400-101 CCIE Routing and Switching 92 Spanning Tree

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] this extended system ID if you remember situation yesterday when we had two switches that were interconnected and we had native VLAN 30 on one side and native VLAN 40 on the other side and I told you okay this is now down because of the prevalent because of the port VLAN ID inconsistency it's the prevalent spanning tree causing this to go down and this is how prevalent spanning tree was able to actually detect what is the problem because here inside the bridge identifier we have this extended system ID which is actually the villain identifier so when the switch received the frame in the native villain that had this set so on on this untagged frame so where is VLAN 10 there it is VLAN 10 so this is untagged frame we don't have little anti here so we just have the native ethernet frame and then we have the the spanning tree so here it received the villain identify which didn't match the local VLAN ID this is what causes this per villain spanning tree to say oh okay sorry I can't accept this because this is actually coming from another villain there has been miss configuration in the network and this is the reason why I said oh okay in order to show you this example when we have the mismatched VLAN ID I actually have to run MST because I was running away from this problem and this is how per villain spanning tree was actually able to detect that miss configuration but going back to my example here and the reason why I was showing you this capture is this frame here the standard spanning tree frame so let's say that you have a task in your lab in your layers 2 section that says make sure that you configured at the link between cat 3 and cat for that it is a 2.1 q trunk and that the native VLAN is 75 you know exactly what needs to be done but what if they worded it configure the trunk between cat 3 and cat 4 in such a way that a toe 2.1 be spanning tree be PDUs are sent untagged that are sent without ID or that should I should I say that a total of 20 frames are sent in villain 75 and you're thinking hey but wait hold on a second this is 802 dot 1d daytime running but remember this is not exactly true what you are running is p vs t you are not running a total of 28 to 2.1 d frames are sent only in the native villain on the trunk they are not sent in any other villain on the trunk so basically what the task tells you is configure VLAN 75 to be native so this is one example where they're going to describe a behavior of the technology without actually telling you what the technology is so based on their description of the technology or the description of the technology we have to figure out what are they talking about so they might tell you configure the native VLAN straight forward or they could tell you send a total return these frames in villain 75 on this trunk which basically tells you that this villain 75 on that trunk must be the native villain so that's the reason why I went to the exercise of showing you why that little plus in the name where is it that that little plus in the name here is actually significant that signifies the support for a to 2.1 be with these two spanning trees the question is what are the major differences between rapid spanning tree per view and spanning tree plus and rapid prevalent spanning tree well the major differences is that rapid spanning tree is the same as 8 or 2.1 d in a sense that it it is a standard based protocol that cisco supports only as a side effect so when we have traditional spanning tree so I'm just going to call it the STP and rapid spanning tree these are standards and STP is eight or 2.1 D now interestingly enough rapid spanning tree was originally eight or 2.1 W but it's actually now eight or 2.1 D - 2004 these are the standard based now cisco supports this with that plus thing now you cannot configure these modes as the only rapid as the sorry is the only spanning tree modes on your switch you can only support them through the rapid turbulent spanning tree or prevalence spanning tree plus or with them is the MST also has the the backwards compatibility with them but you cannot run this mode on the switches now the major point about these is that there is one instance oops I need to learn how to spell actually at one point in my life it might actually helped me a little bit so there is one instance for all villains so with these traditional approaches there is no support for multiple villains that was never envisioned by the spanning tree it has been addressed with the multiple spanning tree but in order to address the need to maybe have different topologies for different VLANs cisco invented per VLAN spanning tree and rapid per villain spanning tree now they're basically behaving in the same way as spanning tree and RSTP do except there is one instance for each villain but in order to accommodate this solution Cisco used a proprietary destination Mac which made it incompatible with spanning tree and rapid spanning tree so this is where where that plus comes into play and where the compatibility is actually provided through that plus so basically on Cisco switches these days you do not have P VST you have P vs T plus and rapid P vs T plus now I Triple E realize that their approach that one instance to rule all the villains or one ring to rule them all is not exactly the best approach so they looked at Cisco solution which was to run one instance for each villain which is also an overkill and let me show you why is it an overkill now let's say that we have two switches so this is switch one and this is which two and we have two links between them now as we know one of these links must be blocking and let's say that we have ten villains here in our network how many possible logical topologies we