STP foundation (various switching network spanning tree protocol)
redundancy
Equipment Redundancy
Line Redundancy
Gateway Redundancy
Power Supply Redundancy (USP)
The problem of line redundancy
Router line redundancy can avoid looping through various protocols (the routing table calculated by the algorithm can avoid looping), and the line redundancy between switches is easy to loop out (the MAC address table is easy to loop out of the record).
Due to the inherent lack of anti-loop mechanisms in Layer 2 switches, many problems will arise when the switch circuits are redundant.
① Broadcast storms are prone to occur. Broadcast packets are forwarded out of the ring on the line, and more and more will not disappear.
②It is easy to cause MAC address table rollover. The same MAC address table can only map a unique interface on a switch, but the same interface can map multiple MAC addresses. And when the MAC address mapped by the interface changes, it will be updated to a new record. Therefore, out of the loop may cause the MAC address table to be continuously updated.
③The same data frame is copied repeatedly, occupying the buffer.
The above problems may cause equipment overload, restart protection or even damage the equipment.
Please
Spanning Tree Protocol, Spanning Tree Protocol, in a two-layer switching network, generate a tree structure (the tree must have no loops), logically block some interfaces, and realize that there is only a unique path from the root to all nodes. When the best path fails, the partially blocked interface is automatically opened to realize the function of line backup. The easy-to-understand explanation principle is to logically block certain interfaces and then open them when needed.
STP seven standards
802.1D (the most original, has been eliminated, the follow-up protocol is improved on its basis)
BPDU -All switches use BPDU (Bridge Protocol Data Unit, a data frame that is cross-layer encapsulated to Layer 2) for communication.
(1) Configure BPDU: Only the root bridge can send. In the initial state of the bridge network, all bridges regard themselves as the root bridge and send BPDUs so that all bridges in the network will receive BPDUs from other devices Then, the real root bridge is selected based on the parameter comparison in the data. Finally, only the root bridge sends BPDUs, and other non-root bridges no longer send BPDUs, but only receive and forward BPDUs sent by the root. The keep-alive period is 2s, and the Dead time is 20s.
(2) TCN: Topology change information, which is essentially BPDU. When the local bridge link fails, STP reconverges. In order to quickly refresh the MAC address table of all bridges in the entire network, TCN will be sent to all local STP interfaces (eight The TCN bit in the flag bit of the bit is set from 0 to 1). After the neighbor bridge receives the TCN, the neighbor replies with TCA (the ACK bit in the flag bit is set to 1), and then continues to forward the received TCN, and then the TCN will be level by level Forward to the root bridge, and finally the root replies with a TC message (TC position 1 in the flag bit) to all non-root bridges, so that all bridges temporarily modify the aging time of the MAC address table from 5min to 15s.
Election process
The two roles of the device and the three roles of the interface
① Root bridge (ROOT): A bridge that is elected as the root bridge among all switches in a spanning tree. There is one and only one spanning tree.
②Non-root bridge: a bridge that has not been elected as the root.
③Root Port: There is one and only one in each non-root bridge, and the interface closest to the root bridge will receive BPDUs from the root bridge.
④Designated Port: There is one and only one on each physical link with STP, and BPDU will be forwarded.
⑤Non-designated interface: an interface that is logically blocked.
Note: The interfaces on the root bridge are all designated interfaces, each STP link has a designated port, and the opposite end of the designated interface is the root interface or a non-designated port.
In the election sequence, the
root bridge is selected first, and then the root interface is selected on each bridge. The opposite end of the root interface is the designated interface, and then the designated interface is found on the link without the root interface, and the corresponding is undesignated interface.
Election rules
① Root bridge election:
Compare the BIDs in the BPDUs sent by all bridge devices (bridge ID = bridge priority + MAC address).
The bridge priority range is 0-65535, the default is 32768, the smaller the better.
Transparent switches (switches that cannot be configured) have no MAC, Layer 2 switches have one MAC, and Layer 3 and above switches have multiple MACs.
