PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie umarło a nawet ma się dobrze w środowiskach multi-vendor

IEEE 802.1S, CZYLI STP
JESZCZE NIE UMARŁO
Piotr Wojciechowski (CCIE #25543)

ABOUT ME
¢ Senior Network Engineer MSO at VeriFone Inc.
¢ Previously Network Solutions Architect at one of top polish IT
integrators
¢ CCIE #25543 (Routing & Switching)
¢ PLNOG Advisory Board member
¢ CCIE.PL General Admin
It’s 10th edition of PLNOG where I’m a speaker!

ABOUT CCIE.PL
¢ The biggest Cisco community in Europe
¢ Over 8300 users
¢ Strong staff
— 3 general admins
— 1 board admin
— 3 servers admins
— 3 moderators
¢ Over 60 polish CCIEs as members
— over 20 of them actively posting!
¢ About 100 new topics per month
¢ About 800 posts per month
¢ English section available

AGENDA
¢ Why MST is not dead, where we can use them?
¢ Basic MST definition
¢ How MST works within single region
¢ How MST works in multiple regions configuration
¢ How MST works with non-MST switches
¢ Migration to MST and other caveats we have to remember when
designing MST network

MULTIPLE SPANNING TREE PROTOCOL
IEEE 802.1S

802.1S - MST
¢ Key words about MST:
— IEEE standard, vendor independent
— Spanning-tree per defined group of VLANs
— Multiple instances per region
— Multiple regions
— Can work together with RSTP, PVSTP+ etc.

802.1S - MST
¢ When we should consider using 802.1s:
— Multivendor L2 network
— Increased cost of blocked (unused) physical links
— Large L2 domains, PVST+ protocol with big amount of VLANs and frequent
changes are causing lots of recalculations
¢ CPU saturation
¢ Memory saturation
— Limit of number of STP instances on some platforms (in example Cisco
Catalyst 2960 or 3560) for per-VLAN protocols (PVST+ and RPVST+)
— If you are not ready to replace STP with routing

802.1S - MST
¢ When you should not use MSTP:
— MSTP may not converge as fast as RSTP
— You are afraid of configuration complexity
¢ All switches must be reconfigured when VLAN mapping changes

MSTP – BASIC DEFINITIONS
¢ MST segments network into one or multiple regions
— Region is group of switches that run MST in consistent way:
¢ Same number of instances
¢ Same set of VLANs in each instance
¢ Same configuration name
¢ Same revision number
— Each switch in the region has a single MST configuration
¢ Maximum of 65 active instances per region (instance 0 and 64
user-defined instances)
¢ Single BPDU carry information about all instances

¢ MST bridge must be able to handle at least two instances:
— One Internal Spanning Tree (IST)
— One or more Multiple Spanning Tree Instances
— Sub-optimal paths between regions and non-MST switches may happen

¢ Two special type of trees are build
— Internal Spanning Tree (IST) or Multiple Spanning Tree Instance 0 (MSTI0)
¢ Only this instance that interact with switches “external” to the region
¢ Has root bridge (CIST Regional Roots)
¢ Carries BPDU with information for all instances
— Common Spanning Tree (CST)
¢ Build spanning-tree across regions
¢ Interoperates with the STP/RSTP regions
¢ Elects CST Root based on CIST Regional Roots

¢ BPDU
— Single BPDU carries information about all instances
— Is only exchanged on MSTI0 instance
— Contain all standard RSTP-style information for the IST itself
— Carry additional informational fields
¢ Configuration name
¢ Revision numer
¢ Hash value calculated over VLANs to MSTI mapping table contents
Switch may detect mis-configuration in VLAN mappings by comparing the hash value
received from the peer with the local value

¢ BPDU M-records
— By default all VLANs are mapped to IST (no configuration needed)
¢ Provides classic RSTP implementation where all VLANs share same STP
— Information about other instances is glued to BPDU as M-records using TLV
(Type-Length-Value) type of fields
¢ One M-record per instance
¢ Each M-record contain
¢ Root priority
¢ Designated bridge priority
¢ Port Priority
¢ Root path cost
¢ Other information

