Portfast
- Command applied to a single switch at the interface or global level
- used only on ports connected to hosts
- can be used with bpduguard (errdisables the port if a BPDU is received) or bpdufilter (drops any received BPDUs)
- You can tell the switch to change from err-disabled state back to an up state after a certain amount of time
- skips the 15sec listening and learning modes. It goes straight from blocking/disabled to forwarding.
- Can be used in PVST+ or MST
- Command is applied to a single switch at the global level
- can be configured on individual switches
- used to detect directly connected link failures
- reduces convergence time from 30s to almost nil
- before configuring ensure stp priority is default value of 32768
- Can be used in PVST+
- Increase its root priority to 49,152
- Sets port cost of all its interfaces to 3000
- Tracks which ports its receiving BPDUs from the root switch
The result of items one and two is to prevent the switch from becoming root unless something really serious has happened in the network.
Due to step 3 all ports which have a path back to the root switch are listed and ordered by cost. When the currently active root port fails (hence its only good for directly connected failures), the next port in the list is selected and set to forward immediately. As a result the port does not have go though the listening & learning STP port phases. The switch clears out all non-local entries in the CAM table. For reach locally connected MAC it sends out a multicast frame with the source address as the locally connected MAC. This causes all the switches in the network to update their CAM entries.
BackboneFast
- Command is applied at the global level and needs to be applied to the full switching domain
- Used to detect indirect failures
- Reduces convergence from 50 to 30sec
- If it can, backbonefast tries to reduce the max-age timer
- Sends out RLQ messages
BackboneFast simply means that the switch asks their upstream neighbor if they know about the failure by sending a Root Link Query (RLQ) BPDU out the port in which the missing BPDU should have arrived. The RLQ asks the neighboring switch if that it is still receiving Hellos from the root.
If that neighboring switch had a direct link failure, it responds back with a another RLQ indicating that its path to the root is lost. If it too is in the same situation of missing BPDUs, the process will repeat till a switch is found which has a directly connected link failure.
Once known, the switch experiencing the indirect link failure can go ahead and converge without waiting for Maxage to expire. It will then advise everyone else to ageout their CAM tables.
The sending / receiving of RLQ messages means that the whole switching domain needs to be configured for backbonefast rather than just an individual switch like portfast or uplinkfast.
(config)# spanning-tree backbonefast
Protecting STP
RootGuard
- Command is applied at the interface level to a single switch
- Similar to the bpduguard feature of portfast where it prevents any superior BPDUs from entering the switching domain (puts port into root-inconsistent state if such a frame is received)
- Port recovers once the superior BPDUs go away
(config)# interface fastethernet 3/1 (config-if)# spanning-tree guard root
- Command is applied to both sides of the link at the interface or global level
- Supports both copper and fibre links
- UDLD message interval - 15 seconds
- Has two modes:
- UDLD - Uses Layer 2 messaging to decide when a switch can no longer receive frames from
a neighbor. The switch which has a working transmit interface is placed into an err-disabled
state. - UDLD aggressive mode - Attempts to reconnect with the other switch (eight times) after
realizing no messages have been received. If the other switch does not reply to the repeated
additional messages, both sides become err-disabled.
(config)# udld {aggressive | enable | message time message-timer-interval}
or
(config)# interface fastethernet 3/1
(config-if)# udld port [aggressive]
Loopguard
- Command applied to a single switch at the global or interface level
- Prevents blocked ports from going into forwarding
- the port does not go through normal STP convergence, but rather falls into an STP loop-inconsistent state.
- LoopGaurd works per VLAN; UDLD does not
- UDLD cannot auto recover without taking advantage of the Error Disable Recovery feature
- UDLD cannot catch loops from non-wiring issues
- LoopGaurd is not as good at catching miswiring issues
If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / learning / forwarding state.
Loop guard protects against STP failures caused by problems that result in the loss of BPDUs from a designated switch port.
Loop guard helps prevent bridging loops that could occur because of a uni-directional link failure on a point-to-point link. When enabled globally, the loop guard applies to all point-to-point ports on the system. Loop guard detects root ports and blocked ports and ensures that they keep receiving BPDUs from their designated port on the segment.
Basically what this section is saying: Your upstream switch has had a software malfunction which has prevented it from sending BPDUs only. In this case UDLD will not flag anything as it can talk to the other switch port. However as the BPDUs have stopped coming in and the switch is going to unblock another port so that is can "see" the BPDUs. This will result in a loop. Loop guard detects this "corner case" and prevents it from happening.
How often has this happened to you? For me not even once in 15 years.
Router(config)#interface gigabitEthernet 1/1 Router(config-if)#spanning-tree guard loop
No comments:
Post a Comment