists a back-up default gateway or network device (router or MLS) that could act as a secondary gateway.
Proxy Address Resolution Protocol (ARP)
The IOS software on Routers runs proxy ARP to provide end-devices with the routing option (MAC Address) of a gateway that is able to forward a packet off the local subnet.
With Proxy ARP, end-devices behave as if the destination device were connected to its own network segment.
If the default gateway router fails (responsible router), the source end-devices continue to send packets for the IP destination to the MAC Address of the failed router, and the packets are discarded.
Eventually, the Proxy ARP address will age out the end-devices ARP cache and the end-device may eventually acquire the address of another proxy ARP failover router (secondary gateway). During this time the end-device cannot send packets off the local segment. (RFC 1027)
Router Redundancy
With router device redundancy a set of routers (two or more) can present themselves as a single virtual router to end-devices on the LAN. By sharing an IP Address (layer-3) and a MAC Address (layer-2), two or more routers can act as a single “virtual” router.
The IP address of the virtual router will be configured as the default gateway for end-devices on a particular segment. When frames are to be sent from an end-device to the default gateway, the end-device will use ARP to resolve the MAC Address of the default gateway (which will return the virtual router MAC Address).
Frames in turn sent to the virtual router can be physically processed by any active or standby router that is part of that virtual router group. The physical router that receives the forwarded traffic is transparent to the end-device as the virtual router IP and MAC Address is presented to end-devices.
A protocol is used to identify two or more routers as the devices responsible for processing frames for the virtual router group. This redundancy protocol provides the mechanism by which the router determines what router will forward traffic and determines when that role must be taken by another router. This transition as with the processing is transparent to the end-user.
The next post will detail Hot Standby Router Protocol (HSRP) that will elaborate on this topic
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.
Layer-3 switching refers to high-performance routers optimized for the campus LAN or the Internet that provide wire-speed Ethernet routing and switching services. A Layer-3 switch has these three functions:
- Packet Switching
- Route Processing
- Intelligent network services
When comparing Layer-3 switches to other routers, Layer-3 switches process more packets faster by using ASIC hardware instead of CPU(s) (microprocessor-based). Layer-3 switch routers also improve network performance with added functionality like route processing and intelligent network services.
Layer-3 Switching can occur in two different locations on the switch:
- Centralized Switching: Switching decisions are mde on the route processor by a central forwarding table.
- Distributed Switching: Swithcing decisions are made on a port or line-card level.
Layer-3 Switching takes places using one of these two methods:
- Route Caching: A layer-3 route cache is built in hardware as the switch sees traffic flow into the switch.
- Topology-based switching: Information from the routing table is used to populate the route cahce (called the Forward Information Base or FIB), regardless of traffic.
Layer-3 devices can move packets from one port to another in a many different ways. The most basic method is process switching. Process Switching moves packets between interfaces based on the routing table and address resolution protocol (ARP) cahce on a scheduled basis. As packets arrive they will be moved into a queue to wait for further processing. When the scheduler runs, the outbound interfaces will be determined and the packet will be switched. (the queue and scheduler intoduces latency)
CEF uses strategies to speed packet switching on demand as they arrive on an interface and to cache information. CEF cahces information in the FIB and caches layer-2 next-hop addresses for all FIB entries in an adjacency table. because parallel paths can exist this enables CEF to load balance per packet.
CEF operates in two modes:
- Central CEF mode: CEF FIB and adjacency tables reside on the route processor, and the route processor performs the express forwarding. This CEF mode is use when line-card and not available for CEF switching or when features are not compatible with distributed switching.
- Distributed Cisco Express Forwarding (dCEF) mode: dCEF is supported only on the Catalyst 6500 switches. When dCEF is enabled, line cards maintain identical copies of the FIB and adjacency tables. The line cards can performs the express forwarding by themselves. dCEF uses an inter-process communications (IPC) mechanism to ensure synchronization of the FIBs and adjacency tables on the route processor and line card.