have based on this one physical topology well we have the logical topology in which the top link is operating and the bottom link is blocking and we have a possible logical topology where situation is reversed that the top link is blocking and that the bottom link is forwarding so we basically have two logical topologies that are possible but with ten villains here configured with PBS T we are going to have ten logical topologies created because that's basically what the spanning tree instance is it's a logical topology based on the same physical topology so basically we are creating eight more we are creating eight more then we need to actually address the capabilities of this network here so this is why when I Triple E were trying to solve the problem of multiple villains with the spanning tree they realize that Cisco's approach is actually on a completely different end of the spectrum of possible capabilities you have one ring to rule them all and one instance per each villain so MST is basically something that sits somewhere in the middle this is the way I like to think about it of course MST is much more complex than this but this is the best way to approach it if you feel uncomfortable with MST and in my experience every single network engineer feels uncomfortable with MST so with basically what with MST we have is we have real instance or actually how should I how should I ward this we have VLAN to instance mapping which basically tells us that we can map multiple villains to one spanning-tree instance so if you take a look at this problem with the eyes of MST what we can have here so let's say switch 1 switch 2 again we have two possible topologies right one well right we'll let me just not repeat that deck so I'm just going to draw them up so clone this once clone this second time there we go so one possible instance is this and the other possible instance is this one possible logical topology right so basically what we have here is that our ten villains we can map for example five villains to instance one and five villains to instance two that means that if we create this as a root for instance one and this is the root for instance two we are effectively going to be using both links in our topology with five villains using one link and five villains using the other link so we don't create ten instances like we did with per villain spanning tree but we create only two instances that we need and mind you I have simplified things a little bit I mean if you create instance one and instance two you will actually have three instances easier in your MST because there is the mandatory instance zero which by default has all villains map to it now you can run MST with no villains mapped to instance zero but you will still have the instance zero configured so the better approach here would be to actually use instance zero and instance one and this is for example the route for instant zero and this is route for instance one but I was simplifying things there so that you can understand what the major difference is what fundamental differences between these spanning trees spanning tree is one of those protocols that is much more difficult to understand then actually configure the configuration of spanning trees can be really not doing anything because it's already configured for you it already works it's a very very simple protocol in the way it operates but sometimes you may need to make certain decisions you may need to make some changes in your spanning tree configuration to make it work according to the requirements so one of the important things is the route election for the spanning tree now the route election is influenced by two things one is the priority and the second one is the MAC address now I should say that this is actually bridge priority and this is a bridge MAC address which together form something it is called bridge ID this is a composite value where we have priority followed by the MAC address so priority will actually take precedence over the MAC address but when we talk about MAC address it's important to know which MAC address we are talking about now on our 3560 s you're going to have two gigabit ports and you're going to have 24 Fast Ethernet ports now the MAC address that we are talking about the bridge MAC address is actually none of these it is the one MAC address below all of them it is the system MAC address so I'm just quickly going to show you this so here I have my can't three and if I take a look at show interface gigabit 0 1 this is the MAC address on this interface and you may remember that I mentioned that this is the lowest interface we have on this switch now if I take a look at show spanning-tree villain 10 I will see here that my own bridge identifier so this is the bridge ID this is my own value this is the roots these are the root values these are my own local values so I can see here that the address says zero zero one nine matches zero six zero C matches six one zero zero and you can see here that six one zero one was the lowest address on my system now you can easily find out what is the system MAC address that is in use and you can see that with show version if you type show version you will see it here it will be displayed just one second it will be displayed here as the base Ethernet MAC address so this is the value that will be used for your bridge ID and you can see here that this one does match at six one zero zero but you know you have to praise Cisco's consistency in displaying the MAC addresses so in iOS they are displayed with dots in between and here they are displayed just like in Windows I just love that consistency especially helps with copy pasting those values if you ever have to do that so that's the MAC address that will be used to actually determine who the root is not any interface MAC