cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

3973
Views
25
Helpful
20
Replies
Highlighted
Collaborator

Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

 

This topic is a chance to discuss more about the how to implement the Spanning Tree Protocol (STP) on an Ethernet Network. This session will provide you a better understanding about how to implement STP on Ethernet Networks, port sales, convergence timers, STP variants, the best configurations practices, the features that increase STP stability and the optimal type of STP to run on today’s Cisco Catalyst switches. Since STP aims to prevent broadcast storms, unstable MAC tables in switches and multiple duplicates on interface, it is of great importance to understand to learn more about the best practices to implement this protocol.

 

The switch is one of the most important and common devices in a LAN. The Spanning tree Protocol was developed to support redundancy in a Layer 2 Network, while preserving a loop-free logical topology. STP allows a network design to include back uplinks that helps to provide fault tolerance if an active link fails, it provides a single path of communication between each Ethernet segment.

 

 

To participate in this event, please use the Join the Discussion : Cisco Ask the Expert button below to ask your questions

  

Ask questions from Monday, February 5 to 16 February, Friday 2018. 

 

Featured Expert 

Leo-Davila.JPGLeonardo Peña Davila is a Network Engineer with over 15 years of experience on network design, enterprise networks, administration and support. He works at Petroleos de Venezuela as Network Engineer administrating and managing a diverse amount of complex networks, from WLC, ACS, ASA to CUCM. Leonardo obtained his first Cisco CCNA certification in 2002 and he has a CCNP R&S as well, he is passionate about his profession and committed to keep up-to-date with new technology developments. He is interested on Data Center technology, particularly on switches Nexus 5k, 7k and 9k, APIC, APIC-EM, VMware virtualization, ESX, ESXi, UCS and Network Programmability. 

 

Leonardo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Contact Center Community

Find further information https://supportforums.cisco.com/t5/network-infrastructure/ct-p/4461-network-infrastructure 

 

**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions

 

Webcast-CUCM
20 REPLIES 20
Beginner

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

How to transition from a network that has all there MSTP configuration on instance 0 even customers. How can I start to transition to another instance? 2) How many instance can a switch support?

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hi Jerry, 

It depends on your design and topology, usually you don't need more than one region and one instance unless you have a lot of Vlans and you desire to balance or restrict traffic  or you have multiple locations and trunking between them with a end-to-end Vlan design and you don't want that Vlans appearing in one location they go all to the other location.

When using MSTP, all the switches that participate in multiple instances must consistently be configured with the same MST configuration information (Name, Revision Number, Mapping Table). An MSTP instance is a STP process which defines a root bridge, root ports, designated ports, and blocking ports for a group of switches that can be shared by multiple Vlans. Multiples regions with multiple instances can be hard to manage in a large topology.

If you have a group of switches that are interconnected and you want to add a new instance I will say:

1. Carefully decide how many instances are needed in the switched network, and keep in mind that an instance translates to a logical topology.

2. Have a very clear view and knowledge of your logical  topology to define root bridge, root ports, designated ports, and blocking ports for each instance you want to create.

2. Decide what Vlans map onto those instances

2. Consistently configure each switch with the same MST configuration information (Name, Revision Number, Mapping Table)

3. You have to considered a downtime if you are creating new MST instances an mapping Vlans to it because the spanning tree reconfiguration can disrupt the traffic flow.

 

You can use the following command to verify that the information shared by switches in the same MST instance match:

#show spanning-tree mst configuration digest 

 

Differents plataforms and different  IOS support different number of MST instances. The maximun allowed instance ID isn't the same as the maximun number of MST instances.

 

HTP 

Regards

Leonardo

Beginner

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hi 

I am aware of several STP flavors  like

1)PVST                                                                                                 

2)PVST+                                                                                               

3)Rapid PVST+                                                                                     

4)MSTP(Multiple Spanning-Tree Protocol)  

 

What is the best way to determine what is the best fit for your L2 network? Most of the time RPVST is the default and I never had issues but often when there is no LACP or aggregation then engineers argue on why should we even enable it. Most of the time they are not sure if we enable then which one is the best option.

Beginner

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

well right now i can see that MSTP is best because we are an ISP so we have lots of vlan but wanted to know what is the best way to have Multiple instance using MSTP. Like mention earlier. all configurations are on instance 0.

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hi baljinder29, as I said in the last post the use of any STP flavor depends on your topology and what you want to accomplish.

 

In the traditional STP (IEEE 802.1D) we can have a converge time of 50 seconds and even if we have multiple VLANs  all of the VLANs use the same instance of STP that is called Common Spanning Tree (CST). Using the same instance of STP for all VLANs may not be optimal  because different VLANs may  have different traffic pattern. If you have a topology with redundant links could happen that some of those links are not carrying any traffic and  are sitting there just waiting  for something to fail.

