A topology is a description of a layout or arrangement. There are two kinds topology perspective for WANs. One perspective is the physical topology, another perspective is the logical topology, they are different but related.
In physical side of WANs, we talked about he physical layout of the network, which describes the physical arrangement of network devices that allow for data to move from a source to a destination network. In contrast, logical WAN topology describe the path a signal takes through the physical topology. There are 3 types of WAN Topology options.
Star
A star topology involves a central location serving as the hub in the design. In a star topology, while a failure to a regional hub or router will not affect the other sites on the WAN, the central hug or router introduces a single point of failure. The central hub also limited the overall performance for the WAN. Due to the importance placed on the central location serving as the hub, redundant routers often introduced to provide site reliability.
Full Mesh
The advantage of a star topology is low cost on equipment and administration labor, however, it suffers disadvantage of low reliability. A full mesh topology, on the other hand, has every site’s WAN router connected to every other site on the wide area network. With such high level of redundency, full mesh topologies provide a high degree of dependability and fault tolerance with high equipment cost and high administrative complexity. In full mesh topology, many virtual circuits are required to establish at least one independent link between any 2 sites, which brings up the cost.
Partial Mesh
When full mesh removes some redundant connections for cost reduction, we get partial mesh topology. Companies can design a cost effective partial mesh topology that balance the fault tolerance, scalability and budget.
Showing posts with label ICND2 break down. Show all posts
Showing posts with label ICND2 break down. Show all posts
Etherchannels
Etherchannel Concept and configuration
EtherChannel is a port link aggregation technology or port-channel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing fault-tolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast, Gigabit or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines.
Using an EtherChannel has many advantages
- Larger bandwidth. By using the maximum of 8 active ports, a total bandwidth is increased 8 fold comparing to a single port.
- Scalable. Because EtherChannel takes advantage of existing wiring it makes it very scalable. It can be used at all levels of the network to create higher bandwidth links as the traffic needs of the network increase. All Cisco switches have the ability to support EtherChannel.
- transparent to network applications. When an EtherChannel is configured, all adapters that are part of the channel share the same Layer 2 (MAC) address. This makes the EtherChannel transparent to network applications and users because they only see the one logical connection; they have no knowledge of the individual links.
- Fault-tolerance. Should a link fail, the EtherChannel technology will automatically redistribute traffic across the remaining links. This automatic recovery takes less than one second and is transparent to network applications and the end user. This makes it very resilient and desirable for mission-critical applications.
Spanning tree protocol (STP) can be used with an EtherChannel. STP treats all the links as a single one and BPDUs are only sent down one of the links.
EtherChannels can be also configured as VLAN trunks. If any single link of an EtherChannel is configured as a VLAN trunk, the entire EtherChannel will act as a VLAN trunk.
EtherChannel is made up of the following key elements:
- Ethernet links — EtherChannel works over links defined by the IEEE 802.3 standard, including all sub-standards. All links in a single EtherChannel must be the same speed.
- Compatible hardware — the entire line of Cisco Catalyst switches as well as Cisco IOS software-based routers support EtherChannel. Multiple EtherChannels per device are supported (Catalyst 6500 and 6000 switches support a maximum of 64 EtherChannels).
- Configuration — an EtherChannel must be configured using the Cisco IOS on switches and router, and using specific drivers when connecting a server. There are two main ways an EtherChannel can be set up. The first is by manually issuing a command on each port of the device that is part of the EtherChannel. This must be done for the corresponding ports on both sides of the EtherChannel. The second way is using Cisco Port Aggregation Protocol (PAgP) for the automated aggregation of Ethernet ports.
EtherChannel vs. 802.3ad
EtherChannel and IEEE 802.3ad standards are very similar and accomplish the same goal. There are a few differences between the two, other than the fact that EtherChannel is Cisco proprietary and 802.3ad is an open standard, listed below:Both technologies are capable of automatically configuring this logical link. EtherChannel supports both LACP and Cisco's PAgP, whereas 802.3ad uses LACP.
LACP allows for up to 8 active and 8 standby links, whereas PAgP only allows for 8 active links.
Cisco Lab
RSTP and PVST
Rapid spanning tree protocol (RSTP)
Rapid Spanning Tree Protocol (RSTP), which was designed to take over the duties of STP was standardized in IEEE 802.1w and 802.1D. Compare to STP, RSTP has shorter converge time both on startup and failure recovery.
