A_SPANNING TREE PROTOCOL

2
 ➢ Many networks require 24 hour, seven day a week uptime
for their computer networks.
➢ Achieving 100% uptime is perhaps impossible but securing
a 99.999% or five nines uptime is a goal that organizations
often set.
➢ Fault tolerance is achieved by redundancy.
➢ Fault tolerance is the ability of a system to continue
providing a high level of service, even in the event of
hardware failures.

REDUNDANCY
➢ Redundancy refers to capacity beyond the minimum
required to meet required performance levels.

3
  A goal of redundant topologies is to eliminate network outages
caused by a single point of failure.
 All networks need redundancy for enhanced reliability.
 Networks with redundant paths and devices allow for more
network uptime.
 Redundant topologies eliminate single points of failure.
 If a path or device fails, the redundant (spare) path or device can
take over the tasks of the failed path or device.

REDUNDANT TOPOLOGIES
4
  A network that is based on
switches or bridges will
introduce redundant links
between those switches or
bridges to overcome the
failure of a single link.
 These connections introduce
physical loops into the
network.

These bridging loops are inevitable when

NETWORK REDUNDANCY
redundant connections are created so if
one link fails another can take over the
5
function of forwarding traffic.
 Switches flood traffic out all ports when the traffic is sent to a
destination that is not yet known.
 Broadcast and multicast traffic is forwarded out every port,
except the port on which the traffic arrived.
 This traffic can be caught in an infinite loop.

REDUNDANT TOPOLOGY AND

SPANNING TREE
6
  Switches learn the MAC addresses of devices on their ports
so that data can be properly forwarded to the destination.
 Switches will flood frames for unknown destinations until
they learn the MAC addresses of the devices.
 Broadcasts and multicasts also cause flooding behavior.
 A redundant switched topology may cause broadcast
storms, multiple frame copies, and MAC address table
instability problems.

REDUNDANT SWITCHED TOPOLOGIES

7
  Multicasts are treated as broadcasts by the switches.
 Broadcasts and multicast frames are flooded out all ports,
except the one on which the frame was received.
 The same broadcast may reach a switch from the original
source device, and then again via a redundant link from
another switch. The switch does not know that it is the
same broadcast, and floods the message once again.

BROADCAST STORMS
8
  The switches continue to propagate broadcast traffic over
and over creating a broadcast storm.
 This broadcast storm maycontinue until one of the switches
is disconnected.
 The switches and end devices will be so busy processing
the broadcasts that user traffic is unlikely to flow.
 The network will appear to be down or extremely slow.
BROADCAST STORMS
9
 In a redundant switched network it is possible for switches to learn the
wrong information.
 A switch can incorrectly learn that a MAC address is on one port, when
it is actually on a different port

MEDIA ACCESS CONTROL DATABASE

INSTABILITY (UNRELIABLE INFORMATION UN THE MAC ADDRESS
TABLE)
10
MEDIA ACCESS CONTROL DATABASE
INSTABILITY
Router Y is not in the MAC address table of either switch.
Host X sends a frame directed to Router Y.

Switches A and B learn the MAC address of Host X on port 0.

The frame to Router Y is flooded on port 1 of both switches.
Switches A and B see this information on port 1 and incorrectly learn
the MAC address of Host X on port 1.

11
  A physical topology that contains switching or bridging loops is
necessary for reliability, yet a switched network cannot have
loops.
 This creates a dilemma.
 The problem is solved via the spanning tree algorithm (STA)
REDUNDANT TOPOLOGY AND
SPANNING TREE
12
REDUNDANT TOPOLOGY AND
SPANNING TREE

 The solution is to allow physical loops, but create a loop

free logical topology.
E.G., by using the spanning tree algorithm, we can ensure that traffic destined
for the server farm attached to Cat-5 from any user workstation attached to
Cat-4 will travel through Cat-1 and Cat-2.
This will happen even though there is a direct physical connection between
Cat-5 and Cat-4.
The loop free logical
topology created is called
a tree and is a star or
extended star logical
topology, i.e. the
spanning tree of the
network.
13
 At left, physical and logical
loop exists in the network

REDUNDANT TOPOLOGY
At right, physical loop still AND
exists, but STP has removed
SPANNING TREE
the logical loop, by blocking
the ports that connect Cat-4 Physical
cable still
and Cat-5 present
 STP removes
(logical) loops to
create (logical)
‘trees’, with no
loops.

STP TRANSFORMS THE SWITCHED NETWORK

INTO A LOGICAL TREE STRUCTURE
15
 Ethernet bridges and switches can implement the IEEE 802.1D
Spanning-Tree Protocol and use the spanning-tree algorithm to
construct a loop free shortest path network.