Configuration:
CEF is enabled by default on switches that are CEF capable to turn CEF back should it have been disabled for Cisco Catalyst 4000 switches (3560 also) (add no in front to disable) also optionally enable this inside an interface for per port use:
switch(config)#ip cef
For Cisco Catalyst 3550 Series (add no in front to disable) optionally also enable this inside an interface for per port use:
switch(config)#ip route-cace cef
To verify operation (also try adding gigabitethernet 0/1-28 for port based info):
switch#show cef
To verify operation on an interface:
switch#show interface gigabitethernet 0/1-28 | begin l3
To verify operation showing switched packets at layer-2 and layer-3:
switch#show interface gigabitethernet 0/1-28 | include switched
To show the adjacency information:
switch#show adjacency gigabitethernet 0/1 detail / internal / summary
Debug:
To debug CEF use the following commands:
switch#debug ip cef drops / access-list / receive / events / prefix-ipc / table
switch#debug ip cef ipc / interface-ipc
switch#ping ip
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.
This post explains a bit how a MLS (layer-3) switch can be used or rather functions as a Inter-VLAN router. The topic of MLS was covered a bit in this post. Traditionally a switch makes forwarding decisions based on Layer-2 information (MAC Address) whereas a router uses Layer-3 information (IP Address).
The above was true when switches were always layer-2 (when hubs were just being dropped and switched networks were coming into fashion) and routers layer-3 but we now have Multilayer switches (MLS) that perform basically the same functions as routers with the ability to switch and forward on layer-2 and layer-3 information.
Now for every positive there is a negative. A router cost more than switches per port this is because routers in essence can “do” more than switches (interconnections instead of just connections) and workgroup switch costing per port around $30 with a MLS around $80 per port; we could go Power over Ethernet and Gigabit to the Desktop and that $80 per port quickly goes to $280.*
The above just highlights that a MLS should be placed where needed and not just anywhere because it is not just “another” switch for access. Now Layer-2 forwarding is based on the destination MAC Address. A switch learns the source MAC Address, populates a MAC address table, and lists MAC address with VLAN pairs with associated interfaces.
Layer-3 forwarding is based on the destination IP address. Layer-3 forwarding happens when a packet is routed from a source subnet to a destination on another subnet. When MLS sees its own MAC address in the layer-2 header, it recognizes that the packet is either destined for itself or has been sent to the default gateway. If the packet is not destined for the MLS, then the IP address is compared to the Layer-3 forwarding table for the longest match; additionally ACL checks are also performed.
Layer-3 Switch Virtual Interfaces (SVI):
An SVI is a virtual interface as the name suggests (there is no physical interface) for the VLAN. The SVI accepts configuration parameters applied to any layer-3 router interface and provides processing for packets from all switch ports associated with that VLAN. Only one SVI can be associated with a VLAN. Use of a SVI is for these reasons:
- To provide a default gateway for a VLAN so that traffic can be routed between VLANs
- To provide fallback bridging if it is required for non-routable protocols
- To provide layer-3 connectivity to the switch
- To support routing protocol and bridging configurations
By default a SVI is created for the default VLAN (vlan 1, a.k.a native vlan) to permit remote switch management. SVIs are created in interface configuration mode:
switch(config)#interface vlan 1
switch(config-if)#
The VLAN corresponds with the VID used on the trunk (ISL or 802.1q). Configure and assign a ip address and mask for each VLAN SVI to route traffic off and onto the local VLAN.
Configuration:
To configure Inter-VLAN routing on a MLS the following commands are used. First we enable layer-3 routing on the switch:
switch(config)#ip routing
Now we create a SVI and move into interface configuration mode to be able to assign an ip address and mask:
switch(config)#interface vlan 1-4094
switch(config-if)#ip address 172.0.0.1 255.255.255.0
A good thing now would be to have a dynamic routing protocol setup on the network (router) so that paths can be learnt dynamically.
switch(config)#router protocol (options)
Testing the routing protocol and routing:
switch#show ip route
Layer-3 Routed Ports
Routed ports are exactly what they sound like and the opposite of switch(ed) ports. They are configured by typically taking away the switch capability (no switchport command). A routed ports have these characteristics and functions:
- The port is a physical port with layer-3 capability.
