Tuesday, July 27, 2010

Choosing a Root Port

There are 3 different port states on a switch which are designated port (the forwarding port), alternative port (backup/alternative port that is blocked to prevent switching loop) and root port. There is only 1 root port in a switch, possible multiple blocked and designated ports (except the root bridge which has all the ports on designated).

A root port is the port needed to connect a particular switch to its root (either directly or indirectly). There is a method in choosing a root port in a switch:

1. Choose the port that receives a superior BPDU (a BPDU from a switch with the lowest BID). If there are multiple ports with the same BPDU, then it means that there is a redundant path to the root switch. In that case, eliminate all the ports that do not receive a BPDU from the lowest BID and go to step 2.

2. Choose the port with the lowest Root Path Cost to the bridge. If there are multiple ports that have the same item, this means that the backup route has the same capacity/link speed as the primary route. Go to step 3.

3. Choose the port with the lowest Sender BID. If it is still the same, then go to step 4.

4. Choose the lowest port ID.

That is how a root port is chosen.

Path Cost and Root Path Cost

Path costs are important to determine the fastest link from a switch to another. There are actually 2 types of path cost in STP which is Path Cost and Root Path Cost. Path cost are costs from one switch to another neighbouring switch. This is what is usually been shown next to the interface to the neigbour switch as shown below.

Root Path Cost are all the costs added up from a switch to reach its Root Bridge. This costs are locally significant and are not known by the downstream switches. For example if there are 3 switches (Switch A – root, B – middle and C – lowest) connected in serial to each other with the cost of 19 each, then the Path Cost of A to B is 19, the Path Cost of B-C is 19, but there is no Path Cost from A-C because it is not directly connected. The Root Path Cost of A is 0 (because it is the root), RPC of B is 19 (needs to go 1 hop to reach switch A) and RPC of C is 19+19=38 (needs to go 2 hops with each hop with a link cost of 19).

The costs of the link between the neighbouring switches are determined by the speed of the port. These costs are:

Port

Original Cost

Current Cost

10 Mbps

100

100

100 Mpbs

10

19

1 Gbps

1

4

10 Gbps

1

2

Spanning Tree Protocol

Spanning Tree Protocol is a protocol used in switching to prevent the network from switching loops. This can happen if the source of a subordinate switch has 2 switches above it (usually for redundancy). In this case the subordinate switch can receive information from both switches and can be confused or loop information when there is a problem between the superordinate switches. The STP protocol will prevent that by sending BPDU’s and blocking ports temporary.

Bridge Protocol Data Unit (BPDU) are packets sent between switches every 2 seconds with a multicast destination address which is 01:80:c2:00:00:00. There are 2 types of BPDU which are Configuration BPDU and Topology Change Notification (TCN) BPDU. These BPDUs with the configuration of the root bridge will be sent from the root switch and will be forwarded by the other switches.

Each switch has a Bridge ID (BID) value that will be used to decide the root bridge. The BID consists of priority value (cisco’s default value is 32,768) and the MAC address of the switch. So a default cisco switch with the MAC address of 11:22:33:aa:bb:cc will have a BID of 32768-11:22:33:aa:bb:cc. A root switch will always be the switch with the lowest value. Even in a stable system with a root switch configured in it, the root switch can change if another switch is plugged in with a lower BID value.

To see the STP configuration type the command “show spanning-tree vlan 1” (remember VLAN 1 always exists on a default cisco switch). A pair of switches has been set up with two physical connections to each other and the results shown below.


In the picture above we can see 2 parts for the ID which is the Root ID and the Bridge ID. The Root ID contains information about the Root Bridge of all the switches in that network. In this picture, it can be seen that in the Root ID there is a statement “This bridge is the root”. This means that the current switch is the root switch. There is also a Bridge ID which contains information about the switch’s own ID. Because this switch is the root bridge, the Root ID and Bridge ID are the same. Also because this bridge is the root bridge, all ports are designated ports and are all forward. It can be seen that Fa0/1 and Fa0/2 are the ports on the switch that goes to the other switch.
Pay attention to the priority value. The priority value on that VLAN is the original priority+VLAN number. That can be seen in the priority value which is 32769 that consists of 32768 (original priority in a cisco switch) + 1 for the VLAN number (considered as a sys-id-ext 1). If we see that on VLAN 10 then the priority value will be: "32778 (priority 32768 sys-id-ext 10)".


