EL DERECHO A LA EDUCACIÓN SUPERIOR PÚBLICA

Spanning Tree Protocol (STP) is a very deep topic that causes headaches for many profes-sional network administrators. We spend the next portion of this chapter getting you up to speed on exactly what it is, how it works, and why it is so vital for the operation of a typical network.

What Is Spanning Tree?

STP, the IEEE 802.1D open standard, is designed to prevent looping behavior and allow network administrators to introduce redundant links without forming a traffic loop. STP learns the topology of the network and purposely blocks redundant links that could cause a loop. Should an active link fail, STP will unblock links as necessary to restore connectivity.

REAL WORLD EXAMPLE

It’s easy to demonstrate this effect. If you have any cheap, consumer-grade network switch, you can plug two of the ports together, plug in your laptop or desktop, and ping some IP address to generate an ARP Request broadcast. Since low-end switches have no STP running to block the loop, you will observe incredible amounts of activity, that is, a broadcast storm on the switch, until you unplug the loop.

Loop Avoidance and Spanning Tree 33

How Does Spanning Tree Work?

All the switches that are actively participating in STP first have to figure out which switch will be the root bridge . This is done by election, like picking a president or group leader, but with less politics involved. The root bridge is simply determined from the switch with the lowest bridge ID. The switches determine this by exchanging Bridge Protocol Data Units (BPDUs) containing their bridge IDs.

A bridge ID consists of two parts: the bridge priority and MAC address. By default, all switches have a bridge priority of 32,768. An administrator can change the bridge prior-ity, increasing or decreasing it by multiples of 4,096, to forcefully determine which switch will be the root bridge. If all the switches are using the default 32,768 priority, then the tie is broken by finding the switch with the lowest MAC address value. It is prudent to set a lower bridge priority on the switch you specifically want to be the root bridge, as other-wise the root bridge role might change to an underpowered or over-utilized switch which happens to have the lowest MAC address.

When the root bridge has been identified, the remaining non-root bridge switches in the topology do some math homework to determine how they can best send traffic back to the root bridge. They exchange BPDUs to determine the network topology and track topol-ogy changes. Every path to the root bridge has an associated cost. Imagine that you wanted to drive from one city to the next and are given many different choices on how to get there. You might choose the interstate, which is more mileage but lets you drive at a fast speed, or the local roads, which is fewer total miles but a much slower speed.

Switches look at the speed of each link in each possible path back to the root bridge, in search of the lowest total path cost. The path cost is the sum of each link’s cost value based on its data rate. For standard STP (802.1D), the cost values are shown in Table 4.1.

Table 4.1 STP Cost Values

Looking at the costs, you can see that if STP had to choose between a single 100 Mbps link (cost of 19) and four 1,000 Mbps links (cost of 4 * 4 = 16), it would choose the four 1,000 Mbps links. When the paths have been chosen, the switch ports which connect to other switches are assigned STP roles as follows:

Loop Avoidance and Spanning Tree 35

PortFast

The default behavior of STP blocks a port until it has listened and learned the traffic on that port and determines that it can begin forwarding traffic without creating a loop. This is great for switch-to-switch links, but endpoint devices on your network—desktops, serv-ers, printserv-ers, and so on—are usually not capable of creating a network loop. The act of blocking traffic for a period of time can cause some headaches and complications, particu-larly if the workstation or server is trying to use a Preboot Execution Environment (PXE) to boot, or requires a DHCP lease for its IP address.

For these endpoint devices, an administrator can enable PortFast on a Cisco device, or des-ignate a port as an edge port or “fast uplink” port with other switch vendors. PortFast is an extension to 802.1D that allows a port to skip the listening and learning states and transi-tion directly to the forwarding state. You are effectively telling the switch to go ahead and trust the port immediately, and that it does not need to burn time proving that the port will not create a loop.

REAL WORLD EXAMPLE

It’s very common, and often recommended by vendors, to enable PortFast for any ports connecting to your NICs on a server because they cannot form a loop. All the server NICs should be allowed to actively forward traffic.

Of course, exercise caution when enabling PortFast on a switch port, and ensure that no network device will be plugged into that port. There is the possibility that someone could plug in a rogue network device with an improperly configured STP bridge priority, and become the root bridge for your network topology. Though they are out of scope for this book, tools such as BPDU Filtering and BPDU Guard can provide a safeguard against this sort of risk.