- The port is not associated with a particular VLAN.
- The port serves as the default gateway for devices OUT that switch port.
- Layer-2 port functionality is removed before the port becomes a routed port.
Configuration:
To configure routed ports on a switch these are the commands that need to be entered. First we enable routing on the switch:
switch(config)#ip routing
Now we enter the interface (note the difference between SVI and router ports)
switch(config)#interface gigabitethernet 0/1
Here is the extra command taking the switch port features away and making it a routed port:
switch(config)#no switchport
Assign an ip address and mask to the port and we are done with the interface:
switch(config)#ip address 172.0.0.1 255.255.255.0
A good thing now would be to have a dynamic routing protocol setup on the network (router) so that paths can be learnt dynamically.
switch(config)#router protocol (options)
Testing the routing protocol and routing:
switch#show ip route
*This is rough estimated Dollar pricing for a WS-C2950-24, WS-C3560-24TS-S, and WS-C3560G-24PS-E switches, you are paying for more than just ports though with IOS, kind/type of chassis, SFP ports and other things coming in to play. But this is a good example to illustrate the price difference.
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.
When a switch supports multiple VLANs but has no Layer-3 capability, the switch must be connected to an external Layer-3 device (router). This is done by creating a trunk link (isl or 802.1q) between the switch and router that can carry all VLAN information and provide inter-VLAN routing (a.k.a. Routing on a stick). The interface must be FastEthernet or better preferably.
There are some advantages and disadvantages to Inter-VLAN routing:
- Advantages are that it is simple to implement, A Layer-3 switch (expensive) is not required, The router provides communication between VLANs.
- Disadvantages are that the router is the single point of failure for the network, the single trunk link may become congested, Latency may be introduced as frames leave the switch.
Configuration
There are a couple of things that are needed to configure inter-VLAN routing. First things first would be that you need VLANs to route. I jumped the gun here and explained the entire process of Inter-VLAN routing; what can I say I was excited 
So to in revision lets create some VLANs
switch>enable
switch#config term
switch(config)#vlan 100 name Inter
switch(config)#vlan 200 name VLAN
switch(config)#vlan 300 name Routing
Now lets configure an interface as a trunk on the switch
switch(config)#interface gigabitethernet 0/1-28
switch(config)#switchport trunk encapsulation dot1q
switch(config)#switchport mode trunk
The switch now has VLANs and a Trunk Link onto the router
router>enable
switch#config term
switch(config)#interface fastethernet 0
switch(config)#no ip address
switch(config)#description trunk-link
switch(config)#interface fastethernet 0/0.1
switch(config)#description Native-vlan
switch(config)#ip address 192.168.1.1 255.255.255.0
switch(config)#encapsulation dot1q native
switch(config)#interface fastethernet 0/0.100
switch(config)#description Inter-vlan
switch(config)#ip address 192.168.2.1 255.255.255.0
switch(config)#encapsulation dot1q 100
switch(config)#interface fastethernet 0/0.200
switch(config)#description VLAN-vlan
switch(config)#ip address 192.168.2.1 255.255.255.0
switch(config)#encapsulation dot1q 200
switch(config)#interface fastethernet 0/0.300
switch(config)#description Routing-vlan
switch(config)#ip address 192.168.3.1 255.255.255.0
switch(config)#encapsulation dot1q 300
To check the configuration use the following commands
router#show vlan 100
router#show ip protocols
router#show ip route
To verify and test connectivity do the following two things: First you ping from the router a host in each VLAN to confirm connectivty from the router to the separate hosts and VLANs.
router#ping instert.host.address.here
Sending 5, 100-byte ICMP Echos to insert.host.address.here, timout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Second go to hosts (in our case 3 hosts one in VLAN 100, 200, 300) and ping other hosts in other VLANs (make sure the hosts you are pinging to are in other VLANs otherwise you aren’t testing Inter-VLAN connectivity). So a host on VLAN 100 will ping hosts in 200 and 300, a host in VLAN 200 will ping hosts in 100 and 300 and VLAN 300 will ping hosts in 100 and 200….
