Beruflich Dokumente
Kultur Dokumente
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Worldwide Education Services
Chapter Objectives
After successfully completing this chapter, you will be
able to:
Explain when a spanning tree is required
Describe STP and RSTP operations
List some advantages of using RSTP over STP
Configure and monitor RSTP
Describe the BPDU, loop, and root protection features
Configure and monitor the BPDU, loop, and root protection
features
www.juniper.net | 4-2
www.juniper.net | 4-3
User A
MAC: 00:26:88:02:74:86
Switch-1
Switch-2
User B
MAC: 00:26:88:02:74:87
User C
MAC: 00:26:88:02:74:88
User D
MAC: 00:26:88:02:74:89
www.juniper.net | 4-4
What If ?
What if a broadcast frame or a frame with an
unknown destination MAC address were sent into a
Layer 2 network with redundant paths?
Example: Source MAC: 00:26:88:02:74:86 / Destination MAC: 00:26:88:02:74:95
User A
MAC: 00:26:88:02:74:86
User B
MAC: 00:26:88:02:74:87
Switch-1
Flood
Layer 2 Loop
Switch-2
User C
MAC: 00:26:88:02:74:88
Flood
User D
MAC: 00:26:88:02:74:89
Switch-3
Flood
User E
MAC: 00:26:88:02:74:90
2011 Juniper Networks, Inc. All rights reserved.
User F
MAC: 00:26:88:02:74:91
www.juniper.net | 4-5
User Traffic
User Traffic
Loop Free
Environment
Host B
Host A
Switch-2
Switch-3
No User Traffic
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 4-6
Switch-2
BPDUs
Loop Free
Environment
Switch-3
Switch-2
User Traffic
Switch-3
No User Traffic
www.juniper.net | 4-7
www.juniper.net | 4-8
www.juniper.net | 4-9
Port States
Each individual port of each bridge can be in one of
four states:
Blocking
The port drops all data packets and listens to BPDUs
The port is not used in active topology
Listening
The port drops all data packets and listens to BPDUs
The port is transitioning and will be used in active topology
Learning
The port drops all data packets and listens to BPDUs
The port is transitioning and the switch is learning MAC addresses
Forwarding
The port receives and forwards data packets and sends and
receives BPDUs
The port has transitioned and the switch continues to learn MAC
addresses
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 4-10
DA
SA
Length
LLC
BPDU
FCS
BPDU types:
Configuration BPDUs
Used to build the spanning-tree topology
www.juniper.net | 4-11
BPDU Format
Octets
Protocol ID
BPDU Type:
0x00 (Configuration BPDU)
0x80 (TCN BPDU)
Protocol Version
BPDU Type
Flags
Root ID
Port Number
2
1
1
1
2
Bridge ID
Port ID
Message Age
Max Age
Hello Time
Forward Delay
Bridge Address
6
www.juniper.net | 4-12
Host B
Host A
Switch-2
2011 Juniper Networks, Inc. All rights reserved.
Switch-3
Worldwide Education Services
www.juniper.net | 4-14
Root ports on switches are placed in the forwarding state; root bridge has no root ports
Designated ports on designated bridges are placed in the forwarding state
All other ports are placed in the blocking state
Switch-1 (Root Bridge)
F,D F,D
= Blocking
F,R
Host A
F,D
F,R
F,D
Switch-2
2011 Juniper Networks, Inc. All rights reserved.
F,D
Host B
Switch-3
Worldwide Education Services
www.juniper.net | 4-15
Host A
Switch-2
F
F
Host B
Switch-3
www.juniper.net | 4-16
Reconvergence Example (1 of 2)
Steps:
1. Switch G fails
2. Switch Es port leaves forwarding state
3. Switch E sends TCNs out root port
every 2 seconds until Es root port
receives TCN ACK (configuration BPDU)
