1. Insufficiency of STP
Although the STP protocol can solve the loop problem, the convergence of the network topology is slow. If the topology structure in the network changes frequently, the network will frequently lose reachability, resulting in frequent communication interruptions.
Insufficient point 1 : STP does not distinguish between port status and port role in detail.
From the user's point of view , there is no difference between Listening, Learning, and Blocking states, and user traffic is not forwarded in the same way.
From the perspective of data configuration , the most essential difference between ports is not the status of the ports, but the role of the ports. Because the root port and the designated port can both be in the Listening state or both in the Forwarding state.
Disadvantage 2 : The STP algorithm is a passive algorithm, relying on timers to wait for topology changes to be judged, and the convergence speed is slow.
Disadvantage 3 : The STP algorithm requires that in a stable topology, the root bridge actively sends out a configuration BPDU message, and other devices process the configuration BPDU after receiving it, and then pass it on to the entire STP network. This is also one of the main reasons for slow topology convergence.
2. The improvement of RSTP to STP:
1. Refinement of port roles:
Compared with STP, RSTP adds two types of port roles, and there are four types in total: root port, designated port, alternate port, and backup port.
The description of Alternate port and Backup port is as follows:
① From the perspective of configuring BPDU message sending:
The alternate port is the port that is blocked due to learning configuration BPDU packets sent by other bridges.
The backup port is the port that is blocked because it learns the configuration BPDU message sent by itself.
② From the flow point of view:
The alternate port provides another switchable path from the designated bridge to the root, acting as a backup port for the root port.
The backup port serves as the backup of the designated port, providing another backup path from the root bridge to the corresponding network segment.
The process of assigning roles to all ports in an RSTP domain is the process of the entire topology convergence.
2. Reclassification of port status
The state specification of RSTP reduces the original five states to three. According to whether the port forwards user traffic and learns MAC addresses:
① If the user traffic is not forwarded and the MAC address is not learned, the port status is the Discarding status.
②If the user traffic is not forwarded but the MAC address is learned, the port status is the Learning status.
③ If both forwarding user traffic and learning MAC address, then the port status is Forwarding status.
3. Configure the change of BPDU format
The change of the configuration BPDU format makes full use of the Flag field in the STP protocol packet to clarify the role of the port. In addition to ensuring that the format of the BPDU message is basically the same as that of STP, RSTP has made some minor changes:
①In the Type field, the configuration BPDU type is no longer 0 but 2 , so the device running STP will discard the RSTP configuration BPDU when it receives it .
②The Flags field uses the middle 6 bits originally reserved, and the configuration BPDU changed in this way is called RST BPDU.
4. The processing of the configuration BPDU has changed
① After the topology is stable, configure the sending method of BPDU messages
After the topology is stable, the root bridge sends configuration BPDUs at intervals specified by the Hello Timer. Other non-root bridge devices will trigger and send configuration BPDUs after receiving configuration BPDUs sent by upstream devices. This method makes the calculation of the STP protocol complex and slow. RSTP has improved this, that is, after the topology is stable, no matter whether the non-root bridge device receives the configuration BPDU message from the root bridge, the non-root bridge device still sends the configuration BPDU according to the time interval specified by the Hello Timer. Autonomously by each device.
②Shorter BPDU timeout
If a port does not receive configuration BPDUs from the upstream device within 3 consecutive hello times, the device considers that the negotiation with the neighbor has failed. Unlike STP, you need to wait for a Max Age first.
③Processing inferior BPDU
When a port receives the RST BPDU message from the upstream designated bridge, the port will compare the RST BPDU stored by itself with the received RST BPDU.
If the priority of the RST BPDU stored by the port is higher than that of the received RST BPDU, the port will directly discard the received RST BPDU and immediately respond to the RST BPDU stored by itself. When the upstream device receives the RST BPDU responded by the downstream device, the upstream device will immediately update the RST BPDU stored by itself according to the corresponding fields in the received RST BPDU message.
Therefore, RSTP no longer depends on any timer to resolve topology convergence through timeout when processing inferior BPDU packets, thereby speeding up topology convergence.
5. Fast convergence
①Proposal/Agreement Mechanism
After a port is elected as a designated port, in STP, the port will wait for at least one Forward Delay (Learning) time before migrating to the Forwarding state. In RSTP, the port will first enter the Discarding state, and then quickly enter the Forward state through the Proposal/Agreement mechanism. This mechanism must be used on point-to-point full-duplex links.
②Root port fast switching mechanism
If a root port in the network fails, the optimal alternate port in the network will become the root port and enter the Forwarding state. Because there must be a designated port on the network segment connected through this alternate port that can lead to the root bridge.
③Introduction of edge ports
In RSTP, if a designated port is located at the edge of the entire network, it is no longer connected to other switching devices, but directly connected to terminal devices. This port is called an edge port.
Edge ports do not receive and process configuration BPDUs and do not participate in RSTP calculations. They can be directly switched from Disabled to Forwarding state without delay, just like disabling STP on a port. However, once the edge port receives the configuration BPDU, it loses the edge port attribute and becomes a common STP port, and recalculates the spanning tree, causing network vibration.