address now the priority is the value that you can set yourself the possible values are from 0 to what is the maximum value I don't remember let me take a look I think it's 65,536 but not entirely sure so I'm just going to say spanning-tree d112 4000 94 question mark that's re priority question mark well it's 60 1440 okay but technically speaking the maximum value is 60 actually up yeah 65,536 but let me explain why you cannot actually and this value because these values here need to be increments of 4096 so you cannot use any values in between so it's 4096 8192 12000 something 16384 etc etc etc now the reason for this is the third bit here it is the extended system ID now you've seen that already in those captures that I did and you can see it here as well if I do show spanning-tree you will see here that it says let me see it says priority now actually it's more obvious here so this is my local value this is VLAN 1 it says my priorities now 32,000 769 but it's not 7 it's not 769 it is 32,768 with the extended system ID of 1 in VLAN 10 my computed priority will be 32 thousand seven hundred and seventy-eight which is really 32768 plus the villain number for villain 20 it will be plus 20 here but this is actually this Plus this now the way this is carried inside the actual BPD you update is that what we have for priority is actually a multiplier for 4096 followed by the actual value of the villain so this is why we cannot enter any values that are not in between 4096 because we can have 4,000 94 villains so when we set priorities 0 for villain 4000 for example what we are actually setting is the priority 4000 that will be calculated if we do the same thing for villain 1 we are actually going to be setting priority 4000 1 and so on and so on you get the idea there I hope so this is the and why we cannot set the priority to any value will like we can set it only in increments of 4096 and then based on which Whelan this is used in the priority will be slightly adjusted based on that information now for some other vendors that are using the traditional spanning tree the vendor that that is called juniper comes to mind there you can actually set the priority to any value like because there is nothing in the specification that prevents this behavior so this is a very very Cisco specific behavior but you know what it's perfectly fine it doesn't matter that Cisco does it this way it is even going to be somewhat compatible with other vendors now these are the three things that influence the election of the route so I should really say that these two are really the same thing now in the lab they might ask you that a certain switch needs to be a route or that a certain switch must not be the route so let me give you one interesting example so we are going to have our four switches so switch one switch to switch three switch four and they are interconnected like this so let's say this is switch 1 switch to switch three and switch 4 and the tasks as out let me add the cross links as well so the task says make sure that switch 4 is never the route so switch 4 must never be the route well you're looking at this example and you are thinking ok let's before I proceed let me say that there is a host connected to each of these switches and let's say that you are talking only about VLAN 1 we don't care about any other beyond so this is just the LAN 1 so this is the setup you have and you are thinking to yourself ok how do I solve this particular problem well one possible solution is set the priority and let's say switch 1 to 0 let's set 2 4096 on this one let's say 2 8192 this one and let's set it to 61,000 or like whatever the maximum a so let me I just actually what was the what was that maximum value that we had it was 61 for 14 so okay so this one here is 61 for 4 0 and what's going to happen here effectively this will be the root this will be the secondary route this will be a ternary root but what happens for example if these links here fail so now switch 4 is cut off from the network who is the root in the network well in this network here our 1 is the root but in this network here switch 4 is the root because it has the lower priority the lowest priority of all devices in this network this is just a host this is not a switch so here we satisfy the requirements of our task now hmm not really so let's go back to the drawing board let's try another possible solution now there is an advanced feature in our spanning tree which is called the root guard now what root guard does is it can be configured on the interfaces and if we receive a bpdu that is called a superior BPD and superior BPD is the BPU that is better than our own better than the BPD of the current route if we receive this kind of beep ado we are actually going to block that port so we can use that feature and configure it on this interface here on this interface here and on this interface here which basically means if switch for claims to be the route we are actually going to disable the port facing switch for and we are going to isolate our switch for from the rest of the network perfect example or perfect solution I should say this link fails and this link here fails now let's see what happens here again our network is now very very different than it was switch one maybe the route so let's say that we made sure that switch 1 is the route now switch 3 lost the bpdu it had on this interface here and lost bpdu it had interface on this year so the only valid BPD it will be receiving will be a superior BPD arriving from switch 4 mind you the BPD that originally arrived from switch 1 so it's not switch for now claiming to be the route it is still switch 1 claiming to be the route but we are receiving a superior BPD on this port and we are going to start blocking it effectively cutting off switch 3 from the