(R)STP attempts to avoid this endless loop problem by removing the redundant path. Both RTP and RSTP need to elect a root bridge (or switch) based on priority and bridge ID.
These priorities and bridge IDs are relayed through the exchange of Bridge Protocol Data Units (BPDUs), which are sent by RSTP every “hello” interval—by default, every two seconds. The bridge that has the superior priority or bridge ID is elected the root bridge.
A big difference between the original STP and RSTP is in how they converge. With the original STP, all of the switches must wait as the interfaces go through blocking (at startup), listening, learning port states (total 50 seconds) before transition to forwarding state. With RSTP, a proposal and agreement (P/A) process is put in place, which is automatically used as soon as an interface comes up. This P/A process drastically shortens the time needed for an interface to move into a forwarding state. However, this process only happens on what RSTP calls point-to-point (p2p) links.
Cisco switches use the duplex setting of an interface to determine the link type. Interfaces with a full-duplex setting follow the P/A process; interfaces with a half-duplex setting go through the slower STP convergence process (30 seconds total) before converging. An exception to this rule is root ports, which are automatically pushed into a forwarding state when a switch is brought up. In RSTP, these half-duplex links are referred to as shared (Shr) links. RSTP also defines a third type of link, edge links; these ports operate like older Cisco PortFast ports and are automatically put into a forwarding state.
RSTP has a 4 types of ports. The alternative and backup ports does not exit for for STP. These states are a method of indicating preferred secondary paths. The alternative port state indicates that an interface will be the next potential root port if the current root port fails. The backup port state indicates that an interface will be the next potential designated port; this only happens when a switch has multiple links into the same Ethernet segment.
- root port: a forwarding port that forwards frame from Non-root bridge to Root bridge.
- designated port: the frame exiting port for every LAN segment.
- alternate port: as it name implies, is an alternate path to the root bridge which does not use the root port.
- backup port: a redundant path to a segment where another bridge port already connects.
The port states are also referenced differently in RSTP. STP has five port states: disabled, blocking, listening, learning, and forwarding. RSTP combines those states into a total of three: discarding (disabled, blocking, listening), learning, and forwarding.
- Discarding – wherein a port discards information received on the interface, discards frames switched from another interface for forwarding, does not learn MAC addresses, and listens for BPDUs.
- Learning – a situation where the switch creates a switching table that will map MAC addresses to a port number. It also happens when a port discards frames received on the interface, discards frames switched from another interface for forwarding, learns MAC addresses, and listens for BPDUs.
- Forwarding – wherein a port receives and forwards the frames received on the interface, forwards frames switched from another interface, learns MAC addresses, and listens for BPDUs.
PVST -- Cisco’s RSTP Implementation
Cisco’s default implementation of STP differs from the standard. Instead of using a single STP instance that works over all of the network, including over all configured VLANs, Cisco implements an STP instance for each specific VLAN, which is referred to as Per-VLAN Spanning Tree (PVST).It is based on the 802.1D standard and uses Cisco proprietary ISL trunking protocol. It prevents creating a loop by forwarding some VLANs on another trunk. It is the default spanning-tree mode used on all Ethernet port-based VLANs.
PVST is succeeding by Cisco proprietary extensions like BackboneFast, UplinkFast, and PortFast.
Cisco Lab
Here is an video demonstrating how to configure RSTP on sisco switches.
[ICND1 and ICND2 break down]
“Router on a Stick”
So far we have been exposed to "Router on a Stick" configuration twice. One is the second video in CCENT Virtual LANs, another time is in CCNA VLANs and Trunking.
Router-on-a-stick is a term frequently used to describe a setup up that consists of a router and switch connected using one Ethernet link configured as an 802.1q trunk link.
As the picture shows, a router is used to allow inter-VLAN communication. There is only a single cable connecting the switch and the router, so the router is sitting on a stick (instead of 2 sticks).
the switch config involves:
the router config include:
[ICND1 and ICND2 break down]
Router-on-a-stick is a term frequently used to describe a setup up that consists of a router and switch connected using one Ethernet link configured as an 802.1q trunk link.
 |
| router on a stick |
As the picture shows, a router is used to allow inter-VLAN communication. There is only a single cable connecting the switch and the router, so the router is sitting on a stick (instead of 2 sticks).
the switch config involves:
- configuring the VLANs
- configure a port as trunk mode in order to connect to router
Switch(config)#vlan 10 Switch(config-vlan)#exit Switch(config)#vlan 20 Switch(config-vlan)#exit Switch(config)#vlan 30 Switch(config-vlan)#exit Switch(config)#interface FastEthernet0/4 Switch(config-if)#switchport trunk encapsulation dot1q Switch(config-if)#switchport mode trunk
the router config include:
- select a physical port as the port connecting to switch.