SPANNING-TREE PROTOCOL
16
  Identify the shortest path from each switch/bridge to the root
bridge, and block all other paths.
 Shortest path is based on cumulative link costs.
 Link costs are based on the speed of the link.

SPANNING-TREE PROTOCOL
17
  Recall that router interfaces form a barrier to broadcasts.
 STP therefore operates only within a single broadcast domain on an Ethernet network
(unless there are multiple VLANs; see later).
 Switches exchange special frames (BPDUs – see later) to allow STP to determine the
spanning tree on the network (broadcast domain). These frames are not recognized by
routers or end devices.

SCOPE OF STP
18
 SPANNING TREE ALGORITHM
The spanning tree algorithm can be outlined
in the four following steps:

 Elect/identify the Root Bridge

 Elect/identify Root Ports – One on every non-root bridge

 Elect/identify Designated Ports – One on every segment

(i.e. collision domain); all ports on the root bridge
are designated ports.

 Block all other ports (Non-designated ports)

19
  The Spanning-Tree Protocol requires network devices to exchange
messages to detect bridging loops.
 Links that will cause a loop are put into a blocking state.

SPANNING-TREE PROTOCOL
20
SPANNING-TREE PROTOCOL

 The Spanning-Tree Protocol establishes a root node, called the

root bridge.
 The Spanning-Tree Protocol constructs a topology that has one
path for reaching every network node. (this is the ‘shortest’, i.e.
the lowest cost path)
 The resulting tree originates from the root bridge.
 Redundant links that are not part of the shortest path tree are
blocked.

21
SPANNING-TREE PROTOCOL

 The message that switches exchange, allowing the formation of

a loop free logical topology, is called a Bridge Protocol Data Unit
(BPDU).
 BPDUs continue to be received on blocked ports.
 This ensures that if an active path or device fails, a new
spanning tree can be calculated. Contents of
the BPDU

22
  When the network has stabilized, it has converged and
there is one spanning tree per network.
 At this point, for every switched network the following
elements exist:
One root bridge per network.

One root port per

non root bridge.

One designated port

per segment (= collision
SPANNING-TREE
)
domain
OPERATION
All other ports are
unused, non- 23
designated ports.
 When a switch is turned on, the spanning-tree algorithm is used to
identify the root bridge.
 BPDUs are sent out with the Bridge ID (BID).
 The BID consists of a bridge priority that defaults to 32768, and the
switch base MAC address.
 By default BPDUs are sent every two seconds.

SELECTING THE ROOT BRIDGE

24
 When a switch first starts up, it assumes it is the root switch and
says so in its BPDUs.
 These BPDUs contain the switch MAC address in both the root
and sender BID.

SELECTING THE ROOT BRIDGE

25
 Cat-A has the lowest Bridge MAC Address, so it wins the Root War!

STEP 1 – ELECT ROOT BRIDGE

26

All 3 switches have the same default Bridge Priority value of 32,768
 All switches see the BIDs sent.
 As a switch receives a BPDU with a lower root BID it replaces that
in the BPDUs that are sent out.
 Eventually all bridges see the same Root BID value and decide
that the bridge with the smallest BID value will be the root bridge.

SELECTING THE ROOT BRIDGE

27
 A network administrator may want to control the decision by
setting the priority of a chosen switch to a smaller value than the
default, which will make the BID smaller.
 A good candidate for root bridge is a switch that is in the
‘middle’ of the network – i.e., a switch that is expected to carry
the largest amount of network data, and is also equidistant from
the furthest edges of the broadcast domain.
 This switch ideally will have superior capacity than other switches
in the network.

SELECTING THE ROOT BRIDGE

28
 Additionally, a switch near to the chosen root should be selected
as a back-up root, in case the root bridge fails.
 Just as in the case of the root bridge, the back-up can be pre-
selected by setting the priority number to a value lower than the
default value, but higher than the root priority.
 This will ensure that the backup will win any subsequent election if
the root fails.

SELECTING A BACK-UP FOR THE ROOT

BRIDGE
29
 A bridge’s Root Port is the port closest to the Root Bridge. ( the
root bridge has no root ports)
 Bridges use the cost to determine closeness.
 Every non-Root Bridge will select one Root Port! The other ports on
the segment will be set to designated ports.
 Root port is:

Port with lowest path cost to root bridge

OR (1st tie-breaker)
Port connected to bridge with lowest bridge ID
STEP 2 – ELECT ROOT PORTS
OR (2nd tie-breaker)
Port connected to port with smallest port priority, (i.e. lowest port ID)