rest of the network so this is not a good solution either so let's take a look at another solution now given these two scenarios that we just went through the only valid solution is to turn off spanning tree on all switches so we're going to turn off spanning tree here going to turn it off here going to turn it off here and we're going to turn it off here as well now the problem with that is of course that we are going to end up with the horrendous loop in our network that is probably going to crash this which is very fast so none of the solutions for this task are correct now and here I'm going to zoom myself in this is where you are going to end up when you are ready for the lab you're going to look at a very easy task and you're going to way overthink it you're going to think oh so what happens when this would happen when this link fails what happens if this switch does that what happen if this link fails oh my god oh my god oh my god what is the actual solution for this don't do that to yourself because this is the most dangerous example of overthinking the problem the correct solution was just in this network when everything works normally just make sure that cat 4 is the least preferred to be the root so basically our first solution was correct our second solution was also correct because we are really preventing it from becoming the root now if three links or two links fail in our network yeah it may lead to some results that we didn't really want to have but that's ok right because that's not really what the task wanted they just wanted to see do you know how to influence the root elections so don't do that to yourself that you are way overthinking the problem the way I did right now so this is a typical example of a student who is ready for the lab and he knows the caveat or he or she knows the caveat of the technology understands the dangers of different technologies and then goes through the motions of overthinking the problem to the point that no solution appears to be correct yet he needs to do something there needs to be a solution implemented there so again going back to advice that I given you a couple of days ago is go with the simplest straightforward solution you can think that that's it the most simple solution in this case was just lower the priorities on three other switches and make sure the power switch four has the highest priority of the mode or use the route card the next thing that I'm going to talk about is going to be making sure that you influence certain decisions made by the spanning tree so again I'm going to use very simple example of just two switches so I'm going to use my switch three and switch four and this is port 23 this is port 24 oh sorry my bad this is actually also 23 this is 24 and this one here is 24 now we already configured switch 4 to be the route given all the default values otherwise what will be the actual spanning tree topology that we are going to end up with well port 23 would be a designated port port 24 would be designated port and as such they would be forwarding they are going to be designated ports because these are the ports on the switch 4 which is the route and their cost to reach the route is 0 and there cannot be lower cost than that now more interesting situation here happens on switch 3 their cost to reach the route is the same in this case if you are using traditional spanning tree it would be 4 so we have oh sorry I should be careful what I'm saying will be 19 so the cost will be the same to reach the route so we have to go to another tie breaker there which would be what is the port priority on the other side the port priority on the other side is the same it's the default value because we haven't actually changed it to anything then we are going to make the determination which of these ports is going to be forwarding based on the port ID and in spanning tree the lower value always wins and we remember that port ID 0 will be gigabit 0 1 and then from that on we know that 23 will be lower than 24 so our situation here is that this is going to be the root port and as such it is going to be forwarding this port here will be actually blocking now iOS will tell you that this is an alternate port now this alternate port is actually something from rapid spanning tree naming because alternate port is a standby port for the root port shoot the root port fail in rapid spanning tree the alternate port can immediately be promoted to become the root port in traditional spanning tree or when you're running purview on spanning tree plus non rapid one this cannot happen we still have to go through the learning listening sorry through listening learning phases before we can actually start forwarding so let's see if this is true so uncapped 4 I'm going to say show spanning tree VLAN 10 so here let me bring up the app let me bring up the Fastnet 23 interface I'm just going to configure it in the same way as my fastly 24 okay now when it first comes up we may need to wait a little bit for it to come up because now it's in listening so we are not going to see it in forwarding state just yet but let's wait for that to elapse and for to wait for that we need to wait for word delay time we are going to spend listening then after that phase is done we are again going to spend for word delay time in learning phase we should be there by now so we are now in learning phase where we are going to spend 15 seconds and after that elapses we are going to move into the forwarding state so now we can see that on cat for the switch that is actually the route both of the ports fastly 23 and 24 are designated forwarding and we have here the cost of on these interfaces is 19 but that's that's the cost of that interface not cost to reach the route on cat 3 if I do show spanning tree in VLAN 10 I'm going to see here