 

Using Per VLAN Spanning Tree (PVST used over ISL trunks / PVST+ used over IEEE 802.1Q trunks)

we are able to make different switches roots for different VLANs, not only it gives us more optimal pathing for different VLAN traffic patterns  but  It can also do some traffic balance over those links that were not carrying any traffic  if we were using traditional STP.

In this approach, each VLAN  is running its own instance of STP.  If we do have a lots of VLANs  we can define different STP instances using Multiple Spanning Trees Protocol (MSTP - 802.1s) in which we can assing different VLANs to the appropiate instance depending on our logical STP topology.

 

In addition of those types of STP there is another one called Rapid Spanning Tree Protocol (IEEE 802.1w). Cisco implemented his own variant called Rapid PVST+. The goal for both are fast  convergence when there is a topology change on the network.

In traditional STP there is a potential time of 50 seconds delay for a port to go from the blocking state to the forwarding state is there is a topology change in the network, with Rapid PVST+ this time can be in most of cases lower than 5 seconds. How can this approch make it so quickly?  Is important to know the terminology used in Rapid PVST+

Port roles:

 Root Bridge: The switch in the topology with the lowest  Bridge ID (BID)

 Designated Port: The port on a network segment that is closest to the root in terms of cost.

 Root Port: The port on a non-root bridge, that is closest to the root in terms of cost.

 Disable Port: A port that is administratively shut down.

 Alternate Port: A port on a switch that is currently discarding data frames, but could provide an   alternate  path to get to the root bridge.

Backup Port: A port that is currently discardind data frames, although it could be an alternate path to the root bridge, and it is also acting as a redundant link to a shared segment.

 

Port States:

Discarding: Data is not being forwarded on the port (Alternate, Backup and Disable ports)

Learning: The switch is learning MAC addresses available off of the port (when a port is transitioning to forwarding)

Forwarding: Data is being forwarded o the port (Root & Designated Ports)

 

**There is not a Listening state**

 

Link Types:

Point-to-Point: The connected port is running in full-duplex mode and where the link is tipacally connecting one switch to another switch.

Shared: The connecting port is running in half-duplex mode and where the link is tipically connecting a switch to a shared media hub.

Edge: The connected port is not connected to another switch or shared media hub, but instead connects to a network endpoint.( e.g. Laptop, PC, )

 

In the event of a topology change Rapid PVST+ only considers a topology change to be a port that is not a edge port moving to forwarding state. The switch experincing the topology change does not need to notify the root bridge about the change, It sends a BPDU (with the topology change bit set) to its neighbors which then inform their neighbors of the topology change. This process continues until all switches in the topology know of the change. This can in some cases dramatically speed up convergence time.

 

In constrast, in traditional STP  the switch experincing the topology change sends a Topology Change Notification (TCN) to the root bridge, which the sends a Topology Change Acknoledgment (TCA) to the switch reporting the change, and then the root bridge notifies other switches of the change by setting the Topology Change flag (TC) in its BPDUs.

 

---------------------------------------------------------------------------------------

The basic concept of Link Aggreation (LAG) is that multiple physical links are combined into one logical bundle. This provides two major benefits, depending on the LAG configuration:

  1. Increased capacity – traffic may be balanced across the member links to provide aggregated throughput
  2. Redundancy – the LAG bundle can survive the loss of one or more member links

 This layer 2 transparency is achieved by the LAG using a single MAC address for all the device’s ports in the LAG group.

From Spanning Tree Protocol (STP) perspective, no matter how many physical ports are being used to form the LAG, there is going to be only one logical interface representing each LAG bundle. The individual ports are not part of the STP topology, but only the one logical interface. STP is still going to be active on the LAG interface and should not be turned off, so that if there are multiple LAGs configured between two adjacent nodes, STP will block one of them.

 

HTH

Regards

Leonardo

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hi there
I’m seeking to change the cost on the ports by using the command SW1(conf-if)#spanning-tree [vlan x] cost <X>

However when I change the cost my interface gets blocked
Could you please share the best practices to accomplish this, so I can accomplish this well ?

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hello Daniel,  there are a couple of ways to influence which path a switch will use to get back to the root if it has more than one path to get back to the root.

 

  • Port cost
  • Port priority

 

If you want to change the cost on the port you have to be aware that it affects how the local switch elects the root port.

 

SW-1(config-if)#spanning-tree vlan 20 cost ?