The picture above (SwitchB) is the pairing switch of SwitchA. I can be seen that the Root ID is the ID of SwitchA. The Bridge ID is the ID of SwitchB itself. It can be seen why SwitchA is considered the Root Bridge; because it has a lower BID value (lower MAC address to be precise). Because there are 2 paths from SwitchA to SwitchB, one of the paths must be blocked, while the other still on forwarding to prevent switching loops. In this case interface Fa0/12 is blocked and will be the Alternate (standby) path while interface Fa0/11 carries the role of the Root Path.

Now this is how STP works in general

Sunday, July 25, 2010

VTP Pruning

VTP Pruning is a feature that can be enabled when the switch is in the Server mode and will be applied to all switches in the same domain if VTP pruning is enabled on one server. The command for VTP pruning is “#vtp pruning” on the switch’s configuration mode. This feature can filter and block unnecessary information.

Take for example switch A that has VLAN 2-20 enabled on it, and switch B that has VLAN 15-25 enabled on it. Without VTP pruning, advertisements are being broadcasted from switch A to B and backwards for all the VLANS. This will result in useless traffic being sent, since switch B does not have VLAN 2-14 on it and does not need this “waste” of information/traffic. Switch B needs only information for VLAN 15-20. The same goes for switch A that receives broadcasts for VLAN 15-25, while it needs only information for VLAN 15-20.

By using VTP pruning, the problem above can be avoided. The receiving switch will automatically detect and prune unnecessary VLAN information (traffic) so that only usable information will be forwarded.

3 Type of VTP Advertisement

VTP can update each switch in the same domain by sending and receiving VTP advertisements. There are 3 types of VTP advertisement which are Summary Advertisement, Subset Advertisement and Client Advertisement.

Summary Advertisements are advertisements that are sent every 5 minutes from either a client or a server switch to its neighbors. It is also sent immediately when a configuration change has been made. Summary Advertisement contains the latest configuration from the switch. It contains several items which include:

- VTP domain name and revision
- Configuration revision number
- MD5 hash code
- Timestamp
- Number of subset advertisements that will follow

Subset advertisements are being sent by the VTP server when there is a change in the VLAN configuration or in response to an advertisement request. This will be sent when:

- A VLAN was created, deleted, activated, or suspended
- A VLAN has been renamed
- A new MTU unit has been set
- Revision in the VLAN Type (Ethernet, Token Ring, FDDI)

Client Advertisement Request is a request for VTP configuration from a client to a VTP server. In this case, a VTP server will respond by sending Summary and Subset Advertisement. This request will be requested because:

- It receives an advertisement summary with a higher revision number that itself.
- A subset advertisement is missed
- VTP domain name has been changed
- The switch has been reset or error

Hope this blog explains about the 3 types of VTP advertisements, their differences and usage.

Virtual Trunking Protocol

VTP (Virtual Trunking Protocol) is a Cisco layer 2 proprietary protocol that allows each switch in the network to have an overall view of the active VLANs. VTP can add, delete or modify VLANs and is distributed over the network thus reduce administration in every switch manually.

Without VTP, a switch configuration will not be forwarded to the other switches in the network. This can be a major problem when a switch creates a VLAN. With VTP, this problem can be prevented because VTP notify their neighbors by sending VTP advertisements originating from the switch that sends the advertisement. However, VTP advertisements can only happen in network with the same domain. These advertisements are multicast but are only send to switches trunking with the local switch.

In default, a cisco switch does not have a domain. To create a domain, type the command “vtp domain XXX” (with XXX is the domain name) in the switch’s configuration mode. Do the same on the other switches that needs to be put in the same domain. A cisco switch can only belong to 1 domain only.