6. Protection function
| Protective function |
Scenes |
principle |
| BPDU protection |
On switching devices, ports directly connected to non-switching devices such as user terminals (such as PCs) or file servers are usually configured as edge ports. Normally, edge ports will not receive RST BPDUs. If someone forges RST BPDUs to maliciously attack the switching device, when the edge port receives the RST BPDU, the switching device will automatically set the edge port as a non-edge port and recalculate the spanning tree, causing network vibration. |
After the BPDU protection function is enabled on the switching device, if an edge port receives an RST BPDU, the edge port will be error-down, but the attributes of the edge port will not change, and the network management system will be notified at the same time. |
| root protection |
Due to misconfiguration by maintenance personnel or malicious attacks on the network, the legitimate root bridge in the network may receive RST BPDUs with higher priority, causing the legitimate root bridge to lose its root status, thereby causing wrong changes in the network topology. This illegal topology change will cause the traffic that should originally pass through the high-speed link to be diverted to the low-speed link, causing network congestion. |
For a designated port with root protection enabled, its port role can only be designated as a designated port. Once the designated port enabled with the root protection function receives a higher-priority RST BPDU, the port state will enter the Discarding state and no longer forward packets. After a period of time (usually twice the Forward Delay), if the port has not received a higher priority RST BPDU, the port will automatically return to the normal Forwarding state. illustrate: The root protection function can only take effect on the specified port. |
| loop protection |
In a network running the RSTP protocol, the state of the root port and other blocked ports is maintained by continuously receiving RST BPDUs from the upstream switching device. When these ports cannot receive the RST BPDU from the upstream switching device due to link congestion or unidirectional link failure, the switching device will re-elect the root port at this time. The original root port will become a designated port, and the original blocked port will move to the forwarding state, which may cause a loop in the switching network. |
After the loop protection function is enabled, if the root port or alternate port does not receive the RST BPDU from the upstream for a long time, it will send a notification message to the network management (if it is the root port, it will enter the Discarding state). The blocked port will always remain in the blocked state and will not forward packets, so that no loops will be formed in the network. The port status will return to the Forwarding state until the root port or the Alternate port receives the RST BPDU. illustrate: The loop protection function can only take effect on the root port or alternate port. |
| Anti-TC-BPDU attack |
After receiving the TC BPDU message, the switching device will delete the MAC address entry and the ARP entry. If someone forges TC BPDUs to maliciously attack the switching device, the switching device will receive many TC BPDUs in a short period of time. Frequent deletion operations will impose a heavy burden on the device and bring great risks to network stability. |
After the anti-TC-BPDU packet attack function is enabled, the number of times the switching device processes TC BPDU packets per unit time is configurable. If the number of TC BPDUs received by the switching device exceeds the configured threshold within a unit time, the device will only process the number of times specified by the threshold. For other TC BPDUs that exceed the threshold, the device only processes them once after the timer expires. In this way, frequent deletion of MAC address entries and ARP entries can be avoided, thereby achieving the purpose of protecting the device. |
3. Personal opinions on RSTP
1. Port role:
DP: outgoing BPDU
RP: Incoming BPDU
AP: Incoming BPDUs, alternet is the suboptimal path to the root bridge (the second closest), and the AP is a blocked port on a non-designated switch. (Designated switch and non-designated switch are for a certain link, the four parameters of PK) As the backup of RP, the method of exclusion is usually used to finally confirm the AP (that is, if a certain interface is blocked and not BP, it must be AP or a certain interface is not DP RP BP that must be AP)
BP: Incoming BPDU, backup port self-loop will appear as the backup of DP. A certain port receives the bpdu sent by itself. The port must be BP. BP is the blocked port on the designated switch. In terms of PK four parameters) or BP is a blocked port on the same switch as the DP port. (The bpdu that flows out by myself is received by myself) Or another way of thinking: stand on a certain link and look at the switch, there must be a designated switch (PK four parameters), and the PC on this link reaches the root through this switch Bridge, the port on the link (and the interface belonging to the designated switch) is blocked, and the port must be BP. (A certain link: BP is a blocked port on the same switch as the DP port)
The difference between AP and BP: both are blocked ports, but the location is different. BP is the blocked interface on the designated switch, and AP is the blocked interface on the non-designated switch. The purpose of setting AP and BP is to quickly converge, that is, to speed up the convergence when the STP topology changes.
BP and DP must appear on the same link of the same switch, that is, both are on the designated switch. BP is used as the backup of DP, that is, when DP fails, the designated switch will use BP as the new DP. BP is only possible in the case of self-loop, and BP is used as the backup of DP. The self-loop is the BPDU sent by itself, which can still be received by itself.
The RP is used as the BPDU inflow port, facing Root, and the opposite end of the RP must have a DP, and at least one port on the opposite end is outflow. At least one mouth is out
Each link has one and only one DP, that is, there is an interface that flows into the link. Because each link may have a PC. Of course, when multiple lines are connected to a HUB, it is regarded as a link.
The difference between RSTP and STP:
1. The same point: RSTP and STP are the same in the conclusion of the election
2. RSTP is fast and STP is slow, especially when the topology changes, RSTP will converge faster
The improvement that RSTP converges faster than STP Three fast convergence measures:
① PA mechanism: Proposal (question)/Agreement (answer) mechanism: solve the timer problem (stp port enters the forwarding state every time it has to wait for the timer for 30s, and the PA mechanism in RSTP enables the designated port to enter the forwarding state in seconds)
② Root port fast switching mechanism
Two ports are not affected by the negotiation mechanism: edge port and AP port
③ Edge port mechanism
Let’s talk about the P/A mechanism of RSTP in detail later! If you are interested, you can pay attention to it!