Layer 2 Vpn Architectures [Electronic resources] نسخه متنی

Understanding Spanning Tree Protocol

The methods that enterprises use to deploy LAN networks have changed considerably over the years. At the onset of switching technology in the mid-1990s, enterprises used the so-called "VLANs everywhere" model in their network design. In this model, an enterprise would separate its users into workgroups, with each workgroup assigned a VLAN of its own. For instance, networks would have an engineering VLAN, a marketing VLAN, a production VLAN, and so on. Although clients in each VLAN could be located anywhere within the enterprise, these VLANs had to span and be trunked across the entire network. Trunking enables traffic from several VLANs to be carried over a point-to-point link between two devices. Today, the use of VLANs is more restricted, and the "VLANs everywhere" model is no longer preferred. Instead of campus-wide VLANs, Layer 3 switches are preferred.

To facilitate this early design model, the Spanning Tree Protocol (STP) that is specified in the IEEE 802.1d standard was used. STP and the spanning-tree algorithm protect Ethernet networks from broadcast storms by detecting loops. The forwarding nature of Ethernet for broadcasts, multicast, and unknown unicasts can create loops. Broadcast storms are caused by loops. The scenario can become complex when using VLANs, so the role of STP is more critical with VLANs. Loops occur when redundant paths are implemented on the network. Redundant paths serve as a backup in case of link failure, which means they are important for the overall health of the network. Unfortunately, redundant links cause packets to loop between the switches that these links interconnect. To solve the loop problem, while preserving redundancy, you can implement STP. The next sections examine spanning-tree operation and implementation drawbacks a bit more closely.

Spanning-Tree Operation Overview

When you use STP on all switches in an internetwork, it puts one of the redundant links between switches in a blocked state, whereas the other stays in the forwarding state. As a result, only one link is operational at any given time. After the forwarding link experiences a failure, STP recalculates a new path, and a formerly blocked link takes over.

In a spanning-tree environment, the switches elect a root bridge. All subsequent decisions on blocking or forwarding states of ports are made from the perspective of this root bridge. The root selection is made in the following manner:

When the switch first comes up, it sends out a BPDU to its directly connected neighbor switch.

Switches link BPDUs and create their own BPDUs to propagate STP information. As the spanning-tree information is propagated through the network, each switch compares the BPDU from its neighbors to its own. Election of a root switch is the result of this comparison. The lower the 2-byte priority of a switch, the higher the chances of its selection as root. Therefore, the switch that has the lowest priority becomes the root bridge. The priority is a configurable value. When the priorities are the same, the 6-byte or Root ID is used as a tiebreaker.

Consider the sample network in Figure 4-3, in which two redundant links connect switches 1 and 2. These redundant links create the possibility of bridging loops, because broadcast or multicast packets that are transmitted from Station A and destined for Station B ping-pong back and forth between both switches. When STP is enabled in both switches, one of the parallel links is blocked, eliminating the possibility of bridging loops. The logical network with the link blocked is shown in Figure 4-3.

A BPDU is defined in the IEEE 802.1d MAC Bridge Management protocol, which is the standard implementation of STP. The IEEE 802.1d flag or bit field consists of 8 bits. It is illustrated in Figure 4-4, along with the complete BPDU.

The BPDU fields are as follows:

Protocol Identifier Identifies the spanning-tree algorithm and protocol, such as STP (0x0000).

Protocol Version Identifier Identifies the protocol version, such as Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree.

BPDU Type Identifies the BPDU type, such as Configuration (0x00), Topology Change Notification (0x80), and Rapid/Multiple Spanning Tree (0x02).

Flags Bit flags include the following:

Bit 7 Topology Change Acknowledgement flag.

Bit 0 Topology Change flag.

Root Path Cost Multiple of the root cost.

Bridge Identifier MAC address of the bridge.

Port Identifier Port priority (smaller number denotes higher priority).

Message Age, Max Age, Hello Time, Forward Delay These four timer values have times ranging from 0 to 256 seconds.

The root switch dictates that the root bridge will have all its ports in the forwarding mode. On each LAN segment, the switches elect the designated switch that is used for transporting data from that segment to the root switch. On the designated switch, the port that connects to the LAN segment that the switch serves is put in a forwarding mode. You must block all other switch ports across the network. The blocking of ports concerns only a switch-to-switch connection. Ports that are connected to workstations are not involved in a spanning-tree process and are left in a forwarding mode.

Drawbacks of a Spanning-Tree Implementation in Today's Networks

Although serving an important purpose, STP has inherent drawbacks. STP is CPU intensive and vulnerable to network volatility. When a portion of the VLAN experiences a link failure, all switches that carry that VLAN have to learn, process, and forward BPDUs. This problem escalates if several VLANs are involved, in which case the processor can overload. If the processor overloads, it might start dropping BPDUs, thereby weakening and destabilizing the network. STP also has serious convergence issues when implemented in a VLAN-concentrated network with high redundancy. This results in poor scalability of STP networks. STP is triggered when some failure prevents the neighbor switch from receiving the periodic BPDUs sent out by STP forwarding ports. The result is that STP must recalculate and redetermine the STP topology.

To avoid STP issues, one of the more successful solutions that many enterprise customers implement is migration to Layer 3 switching services, made possible with high-performance Layer 3 switches (such as the Cisco Catalyst 6500). Campus-wide VLANs then became obsolete.

With Layer 3 switching, you can forward network traffic based on the Layer 3 address (such as the IP address). In this method, VLANs segment an IP subnet at Layer 2 by mapping a subnet to a separate VLAN. User VLANs then terminate at a Layer 3 switch, and the LAN essentially functions as a routed network.

Similarly, most service providers try to avoid using STP in their core infrastructure. They do this by utilizing technologies such as AToM to route packets that contain Layer 2 frames in the service provider core instead of switching them at Layer 2. This means terminating STP locally on the edge-facing CE. The service provider core is then free of STP, utilizing a full mesh of pseudowires with split-horizon forwarding to prevent loops. Each PE sees all the other PEs as in a point-to-multipoint view. Even in these scenarios in which you avoid STP in the core by using a full mesh of EoMPLS pseudowires and split horizon, you sometimes need STP in an aggregation layer in the distributed PE between U-PE and N-PE.