MST SINGLE REGION
¢ Topology
spanning-tree mst configuration
name PLNOG-EU
revision 1
instance 1 vlan 11-13
spanning-tree mst 0 priority 61440
name PLNOG-EU
revision 1
name PLNOG-EU
revision 1
spanning-tree mode mst

MST SINGLE REGION
¢ Configuration
Switch Warsaw
Warsaw#show spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID Priority 0
Address fa16.3ee6.4bad
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 0 (priority 0 sys-id-ext 0)
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 20000 128.2 Shr
MST1
Root ID Priority 1
Address fa16.3ed7.dcbf
Cost 20000
Port 2 (GigabitEthernet0/1)
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 20000 128.2 Shr

MST SINGLE REGION
MST2
Root ID Priority 2
------------------- ---- --- --------- -------- --------------------------------
¢ Configuration
Switch Warsaw

MST SINGLE REGION
¢ BPUD
From Warsaw to Berlin
Interface ge0/1
Frame 9: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits)
IEEE 802.3 Ethernet
Logical-Link Control
Spanning Tree Protocol
Protocol Identifier: Spanning Tree Protocol (0x0000)
Protocol Version Identifier: Multiple Spanning Tree (3)
BPDU Type: Rapid/Multiple Spanning Tree (0x02)
BPDU flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated
Root Identifier: 0 / 0 / fa:16:3e:e6:4b:ad
Root Path Cost: 0
Bridge Identifier: 0 / 0 / fa:16:3e:e6:4b:ad
Port identifier: 0x8002
Message Age: 0
Max Age: 20
Hello Time: 2
Forward Delay: 15
Version 1 Length: 0
Version 3 Length: 96
MST Extension
MST Config ID format selector: 0
MST Config name: PLNOG-EU
MST Config revision: 1
MST Config digest: 76109677309c059d469ecb122efbc871
CIST Internal Root Path Cost: 0
CIST Bridge Identifier: 0 / 0 / fa:16:3e:e6:4b:ad
CIST Bridge Priority: 0
CIST Bridge Identifier System ID Extension: 0
CIST Bridge Identifier System ID: fa:16:3e:e6:4b:ad (fa:16:3e:e6:4b:ad)
CIST Remaining hops: 20
MSTID 1, Regional Root Identifier 0 / fa:16:3e:d7:dc:bf
MSTI flags: 0x38, Forwarding, Learning, Port Role: Root
0000 .... = Priority: 0x0
.... 0000 0000 0001 = MSTID: 1
Regional Root: fa:16:3e:d7:dc:bf (fa:16:3e:d7:dc:bf)
Internal root path cost: 20000
Bridge Identifier Priority: 1
Port identifier priority: 8
Remaining hops: 20
MSTID 2, Regional Root Identifier 0 / fa:16:3e:e6:4b:ad
MSTI flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated
0000 .... = Priority: 0x0
.... 0000 0000 0010 = MSTID: 2
Regional Root: fa:16:3e:e6:4b:ad (fa:16:3e:e6:4b:ad)
Remaining hops: 20