C:\Users\Administrator>ping insert.host.address.here
Pinging insert.host.address.here with 32 bytes of data:
Reply from insert.host.address.here: bytes=32 time<1ms TTL=127
Reply from insert.host.address.here: bytes=32 time<9ms TTL=127
Reply from insert.host.address.here: bytes=32 time<8ms TTL=127
Reply from insert.host.address.here: bytes=32 time<1ms TTL=127
Ping Statistics for insert.host.address.here:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 9ms, Average = 4ms
C:\Users\Administrator>
EtherChannel is a technology originally developed by Cisco as a LAN switch-to-switch technique of inverse multiplexing of multiple Fast of Gigabit Ethernet ports into one logical channel. EtherChannel has developed into a cross-platform method of load balancing servers, switches and routers. EtherChannel can bond 2, 4, or 8 (Catalyst 6400) to develop one logical connection with redundancy. The main aspects of EtherChannel are:
- Frame distribution;
- Management of EtherChannel;
- Logical Port.
The load-balancing policy or frame distribution used is contigent upon the switch platform, the Catalyst 5500 series performs a X-OR calculation on the two lowest-order bits of the source and destination MAC address. The X-OR operation between a given pair of addresses will use the same link for all frames. Benifits are:
- Prevent out-of-order frames on downstream switch
- Redundancy
- If the active channel is lost, failover is another active link on the EtherChannel
The disadvantage is that load-balancing might not be equal accross links as load-balancing policies are done on specific headers or user configuration.
On Cisco Catalyst 6500, load-balancing operations can be performed on MAC address, IP Address, or IP + TCP/User datagram Protocol (UDP), depending on the type of Supervisor/Policy Feature Card (PFC) used. The default method is IP.
The benefits of EtherChannel are:
- It allows for the “cheap” creation of high-bandwidth logical links.
- It load-balances the physical links involved.
- It provides for failover.
- It simplifies subsequent logical configuration
Port Aggregation Protocol (PAgP) aids in the automatic creation of Fast EtherChannel Links. PAgP packets are sent between Fast / Gigabit EtherChannel-capable ports to negotiate the forming of a channel. When PAgP identifies matches links it groups them into an EtherChannel. The EtherChannel is then added to the spanning tree as a single bridge port.
The Management of EtherChannel is done via PAgP. PAgP packets are sent every 30 seconds using multicast (01-00-0C-CC-CC-CC) with the protocol value 0×0104. PAgP verifies and checks configuration consistency and manages link addition. At creation all ports must have the same configuration, after the fact any change on the channel will change all other channel ports.
The last component of EtherChannel is the logical port (Agport) is composed of all the links that make up the EtherChannel. the actual functionality and behaviour of the Agport is no different from any other port.
LACP
Line Aggregation Control Protocol (LACP) part of 802.3ad allows several physical ports to be combined into a single logical port. LACP allows for a switch to negotiate an automatic bundle of physical ports by sending LACP packets to a peer. (PAgP is Cisco Proprietary, LACP is IEEE standard for mixed switch environments).
Parameters
Each Switch running LACP must have a system priority. This can be specified automatically (haphazard and not predictable) or using the CLI. The system priority is the MAC address and the system priority.
Each port in the switch must have a port priotity. This can be specified automatically (haphazard and not predicatable) or using the CLI. The port priority and the port number for the port identifier. The switch uses the port priority to decide which ports to put into standby mode when a hardware limitation prevents all compatible ports from aggregating.
Each port in the switch must have an administrative key value. This can be specified automatically (haphazard and not predictable) or using the CLI. The administrative value defines the ability of a port to aggregate with other ports, by these factors:
- Physical attributes (data rate, duplex cabability, point-to-point or shared medium).
- configuration contraints that you establish.