that first in the 23 as expected is the route port that is forwarding and fastly 24 as expected is blocking port and we can see it's actually an alternate port now mind you this does not take effect right now because we are running per villain spanning tree this alternate will have special meaning only when we are running MST or rapid per villain spanning tree so this is the situation that we have right now but let's say that the task told you that what we need is actually a slightly different situation that we wanted to have let me just delete these things all right so so let's say that the task said that what we wanted to have is this of course designated for ring there is nothing we can do about that but if you wanted to have this as the root port and that we wanted to have this as alternate blocking port and by the way do not make any configurations on switch 3 so the only place where we can make any modifications will be switch 4 so how to do that well there are 2 values that we can manipulate to make this decision we can either manipulate cost or we can manipulate port priority now cost effects local decision and priority effects remote decision so in our case what we need to do is we need to have switch for somehow influence the decision made on switch 3 so in this case the correct solution would be to actually use the priority on this port here what we need to do is lower the priority on fastly 24 or we need to increase the priority on fast may 23 to desirable than this one here so let me show you this so I'm going to go back to my terminal and on interface fastly 24 I'm going to say spanning-tree villain and again this is per villain thing if you're running prevail on spanning tree so let's just make this for villain 10 so I'm going to say spending 3 VLAN 10 port priority and the default value is 64 actually is 128 so in this case let me make it let's say 256 oops what is the maximum value I can do 240 okay let's set it to 240 so if I go to cat 3 now if I do show spanning tree VLAN 10 this will take just some time come on did I actually do it correctly here douche or run interface faster than 24 this is oh oh sorry sorry I actually needed the other way around I need to make fasting at 24 lower priority not higher so I've made a complete mess here so let me just set it to something lower than 128 so now we should be seeing here that the rolls have actually been reversed this is how it was before we can see fasting at 23 was route forwarding and fastly 24 was alternate blocking and here now we can see that fasting at 23 is now alternate blocking so that happened immediately but this one cannot transition directly into forwarding even though it used to be alternate port remember this takes no effect for traditional spanning tree for a toe to go 20 or for prevalent spanning tree so this port is now route port but it needs to go through the listening learning and only then goes into forwarding state after it has spent forward delayed time in each of these intermediate stages so this is now the situation so this is one way of solving this task now let's take a look at a similar example so I'm going to use the same topology but now let's say that the task says you are not allowed to make any changes on switch for you need to make changes on switch 3 to reverse the role so I now want fast internet 23 to actually be forwarding and I want this one here to be alternate blocking so I want to reverse the change that was made here what I need to do here is manipulate the cost because cost here is the local decision so let me just copy these two saving the time from typing it so I'm going to say based here so what I need to do is actually manipulate the cost to reverse the role because remember cost the local decision will always take precedence over a hint from the remote side so going back to my terminal this is the situation I have now so take a look the costs are equal right now so what I'm going to do is I'm going to go to fasten it 23 and I'm going to say spanning-tree VLAN 10 cost let's make it 15 so now if I do show spanning tree VLAN 10 I will see that the rolls have started reversing again so here I see that this is now route port again it means to go through the motions of listening and learning and only then can go to 14 but firstly 24 has immediately changed state to blocking and also unload this priority here shows us the local priority if you want to see the designated ports priority what you actually have to do is show spanning tree interface fast in at 23 detail and here in VLAN 10 we will see that the designated port ID is 125 128 25 so this is showing us the remote port but let's take a look at for fast at 24 here for VLAN 20 here for VLAN 10 we are going to see that the designated port ID is 32 26 so this is where we are seeing the port priority of the remote side also take a look that this is identified as port 26 fastly 24 is seen as port 26 not as poor 24 why because we have two other ports that are above two gigabit ports the question that I got is are any mac addresses lost during the link swap well whenever there is a topology change in in spanning tree different things happen with the MAC address table when you have a direct link failure means that the link that was connected somewhere has lost connection so you see that goes down all the locally learned MAC addresses from that link are immediately flushed from the from the MAC address table under local switch now when you have an indirect link failure when when there is a swap like this happening what is going to happen is that yeah let me show you this that the aging timer which is 300 by default is actually cut too I believe oh my god I can't remember this but you know what we can test it so what I'm going to do now is I'm going to go onto my switch so into the fastly 23 let's