4. Switch B sends TCN ACK
5. Switch B sends TCN out root port
6. Switch A sends TCN ACK
Root
A
G
2011 Juniper Networks, Inc. All rights reserved.
Switch fails
www.juniper.net | 4-17
Reconvergence Example (2 of 2)
Steps (contd.):
7. The root bridge sets the topology change flag
and sends an updated configuration BPDU
8. Switches B and C relay the topology
change flag to downstream switches
MAC Fwd
9. All nonroot bridges change the
Table Aging
Time: 15
MAC address forwarding table
Sec
B
aging timer to equal the forwarding
delay time (default: 15 seconds)
D
MAC Fwd
Table Aging
Time: 15 Sec
Root
A
MAC Fwd
Table Aging
Time: 15
Sec
MAC Fwd
Table Aging
Time: 15 Sec
MAC Fwd
Table Aging
Time: 15 Sec
www.juniper.net | 4-18
www.juniper.net | 4-19
STP Drawbacks
Slow convergence time
STP uses timers to transition between port states
STP can take 30 to 50 seconds to respond to a topology change
(20 seconds for a BPDU to age out, 15 seconds for the listening
state, and 15 seconds for the learning state)
www.juniper.net | 4-20
www.juniper.net | 4-21
Alternate port:
D DD D
R A
R A
D B
A A
Switch-2
Switch-3
Backup port:
Provides a redundant path to a segment
(on designated switches only)
Blocks traffic while a more preferred port
functions as the designated port
Root Port = R
Designated Port = D
Alternate Port = A
Backup Port = B
www.juniper.net | 4-22
802.1D-2004
RSTP
Alternate Backup,
and Disabled Ports
Blocking
Discarding
Listening
Learning
Learning
Forwarding
Forwarding
www.juniper.net | 4-23
Switch-2
RA
R A
DB
A A
Switch-3
www.juniper.net | 4-24
Octets
2
1
1
1
Root ID
Message Age
Max Age
Hello Time
Forward Delay
Version 1 Length
2
2
Port ID
Version 1 Length0x0000
Worldwide Education Services
www.juniper.net | 4-25
RSTP:
