Spanning Tree – 802.1d timers and misc.

      No Comments on Spanning Tree – 802.1d timers and misc.

I haven’t talked about it much yet, but the actual STP convergence time is fairly slow.  This is because of the amount of time that STP spends transitioning ports from the blocking to forwarding state.  So let’s talk a little bit about how normal STP moves a port from blocking to forwarding…

Normal STP (802.1d) uses four different port states.

Blocking – The port does not forward data frames. 

Listening – The port does not forward frames, but it does listen to BPDUs so that it can participate in things like the election of the root bridge, root ports, and designated ports.  We saw earlier that a switch can learn info from BPDUs when not in a forwarding state

Learning – The port does not forward frames, but it does continue to listen to BPDUs and it does begin to learn MAC address information from frames that pass through the port.  If a port makes it to the learning state, the switch already knows that it will either be a designated port or a root port.  If it’s not one of those two ports types, the port will immediately go into blocking after listening and never reach the learning mode. 

Forwarding – Once past the learning mode a port will move into the forwarding mode.  The port will now begin to send and receive data frames like a normal switch port and continue to learn MAC addresses on an ongoing basis. 

A debug on a switch can shows us these states occurring…

*Mar  1 02:12:18.886: set portid: VLAN0001 Gi1/0/12: new port id 800C
*Mar  1 02:12:18.886: STP: VLAN0001 Gi1/0/12 -> listening
*Mar  1 02:12:20.890: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/12, changed state to up
*Mar  1 02:12:21.897: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/12, changed state to up
*Mar  1 02:12:33.893: STP: VLAN0001 Gi1/0/12 -> learning
*Mar  1 02:12:48.900: STP: VLAN0001 sent Topology Change Notice on Gi1/0/2
*Mar  1 02:12:48.900: STP: VLAN0001 Gi1/0/12 –> forwarding

Note the time difference between each event.  It takes the switch 15 seconds to transition a port between each state.  A total of 30 seconds to bring a port from blocking to forwarding.  The time between each state is referred to as the ‘forward delay’ value and in normal STP is 15 seconds by default.  There are two other times that are used.  The ‘hello’ timer is used to determine how often BPDUs are sent by switches.  By default, the hello time value is 2 seconds.  We can see the hello time in action as well…  (You might need to click the image to zoom in and see the time on each frame)

image

As you can see, the hellos are sourced every 2 seconds.

The last timer is the ‘max age’ timer.  The max age timer is used to determine how long a switch should keep BPDU information heard from other switches.  That being said, once a BPDU is removed from a switches STP topology, the topology has to be recalculated.  So if a switch doesn’t see new BPDUs by the end of the max age timer, it knows that something has changed.  We can observe this behavior as well…

*Mar  1 02:24:30.557: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:32.402: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:34.407: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:36.412: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:38.417: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:40.422: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:42.427: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:44.440: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:46.436: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:48.441: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1

*Mar  1 02:24:48.550: STP: VLAN0001 Gi1/0/1 -> listening
*Mar  1 02:24:49.599: STP: VLAN0001 Topology Change rcvd on Gi1/0/1
*Mar  1 02:24:49.599: STP: VLAN0001 sent Topology Change Notice on Gi1/0/2
*Mar  1 02:25:03.558: STP: VLAN0001 Gi1/0/1 -> learning
*Mar  1 02:25:18.565: STP: VLAN0001 sent Topology Change Notice on Gi1/0/2
*Mar  1 02:25:18.565: STP: VLAN0001 Gi1/0/1 –> forwarding

The top blue section shows the 20 seconds it took for the switch to decide to do something.  In this case, I unplugged one of the links on the switch that had switch1 connected to the root switch3.  When I did this, the switch started hearing the root BPDUs on a different interface.  After the max age timer expired, it kicked the port into the normal listening, learning, forwarding process which took an additional 30 seconds (shown in green).  All told, this process took 50 seconds.

The timers in 802.1d can be adjusted, however you only need to adjust them on the root bridge.  The other MLS read the configuration information sent in the root’s BPDUs and adapt their own timers to match that of the roots.  We can see the timers present in the root bridge’s BPDUs…

image

There have been some improvements made along the way that improve the way that spanning-tree converges as well as protect the integrity of the spanning-tree.  We already talked about portfast in the last post but we can summarize portfast’s feature by saying it prevents the transmission of unneeded TCNs. 