- configure a sub interface for each VLAN on the switch.
Router(config)#interface gigabiteEthernet0/0 Router(config-if)#no ip address Router(config-if)#interface gigabiteEthernet0/0.10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip add 192.168.5.1 255.255.255.0 Router(config-subif)#interface gigabiteEthernet0/0.20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip add 192.168.10.1 255.255.255.0 Router(config-subif)#interface gigabiteEthernet0/0.30 Router(config-subif)#encapsulation dot1Q 30 Router(config-subif)#ip add 192.168.15.1 255.255.255.0
[ICND1 and ICND2 break down]
VTP
The VLAN trunking protocol (VTP) is a Cisco-proprietary protocol that provides a way to manage Cisco switches as a single group for VLAN configuration. It ease the burden of configuring individual VLANs on multiple switches. VTP defines a VTP management domain where Cisco switches in the domain have VTP enabled. With VTP, you can create a new VLAN on one switch, and have VTP spread the information and configure the same VLAN on all other switches in the same domain automatically.
Each switch in a VTP management domain must be configured in one of four possible VTP modes:
Each switch in a VTP management domain must be configured in one of four possible VTP modes:
- Server mode: A switch configured in server mode can be used to add, delete, and change VLANs within the VTP management domain. It is the default VTP mode. There must be at least one switch with server mode per VTP management domain. Changes in the server are passed to all other switches in the VTP management domain.
- Client mode: A switch configured in client mode is the recipient of any changes within the VTP management domain, such as the addition, deletion, and modification of VLANs by a server mode switch. A switch in VTP client mode cannot make any change to VLAN information.
- Transparent mode: A witch configured in transparent mode passes VTP updates received by switches in server mode to other switches in the VTP management domain, but does not process the contents of these messages. When individual VLANs are added, deleted, or changed on a switch running in transparent mode, the changes are local to that particular switch only, and are not passed to other switches within the VTP management domain.
- Off: The option disable VTP completely on a switch, it is only available after COS version 7.1.1.
Access and Trunk Port Comparison
In last section VLANs and trunking, we have talked about access link and trunk link, here is a recap:
trunk link - frames entering trunk link will be sent with VLAN tag.
access link - frames entering access link will be sent untagged.
The switch ports of a trunk link are trunk ports, the switch ports of the access link are access ports.
A frame received on an access port (i.e., sent from a host) is not VLAN tagged. It is the switch that tags the frame (with the VLAN number that is assigned to the receiving access port). If it needs to send that frame out on the trunk port. If the frame is destined for another access port, the frame is not tagged.
If a frame comes in on a trunk port it should already be tagged with a VLAN number (unless it is in the native VLAN which is not tagged). The switch then strips the VLAN tag and sends it out on the appropriate access port (or ports if broadcast) to its destination.
Depends on the model, the switch port is by default dynamic auto.
we can change the switch port mode to trunk to allows all vlans(pretagged) traffic to flow to and from it. It is most common to use 802.1q as vlan tagging method.
int fa0/0
switchport mode trunk
switchport trunk encapsulation dot1q
We can also change the switch port mode to access then assign a VLAN ID to this port.
int f0/1
switchport mode access
switchport access vlan 10
Here is an cisco lab configuring both access port and trunk port.
trunk link - frames entering trunk link will be sent with VLAN tag.
access link - frames entering access link will be sent untagged.
The switch ports of a trunk link are trunk ports, the switch ports of the access link are access ports.
A frame received on an access port (i.e., sent from a host) is not VLAN tagged. It is the switch that tags the frame (with the VLAN number that is assigned to the receiving access port). If it needs to send that frame out on the trunk port. If the frame is destined for another access port, the frame is not tagged.
If a frame comes in on a trunk port it should already be tagged with a VLAN number (unless it is in the native VLAN which is not tagged). The switch then strips the VLAN tag and sends it out on the appropriate access port (or ports if broadcast) to its destination.