Uses a proposal-and-agreement handshake on point-topoint links instead of timers
Exceptions are alternate ports that immediately transition to root,
and edge ports that immediately transition to the forwarding state
Nonedge-designated ports transition to the forwarding state once
they receive explicit agreement
www.juniper.net | 4-26
www.juniper.net | 4-27
Before
After
F F
Forwarding = F
Blocking = B
Root Port = R
R F
R F
D
F Inferior PDU
Switch-2
2011 Juniper Networks, Inc. All rights reserved.
A
B
Switch-3
R
F
D
Superior PDU F
Switch-2
Worldwide Education Services
R F
Designated Port = D
Alternate Port = A
Switch-3
www.juniper.net | 4-28
After
F F
Blocking = B
Root Port = R
R F
R F
D
F
Switch-2
2011 Juniper Networks, Inc. All rights reserved.
A
B
Switch-3
R F
Designated Port = D
D
F
R
F
Switch-2
Worldwide Education Services
Alternate Port = A
Switch-3
www.juniper.net | 4-29
RSTP
STP
Switch-1
Protocol Version0
(STP)
Switch-2
Protocol Version0x02
(RSTP)
Switch-3
Protocol Version0x02
(RSTP)
www.juniper.net | 4-30
www.juniper.net | 4-31
Configuring RSTP
[edit protocols rstp]
user@switch# show
bridge-priority 32k;
max-age 20;
hello-time 2;
forward-delay 15;
interface ge-0/0/10.0 {
disable;
}
interface ge-0/0/13.0 {
cost 20000;
mode point-to-point;
}
interface ge-0/0/14.0 {
priority 128;
mode shared;
}
interface ge-0/0/2.0 {
edge;
}
www.juniper.net | 4-32
www.juniper.net | 4-33
Interface
ge-0/0/10.0
ge-0/0/11.0
ge-0/0/12.0
ge-0/0/13.0
ge-0/0/14.0
ge-0/0/15.0
Port ID
128:523
128:524
128:525
128:526
128:527
128:528
Designated
port ID
128:523
128:524
128:525
128:526
128:527
128:528
Designated
bridge ID
32768.0019e2507c00
32768.0019e2507c00
32768.0019e2507c00
32768.0019e2503fe0
32768.0019e2503fe0
32768.0019e2503fe0
Port
Cost
20000
20000
20000
20000
20000
20000
State
Role
BLK
BLK
BLK
FWD
BLK
BLK
ALT
ALT
ALT
ROOT
ALT
ALT
ge-0/0/10.0
ge-0/0/11.0
ge-0/0/12.0
ge-0/0/13.0
ge-0/0/14.0
ge-0/0/15.0
BPDUs sent
7
7
7
7
7
7
BPDUs received
5
5
5
4
5
5
Next BPDU
transmission
0
0
0
0
0
0
www.juniper.net | 4-34
Switch-1
ge-0/0/1.0
Switch-3
Switch-2
ge-0/0/8.0
Root Bridge
ge-0/0/8.0
ge-0/0/12.0
Switch-4
www.juniper.net | 4-35
D F
R F
Switch-2
ge-0/0/1.0
D
F
A
B
D
F
Switch-3
ge-0/0/12.0
Forwarding = F
Blocking = B
Root Port = R
D F
ge-0/0/8.0
Root Bridge
Switch-1
ge-0/0/8.0
R
F
A B
Switch-4
Designated Port = D
Alternate Port = A
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 4-36
D
F
D
F
Switch-3
Switch-2
ge-0/0/1.0
R
F
D
ge-0/0/12.0
Forwarding = F
Blocking = B
Root Port = R
D F
ge-0/0/8.0
Root Bridge
Switch-1
ge-0/0/8.0
A
B
R F
Switch-4
Designated Port = D
Alternate Port = A
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 4-37
ge-0/0/1.0
Switch-3
Switch-2
ge-0/0/8.0
Root Bridge
Switch-1
ge-0/0/8.0
ge-0/0/12.0
Forwarding = F
Blocking = B
Root Port = R
Designated Port = D
R
F
A B
Switch-4
Alternate Port = A
2011 Juniper Networks, Inc. All rights reserved.
www.juniper.net | 4-38
www.juniper.net | 4-39
What If?
Given the topology below, what if User A connects a
personal (unauthorized) switch running the spanning
tree protocol to Switch-2?
Switch-1 (Root Bridge)
Switch-1
BPDUs
User A
User A
Switch-2
Switch-2
Switch-3
Switch-3
www.juniper.net | 4-40
BPDU Protection
BPDU protection prevents rogue switches from
connecting to the network and causing undesired
Layer 2 topology changes and possible outages
If a BPDU is received on a protected interface, the interface
is disabled and transitions to the blocking state
Edge port is disabled if BPDU is
received on protected interface
User A
Switch-2
Switch-3
www.juniper.net | 4-41
{master:0}[edit ethernet-switching-options]
user@Switch-2# show
bpdu-block {
interface ge-0/0/6.0;
}
User A
Switch-2
ge-0/0/6.0
www.juniper.net | 4-42
ge-0/0/6.0
User A
Switch-2
ge-0/0/6.0
Port ID
128:519
Designated
port ID
128:519
Designated
bridge ID
32768.0019e2516580
Port
Cost
20000
State
Role
FWD
DESG
{master:0}
user@Switch-2> show ethernet-switching interfaces ge-0/0/6.0
Interface
State VLAN members
Tag
Tagging Blocking
ge-0/0/6.0
up
default
untagged unblocked
{master:0}
user@Switch-2> show ethernet-switching interfaces ge-0/0/6.0
Interface
State VLAN members
Tag
Tagging Blocking
ge-0/0/6.0
down
default
untagged Disabled by bpdu-control
{master:0}
user@Switch-2> clear ethernet-switching bpdu-error interface ge-0/0/6.0
Re-enables interface
www.juniper.net | 4-43
www.juniper.net | 4-44
What If?