Interface Modes
| PAgp | LACP |
| AUTO: places an interface in passive negotiating where it responds to the PAgP packets that it receives but does not initiate PAgP negotiation (Cisco Default). | Passive: places the interface in a passive negotiating state. Interface responds to LACP packets but does not initiate LACP packet negotiation. (default) |
| Desirable: places an interface in an active negotiating state where it initiates negotiations with other interfaces by sending PAgP packets. Interfaces configured in the “on” mode do not exchange PAgP packets. | Active: places the interface in an active negotiating state, the port initiates negotiations with other ports by sending LACP packets. |
| On: forces the interfaces to channel without PAgP or LACP. | On: forces the interface to channel without PAgP or LACP |
General Configuration
The below commands are used to configure and verify EtherChannel on a Switch. Creating a port-channel interface and moves to port-channel configuration mode, allowing the configuration of port-channel interface configuration parameters.
switch(config)#interface port-channel 1-48
Go into the interface and to configure physical prts into EtherChannel bundles.
switch(config)#interface GigabitEthernet 0/1-28
Associate an interface with a specific port-channel (1-48) and specify if negotiation occurs
switch(config-if)#channel-group 1-48 mode active | auto | desirable | on | passive
configure the load balancing of traffic over the individual links in the EtherChannel bundle.
switch(config)#port-channel load-balance dst-ip | dst-mac | src-dst-ip | src-ip | src-mac
Show the running configuration of a specific interface running port-channel.
switch#show running-config interface port-channel 1-48
Show the running configuration of a specific interface.
switch#show running-config interface 0/1-28
Show interface specific details in a EtherChannel config.
switch#show interface GigabitEthernet 0/1-28 etherchannel
Show EtherChannel status and information.
switch#show etherchannel 1-48 port-channel
Show Display one-line summary of channel-group information.
switch#show etherchannel 1-48 summary
Layer-2 Configuration
This configuration example shows how to configure EtherChannel for Layer-2 interfaces, I am going to include interfaces 1,2, 5 and 6 in the EtherChannel Group, specifies the protocol and creates the port-channel and assigns the specified interfaces to it:
switch(config)#interface range GigabitEthernet 0/1 - 1-2, GigabitEthernet 0-5 - 6
switch(config-if-range)#channel-protocol pagp | lacp
switch(config-if-range)#channel-group 1-48 mode desirable
Layer-3 Configuration
This configuration example shows how to configure EtherChannel for Layer-3 interfaces, I am going to show single interface and group interface methods:
switch(config)#interface port-channel 1
switch(config-if)#no switchport
switch(config-if)#ip address 192.168.0.1 255.255.255.0
OPTION 1:
switch(config)#interface GigabitEthernet 0/1-28
switch(config-if)#no switchport
switch(config-if)#channel-group 1 mode auto | desirable | on
OPTION 2:
switch(config)#interface range GigabitEthernet 0/1 - 1-2, GigabitEthernet 0-5 - 6
switch(config-if)#no switchport
switch(config-if-range)#channel-protocol pagp | lacp
switch(config-if-range)#channel-group 1-48 mode desirable
Best Practives:
- EtherChannel Support: All Ethernet interfaces on all modules support EtherChannel
- Speed and Duplex: configure all interfaces in an EtherChannel to operate at the same speed and in the same duplex mode.
- Switched port analyzed (SPAN) and EtherChannel: Etherchannel will not work if one of the interfaces is a SPAN destination port.
- Layer 3 EtherChannel: Assign layer-3 addresses to the port-channel interface, not the physical interface in the channel.
- VLAN Match: All interfaces in the EtherChannel must be assinged to the same VLAN or be configured as a trunk.
- Range of VLANs: EtherChannel supports the same allowed range of VLANs on all the interfaces in a trunking Layer-2 EtherChannel.
- STP Path Cost: Interfaces with different STP path costs can form a EtherChannel as long as they are otherwise compatible.
- Port channel vs Interface Configuration: After configuration of EtherChannel, any configuration that you apply to the port-channel interface affects the EtherChannel. Any configuration applied to the specific interface only affects that interface.
- Load Balancing: Configure Load balancing intelligently if information is going to 1 MAC then use source-MAC address rather than destination-MAC.
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.