MST SINGLE REGION
IEEE 802.3 Ethernet
Protocol Version Identifier: Multiple Spanning Tree (3)
BPDU Type: Rapid/Multiple Spanning Tree (0x02)
BPDU flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated
Root Path Cost: 0
Bridge Identifier: 0 / 0 / fa:16:3e:e6:4b:ad
Message Age: 0
Max Age: 20
Hello Time: 2
Forward Delay: 15
Version 1 Length: 0
Version 3 Length: 96
MST Extension
MST Config ID format selector: 0
MST Config name: PLNOG-EU
MST Config revision: 1
MST Config digest: 76109677309c059d469ecb122efbc871
CIST Internal Root Path Cost: 0
CIST Bridge Identifier: 0 / 0 / fa:16:3e:e6:4b:ad
CIST Bridge Priority: 0
CIST Bridge Identifier System ID Extension: 0
CIST Bridge Identifier System ID: fa:16:3e:e6:4b:ad (fa:16:3e:e6:4b:ad)
CIST Remaining hops: 20
MSTID 1, Regional Root Identifier 0 / fa:16:3e:d7:dc:bf
MSTI flags: 0x38, Forwarding, Learning, Port Role: Root
0000 .... = Priority: 0x0
.... 0000 0000 0001 = MSTID: 1
Regional Root: fa:16:3e:d7:dc:bf (fa:16:3e:d7:dc:bf)
Remaining hops: 20
MSTID 2, Regional Root Identifier 0 / fa:16:3e:e6:4b:ad
MSTI flags: 0x7c, Agreement, Forwarding, Learning, Port Role: Designated
0000 .... = Priority: 0x0
.... 0000 0000 0010 = MSTID: 2
Regional Root: fa:16:3e:e6:4b:ad (fa:16:3e:e6:4b:ad)
Remaining hops: 20
Image source: http://blog.ine.com/2010/02/22/understanding-mstp/

QUIZ!
¢ Two questions – two prizes
— First question easier
— Second question a little bit harder
¢ What I can win?
— Correct answer for first question takes a book
— Correct answer for second question takes voucher for half-year subscription of
IT Professional magazine

QUIZ – QUESTION #1
¢ Maximum of how many instances (except MST0) are allowed by
standard IEEE 802.1s-2002?
64
Defined in paragraph 13.14: “No more than 64 MSTI Configuration
Messages may be encoded in an MST BPDU,and no more than 64 MSTIs
may be supported by an MST Bridge”

¢ In typical Ethernet network (no tuned parameters) theoretically
maximum of how many instances (except MST0) might be supported
and why?
87

¢ In typical Ethernet network (no tuned parameters) theoretically
maximum of how many instances (except MST0) might be supported
and why?
87
Typical MTU on Ethernet network is 1500B
1500B – (size of BPDU header and CIST)
1500B – 102B = 1398B
1398B / (size of M-record)
1398B / 16B = 87.375

MSTP DESIGN CONSIDERATIONS
VLAN MAPPING

¢ MSTP is not PVST+ - spanning-tree instances are not mapped one-to-
one to VLANs
¢ Misconfiguration or VLAN pruning may result in situation where
filtering is not consistent with the respective MSTI blocking decisions
— Solution? Don’t use static VLAN pruning
VLANs
10,20
mapped to
MSTI2
Trunk allowing VLAN 10
Trunk allowing VLAN 20
MSTI2 is
blocking
port where
VLAN20
is
permitted
X

SWITCH STACKS

MSTP AND SWITCH STACK
¢ A switch stack appears as a single spanning-tree node to the rest of the
network
¢ All stack members use the same bridge ID for a given spanning tree
— The bridge ID is derived from the MAC address of the active switch
¢ If the switch stack is the spanning-tree root and the active switch fails
or leaves the stack:
— The standby switch becomes the new active switch
— Bridge IDs remain the same
— Spanning-tree reconvergence might occur

MSTP AND SWITCH STACK
¢ If a switch that does not support MSTP is added to stack the switch is
put into a version mismatch state
— Automatically upgraded or downgraded to the same version of software that
is running on the switch stack
¢ Using any form of stacking, clustering or other virtualization methods
always refer to documentation – behavior may differ depending on
vendor, platform, technology and firmware version

MSTP AND NEWER TECHNOLOGIES

MSTP AND FABRICPATH
¢ Design requirements:
— All of the FP switches must be seen by the attached devices as a single switch
that acts as the root of the STP domain:
¢ They must share a common bridge ID (c84c.75fa.6000 + STP domain number) inside
each STP domain
¢ The domain number can be changed with the spanning-tree domain [id] command
¢ Set the priority of the FP switches so that they become the root of the STP domain
¢ Use spanning-tree vlan [vlan] priority 0
¢ Ensure that the attached STP switches have an STP priority that is set higher than
the FP switches