Depends on the model, the switch port is by default dynamic auto.
we can change the switch port mode to trunk to allows all vlans(pretagged) traffic to flow to and from it. It is most common to use 802.1q as vlan tagging method.
int fa0/0
switchport mode trunk
switchport trunk encapsulation dot1q
We can also change the switch port mode to access then assign a VLAN ID to this port.
int f0/1
switchport mode access
switchport access vlan 10
Here is an cisco lab configuring both access port and trunk port.
VLANs and Trunking
LAN vs VLAN
Ethernet LANs are broadcast domains where information transmitted by any network device in the domain is received by all devices attached to the LAN via the shared transmission medium. In a LAN with many devices, if only hubs are used in the network, a single large broadcast domain is created and the frequent broadcast messages can easily consumes all the bandwidth. Broadcasts are stopped only at the router, which is the edge of the broadcast domain, before traffic is sent across the WAN.
If we replace the hubs with switches, we can create VLANs within the existing large physical broadcast domain, in order to segment and isolate network traffic, reduce unnecessary broadcast traffic.
A virtual LAN, or VLAN, is a group of computers, network printers, network servers, and other network devices that behave as if they were connected to a single network. Hosts belong to a VLAN share the same VLAN ID, and hosts with the same VLAN ID behave as if they are on the same physical network. In its basic form, a VLAN is a broadcast domain. The difference between a physical broadcast domain and virtual broadcast domain defined by a VLAN is that a broadcast domain is seen as a distinct physical entity with a router on its boundary. VLANs are similar to broadcast domains because their boundaries are also defined by a router. However, a VLAN is a logical topology, which is independent of the physical topology -- it can contains a group of devices on either the same or different physical LAN segments, those ones physically wired with cables.
Another advantage of VLAN is that users can be grouped according to their logical communication requirement instead of physical location. Your sales team might spread across different floors, different building, or even different cities, as long as their computers belong to the same VLAN, they can communicate to each other as if they are in the same physical LAN segment.
VLAN membership
There are three types of VLANs depending on how they decide VLAN membership.
- Port-based VLAN: computers are assigned to a VLAN based on the switch port to which the computer is connected. When the same computer is connected to a different switch port, its VLAN membership might change if the other switch port are assigned to a different VLAN.
- MAC-based VLAN: a computer is assigned to a VLAN according to its MAC address. The advantage of MAC-based VLAN is PCs can move around all the time and still belongs to the same VLAN without extra configuration. However, since PC's MAC address is tied to a particular VLAN, changing its VLAN membership is harder comparing to port-based VLAN. Network administrator needs to configure it at switch side or the switch side has special feature to support multiple VLAN membership.
- IP-based VLAN: a computer is assigned to a VLAN based on network layer address, such as IP address. IP-based VLAN can keep the PC's IP address when they moves around. Note switches are layer 2 devices. Even though layer 3 IP address is used to differentiate VLAN members, the device is assigned to a layer 2 broadcast domain. The switch still forwards frames instead of packets. Due to additional switch processing, IP-based VLAN tend to have worst performance among the 3 types of VLANs.
VLAN to VLAN communication
When a host in one broadcast domain wants to communicate with another host in a different broadcast domain, the packets have to travel cross the domain border via a router. Since VLANs are basically broadcast domains, inter-VLAN communications also have to involve a router.
The routing function can either be provided by a router a layer 3 switch.
In the case of a router, the message delivery process is:
- a VLAN A PC1 connected to switch port 1 sends traffic to VLAN B PC2.
- The traffic leaving the host in VLAN A reaches the switch through the switch port 1.
- Switch saw the destination belongs to a different broadcast domain, so it pass the traffic to the router via switch port 2.
- router checks its routing table, passes the traffic back to the switch port 3.
- switch gives the traffic to the host PC2 in VLAN B via port 4.
A layer 3 switch is essentially a layer 2 switch that can also act as a router. If a switch is capable of being configured to route traffic between VLANs defined within the switch, the inter-VLAN traffic doesn't have to leave the switch for routing decision. Even though layer 3 switch need additional hardware and software feature to support routing, it saves a physical router device as well as reduce unnecessary routing traffic, therefore they are very popular in corporate network.
VLAN trunks
We can interconnecting switches to create bigger VLANs, these interconnections are called trunk links. Trunk links generally are faster than the VLANs they are connecting, because these links sometimes need to carry the traffic of more than one VLANs.