Given the topology below, what if BPDUs sent by
Switch-2 were not received by Switch-3?
Switch-1 (Root Bridge)
Layer 2 Loop
R
Switch-2
Switch-3
Switch-2
A
D
Switch-3
www.juniper.net | 4-45
Loop Protection
The loop protection feature provides additional
protection against Layer 2 loops by preventing nondesignated ports from becoming designated ports
Enable loop protection on all non-designated ports
Ports that detect the loss of BPDUs transition to the loop
inconsistent role which maintains the blocking state
Port automatically transitions back to previous or new role when it
receives a BPDU
Switch-1 (Root Bridge)
D D
Loop
Protection
R
D
Switch-2
2011 Juniper Networks, Inc. All rights reserved.
R
A
Switch-3
www.juniper.net | 4-46
Loop Protection
ge-0/0/12.0
Switch-2
Switch-3
www.juniper.net | 4-47
Port ID
128:523
128:525
Designated
port ID
128:523
128:525
Designated
bridge ID
4096.002688027490
16384.0019e2516580
Port
Cost
20000
20000
State
Role
FWD
BLK
ROOT
ALT
Port
Cost
20000
20000
State
Role
FWD
BLK
ROOT
DIS (Loop-Incon)
Port ID
128:523
128:525
Designated
port ID
128:523
128:525
Designated
bridge ID
4096.002688027490
32768.0019e2553600
www.juniper.net | 4-48
www.juniper.net | 4-49
What If?
Given the topology and details below, what if a rogue
switch with a bridge priority of 4K was connected to
the Layer 2 network?
Switch-1 (Root Bridge)
Priority = 8k
Aggregation
BPDUs
Access
Switch-2
Priority = 32k
Switch-1
Switch-3
Priority = 32k
Switch-2
Switch-3
www.juniper.net | 4-50
Root Protection
Enable root protection to avoid unwanted STP
topology changes and root bridge placement
If a superior BPDU is received on a protected interface, the
interface is disabled and transitions to the blocking state
Switch-1 (Root Bridge)
Priority = 4k
Switch-2
Priority = 8k
Aggregation
Access
Switch-3
Priority = 32k
Switch-4
Priority = 32k
Switch-5
Priority = 32k
www.juniper.net | 4-51
Switch-2
Priority = 8k
Aggregation
Access
Switch-3
Priority = 32k
Switch-4
Priority = 32k
Switch-5
Priority = 32k
Worldwide Education Services
www.juniper.net | 4-52
ge-0/0/6.0
ge-0/0/7.0
ge-0/0/8.0
ge-0/0/12.0
ge-0/0/13.0
Port ID
128:519
128:520
128:521
128:525
128:526
Designated
port ID
128:519
128:520
128:521
128:525
128:526
Designated
bridge ID
4096.0019e2516580
4096.0019e2516580
4096.0019e2516580
4096.0019e2516580
4096.0019e2516580
Port
Cost
20000
20000
20000
20000
20000
State
Role
FWD
FWD
FWD
FWD
FWD
DESG
DESG
DESG
DESG
DESG
Port ID
128:519
128:520
128:521
128:525
128:526
Designated
port ID
128:519
128:520
128:521
128:525
128:526
Designated
bridge ID
0.002688027490
4096.0019e2516580
4096.0019e2516580
4096.0019e2516580
4096.0019e2516580
Port
Cost
20000
20000
20000
20000
20000
State
Role
BLK
FWD
FWD
FWD
FWD
ALT (Root-Incon)
DESG
DESG
DESG
DESG
www.juniper.net | 4-53
Summary
In this chapter, we:
Explained when a spanning tree is required
Described STP and RSTP operations
Listed some advantages of using RSTP over STP
Configured and monitored RSTP
Described the BPDU, loop, and root protection features
Configured and monitored the BPDU, loop, and root
protection features
www.juniper.net | 4-54
Review Questions
1.
2.
3.
4.
www.juniper.net | 4-55
www.juniper.net | 4-56