· STP detects and prevents Layer 2 bridging loops from forming. Parallel paths can exist, but only one is allowed to forward frames.
· STP is based on the IEEE 802.1D bridge protocol standard.
· Switches run one instance of STP per VLAN with Per-VLAN Spanning Tree (PVST). PVST between switches requires the use of Inter-Switch Link (ISL) trunking.
· For IEEE 802.1Q trunks, only a single instance of STP is allowed for all VLANs. The Common Spanning Tree (CST) is communicated over VLAN 1.
· PVST+ is a Cisco proprietary extension that allows switches to interoperate between CST and PVST. PVST bridge protocol data units (BPDUs) are tunneled over an 802.1Q trunk. Catalyst switches run PVST+ by default.
· Multiple Instance Spanning Tree Protocol (MISTP) is also a Cisco proprietary protocol that allows one instance of STP for one or more VLANs via a mapping function. This allows faster convergence with a lower CPU overhead and fewer BPDUs. MISTP discards PVST+ BPDUs.
· MISTP-PVST+ is a hybrid STP mode used to transition between PVST+ and MISTP in a network. BPDUs from both modes are understood and not discarded.
· Multiple Spanning Tree (MST), based on the IEEE 802.1s standard, extends the 802.1w Rapid Spanning Tree Protocol (RSTP) to have multiple STP instances.
- MST is backward-compatible with 802.1D, 802.1w, and PVST+ STP modes.
- Switches configured with common VLAN and STP instance assignments form a single MST region.
- MST can generate PVST+ BPDUs for interoperability.
- MST supports up to 16 instances of STP.
· Switches send BPDUs out all ports every Hello Time interval (default 2 seconds).
· BPDUs are not forwarded by a switch; they are used only for further calculation and BPDU generation.
· Switches send two types of BPDUs:
- Configuration BPDU
- Topology change notification (TCN) BPDU
NOTE
BPDUs are sent to the well-known STP multicast address 01-80-c2-00-00-00, using each switch port's unique MAC address as a source address.
STP Process
1. Root bridge election The switch with the lowest bridge ID becomes the root of the spanning tree. A bridge ID (BID) is made up of a 2-byte priority and a 6-byte MAC address. The priority can range from 0 to 65535 and defaults to 32768.
2. Root port election Each nonroot switch elects a root port, or the port "closest" to the root bridge, by determining the port with the lowest root path cost. This cost is carried along in the BPDU. Each nonroot switch along the path adds its local port cost of the port that receives the BPDU. The root path cost becomes cumulative as new BPDUs are generated.
3. Designated port election One switch port on each network segment is chosen to handle traffic for that segment. The port that announces the lowest root path cost in the segment becomes the designated port.
4. Bridging loops are removed Switch ports that are neither root ports nor designated ports are placed in the blocking state. This step breaks any bridging loops that would form otherwise.
STP Tiebreakers
When any STP decision has identical conditions or a tie, the final decision is based on this sequence of conditions:
1. The lowest BID
2. The lowest root path cost
3. The lowest sender BID
4. The lowest port ID
Path Costs
By default, switch ports have the path costs defined in
Table 7-1.
Table 7-1. Switch Port Path Costs
Port Speed
Default Port Cost "Short Mode"
Default Port Cost "Long Mode"
4 mbps
250
N/A
10 mbps
100
2,000,000
16 mbps
62
N/A
45 mbps
39
N/A
100 mbps
19
200,000
155 mbps
14
N/A
622 mbps
6
N/A
1 gbps
4
20,000
10 gbps
2
2000
100 gbps
N/A
200
1000 gbps (1 tbps)
N/A
20
10 tbps
N/A
2
By default, Catalyst switches in PVST+ mode use the "short mode" or 16-bit path or port cost values. When the port speeds in a network are less than 1 gbps, the short mode scale is sufficient. If you have any ports that are 10 gbps or greater, however, set all switches in the network to use the "long mode" or 32-bit path cost scale. This ensures that root path cost calculations are consistent on all switches. Switches using MISTP, MISTP-PVST+, or MST automatically use the long-mode values.