A simple case is extending a VLAN (say VLAN 10) to another switch. In order to do that, we configure VLAN 10 on the second switch, then connect a VLAN 10 port on the first switch to a VLAN 10 port on the second switch with a cable. By default, these connected ports act as a trunk link between these two switches. However, since these ports pass traffic only for the VLAN 10, this type of link, in which traffic for only a single VLAN is passed, is referred to as an access link, as opposed to a trunk link, which carries traffic for multiple VLANs.
When multiple VLANs need to pass traffic between switches, we need to assign an access link for each VLAN, which occupies lots of switch ports. These VLANs can share a single trunk link instead of having a dedicated access link for each one of them. Now VLANs traffic are mixed in the shared trunk link, therefore, at the receiving switch, in order to identify the destination VLAN's traffic, VLAN tagging is used.
Inter-Switch Link (ISL) and 802.1q are two of the tagging technologies. ISL is a Cisco proprietary VLAN tagging method; 802.1q is an open standard both cisco and non-cisco switches support.
ISL and 802.1q are similar in operation. ISL for example, tags a frame as it leaves a switch, the tagging adds additional information to the frame about which VLAN the frame belongs to. When the tagged frame reaches the port at the receiving switch, the switch looks at the ISL header, determines which VLAN the frame belongs to, then removes the ISL tag, then forwards the frame into the VLAN specified in the VLAN tagging.
After VLAN tagging has been configured on the ports associated with the link connecting switches, the link is known as a trunk link.
We have talked enough about VLANs and VLAN trunks, lets put all these concepts together by configure VLANs involving a few PCs, 2 cisco swithces and a router. The following video demonstrates how to configure VLANs and VLAN trunks, it also shows how to configure a router to route traffic between VLANs (router on a stick).
[ICND1 and ICND2 break down]
A simple case is extending a VLAN (say VLAN 10) to another switch. In order to do that, we configure VLAN 10 on the second switch, then connect a VLAN 10 port on the first switch to a VLAN 10 port on the second switch with a cable. By default, these connected ports act as a trunk link between these two switches. However, since these ports pass traffic only for the VLAN 10, this type of link, in which traffic for only a single VLAN is passed, is referred to as an access link, as opposed to a trunk link, which carries traffic for multiple VLANs.
When multiple VLANs need to pass traffic between switches, we need to assign an access link for each VLAN, which occupies lots of switch ports. These VLANs can share a single trunk link instead of having a dedicated access link for each one of them. Now VLANs traffic are mixed in the shared trunk link, therefore, at the receiving switch, in order to identify the destination VLAN's traffic, VLAN tagging is used.
Inter-Switch Link (ISL) and 802.1q are two of the tagging technologies. ISL is a Cisco proprietary VLAN tagging method; 802.1q is an open standard both cisco and non-cisco switches support.
ISL and 802.1q are similar in operation. ISL for example, tags a frame as it leaves a switch, the tagging adds additional information to the frame about which VLAN the frame belongs to. When the tagged frame reaches the port at the receiving switch, the switch looks at the ISL header, determines which VLAN the frame belongs to, then removes the ISL tag, then forwards the frame into the VLAN specified in the VLAN tagging.
After VLAN tagging has been configured on the ports associated with the link connecting switches, the link is known as a trunk link.
Cisco lab
We have talked enough about VLANs and VLAN trunks, lets put all these concepts together by configure VLANs involving a few PCs, 2 cisco swithces and a router. The following video demonstrates how to configure VLANs and VLAN trunks, it also shows how to configure a router to route traffic between VLANs (router on a stick).
[ICND1 and ICND2 break down]
Portfast
When a new switch port joins STP network, it starts at blocking state, stays as blocking for 20 seconds, then transition to listening state, stay there for 15 seconds, then transition to learning state, stay there for 15 seconds, finally transition to forwarding state and start to forwarding frame.
Portfast is a cisco preparatory feature which allows a port participating STP to skip the first 3 states, namely blocking, listen, learning, and directly go to forwarding state. This allow the port start to work 50 seconds earlier than usual, thus the name portfast.
You can use PortFast to connect a single end station or a switch port to a switch port. If you enable PortFast on a port that is connected to another Layer 2 device, such as a switch, you might create network loops.
The cisco commands for enable portfast on a switch port is as the follows.
Console> (enable) set spantree portfast 4/1 enable
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port 4/1 fast start enabled.