There are also operating modes marked by VTP Operation Mode in the “show vtp status” command. The default setting of Cisco switches is in the “SERVER” mode. In this mode, a VTP switch can be used to add, delete or modify VLANs. Therefore, a VTP domain deployment needs to have at least 1 VTP set in the “Server” mode (make sure this switch is really secured physically). Another mode is the “CLIENT” mode. This mode cannot do anything except listen for VTP advertisement and change its settings if required by the advertisement. The last mode is the “TRANSPARENT” mode. This mode is used when the switch is set not to advertise its VLAN configuration and not to synchronize its VLAN configuration based on VTP received advertisements. VLANS can be created, changed or deleted when in transparent mode but are locally significant only. In VTP version 1, transparent switches forwards only VTP messages that they receive from VTP advertisements but do not synchronize or send its VTP configuration ONLY if the VTP version number and domain name on that switch is the same as on its downstream switches. In VTP version 2, transparent switches forwards only VTP messages that they receive from VTP advertisements but do not synchronize or send its VTP configuration even though the domain name doesn’t match. To switch between these modes type the “vtp mode client/server/transparent” in the switch configuration mode.

A VTP advertisement itself will be sent if the Configuration Revision on the switch (in the Server mode) is changed/added. The receiving switch (either in client or server mode) will inspect the value of the revision. If the value is higher than its own configuration revision number, then the receiving switch will revise its configuration according to the advertisement. If it receives a lower or the same value, it will not change its value. To reset a switch’s revision number change the VTP domain name to a nonexistent domain and change it back to the original name or a second way is to change the VTP mode to transparent and then back to the server mode.

Saturday, July 24, 2010

VLANs This and Thats

There are several additional things that we need to know about VLANs. These things will be discussed below:

- On trunking, the port speed and the duplex settings should be the same

- Giants are frames larger than 1518 bytes and can occur because of ISL that has 30 bytes header and trailer to the frame (according to IEEE 802.3ac the max frame length can be extended to 1522 bytes for dot1q additional 4 bytes header). The opposite is called runt that transmits frames less than 64 bytes.

- Both of the switches must be in the same domain when trunking.

- Changing a native VLAN does not dynamically change the native VLAN on the peering switch.

- End to end VLAN design means that the VLAN spans over several switches and physical LANs. In this case 80% of its traffic will stay in the local area while 20% goes across. The opposite happens with local VLANs where only 20% stays in the local network while 80% goes across.

ISL, dot1q and DTP

When we talk about encapsulation protocols in a switching network, there are actually 3 different protocols known which is ISL, dot1q and DTP. The most protocols that we heard of is probably ISL and dot1q however, in this blog the DTP will also be discussed.

Here are the differences between ISL and dot1q:

ISL

dot1q

Cisco Proprietary

Intercompatible

Contains header (26 bytes) + trailer (4 byte CRC)

Contains header (4 bytes) only

Native VLAN unknown, all VLANs encapsulated

Native VLAN (Default = VLAN 1) known, all VLANs except native VLAN are encapsulated

Although there are major differences between ISL and dot1q, there is also a similarity in these protocols which is that both are point to point protocols (suitable for trunks).

To configure any of the protocol go to the interface on the switch and type the command “switchport trunk encapsulation dot1q/isl/negotiate”. If the negotiate option is selected, then the port will negotiate which protocol is suitable for both of the switches. If both of the protocols are suitable, then the ISL will be prioritized. If there are no encapsulation options (which can occur on older cisco switches) then the switch supports only the dot1q protocol.

The last protocol is also a cisco proprietary protocol which is the DTP (Dynamic Trunking Protocol). This protocol actively negotiates a trunk line with its pair for every 30 seconds (which overhead is also a sideback of this protocol). This protocol should be applied only when the switch’s port is set on negotiate, if it is not the protocol does not have any use or it should also not be applied to ports which peers cannot negotiate (such as firewalls). To disable this protocol use the command “switchport nonegotiate” on the desired interface on the switch. However, make sure the interface itself is configured as either in access mode or trunk mode. If the interface is configured in the dynamic mode, than the switchport nonegotiate command cannot be applied.

In conclusion, all these protocols have their advantage and disadvantages. It is up to you using which protocols.