MSTP – PLATFORM CAVEATS
¢ Look out for platform specific bugs that may affect your network
¢ Example: CSCuj23131 - Bridging Loop with MST and FabricPath
— Symptom:
Under the following conditions, STP topology can converge without blocking where necessary leading to a bridging
loop:
1. Spanning-tree mode MST containing multiple MST regions.
2. FabricPath leaf switches are in one MST region.
3. CE Switches are in a different MST region (than the FabricPath switches)
4. No FabricPath VLANs mapped to MST instance 0
— Workaround:
This scenario can be avoided by one of the following:
1. Configure MST such that there is only one MST region.
OR
2. Map at least one FabricPath VLAN to MST instance 0.
— Known Affected Releases:
6.2(2)

MULTI-REGION

MSTP MULTI-REGION
¢ Why we would like to have multiple regions not just multiple
instances?
— Introducing boundary of STP calculations
— Logical administrative separation – useful during migrations or when
networks of two companies merge

MSTP MULTI-REGION
¢ Configuration
Switch: Toronto
!
name PLNOG-US
revision 1
!
spanning-tree mst 0-2 priority 0

MSTP MULTI-REGION
¢ Spanning tree
Switch: Toronto
Toronto#show spanning-tree vlan 11
MST1
Root ID Priority 1
Address fa16.3e47.3e34
------------------- ---- --- --------- -------- ----------------------
----------

MSTP MULTI-REGION
¢ Spanning tree
Switch: Vancouver
Vancouver#show spanning-tree vlan 11
MST1
Root ID Priority 1
Cost 20000
Address fa16.3e7f.8215
------------------- ---- --- --------- -------- ----------------------
----------
Gi0/1 Altn BLK 20000 128.2 Shr

MSTP MULTI-REGION
¢ Spanning tree
Switch: Montreal
Montreal#show spanning-tree vlan 11
MST1
Root ID Priority 1
Cost 20000
Address fa16.3e7b.e611
------------------- ---- --- --------- -------- ----------------------
----------

MST AND PVST+

MST AND PVST+
¢ Every switch in PVST+ domain perceive MST zone as virtual switch
with multiple boundary ports
¢ Topology change of PVST+ tree will impact every MSTI instance in all
MSTP regions because CST tree must be recalculated
¢ Switches both in MST and non-MST domain have to build CST and
elect CST Root Bridge

MST AND PVST+
¢ CST Root Bridge in MST region
— If there is only one MST region connected to PVST+ then all boundary ports
will be unblocked and can be used by PVST+ trees
¢ CST Root Bridge in PVST+ domain
— Not recommended design
— No load-balancing between multiple links
¢ Cisco support only CST Root Bridge in MST region!
— If CST Root Bridge is not in MST domain boundary ports will be put in root-
inconsistent state

MST AND PVST+
¢ Topology
Note:
¢ Same VLANs defined on all switches
¢ PVST+ with default STP priorities

MST AND PVST+
¢ BPDU
Switch: Toronto
Ethernet II, Src: fa:16:3e:aa:56:50 (fa:16:3e:aa:56:50),
Dst: PVST+ (01:00:0c:cc:cc:cd)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 21
Protocol Version Identifier: Spanning Tree (0)
BPDU Type: Configuration (0x00)
BPDU flags: 0x00
Root Path Cost: 0
Bridge Identifier: 4096 / 0 / fa:16:3e:d7:dc:bf
Message Age: 0
Max Age: 20
Hello Time: 2
Forward Delay: 15
Originating VLAN (PVID): 21
Type: Originating VLAN (0x0000)
Length: 2
Originating VLAN: 21

MST AND PVST+
¢ Spanning-tree
Switch: Berlin
Berlin#show spanning-tree vlan 11
MST1
Root ID Priority 1
------------------- ---- --- --------- -------- ----------------------
----------
Gi0/3 Desg FWD 20000 128.4 Shr Bound(PVST)

MST AND PVST+
¢ Spanning-tree
Switch: Warsaw
Warsaw#show spanning-tree vlan 11
MST1
Root ID Priority 1
Cost 20000
------------------- ---- --- --------- -------- ----------------------
----------