<1-200000000> Change an interface's per VLAN spanning tree path cost 

or 

SW-1(config-if)#spanning-tree cost ?
<1-200000000> port path cost

 

 

If you want to affect how downstream switch elects its root port then you change the priority value

 

SW-1(config-if)#spanning-tree vlan 20 port-priority ?
<0-240> port priority in increments of 16

or 

SW-1(config-if)#spanning-tree port-priority ?
<0-240> port priority in increments of 16

 

This is only local significant between the two directly connected switches. Highest priority is less preferred. Going away from the root of the tree use priority whereas, when going towards the root of the tree use cost.

 

A port cost is defined by the speed at which the port operates. A port with a low cost value (greater bandwidth-speed) is more preferable than a port with high cost value (lower bandwidth-speed). The higher cost is the less preferred. Cost is cumulative throughout the STP domain.

 

Link Speed   Cost

10 Mbps       100

100 Mbps       19

1 Gbps            4

10 Gbps           2

 

This value can be modified on a per interface basis to elect the root port.

 

Before applying any change you need to have a very good & clear sight of your logical topology to avoid any loop or traffic disruption. I will suggest to you to answer the following questions:

Which is my root switch for the VLAN I want to influence the flow traffic? Which is the total cost from the switch I want to modify the port cost value to get to the root switch? Which are my blocked ports and what are the cost values of those ports? Do I have redundant links in the segment I want to manipulate the cost value? How this change will affect the traffic flow on the network?

Once you have this information you can change the root port by changing the cost value.

 

Hope this help

Leonardo

Participant

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hi,

In vss and vcp what are the guidelines of implementing stp

Thanks 

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hello elite2010,

When working with the Virtual Switching System (VSS) it's important  to understand that it is composed of a single logical switch that advertises single STP bridge-ID and priority, regardless of which virtual-switch member is in the active state.

As I show you in the following example of a VSS composed of two Catalyst 6500 you can verify it with the following commands:

 

es-CbpCoreVss#sh catalyst6000 chassis-mac-addresses
chassis MAC addresses: 64 addresses from 0008.e3ff.fc04 to 0008.e3ff.fc43

 

es-CbpCoreVss#sh spanning-tree vlan 930

VLAN0930
Spanning tree enabled protocol rstp
Root ID Priority 930
Address 0008.e3ff.fc04
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 930 (priority 0 sys-id-ext 930)
Address 0008.e3ff.fc04
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 480

....

With VSS, spanning tree is SSO-aware. SSO enables STP protocol resiliency during SSO switchover (active failure), the new active switch member maintains the originally-advertised STP bridge priority and identifier for each access-layer switch. This means that STP need not reinitialize and undergo the learning process of the network that speeds the convergence (to sub-second performance).

 

In vPC envorinment, STP is controlled  by the vPC primary peer device. This device  runs STP for the vPC ports. On the secondary vPC switch STP must be enabled but it does not dictate vPC member port state. vPC primary always genertae BPDUs and secondary peer rely those BPDUs and do not generate itself any BPDU.

 

Please, read the following great Cisco document for Spanning Tree Configuration Best Practices with VSS

 

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/VSS30dg/campusVSS_DG/VSS-dg_ch3.html#wp1079779

 

Hope this Help

Regards

Leonardo

Participant

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hi,

What are the guidelines for implementing  stp in vss and vcp 

Thanks

Participant

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hi,

 

VLAN0009 is executing the rstp compatible Spanning Tree protocol

  Number of topology changes 329 last change occurred 00:10:57 ago

          from TenGigabitEthernet3/1/3

 

The topolgy changes happens very frequent .Here TenGigabitEthernet3/1/3 is the uplink 

 

What does it mean by . How to do further investigations 

 

Thanks 

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hello elite2010 thanks for your question, 

 

VLAN0009 is executing the rstp compatible Spanning Tree protocol

  Number of topology changes 329 last change occurred 00:10:57 ago

          from TenGigabitEthernet3/1/3

 

 

What does it mean by?

This output indicates that TCN BPDUs are coming from TenGigabitEthernet3/1/3

 

To troubleshoot this issue I would suggest you to login to the switch that is connected on interface TenGigabitEthernet3/1/3 and track the TCNs and the originating port running the following commands:

 

show spanning-tree detail | inc executing|changes|from
show spanning-tree detail | inc ieee|occurr|from|is exec

show mac address table address <mac> (If MAC address flapping )

 

If you find an access port receiving TCNs, shut it down and see if that stabilizes the number of TCNs you are receiving. 

Check for a unidirectional link or excessive link flaps. A link flapping can cause spanning tree TCNs and spanning tree reconvergence.

You could also verify the uptime of the switch attached to the TenG3/1/3, maybe this device was reloaded and the TCNs was generated at this time.