I noticed a hole in my notes that I was getting confuzzled with. Here are the standards that link to the protocols
- STP IEEE 802.1D
- MSTP IEEE 802.1S (MERGED LATER INTO IEEE 802.1Q-2003)
- RSTP IEEE 802.1W (NOW IEEE 802.1D-2004)
- PVST and PVST+ are both Cisco Proprietary and don’t have IEEE standards
There is one basic problem with Per-VLAN Spanning Tree (PVST) and that is when there are many VLANs present the processing required will create considerable load. Also keep in mind (N.B.) that PVST is only supported on ISL and not 802.1Q (this has problems of its own with ISL not supported on all Catalyst switch platforms)
</p>The alternative to this is Multiple Spanning Tree Protocol (MSTP) that creates a single instance of spanning tree (Common Spanning Tree or CST) to run on multiple VLANs. The objective is to reduce the number of instances to match the physical topology thereby reducing CPU load. The instances of spanning tree are reduced to the number of active links available.
Implemented on a large network any given switch would run 4094 instances of spanning tree, each with its own BPDU conversations, root bridge election and path selections. With MSTP one path runs some VLANs and another path runs the other VLANs then there are only 2 instances of spanning tree.
Using this method MSTP converges even faster than PVST+ and is backward compatible with 802.1D STP, 802.1w Rapid Spanning Tree Protocol (RSTP), and the Cisco Proprietary PVST+ architecture. This implementation is not a requirement of ECNM as the number of active VLAN instances in the model is small and very stable due to design.
MSTP allows one to build multiple spanning trees over trunks and grouping them by VLAN. Each instance can be topology independant of other instances. MSTP provides multiple forwarding paths (instances) for data traffic and enables load balancing.
A set of bridges are configured with the same MSTP configuration, which allows them to participate in a specific set of spanning tree instances. Interconnected bridges that have the same MSTP configuration are referred to as a Multiple Spanning Tree (MST) region. Bridges with a different config or legacy bridges (802.1d) are considered a different region.
Network Fault Tolerance is improved over Common Spanning Tree (CST) because failure in one instance (forwarding path) does not affect another instance. This VLAN-to-MSTP must be consistent across bridges within a MST region.
In PVST+ environments, the spanning tree parameters are tuned so that half the VLANs are forwarding on each up-link trunk. With this configuration the following is true:
- Load balancing is achieved
- One spanning tree for each VLAN is maintained
MST Regions:
MSTP differs from other spanning tree implementations in that it combines some (if not all) VLANs into a logical spanning tree. This brings with it that the BPDU must be tagged with the VLAN information to be able to say which VLAN goes where.
To provide for this each switch running in a MSTP region passes the following information:
- An Alphanumeric name (32 bytes)
- A configuration revision number (2 bytes)
- A 4096-element table that associates the potential VLANs with the given instance.
As said to part of a given MSTP (MST) region the passed information must share the same configuration.
As with PVST the Extended System ID is used in MSTP where the instance number is carried in the Extended ID field. In 802.1D STP each bridge must have a unique identifier. In PVST each VLAN needs a unique identifier. Before only 1023 VLANs were supported now all 4000 VLANs are supported by MAC address reduction.
MST Interactions with 802.1Q
An issue arises with MSTP design with the interoperability with the CST implementation in IEEE 802.1D. According to IEEE 802.1s a MSTP switch must be able to handle at least one Internal Spanning Tree (IST). The MST region consists of one IST and an arbitrary (one or many) number of MSTP instances.
The MSTP instances are simply RSTP instances that only operate within a region (MST). The IST (instance 0) runs on all bridges within a MST. It provides interaction at the boundary with other MST regions and compatibility with 802.1D (CST) and PVST+ networks connected to that given region.
IST receives and sends BPDUs to the CST for compatibility with 802.1D STP. IST is capable of representing the MST as a CST virtual bridge to switches networks outside the MST region. Think of the MST not of many independant switches but one “virtual bridge unit”.
- The MST region appears as a single virtual bridge to adjacent CST and MST regions. The MST region uses RSTP port roles and operation.
- MSTP switches run IST, augmenting CST information and internal information about the MST region.
- IST connects all the MSTP switches in the region and any CST switched domains.