change the cost here back to 19 so if I do show spanning-tree beyond 10 aging timer is actually going to be set to the forward delay right so they are not aged out immediately but they will aged out much much faster so remember here that we had actually deleted but we can see it for VLAN 1 for example for real on 1 we can see that the default aging timer so this is the MAC address aging timer that controls how long the MAC addresses stay in the in the MAC address table is by default 5 minutes but when there is an indirect topology change it will be set to the aging timer of 15 I believe for the duration of the max age but this has been a little bit longer or maybe a no yeah it's about it's about that tough so we can see now that it reverted to 300 so there is no immediate well it depends what kind of what what caused the switch override in this case it was a soft event so when it's a soft event they are not going to be immediately aged out but if it was a hard event for example link going down all MAC addresses from that link are immediately flashed from the MAC address table because they are no longer valid we have to relearn them but keep in mind that on the switch flashing the MAC address table is not a catastrophic event it happens all the time I mean the only it's not catastrophic in a sense that the traffic will not be impacted the traffic will get where it needs to go but for for the duration of the learning while the switches are actually learning where the MAC addresses are you might have some unnecessary flooding of the traffic so it's not a catastrophic event but it could cause bandwidth strains depending on the on the traffic volume that you have in your network but you're not going to be losing any traffic when the when the MAC addresses are aged out that's the whole idea of the switches they are transparent switches they are sitting in a traffic path they are forwarding the traffic but they are not actually going to drop the traffic if they don't know where to send the traffic they will when they don't have a mac address learn they are instead of dropping the traffic what what what is what the routers will do with the unknown traffic the switches will simply flood it out on all the ports in that villain so yeah you might have some unnecessary flooding of the traffic some Bend this use increase in your network but the traffic will get where it needs to go so yes there will be an event involving the MAC address table but it will not be catastrophic for okay another question that I got was what happens with the traffic on the link during the time of the switchover well let's take a look at the switchover so if I go to the switch over here and let me again cause it helps interface three let me again cause it to change so if I do show spanning tree here I can see that port 23 is root and is listening that means no production traffic is going over this link and fast in a 24 is blocking that means that right now effectively there is no traffic going between cat 3 and cat 4 original spanning tree there is nothing well spanning tree and CDP and VTP still operate but nothing else works there is no transit traffic that goes and just to test that let's add on both of them so I'm just going to say interface VLAN 10 IP address I'm going to add an IP address there and let me go to cat 4 yeah yeah I know it's a duplicate address so now from cat 3 I should be able to ping get four and that works like a charm because chef show spanning tree shows me that they have actually converged by now so I can see that this is route forwarding this is alternate blocking but if I go to interface fasting at 0 23 so let me start paying from cat 4 so I'm going to start very long ping so if I go here and I say spanning tree cost 19 so now show spanning tree VLAN 10 shows me that these are now converging I can see that now I no longer have pink going on until they converge now thousand things went much faster than I was hoping I thought it is going to go so that we can actually see the drop in that original output but this is fine as well so now while spanning tree is actually converging on cat 3 there is no traffic so now we are learning the MAC addresses but you know learning the MAC address is still means no production traffic now we have switched to 40 and now we can see that the traffic has actually gone through and this is one of the reasons why we have rapid spanning tree because rapid spanning tree in this particular case would instantaneously switch to falling because that is what happens with root port so let me change this to be rapid on both sides so I'm just going to say spanning tree about rapid PBS T so now when I do show spanning tree VLAN 10 I can see that spanning tree okay let spanning tree is enabled and that the protocol is our STP and I can see pretty much the same situation right now so let me now switch over let me start the ping from this side but this time I'm going to be a little bit smarter than that okay so I'm going to go to interface fastly 23 and I'm going to change the cost here to 15 if I do show spanning tree VLAN 10 I can see that the the switchover was instant because this is now route port and is forwarding and if I go here and there it was so this is where the switchover happened but it's very very difficult to spot yes there was maybe minor loss but maybe this was just unfortunate timing because this happens very very very quickly so this is this is what was the result of rapid spanning tree switching over right much different than what we had with the traditional spanning tree

Info

Channel: Networking Lessons

Views: 803

Rating: undefined out of 5

Keywords: configrouter.com, Cisco, Cisco Networking Videos, Cisco Networking

Id: Jwbl8TYCiXw

Channel Id: undefined

Length: 46min 21sec (2781 seconds)

Published: Thu Oct 12 2017