UplinkFast
I talked about the uplinkfast sometime ago in this post where I talked about using it to migrate to a new port-channel.  Uplinkfast comes in handy when you have multiple paths between two switches that aren’t in a port-channel.  If they are two separate interfaces, one will always be in blocking mode.  If a link failure occurs, it will take spanning-tree anywhere from 30 to 50 seconds to move the previosuly blocked port into a forwarding state. 

Uplinkfast fixes this problem by allowing a blocking port to move immediately into the forwarding state if the forwarding link fails.  As an interesting side-effect of configuring uplinkfast, the switch increase the bridge priority to 41952 and the port costs by 3000.  The rationale is that this will make the switch less likely to become the root switch as well as make it less likely to become a transit switch in the STP topology.  Uplinkfast can not be configured on the root switch and is configured globally.

BackboneFast
Backbonefast is a means for a switch to detect an indirect root failure.  Basically, backbonefast just allows a switch to use RLQs (Root Link Queries) to determine if the root is still accessible.  If it is, the switch can immediately bypass it’s max age timer, and start moving a port that was once blocking directly into the listening and learning state.  We can see this in action pretty easily…

*Mar  1 03:14:47.956: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:14:49.340: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:14:51.345: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:14:53.350: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:14:55.354: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:14:57.359: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:14:59.364: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:15:01.369: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:15:03.374: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:15:05.379: STP: VLAN0001 heard root 32769-000d.2818.a
*Mar  1 03:15:05.949: STP: VLAN0001 Fa1/0/2 -> listening
*Mar  1 03:15:07.006: STP: VLAN0001 Topology Change rcvd on Fa1/
*Mar  1 03:15:07.006: STP: VLAN0001 sent Topology Change Notice
*Mar  1 03:15:20.957: STP: VLAN0001 Fa1/0/2 -> learning
*Mar  1 03:15:35.964: STP: VLAN0001 sent Topology Change Notice on Fa1/0/40
*Mar  1 03:15:35.964: STP: VLAN0001 Fa1/0/2 -> forwarding

This is what we expect to see.  20 seconds for max age, and then 30 seconds from listening to forwarding.  If we enable backbonefast, we see something different…

*Mar  1 03:20:32.795: STP: VLAN0001 heard root 32769-000d.2818.af00 on Fa1/0/2
*Mar  1 03:20:32.795: STP: VLAN0001 Fa1/0/2 -> listening
*Mar  1 03:20:33.801: STP: VLAN0001 Topology Change rcvd on Fa1/0/2
*Mar  1 03:20:33.801: STP: VLAN0001 sent Topology Change Notice on Fa1/0/40
*Mar  1 03:20:47.802: STP: VLAN0001 Fa1/0/2 -> learning
*Mar  1 03:21:02.809: STP: VLAN0001 sent Topology Change Notice on Fa1/0/40
*Mar  1 03:21:02.809: STP: VLAN0001 Fa1/0/2 -> forwarding

It only took 30 seconds for the port to become forwarding.  Notice that the instant it heard the root on a different port it went to listening mode.  This completely got rid of the max age timer.

Spanning-Tree protection
Uplinkfast and backbone fast are Cisco proprietary means to optimize spanning-tree.  There are also a couple of options to protect spanning-tree that you should be aware of…

Root Guard
Root guard prevents a port from learning of a new ,superior, root bridge.  If the port with root guard enabled on it receives a superior BPDU, it will place the port into a ‘root insistent’ state.  This equates to the port being in the spanning-tree blocked state.  Once the port stops hearing the BPDUs, the port will automatically go back into formal forwarding mode.

BPDU Guard
Is a feature that should be enabled on any port that also has portfast enabled on it.  BPDU guard err-disables a port if it receives a BPDU.  This makes sense to enable on portfast enabled ports since they should be edge ports that never receive a BPDU.  If the port does become err-disabled you need to shut/no shut the interface to return it to normal operating state.  

BPDU Filter
Prevents a port from sending or receiving BPDUs entirely

Loop Guard
Loop guard is usually talked about in conjunction with UDLD.  I’m not going to cover UDLD but suffice to say it allows you to detect unidirectional links.  Loop guard ran on top of UDLD allows a port to detect when it has stopped receiving BPDUs.  When that happens, it puts the link into ‘loop inconsistent’ state which prevents the port from moving into the forwarding state. 

So that’s about it.  I wanted to make sure we covered all of this before we moved onto MST and RSTP.  Those are coming up next!

Leave a Reply

Your email address will not be published. Required fields are marked *