- MSTP establishes and maintains additional spanning trees within each MST region. These spanning trees are termed MSTP instances. The IST is numbered 0, and the MSTP instances are numbered 1,2,3 up to 15. Any MSTP instance is local to the MST and is independent of other MST regions.
- M-Record is a sub-field, within the BPDU of MSTP instances that enables corresponding instances to calculate a final topology.
- MSTP instances combine at the MST regions to become the CST: M-Records are encapsulated within MSTP BPDUs. The original spanning trees (M-trees) are active only within the MST. M-trees merge with the IST at the MST Region to form the CST.
- MSTP supports some of the PVST extensions: PortFast is supported, BPDU filter and BPDU Guard supported in MSTP mode, Loop guard and root guard supported in MSTP mode, and private VLANs (PVLANs), you must map a secondary VLAN to the same instance as the primary.
Configuration of MSTP
Entering the MSTP configuration Mode:
switch(config)#spanning-tree mst configuration
Displaying the current MSTP configuration on the Switch:
switch(config-mst)#show current
Setting the MST region name:
switch(config-mst)#name region_1
Set the MSTP configuration revision number:
switch(config-mst)#revision 1
Take note of the revision number, treat this number like a software version number in programming start from 1 and work upwards (1,2,3,4 etc). Keep in mind that you have to change it manually (this isn’t VTP) on all MST switches it doesn’t update automatically
Map the MSTP instance to VLANs:
instance 1 vlan 1-50 OR 1
Show the configuration that hasn’t been applied yet:
switch(config-mst)#show pending
Assign the current switch you are on as the primary or secondary Root:
switch(config-mst)#spanning-tree mst 1 root primary secondary
Apply the configuration and exit MSTP configuration mode:
switch(config-mst)#end
Enable MAC Address reduction (a.k.a Extended System ID):
switch(config)#spanning-tree extend system-id
If a neighbouring switch is using a pre-standard version of 802.1s:
switch(config-if)#spanning-tree mst pre-standard
Display general spanning-tree information for MSTP:
switch#show spanning-tree mst
Displaying the spanning-tree configuration:
switch#show spanning-tree mst configuration
Displaying the spanning-tree configuration for a specific instance:
switch#show spanning-tree mst 1
Displaying the spanning-tree configuration for a specific interface:
switch#show spanning-tree mst interface fastethernet 1/1
Displaying the spanning-tree configuration for a specific instance on a specific interface:
switch#show spanning-tree mst 1 interface fastethernet 1/1
Finally for DETAILED information on a specific instance:
switch#show spanning-tree mst 1 detail
In a situation when a legacy switch is placed then removed and it doesn’t revert back to PVRST+ or MSTP mode:
switch#clear spanning-tree detected-protocols
References:
MST based on IEEE 802.1s
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.
It’s not the fax machine its the IP PBX, I Promise
The problem with STP as you might have picked up in the previous post was the transition between blocking and forwarding. This state change and convergence takes time where end-users are left with their lights and water shut-off.
Use it don’t use it, STP is great it makes loop-free networks easy; in real life don’t just unplug (port state change) or plug (port state change) into any production switch on a network running STP because it will prompt the network into figuring convergence which is the reason STP is a hassle.
To make good on the STP disadvantages Rapid Spanning Tree Protocol (RSTP) is based on IEEE 802.1w there are numerous differences between STP and RSTP
- RSTP requires full-duplex point-to-point connections between switches.
- RSTP and STP have port differentiators. RSTP uses alternate and backup port designations which are not in the STP environment. Also ports that are not participating in RSTP are known as edge-ports, they are either statically configured or recognized by PortFast. A edge-port changes from being one as soon as a BPDU is heard on the port making it a non-edge port. In the non-edge state the port participates in the spanning tree algorithm (STA) and generates topology change notifications (TCNs)
- RSTP speeds the recalculation of the spanning tree when layer-2 changes occur to topology.
- RSTP is proactive and negates the need for the 802.1D delay timers. RSTP (802.1w) supersedes STP (802.1d) but is still backward compatible with legacy switches on a per-port basis.
- The RSTP BPDU is the same except for the Version field being set to 2, and Flags field using 8 bits.