Run a debug command on the switch that is generating the TCNs to verify what is happening.


sw#debug spanning-tree events 

 

You can run also this command:

 

 show spanning-tree vlan <vlan-number> detail 

It shows you which port the TCN was rreceived and when it was received.

 

Example:

 

es-cbpPCTC011#sh spanning-tree vlan 930 detail

VLAN0930 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 930, address 001e.f677.9900
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 930, address 0008.e3ff.fc04
Root port is 512 (Port-channel1), cost of root path is 3
Topology change flag not set, detected flag not set
Number of topology changes 2 last change occurred 03:51:56 ago
from GigabitEthernet1/0/22
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

 

 With this information you can follow the TCN and figure out why the switch is generating them.

 

To reduce the amount of TC events you should use the portfast feature. Applying this command to specific ports you have the following benefits:

 

  • Ports that come up are put directly in the forwarding STP mode, instead of going through the learning and listening process. The STP still runs on ports with portfast.
  • The switch never generates a TCN when a port configured forportfast goes up or down.

 Please read the following document Understanding Spanning-Tree Protocol Topology Changes

 

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/12013-17.html?referring_site=RE&pos=2&page=https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10556-16.html#anc9

 

.Please feel free to reply me if you have any question

 

HTH 

Regards

Leonardo

Beginner

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hello,

 

As part of a monitoring team we experience several times the alert for STP topology change.

 

What is the best way to identify what is happening?

 

We usually do something like sh spanning detail | i exec|last|from

from that we what vlan has recently changed and after knowing the port that detected the topology change and Vlan we usually see that something has happened on the device connected to that port.

 

Eventually  we see that all seems normal and I see that in that this port that detected the topology change is a root port but has packet sent on the BPDU counters and 0 on the received in the other side.

 

I assume that this was connectivity issue between the two devices.

The device stop seeing the other Sw on the root port (stopped recieving BPDUs) and identified a topology change.

Started to sent BPDUs on the port but because there is a connectivity issue the other side never received the BPDUs.

 

please advise if it makes sense 

 

 

 

 

Re: Ask the Expert- Spanning Tree Protocol- configuration, implementation & best troubleshooting practices

Hello Pedro, 

 

A network topology change can happen due to different reasons that include a switch failure, a link failure or a port transitioning to the forwarding state. When a switch detects a topology change it generates a Topology Change Notification (TCN) and sends the TCN BPDU on its root port.

 

 

 

What is the best way to identify what is happening?

 

What you are doing is correct! You need to follow the TCNs and figure out why a switch is generating them.

 

You can use the following commands to accomplish your good work:

 

show spanning-tree detail | inc executing|changes|from
show spanning-tree detail | inc ieee|occurr|from|is exec

show mac address table address <mac> (If MAC address flapping )

sh spanning-tree vlan <vlan-number> detail 

 

In top of that you can debug the STP events using the following command:

sw#debug spanning-tree events 

 

To reduce the amount of TCNs  you should use the portfast feature in specific ports.

 

...Eventually  we see that all seems normal and I see that in that this port that detected the topology change is a root port but has packet sent on the BPDU counters and 0 on the received in the other side.

 ...

It makes sense to me what you are saying. If the switches are directly connected and one of them is sending out BDPUs the other end  should receive BPDUs in aprproximatly the same rate. The ports that do not receive BPDUs are those configured as portfast and BPDU guard is eabled.

Example:

SW1 ----SW2

 

SW1#sh spanning-tree vlan 783 detail

 

Port 5787 (Port-channel97) of VLAN0783 is designated forwarding
Port path cost 3, Port priority 128, Port Identifier 128.5787.
Designated root has priority 783, address 0008.e3ff.fc04
Designated bridge has priority 783, address 0008.e3ff.fc04
Designated port id is 128.5787, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Root guard is enabled on the port
BPDU: sent 37725, received 5

 

 

SW2#sh spanning-tree vlan 783 detail

Port 488 (Port-channel1) of VLAN0783 is root forwarding
Port path cost 3, Port priority 128, Port Identifier 128.488.
Designated root has priority 783, address 0008.e3ff.fc04
Designated bridge has priority 783, address 0008.e3ff.fc04
Designated port id is 144.1691, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Loop guard is enabled on the port
BPDU: sent 5, received 37748

---------------------------------

 

Port 50 (FastEthernet1/0/46) of VLAN0783 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.50.
Designated root has priority 783, address 0008.e3ff.fc04
Designated bridge has priority 33551, address 001b.0c4d.ae00
Designated port id is 128.50, designated path cost 3
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
BPDU: sent 37886, received 0

 

Please let me know if you have any further questions.

 

Regards

Leonardo

CreatePlease to create content
Content for Community-Ad