1. Spanning Tree Protocol
1. What is spanning tree?
In a two-layer switching network, a tree structure is generated, and some interfaces are logically blocked, so that there is only a unique path from the root to all nodes; when the best path fails, the switch automatically opens partial blocking according to the built-in algorithm Port, to achieve the role of line backup.
During the generation of the spanning tree, a star structure should be generated as much as possible, namely the shortest path tree
Spanning tree existence algorithm: 802.1D, PVST, PVST+ (Cisco), RSTP (802.1w), MSTP (802.1S)
2. Why use spanning tree?
In the three-tier architecture of the enterprise network, usually for the stability of the network, we need to configure link backup, which can also be understood as line redundancy. However, in the process of line redundancy, due to more lines, it may lead to two-layer bridging. The generation of loops requires us to think of ways to prevent loops from occurring at this time, and the spanning tree protocol is undoubtedly the best choice for switch loop prevention.
3. Problems easily caused by layer 2 line redundancy
1. Broadcast storm
2. MAC address table rollover
3. Repeated copying of the same data frame
4. The above 3 conditions eventually lead to equipment overload and restart protection (downtime)
Two, 802.1D
1) (Only one spanning tree instance exists in a switching network;)
1. BPDU-Bridge Protocol Data Unit is used between switches; (data transmitted and received between switches)
2. Configure BPDU—only the root bridge can send. In the initial state of the switching network, all switches define the local as the root bridge to send BPDUs; make all switches in the network receive BPDUs from other devices, and then based on BPDUs Compare the parameters in to elect the root bridge; then all non-root bridges do not send BPDUs, but only receive and forward the BPDUs of the root bridge; send in 2s period; hold time 20s;
3. TCN—Topology change message (also BPDU): After the local switch link fails, STP reconverges. In order to quickly refresh the CAM tables of all switches in the entire network, TCN will be sent to all local STP interfaces (the TCN position marked as middle is 1) After receiving the TCN, the neighboring switch first marks it as an ACK bit reply for reliable transmission of the message; then forwards the TCN step by step to the root bridge, and the root bridge replies with TCN messages to reply to all switches step by step; All switches temporarily modify the aging time of the MAC table to 15s (default, forwarding delay)
2) Election — Root bridge, root port, designated port, non-designated port (blocking port)
1. Root bridge—In a spanning tree instance, there is one and only one switch as root; it is
determined by the bridge ID in the BPDU (bridge ID = bridge priority (0-65535 public) by default 32768 + MAC address (Only the switch with the svi interface has the mac address, if there are multiple macs, choose the smallest value))
Root bridge election rules: Compare the priority first, the smaller value is better; if the priority is the same, compare mac, the smaller value is better;
2. Root port—On each non-root bridge, there is one and only one interface; the local interface closest to the root bridge (shortest, star), accepts BPDUs from the root bridge, and forwards user traffic (the interface Not blocking)
Root port election rules:
1. Compare the smallest cost value when entering through the interface after it is sent from the root bridge;
2. If the inbound cost value is the same, compare the BID of the peer device of the interface, and it is small;
3. The peer BID is also the same, compare this The PID of the interface of the opposite device of the interface; the priority is small first, if the priority is the same, the number is small;
4. Even the PID of the opposite end is the same, compare the local PID, the small is better.
PID = Port ID Interface priority (0-240, step size 16, default 128) Interface number
3. Designated port—On each physical link where STP exists, there is one and only one; it forwards BPDUs from the root bridge, and can forward user traffic (not blocked); all interfaces on the root bridge are designated ports by default;
Election rules for designated ports:
1. Compare the lowest cost value when entering this link through the interface after starting from the root bridge (outgoing)
2. If the outgoing cost value is the same, compare the local BID, which is small;
3. If the local BID is the same, compare the local of the PID;
. 4, the same local PID, directly blocking the port.