- As with STP, RSTP elects on root bridge in a similar fashion. The difference is that the Cisco Proprietary enhancements on RSTP are integrated into the low level protocol are transparent and require no additional configuration with the BPDU carrying port roles to neighbour switches similar functioning features do not play at all with RSTP like UplinkFast and BackboneFast.
RSTP BPDU:
The RSTP (802.1w) BPDU is the type 2, version 2 variety this means that a RSTP switch can in effect communicate with a STP (802.1d) switch. There are some variations between the two standards:
- An RSTP bridge sends a BPDU with its current information (hellotime) every 2 seconds (default), even without a BPDU from the Root Bridge.
- Protocol Information can be immediately aged on a port if hellos are not received (x3) or if MAX AGE expires
- Because BPDU are now used as keepalives, 3x missed BPDUs indicate lost connectivity between neighboring switch or designated bridge. This allows for faster failure detection.
As mentioned earlier RSTP uses a Flag Field size of 8 bits (version 2). It works in the following way.
- Bit 0 and Bit 7 are used for TCN and acknowledgement (ACK), same as with STP 802.1d
- Bit 1 and Bit 6 are used for proposal and agreement.
- Bits 2-5 encode the role and state of the port.
The difference between STP and RSTP is that in STP the flag field contained enough space for TCN and TCA whereas with RSTP it contains proposal/agreement designations between switches.
The BPDU is send between switches every 2 seconds and switches only need interaction between direct neighbours (BPDUs act also as keepalives) and every switch in the tree generates BPDU unlike in STP where only the root generated BPDUs. This led to a situation where if BPDUs stop coming along any given switch would know that a problem existed just not exactly where the problem was.
RSTP Port Roles
There are three port roles at it were:
- Discarding: This state is seen in stable, synchronizing and changes in topology. This state prevents the forwarding of frames.
- Learning: This state is seen in stable, synchronizing and change in topology. This state accepts frames to populate MAC tables.
- Forwarding: This state is seen in only stable active topologies. The forwarding switch ports determine the topology.
The port differences between STP and RSTP:
| Operational Port State | STP Port State | RSTP Port State |
| Enabled | Blocking | Discarding |
| Enabled | Listening | Discarding |
| Enabled | Learning | Learning |
| Enabled | Forwarding | Forwarding |
| Enabled | Disabled | Discarding |
The Port Roles:
The Root Ports (R) is the switch port on every non-root bridge that is the chosen path to the Root Bridge. There can be only one Root port per switch. This port assumes the forwarding state in an active directory.
Each Segment has at least on switch port as a designated port (D) for that segment. In a stable, active topology the switch with the designated port receives frames destined for the Root Bridge. There can only be one designated port per segment. The designated port is in the forwarding state.
The alternate port (A) gives as the name suggests an alternate path to the Root Bridge should anything happen to the dedicated port (D). The alternate port assumes a discarding state in a stable, active topology.
A backup port (B) is present on the same switch as the designated port (D) with the same redundant link to the same segment. The backup port has a higher port ID than the designated port on the designated switch (that’s how the role is elected). The backup port becomes active when the designated port and alternate port are both down. In a stable, active topology it is in the discarding state.
What is an Edge Port:
An edge-port is a port that is not connected to a switch. It is a port that immediately goes to the forwarding state when enabled. This is the same as the PortFast feature. This means that the normal STP listening and learning states are skipped.
Unlike PortFast, an edge port that receives a BPDU immediately loses its edge port status and becomes a normal spanning tree port. When an edge port receives a BPDU it generates a TCN.
Implementing PVRST:
As described in the previous post for STP the PVRST config is basically the same with an extra commands. One start off by enabling Spanning Tree in global for a vlan:
switch(config)#spanning-tree vlan 1
Then set the spanning tree mode from STP 802.1d to PVRST 802.1w
switch(config)#spanning-tree mode rapid-pvst
To verify the operation of the PVRST
switch#show spanning-tree
Use a sub command by typing ? otherwise you will get a long list of general information about STP.
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.
CCNA Card arrived in the post