Saturday, March 7, 2009

Rapid Spanning Tree 802.1w

This video demonstrates layer-2 convergence in less than 2 seconds thanks to rapid spanning-tree.
Rapid per-vlan spanning-tree is configured with "spanning-tree mode rapid-pvst".
The rapid spanning tree protocol, 802.1w, is the answer to the slow convergence time of the historic 802.1d spanning-tree protocol.  Rapid spanning tree replaces timers with triggered updates.  Switches almost never wait for a timer to expire.  When converging on a new switch-to-switch link they will start with the port in the discarding state.  The upstream switch (closest to the root bridge) will send a proposal to the downstream switch.  The downstream switch will put all other downstream switch-to-switch (P2P) ports into the discarding state (preventing a loop) and then accept the proposal.  Once the proposal is accepted, the switches will forward on the new link.  Then the downstream switch will repeat the procedure on each downstream P2P link.  While seemingly complex, because none of these actions wait for a timer to expire, the end result is spanning-tree reconvergence in seconds.  Edge ports (going to end hosts) are known because they are configured with "spanning-tree portfast".  Edge ports never go into the discarding state because they cannot create a bridging loop.
Rapid spanning-tree incorporates improved versions of the backbonefast and uplinkfast improvements, making configuration of those features unnecessary.  It is still possible to configure bpduguard, rootguard, and loopguard.  Configuring portfast is essential to identify edge ports.


Monday, March 2, 2009

Etherchannels and the port aggregation protocol

When you have two different links between the same two switches, normally spanning tree will forward on one and block on the other.  This means half of your bandwidth is sitting idle.  An etherchannel is a way to bind two links into one logical link with twice the bandwidth.  In addition to increased bandwidth, etherchannels fail over in a fraction of a second.  So the failure of one physical link in a multi-link etherchannel will not result in a significant outage.
The port aggregation protocol (PAgP) is a Cisco proprietary protocol that switches use to determine whether to bundle multiple links into an etherchannel.  PAgP is similar to DTP, in that it has "desirable" and "auto" modes.  One difference is that ports configured in etherchannel "on" mode do not speak the PAgP protocol, resulting in a mismatch with a PAgP-speaking switch at the other end of the link.
The link aggregation control protocol (LACP) is a standards-based replacement for PAgP.  If you want to dynamically negotiate etherchannels with non-Cisco gear (including some servers), LACP is the way to go.
One big advantage of dynamically negotiating etherchannels is that the negotiation protocols will help prevent etherchannel mismatches.  Setting the etherchannel to "on" can get you into trouble if the two channel members go to different switches, or go to a switch without etherchannel configured.


Monday, February 23, 2009

802.1q and ISL trunks

Switches can have multiple vlans.  When we connect switches together we use 802.1q trunks (or older ISL trunks) to run multiple vlans over one physical link.  With either trunking protocol, a tag is added to the ethernet frame with the vlan information.  ISL is an older Cisco-proprietary trunking protocol.  Newer switches do not even support ISL.  Newer switches use the 802.1q vendor-indepentend trunking protocol.  Cisco switches also speak the dynamic trunk protocol (DTP) to dynamically negotiate whether to enable a trunk.


Sunday, February 22, 2009

Intermediate spanning tree

We cover intermediate spanning tree concepts.  The importance of specifying your root bridge and backup root bridge with spanning-tree priority.  Using portfast to allow host ports to start forwarding without waiting for 30 seconds.  Using bpduguard to disable portfast-enabled ports where someone erroneously plugs in a switch.  Using errdisable timeout to automatically reenable those ports after 15 minutes.  Using rootguard to prevent improper switches from becoming your spanning-tree root.  The dangers of using bpdufilter to ignore and delete BPDUs.  How uplinkfast can enable access switches to failover between uplinks without delay.  And using backbone fast to improve responsiveness to indirect link failures by eliminating the need for the 20 second maxage timeout.

Labels: ,

Saturday, January 31, 2009

VLANs and spanning tree

VLANs are a feature of ethernet switches which makes them act like multiple "virtual switches".  Each VLAN is a separate broadcast domain and could be configured with a separate subnet.  That way could could have separate subnets for separate purposes (IT, accounting, network management) on one physical switch.  This saves money and cabling while decreasing complexity.

Spanning tree is a protocol which allows you to build redundant loops out of ethernet switches without suffering a bandwidth outage due to looping ethernet frames.  Spanning tree blocks ports in your switch mesh to change a topology of loops into a non-looping tree.  Then if you suffer a link outage, spanning tree will reconverge in a new fully operational tree.   This reconvergence make take significant time (30-50 seconds) with the old spanning tree protocol.

More modern improvements to the spanning tree protocol, including RSTP (rapid spanning tree) and MST (multiple spanning tree) will be covered in a later episode.

Labels: ,