NOTE
The IEEE uses a nonlinear scale to relate the port bandwidth of a single link to its port cost value. STP treats bundled links, such as Fast EtherChannel and Gigabit EtherChannel, as a single link with an aggregate bandwidth of the individual links. As a result, remember that the port or path cost used for a bundled EtherChannel will be based on the bundled bandwidth. For example, a two-link Fast EtherChannel has 200 mbps bandwidth and a path cost of 12. A four-link Gigabit EtherChannel has 4 gbps bandwidth and a path cost of 2. Use
Table 7-1 to see how these EtherChannel aggregate bandwidth and port costs relate to the values of single or individual links.
STP Port States
Each switch port progresses through a sequence of states:
1. Disabled Ports that are administratively shut down or shut down due to a fault condition. (MST calls this state discarding.)
2. Blocking The state used after a port initializes. The port cannot receive or transmit data, cannot add MAC addresses to its address table, and can receive only BPDUs. If a bridging loop is detected, or if the port loses its root or designated port status, it will be returned to the blocking state. (MST calls this state discarding.)
3. Listening If a port can become a root or designated port, it is moved into the listening state. The port cannot receive or transmit data and cannot add MAC addresses to its address table. BPDUs can be received and sent. (MST calls this state discarding.)
4. Learning After the Forward Delay timer expires (default 15 seconds), the port enters the learning state. The port cannot transmit data, but can send and receive BPDUs. MAC addresses can now be learned and added into the address table.
5. Forwarding After another Forward Delay timer expires (default 15 seconds), the port enters the forwarding state. The port can now send and receive data, learn MAC addresses, and send and receive BPDUs.
STP Topology Changes
· If a switch port is moved into the forwarding state (except when PortFast is enabled), a topology change is signaled.
· If a switch port is moved from the forwarding or learning state into the blocking state, a topology change is signaled.
· To signal a topology change, a switch sends TCN BPDUs on its root port every hello time interval. This occurs until the TCN is acknowledged by the upstream designated bridge neighbor. Neighbors continue to relay the TCN BPDU on their root ports until it is received by the root bridge.
· The root bridge informs the entire spanning tree of the topology change by sending a configuration BPDU with the topology change (TC) bit set. This causes all downstream switches to reduce their Address Table Aging timers from the default value (300 seconds) down to the Forward Delay (default 15 seconds). This flushes inactive MAC addresses out of the table faster than normal.
Improving STP Stability
· STP Root Guard can be used to help enforce the root bridge placement and identity in a switched network. When enabled on a port, Root Guard disables the port if a better BPDU is received. This prevents other unplanned switches from becoming the root.
· STP Root Guard should be enabled on all ports where the root bridge should not appear. This preserves the current choice of the primary and secondary root bridges.
· Unidirectional Link Detection (UDLD) provides a means to detect a link that is transmitting in only one direction, enabling you to prevent bridging loops and traffic black holes that are not normally detected or prevented by STP.
· UDLD operates at Layer 2, by sending packets containing the device and port ID to connected neighbors on switch ports. As well, any UDLD packets received from a neighbor are reflected back so that the neighbor can see it has been recognized. UDLD messages are sent at the message interval times, usually defaulting to 15 seconds.
· UDLD operates in two modes:
-
Normal mode Unidirectional links are detected and reported as an error, but no other action is taken.
-
Aggressive mode Unidirectional links are detected, reported as an error, and disabled after eight attempts (once a second for eight seconds) to reestablish the link. Disabled ports must be manually reenabled.
· STP Loop Guard detects the absence of BPDUs on the root and alternate root ports. Nondesignated ports are temporarily disabled, preventing them from becoming designated ports and moving into the forwarding state.
· STP Loop Guard should be enabled on the root and alternate root ports (both non-designated) for all possible active STP topologies.