Console> (enable) show spantree 4/1
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
4/1 1 blocking 19 20 enabled
4/1 100 forwarding 10 20 enabled
4/1 521 blocking 19 20 enabled
4/1 522 blocking 19 20 enabled
4/1 523 blocking 19 20 enabled
4/1 524 blocking 19 20 enabled
4/1 1003 not-connected 19 20 enabled
4/1 1005 not-connected 19 4 enabled
Console> (enable)
You can disable portfast on a switch port as well.
Console> (enable) set spantree portfast bpdu-guard disable
Spantree portfast bpdu-guard disabled on this switch.
Console> (enable) show spantree summary
Summary of connected spanning tree ports by vlan
Portfast bpdu-guard disabled for bridge.
Uplinkfast disabled for bridge.
Backbonefast disabled for bridge.
Vlan Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
1 0 0 0 4 4
2 0 0 0 4 4
3 0 0 0 4 4
4 0 0 0 4 4
.
.
.
1003 0 0 0 0 0
1005 0 0 0 0 0
Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
Total 0 0 0 85 85
Console> (enable) There are other portfast command variations, such as enable/disable them in a bulk or set portfast globally, these variations can be retrieved from cisco command line help.
[ICND1 and ICND2 break down]
STP Timers and Port States
STP Timers
In a large LAN, topology changes can happen such as a new switch port is brought up or down. When a switch port transitions directly from inactive to active, temporary data loops can be created. Therefore STP introduced timers -- ports must wait for new topology information to spread through out the LAN before frames can be forwarded. Switches must also allow the frame lifetime to expire for frames that have been forwarded using the old topology.
There are 3 STP timers:
- hello—The hello time is the time interval before a port sends another BPDUs. This time is equal to 2 seconds by default, but can be tuned from 1 to 10 sec.
- forward delay—The forward delay is the time that is spent in the listening and learning state. This time ranges from 4 to 30 sec, is equal to 15 sec by default.
- max age—The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time ranges from 6 to 40 sec, is 20 sec by default.
Each configuration BPDU contains these three parameters. In addition, each BPDU configuration contains another time-related parameter that is known as the message age. The message age is not a fixed value. The message age contains the length of time that has passed since the root bridge initially originated the BPDU. The root bridge sends all its BPDUs with a message age value of 0, and all subsequent switches add 1 to this value. Effectively, this value contains the information on how far you are from the root bridge when you receive a BPDU.
Port States
Each port on a switch using STP is in one of the five states:
- Blocking: when a witch running STP is powered on, all ports are in blocking state after initialization. These ports will not send or receive any message across the network segment, but will listen to STP BPDU messages from other switches in the STP network. The ports remain in blocking state for 20 seconds, then transition to the listening state.
- Listening: in this state, the port is listening BPDUs and STP uses it to determine which port should participate in frame forwarding and which ports should not, thus determined the network topology. While in the listening state, the port is not forwarding frames. The port stays in listening state for 15 seconds, then transition to the learning state.
- Learning: the port continue studying BPDUs -- adding MAC addresses of learned LAN hosts to its MAC address table. In this state, the port is still not forwarding frames. The learning state lasts for 15 seconds before transitioning into the forwarding state.
- Forwarding: so far 50 seconds has passed since the switch port is brought up, now the port finally reaches the end goal: frame forwarding. The port is sending and receiving data across the network segment as normal. After the network converges, not all ports are in forwarding state, those ports not selected for frame forwarding return back to blocking state. A port in forwarding state forwards frames directly received from the attached network segment, forwards frames switched from another port for forwarding, continue to update the MAC table about the LAN hosts, receives and processes BPDUs, receives and responds to network management messages such as disabling the port.
- Disabled: A switch didn't enter or exit this state automatically, a network administrator has to manually disable the port. This could happen anytime regardless of the the switches state. A disabled port is out of picture from the STP's point of view, it does not participate in frame forwarding or the operation of STP.
Root Bridges, Root Ports, and Designated Ports
Root Bridges
STP establishes a tree with root and branches. (In this section, we use switches and bridges interchangeably, knowing that they performs the same function -- a bridge with more than 2 ports can also be called switch.) The primary decision-making switch in an STP environment is called the root bridge. The frames flows out from the root bridge to form a logical branched network. All switches in a LAN participating in STP branch from the root switch/bridge port.
The first problem the STP must solve is to decide where the spanning tree begins by electing a root bridge or switch port. The root bridge is used to build a reference point in the network, with which all paths from all bridges must be traceable back to the root bridge. All paths not needed to trace back to the root bridge are placed in backup mode. Each switch in the network exchange information about the network topology with neighbor switches in the same network through a data units called bridge protocol data units, or BPDUs.