MST AND PVST+
¢ Spanning-tree
Switch: Toronto
Toronto#show spanning-tree vlan 11
VLAN0011
Spanning tree enabled protocol ieee
Root ID Priority 0
Cost 4
Aging Time 300 sec
------------------- ---- --- --------- -------- ----------------------
----------

MST AND PVST+
¢ Spanning-tree
Switch: Montreal
Montreal#show spanning-tree vlan 11
VLAN0011
Spanning tree enabled protocol ieee
Root ID Priority 0
Cost 8
Address fa16.3e7b.e611
Aging Time 300 sec
------------------- ---- --- --------- -------- ----------------------
----------
Gi0/1 Altn BLK 4 128.2 Shr

MSTP RESTRICTIONS
¢ PVST+, Rapid PVST+, and MSTP are supported, but only one version
can be active at any time
¢ VLAN Trunking Protocol (VTP) propagation of the MST configuration
is not supported
¢ Partitioning the network into a large number of regions is not
recommended
¢ Platform-dependent restrictions

MSTP RESTRICTIONS
¢ Spanning-tree protocols interoperability
PVST+ MSTP Rapid PVST+
PVST+ Yes Yes (with restrictions) Yes (reverts to PVST+)
MSTP Yes (with restrictions) Yes Yes (reverts to PVST+)
Rapid PVST+ Yes (reverts to PVST+) Yes (reverts to PVST+) Yes

MIGRATION TO 802.1S

MIGRATION TO 802.1S
¢ It’s not possible to convert all of the switches at the same time
¢ So let’s take an advantage of backward compatibility and convert them
phase by phase!
¢ Reconfiguration will disrupt the traffic.

MIGRATION TO 802.1S
¢ Step #1
Make proper network documentation!
— If you don’t know your network you will break something
¢ Usually when you announce successful migration or you are in bed after long night
— Identify ports where BackboneFast and UplinkFast are configured
¢ Those features are PVST+ proprietary
— Identify point-to-point and edge ports
— Make sure switches are not connected through access link
¢ This may partition the VLAN
— Prepare design of MST network topology
¢ Regions
¢ VLAN-s mapping

MIGRATION TO 802.1S
¢ Step #2
Review vendor whitepapers and documentation
— There always may be some limitation
— There might be things you have to remember during migration due to
platform-specific requirements
— Something you forgot to prepare or think about might be mentioned there

MIGRATION TO 802.1S
¢ Step #3
Review trunks configuration
— Trunks should carry all the VLANs that are mapped to an instance, or
— Trunks should not carry any VLANs at all for this instance
¢ Step #4
Ensure that STP is enabled for all VLANs and devices
— Do not disable the spanning tree on any VLAN in any of the PVST bridges
— Not only switches support STP and require reqconfiguration

MIGRATION TO 802.1S
¢ Step #5
Know your roots
— Configure roots on switches that will be roots for particular instance
¢ Easier approach – single root at the beginning, all VLANS mapped to MSTI0
¢ You will move VLANs to other instances later
¢ That approach require lot work overhead
— Set priorities so other switches never become roots

MIGRATION TO 802.1S
¢ Step #6
Start from root, then work your way down
— Remember that “new” root MST switch will temporarily block all ports when
MST is enabled
— Each switch will temporarily block all ports when MST is enabled

MIGRATION TO 802.1S
¢ Step #7
Monitoring
— Carefully check STP calculations
¢ Maybe some ports you wanted in Forwarding state are still in Blocking?
— Monitor switches resources
— Monitor links saturation
— Ensure you still have access to core systems in your networks

PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie umarło a nawet ma się dobrze w środowiskach multi-vendor

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie umarło a nawet ma się dobrze w środowiskach multi-vendor

Semelhante a PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie umarło a nawet ma się dobrze w środowiskach multi-vendor (20)

Último

Último (20)

PLNOG 17 - Piotr Wojciechowski - 802.1s MST, czyli STP u operatora i w DC nie umarło a nawet ma się dobrze w środowiskach multi-vendor