30
 Root
Bridge
Cost=19 1/1 1/2 Cost=19

Cat-A
BPDU BPDU
Cost=0 Cost=0

BPDU BPDU

1/1
Cost=19 Cost=19 1/1 Root
Root Port Port

ROOT PORTS –Cat-B

ONLY
1/2
Cat-C
NON-ROOT BRIDGES HAVE ROOT PORTS
BPDU 1/2
BPDU Cost=38 (19+19)
Cost=38 (19+19)
31
Cost=19
DESIGNATED PORTS ON ROOT BRIDGE– ALL ROOT-
BRIDGE PORTS ARE DESIGNATED PORTS

Designated Port Designated Port

Root
Bridge
Cost=19 1/1 1/2 Cost=19

Cat-A
BPDU BPDU
Cost=0 Cost=0

BPDU BPDU

1/1
Cost=19 Cost=19 1/1 Root
Root Port Port

Cat-B Cat-C
1/2 BPDU 1/2
BPDU Cost=38 (19+19)
Cost=38 (19+19)
32
Cost=19
 A Designated Port is a port that forwards traffic away from the
root and towards the leaves.
 Each segment in a bridged network has one Designated Port,
chosen based on cumulative Root Path Cost to the Root Bridge,
OR (tie-breaker) based on the lowest BID

STEP 3 – ELECT DESIGNATED PORT

33
 Port with Lowest path cost to root
bridge
OR (tie-breaker)
Port on bridge with lowest bridge ID
Other port(s) on the segment will be
non-designated ports

Root
Root Path Cost = 0 Bridge Root Path Cost = 0
Cost=19 1/1 1/2 Cost=19

Segment 1 Segment 2
Cat-A
Designated Port Designated Port

Root Path Cost = 19 Root Path Cost = 19

1/1 1/1
Root Port Root Port

DESIGNATED PORTS
Cat-B 32,768.CC-CC-CC-CC-CC-CC Cat-C
1/2 32,768.BB-BB-BB-BB-BB-BB 1/2
Root Path Cost = 19 Root Path Cost = 19
Designated Port Segment 3 Non-Designated Port 34
Cost=19
SPANNING-TREE PORT STATES AND
TIMERS
 A switch should not change a port state from inactive to
active immediately, and each port on a switch that is using the
Spanning-Tree Protocol has one of five states.

Port transitions from blocking as soon as spanning

Disabled state
tree converges – if it has been selected as either
a root port or a designated port; otherwise it
remains blocking (non-designated).
Blocking

Listening Blocking Link comes up

(forward delay = 15 s)

When switch configuration change/failure occurs,

Learning
(forward delay = 15 s)
transition from blocking state may not occur for
20s (max age time) if loss of BPDUs has occured
35
Forwarding
BLOCKING STATE

 In the blocking state, ports can only receive BPDUs.

 Data frames are discarded and no addresses can be learned.
It may take up to 20 seconds to change from this state if BPDUs
have stopped due to device failure.
 Ports go from the Blocked state to the Listening state if STA
selects the port to be either Root port or Designated port

36
 LISTENING PERIOD
 The listening period is called the forward delay and lasts for 15
seconds.
 In the listening state, user data is not being forwarded and MAC
addresses are not being learned.
 BPDUs are still processed.
 Ports transition from the listening to the learning state.
 The listening period exists to cater for the possibility that several
changes may take place at around the same time.

37
 In the learning state user data is not forwarded, but MAC addresses are
learned from any traffic that is seen.
 The learning state lasts for 15 seconds and is also called the forward
delay.
 BPDUs are still processed.
 A port goes from the learning state to the forwarding state.
 The learning state allows for the MAC address table to become full or
nearly full, minimizing the necessity for flooding of frames once the
forwarding state has been entered.

LEARNING STATE
38
  In the forwarding state user data is forwarded and MAC
addresses continue to be learned.
 BPDUs are still processed.

Disabled State
A port can be in a disabled state.
This disabled state can occur when an administrator shuts
FORWARDING STATE
down the port or (NORMAL
the port fails.
OPERATION)
39
 STP STATES
Learn
Forward MAC Default
State
Frames? Addresses Duration
?
Up to 20 Max Age
Blocking No No
seconds Timer
Allow for
15
Listening No No continuing
seconds changes
Allow for
15 population
Learning No Yes
seconds of MAC
table
Forwardin
Yes Yes –
g
The MaxAge timer is the maximum time a port
remains blocking without receiving BPDUs. 40
MaxAge timer as well as forward delays are
  When the network topology changes, switches and bridges
recompute the Spanning Tree and cause a disruption of user
traffic.
 Convergence on a new spanning-tree topology using the IEEE
802.1D standard can take up to 50 seconds.
 This convergence is made up of the max-age of 20 seconds,
plus the listening forward delay of 15 seconds, and the learning
forward delay of 15 seconds.
SPANNING-TREE RECALCULATION
41