Bridge Protocol Data Units (BPDUs)
BPDUs are data messages exchanged between the switches and bridges within an extended LAN using the STP. A BPDU frame contains information on originating switch's port, MAC address, switch port priorities and cost to reach root bridge and ensure that the data ends up where it was intended to go.
SPT assign each switch in the extended LAN a unique bridge ID. The bridge ID contains bridge priority followed by MAC address, which is the 48 byte hardware address of the NIC. By default, all STP switches have a bridge priority value of 32,768. After the exchange of BPDUs, the switch with the lowest priority value becomes the root bridge.
Root Ports
SPT have to answer the question of among many possible paths from a switch to root bridge, which one is the the lowest cost path. The root port represent a switch's lowest cost path to the root bridge.
The cost of a switch is based on the number of network segments a frame has to traversal in order to reach its destination. Besides switch cost, each individual ports on the switch also have a cost called port cost. The port cost is determined by the network bandwidth -- the faster the port, the lower its cost. For example, the default IEEE cost for Fast Ethernet (100Mbps) is 10 and Ethernet (10Mbps) is 100. A switch uses the port cost to determine the root port for each switch in the network. All nonroot bridges have one root port that is used as the link over which data traffic is forwarded across the network; the nonroot ports are either standby or disabled.
Designated Ports
On a spanning-tree network, each network segment has one port identified as the designated port. The designated port is the port that is the single interface to forward traffic to the root bridge. Since there could be multiple bridges connected to a segment, on each segment, STP need to select one of the connected bridge ports as the designated port. This is always the switch port on the segment with the lowest port cost. When two ports has the same port cost, MAC addresses are used to determine the designated port, port with lower MAC address is selected as designated port. Once STP elected the designated port for a network segment, the designated port is put to forwarding mode, while the rest of the ports connected to network segment are put to blocking mode. As a result, all traffic from this network segment will exit the segment via the designated port.
As you can see from above, root port and designated port are elected based on the same criteria -- the lowest port cost, which is decided by the network link connected to it. Therefore once you find a root port, on the other side of the network link, you will find a designated port.
[ICND1 and ICND2 break down]
Switch foundation
In this class, we will review the basic concepts learned in ICND1 - Lession 3 Switching.
There are 3 main switching methods:
- Switch is a Layer 2 network device, it forward frames based on the destination MAC address.
- MAC Address table: When switch receives frame from new source MAC address, it creates an entry in its MAC address table or content addressable memory (CAM) table. This entry is the receiving port and the source MAC address of the frame.
- Flooding: when switch forward a frame, it will check its CAM table for the destination MAC address. If there is an entry for the destination MAC, it forwards to that port, otherwise it forwards to all ports, except the port the frame was originally received from, this is called flooding.
- Switching Loops and Broadcast storm: in muti-linked networks, redundent links can form a loop, called switching loop. A frame with new source MAC address can tranverse a switching loop and gets repeatly broadcasted, which is called broadcast storm. To prevent broadcast storm, STP protocal is used.
 |
| unicast, broadcast, multicast |
- Unicast: In a unicast transmission, a single frame is sent from a single source to a single destination on a network, such as sending message from a server to a LAN PC.
- multicast: a single data frame or a single source to multiple destinations packet is copied and sent to a specific subset of nodes on the network. Multicast is a one-to-many transmission method in which the network carries a message to multiple receivers at the same time. Multicast conservers network bandwidth by using shared transmission across a network. Multicasting sends the data to a predetermined endpoint, such as a switch, where the traffic is sent to each intended recipient, instead of each traffic stream being sent from start to finish across the network, independent of others.
- broadcast: Broadcast is a one-to-all transmission method in which the network carries a message to all devices at the same time. Broadcast message traffic is sent out to every node on the network where the broadcast is not filtered or blocked by a router. Broadcasts are issued by the ARP for address resolution when the location of a user or server is not known.
There are 3 main switching methods:
 |
| 3 switching methods |
- Store-and-Forward: stores a receiving frame in memory and runs CRC check, and only forward frame if CRC passes.
- Cut-Trough: only looks at enough of the frame for destination and forward.
- Fragment-Free: checks the first 64 tytes of a frame before forwarding, because most of the collision happened in the first 64 bypes.
Subscribe to:
Comments (Atom)