4. Non-designated ports (blocked ports)—After all the above roles are elected, the remaining interfaces without any roles are undesignated; the interface is logically blocked, and messages can actually be received but not forwarded;
cost value:
In the spanning tree protocol, the root bridge should at least interfere with the convergence layer
3) Interface status
1. down: No BPDU transmission and reception, once BPDU transmission and reception can proceed to the next state
2. Listening: for 15s, all switches perform BPDU transmission and reception, elect all roles; the interface role is non-designated port directly into the blocking state; if it is a designated port and The root port enters the next state;
3. Learning: Forced 15s, the designated port and the root port learn the MAC addresses of all interface connected devices, generate a MAC table, and then enter the next state;
4. Forwarding: The designated port and root port can enter, Can forward user messages;
5. Blocking: logical blocking;
Note: Data packets can be forwarded for users only after the interface enters the forwarding state, and no data can be forwarded in the previous 30s;
4) Convergence time
First convergence-30s = 15s listening + 15s learning
5) Structural changes
There is direct connection detection: there is a blocked port locally, if other ports are disconnected, the blocked port will immediately enter 15 to listen (elect); if the result is enabled, then it will enter 15s to learn —
there is no direct connection detection for 30 seconds : local does not exist Blocked port, if a port is disconnected, it will send sub-optimal BPDUs (rooted locally) to other neighboring switches. Other switches ignore the data and perform a 20s hold time. At that time, the blocked interface will enter 15s listening, 15s learning = Total 50s
6) Disadvantages of 802.1D
1. Slow convergence
2. Low link utilization
7) 802.1 configuration commands
[sw1]stp mode stp is modified to 802.1d algorithm, currently Huawei defaults to MSTP;
[sw1]stp priority 4096 modify the bridge priority
[sw1-GigabitEthernet0/0/1]stp cost? Modify the interface cost value
INTEGER<1-200000000> Port path cost
[sw1-GigabitEthernet0/0/1]stp port priority? Modify the interface priority
INTEGER<0-240> Port priority, in steps of 16
3. PVST (Cisco proprietary)-VLAN-based Spanning Tree Protocol
Within each vlan, there is a tree, and the working principle of each tree is the same as 802.1d. The difference between the BPDUs of different vlans lies in the priority;
priority = 4096 multiples + vlan id, which can only be modified to an integer multiple of 4096;
Only supports trunk trunk encapsulation as ISL (Cisco proprietary encapsulation)
Four, PVST+
1) On the basis of PVST, it is compatible with the 802.1q trunk encapsulation, and part of the acceleration is designed;
1. Port acceleration — connect to the PC terminal
2. Uplink acceleration — configure on all access layer devices for direct connection detection
3 , Backbone acceleration — configuration on all switches
2)
Advantages and disadvantages of PVST+ 1. Advantages: Trunk compatible with 802.1Q; Partial acceleration is possible
2. Disadvantages: many trees (only Cisco has made independent chips, friends cannot load); convergence is slow (the acceleration is not thorough enough)
Five, fast spanning tree
1) Cisco's RSTP-rapid spanning tree based on vlan (one vlan one tree; PVST+ upgrade)
2) public RSTP (802.1w)-one tree 802.1d upgrade of the entire switching network
3) fast principle:
1. The timer is cancelled, but after the work of one state is completed, it directly enters the next state;
2. Segmented synchronization, where the two devices converge step by step; the use of request and synchronization flags depends on the first and second bits of the flag. Six bits;
3. Keep-alive of BPDU is 6s, hello time 2s;
4. Integrated port acceleration (edge interface), uplink acceleration and backbone acceleration;
5. Compatible with 802.1d and PVST, but 802.1d and PVST are not used Bits 1-6 of the flag bit can not converge quickly; therefore, if a device in the network does not support fast convergence, other devices that enable fast convergence cannot converge quickly;
Note: When the TCN message appears, there is no need to wait The BPDU of the root bridge can refresh the local CAM table;
remember:When the interface defaults to half-duplex, even if RSTP is allowed, the convergence is still based on the slow 802.1D algorithm
4) Configure
[sw1] stp mode rstp
edge interface—the interface used to connect to the PC, once it is set as an edge interface; BPDUs will no longer be sent, and STP convergence will not be performed, and it will be in the forwarding state directly; When the interface receives the BPDU from the opposite end, it will lose the edge feature and re-converge normally;
[sw1]interface GigabitEthernet 0/0/1
[sw1-GigabitEthernet0/0/1]stp edged-port enable
[sw1]stp priority? Modify the bridge priority
INTEGER<0-61440> Bridge priority, in steps of 4096
[sw1]stp root? Quickly define the role of the root bridge
primary Primary root switch
secondary Secondary root switch
[sw1-GigabitEthernet0/0/1]stp port priority? Modify the interface priority
INTEGER<0-240> Port priority, in steps of 16
[sw1-GigabitEthernet0/0/1]stp cost? Modify interface cost
INTEGER<1-200000000> Port path cost
6. MSTP/MST/802.1S — Huawei devices use this protocol by default
1) Inherit the basis of rapid spanning tree; place multiple VLANs in a group, based on one spanning tree for each group;
2) Priority in BPDUs between different groups = 4096 multiples + VLAN group number
3) Configuration
[ r1]stp mode mstp
has group 0 by default, and all VLANs are in this group by default; priority = 32768+0
Grouping
[sw1]stp enable
[sw1]stp region-configuration
[sw1-mst-region]region-name a All devices should be in a group
[sw1-mst-region]instance 1 vlan 1 to 5
[sw1-mst-region ]instance 2 vlan 6 to 10
[sw1-mst-region]active region-configuration activate the current configuration (this command must be configured)
Remember: If a group is to be created, but the VLANs in the group are not created on this switch, and there is no interface serving the VLAN; the group will have no information; the grouping information of all devices in the entire switching network must be complete Consistent
Define local as the primary root of group 1, and
modify the priority of stp instance 1 root primary of group 2 to 0 and modify the priority of
stp instance 2 root secondary to 4096
[sw1]stp instance 1 priority ?
INTEGER<0-61440> Bridge priority, in steps of 4096
[sw1]interface GigabitEthernet 0/0/1
[sw1-GigabitEthernet0/0/1]stp instance 1 cost ?
INTEGER<1-200000000> Port path cost
[sw1-GigabitEthernet0/0/1]stp instance 1 port priority ?
INTEGER<0-240> Port priority, in steps of 16