Sunday 11 December 2016

STP NOTES and Interview Questions

How STP works:
=============
1. Elect on Root Bridge
2. Elect one root port per bridge
3. Elect Designated ports

Root bridge act as ref point and path calculation happens based on it.

Switch with Lowest Bridge ID in network becomes Root Bridge

Bridge ID contains.
- Bridge Priority: 0 - 61440: Default is 32767

- Mac address






















Priority of 0 is most preferred for Root Bridge

Refer to the below exercise:


Root and designated port election:
-============================
DPs are downstream facing away from Root Bridge

Like root port election based on..
-Lowest root path cost
-lowest BID
-lowest Port ID

All other ports go into blocking mode
- receive BPDUs
- Discard all other traffic
- Cannot send traffic

Root port opposite is always DP
  

STP Timers
==========
Timers effect the transition between port states
  - set only on the root bridge

Hello
  - How often configuration BPDUs are sent
  - Defaults to 2 sec

Max Age
  - How long to wait in blocking state without hearing BPDU
  - Defaults to 20 sec

Forward Delay
  - How long to wait in each the listening and learning phases while building CAM table.
  - defaults to 15 sec


Note : In STP, CST and PVSTP only root bridge is allowed to generate BPDUs. BPDU start at root and forward towards leafs.
Worst case convergence timer for STP is 50 sec
Timers are set in Root Bridge only:


 Advanced STP features
=======================
Portfast (direct from blocking to forwarding)
-edge ports shouldn't be subject to forward delay
- also effects TCN generation

UplinkFast
-Direct root port failure should reconverge immediately if Alternate port available

Backbone Fast
-Indirect failures should start recalculating immediatley.

CAM age time == max-age time. when topology change notification happens

default CAM aging time is 300 sec

portfast is also called as edge port.

portfast interface will not generate the TCN and edge ports are not subject to forward delay. Also CAM table does not flushed out and hence cuts down unknown unicast flooding on the network. when portfast is on it does not mean STP is disabled the switch is still sending and listening BPDU's and (their is a default defense protection mechanism and if interface receives BPDU's it put itself out of edge port or portfast status) ie if router or any end device need to run stp, we will enable stp on router ie end device and the switch interface which receives BPDU will put itself out of edge port.

So instead of configuring portfast on every interface we have command which will enable portfast on all interfaces of switch ie spanning-tree portfast default this is equivalent as # int range fa0/1 - 24 , g0/1 -2 + spanning tree portfast and interfaces will acutomatically figure it out which one should run portfast and which one should not based on built on mechanism.

For trunk link portfast will not be on by defualt. if trunk links goes down and comes up its not going to create TCN

UplinkFast
=========
Spanning-tree uplinkfast == should be configure in single switch

Backbonefast
============
Spanning-tree backbonefast = > should be configure on all switches
These features are used for fast convergence. We need not to wait for max age time.
 Still with this feature convergence time is around 30 sec which is not enough.

STP BPDU Filter
============
BPDU Filter:
-To drop STP packet as they come in to the interface or go out of the interface ie filter BPDUs in and out
- Can be configured per interface bassis or globally . If configured at interface, the STP is disabled at interface and if configured globally stp is disabled on all interfaces. Typically used at access layer. This is mainly used to avoid L2 attacks.
Spanning-tree bpdufilter enable. Its like a passive interface. Disadvantage is when a router connected to this switch want to run STP, router will send BPDUs but switch will not receive BPDUs.

BPDU Guard
-If BPDU is received shut port down. Link is put in err-disable state.it will not come out of it until err-disable recovery timeout or manually brought up.

Root Guard
-if superior BPDU is received shut port down.

Loop Guard & UDLD
-Prevent unidirectional links
Typically in the case of fiber network where send channel might be working but receiving channel might not be working. One physical link for sending traffic and other physical link for receiving traffic. It is possible to have one working and other break. In STP if we are able to send BPDUS but not able to receive BPDUs then max age time out will happen and port will move from blocking to forwarding since it will not rx BPDUs from other end and it will put itself in DP and it might happen both switches elect DP ports  and both interface will be in forwarding state. This is violation of STP but STP will not detect this since it is a L1 issue. Solution is loop guard and unidirectional link detection

Rapid Spanning-tree protocol
==========================
Rapid convergence based on sync process
Enabled through..
-spanning-tree mode mst
-spanning-tree mode rapid-pvst

Sync process only occurs on point-to-point non-edge ports
-implies link-type must be accurate
-spanning-tree link-type [point-to-point|shared]
-spanning-tree portfast

Root -----à downstream
Upstream--à Root

If links are not point to point ie full duplex then proposal process will not happen. Specially in the case when link is connected to hub.
In that case we have to use legacy STP.

So requirement is links between the switches are point to point and non-edge ports and all other interfaces connected to end host should be defined as edge port as defined portfast command  in STP.


Port fast in STP is equivalent to edge port in rstp.

1 comment:

  1. Very informative and helpful for networking interview.
    http://w7cloud.com/stp-interview-questions/

    ReplyDelete

Note: only a member of this blog may post a comment.