First compare the bridge priority, the smaller the value, the better, if the bridge priority is the same, the table is compared to the MAC address, the smaller the value, the better.
② Root interface selection:
compare the minimum cost value when entering through the interface after sending a BPDU from the root bridge. Different bandwidths have different cost values.
If the inbound cost value is the same, compare the BIDs of the two bridges at the opposite ends of the two bridges (according to the root bridge election rules), and use this rule to select the root interface of the local bridge. Even if the current root bridge fails, the root network After the bridge is changed, the root interface does not need to be changed.
If the BID of the opposite end is the same (the opposite ends of the two interfaces are the same device), compare the PIDs of the opposite ends of the two interfaces (port ID = interface priority + interface number). The interface priority range is 0-255, and the default is 128. The smaller the better.
If the PIDs of the opposite ends are the same (the opposite ends of the two interfaces are the same interface, using a hub or transparent switch for transition), compare the PIDs of the two local interfaces, and the smaller the better. So far, the results must be compared.
③Designated interface selection:
First, the opposite ends of all root interfaces are designated interfaces, and the cost values of the interfaces at both ends when transferring BPDUs from the root bridge are compared in the remaining links.
If the outgoing cost value is the same, compare the BIDs of the two bridges.
If the BID is the same (two interfaces of the same bridge are connected to each other), compare the PIDs of the two local interfaces.
If the PID is the same (a certain interface of a certain bridge is self-connected through a hub or a transparent switch), the port is directly blocked, that is, it is regarded as a non-designated port.
Interface cost value reference standard
(1) 802.1D standard cost value:
| 10M | 100 |
|---|---|
| 100M | 19 |
| 1000M | 4 |
| 10000M | 2 |
| >100000M | 1 |
(2) 802.1T standard cost value:
100M 200000
1000M 20000
Gigabit 20,000, and so on.
Huawei equipment uses the 802.1T standard by default, which can be modified by the command stp pathcost-standard?
Election example
Note: When configuring STP, the root bridge should at least interfere with the convergence layer, and the root bridge should not be at the access layer.
State of the STP interface
①Down state: normally power on, switch to the next state after communication;
②Listening state: 15s, all switches send and receive BPDUs, elect all roles, non-designated ports enter the blocking state, and the root port and designated ports enter the next state;
③Learning state: 15s, All switches receive and record the source MAC address of the data frame and generate a MAC table.
④Forwarding state: The root port and the designated port finally enter the forwarding state, and normally send and receive BPDUs.
The convergence time of the 802.1D algorithm
①First convergence: 30s ②Two
situations of convergence after structural changes
(1) Direct connection detection: 30s, after a switch has a structural mutation, only one blocking interface can receive BPDUs from neighboring bridges, then this interface It will enter the normal 30s convergence stage.
(2) Indirect connection detection: 20 (Hold time) + 30 (convergence time) = 50s. After a structural change, a switch is disconnected from the switching network. Only the blocked port at the opposite end can receive the sub-optimal BPDU sent by itself. At this time, it can only wait for the neighbor's 20s protection time and 30s to reconverge again.
Disadvantages of 802.1D
①The convergence speed is slow;
②The link utilization rate is low (Cisco proposed, and Cisco's private PVST protocol appeared later).
PVST
VLAN-based Spanning Tree Protocol, one VLAN for one tree, after the root bridges of different trees are defined to different devices at the aggregation layer, the blocked links of multiple VLANs are not the same link, so that all interfaces work , It only serves for different VLANs, which improves the utilization of the link.
Example (Cisco equipment):
【SW0】
【SW1】
【SW2】
As shown in the figure below, lower the bridge priority value of SW2 in the spanning tree of VLAN 2 (that is, as the root bridge of VLAN 2).
In this topology, the three links are switchport mode trunk links with vlan 2 added. SW0 serves as the root in VLAN 1. After SW1 reduces the bridge priority (the bridge priority in Cisco equipment is a multiple of 4096 (the number of VLAN IDs) + VLAN ID), SW1 serves as the root in VLAN 2. As a result, all interfaces turn green, and the two interfaces of SW2 play different roles in the two spanning trees, so that each link is evenly utilized.
Disadvantages of PVST
①Convergence is slower, because the 802.1D algorithm is still used in a single tree;
②It does not support public 802.1D trunk roads, only Cisco private trunk roads (ISL);
③There are more spanning trees, which consumes resources such as calculations (Cisco equipment There is a separate chip to handle multiple spanning trees).
PVST +
The upgraded version of PVST is compatible with the 802.1Q Trunk link encapsulation, and the initial convergence time is still 30s, but some acceleration methods (port acceleration, uplink acceleration, and backbone acceleration) are designed, generally the default STP of Cisco switches.
①Port Fast (Portfast)
The port used to connect to the PC can enter the forwarding state directly without converging.
②Uplink fast (Uplinkfast) For
the environment where there is a direct connection detection condition, the device with the uplink acceleration turned on, in the case of a direct connection detection situation, the blocked port will directly become the root port without the need for 30s convergence. It should be noted that this command can only be configured on the access layer device. Therefore, after the uplink acceleration is enabled on a switch, the bridge priority and interface priority of the device will become larger, so that the device cannot become the root network. Bridges and interfaces are also likely to become blocked ports.
③Backbone acceleration It is
used to save the 20s hold time waiting when receiving the sub-optimal BPDU, and directly enter the 30s convergence.
Rapid Spanning Tree (RSTP and 802.1W)
| RSTP | 802.1W |
|---|---|
| Cisco Proprietary | Public |
| PVST+ upgrade version | 802.1D upgrade version |
| One spanning tree per VLAN | A switching network, a spanning tree |
Quick principle:
① Cancel the timer, and immediately enter the next interface state (the main reason) after each interface state work is completed.
② Segmented synchronization, no need to wait for the root switch to issue TC, and direct devices to converge step by step (depending on the flag bit request and consent flag bit, the first and sixth bits).
③ The Hello time of BPDU is 2s, and the Dead time is changed from 20s to 6s.
④Integrate port acceleration (edge interface, Huawei equipment configuration command: stp edged-port enable), uplink acceleration, and backbone acceleration.
Example (Huawei equipment):
You can manually configure SW1 as the primary root. This command will automatically lower the priority of the bridge by two 4096.
Manually configure SW2 as the secondary root (after the primary root device fails, it will act as the primary root first), this command will automatically lower the priority of the bridge by 4096.
Configure edge interface acceleration on the interface connecting SW3 to the host.
MSTP(802.1S)
Multi-spanning tree protocol, and then upgrade on the rapid spanning tree, based on grouping STP, put multiple VLANs in the same group, each group has a spanning tree, and each group is still based on the logic of priority + group number To distinguish BPDUs.
Examples:
[SW1] [SW2] [SW3] Same configuration part:
port-group group-member e0/0/1 to e0/0/2
port link-type trunk
port trunk allow-pass vlan all //Set the trunk interface and allow all vlans
q
vlan batch 2 to 10 //Create VLAN 2 to 10
stp mode mstp //Set the STP mode to MSTP
stp region-configuration //Enter the configuration of the MSTP group
region-name a //Set the MSTP group name to a
instance 1 vlan 1 to 5 //Put vlan 1 to 5 into group 1
instance 2 vlan 6 to 10 //Put valn 6 to 10 into the group 2
active region-configuration //Start the current group configuration
[SW1]
stp instance 1 root primary //SW1 serves as the primary root in group 1
stp instance 2 root secondary //SW1 serves as the backup root in group 2 (secondary root)
[SW2]
stp instance 2 root primary //SW2 serves as the primary root in group 2 The primary root
stp instance 1 root secondary //SW2 serves as the secondary root in group 1
[SW3] So
far, MSTP grouping spanning tree is realized, mutual backup is realized, and the link utilization rate is sufficient, and the convergence speed is fast.