Module 3 - Spanning-Tree Protocol.pdf

March 26, 2018 | Author: Binh Nguyen Huy | Category: Network Switch, Networks, Internet, Computer Engineering, Computer Data
Share Embed Donate


Short Description

Download Module 3 - Spanning-Tree Protocol.pdf...

Description

HANOICTT NETWORKING ACADEMY CCCCNNPA Semester3 Semes– t eBrC 3M S N

Module 3 Spanning-Tree Protocol

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Overview

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP concepts STP is a loop-prevention protocol



STP allows L2 devices to communicate with each other to discover physical loops in the network.



STP specifies an algorithm that L2 devices can use to create a loop-free logical topology.



STP creates a tree structure of loop-free leaves and branches that spans the entire Layer 2 network.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Broadcast loops •

Broadcasts and Layer 2 loops can be a dangerous combination.



Ethernet frames have no TTL field



After an Ethernet frame starts to loop, it will probably continue until someone shuts off one of the switches or breaks a link.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Flooded unicast frames, Bridge-table corruption •

Feedback loop, which will bring down the network.



Each switch ends up receiving the frame (originally from Host A) on two different ports.



The switches will flip flop the bridging table entry for Host A (creating extremely high CPU utilization).

Assume no SPT on switches and host B has been removed

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning-Tree Protocol Operation (IEEE 802.1D) •

The purpose of STP is to avoid and eliminate loops in the network by negotiating a loop-free path through a root bridge.



STP determines where the are loops and blocks links that are redundant. –



STP executes an algorithm called STA.



STA chooses a reference point, called a root bridge, and then determines the available paths to that reference point. –

www.hanoictt.com

Ensures that there will be only one active path to every destination.

If more than two paths exists, STA picks the best path and blocks the rest

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

STP Concepts: Bridge ID



Bridge ID (BID) is used to identify each bridge/switch.



The BID is used in determining the center of the network known as the root bridge.



Bridge Priority is usually expressed in decimal format and the MAC address in the BID is usually expressed in hexadecimal format.



Lowest Bridge ID is the root.



If all devices have the same priority, the bridge with the lowest MAC address becomes the root bridge

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Concepts: Path Cost 10Gb



Bridges use the concept of cost to evaluate how close they are to other bridges.



This will be used in the STP development of a loop-free topology .



Originally, 802.1d defined cost as 1000/bandwidth of the link in Mbps, cost of 10Mbps link = 100 or 1000/10 and so on… but it has been changed later due to faster switches

Don’t change path cost if you’re not sure

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Concepts: Port ID CatOS switch •

On a CatOS switch, the first number is 6 bits and the second number is 10 bits. On an IOS-based switched, both numbers are 8 bits



Lower Port IDs are preferred over higher Port IDs in the STP decision



The Port Priority is a configurable STP parameter (unlike the Port Number). The values range from 0 to 255 on an IOS-based switch, with a default value of 128. Port Number is from 0 to 28 = 256 16 bit

www.hanoictt.com

IOS switch 8 bit

8 bit

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Four-Step STP Decision Sequence •

When creating a loop-free topology, STP always uses the same fourstep decision sequence: FourFour-Step decision Sequence Step 1 - Lowest BID Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID

www.hanoictt.com

Step 4 - Lowest Port ID •

Bridges use Configuration BPDUs during this four-step process.



We will assume all BPDUs are configuration BPDUs until otherwise noted.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP decisions and BPDU exchanges

www.hanoictt.com

Information inside a BPDU



When a bridge first becomes active, all its ports send BPDUs every 2 seconds (the default Hello Time). if a port hears about a BPDU from another bridge that is more attractive (use fourstep sequence above) than the BPDU it has been sending, the local port stops sending BPDUs. If the more-attractive BPDU stops arriving from a neighbor for 20 seconds (the default Max Age), the local port resumes sending BPDUs. Max Age is the time it takes for the best BPDU to time out.



Bridges save a copy of only the best BPDU seen on every port.



Only the lowest value BPDU is saved.



When making this evaluation, it considers all of the BPDUs received on the port, as well as the BPDU that would be sent on that port.



If the new BPDU (or the locally generated BPDU) is more attractive, the old value is replaced.



Bridges send configuration BPDUs until a more attractive BPDU is received.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP decisions and BPDU exchanges As the Root Path Cost travels along, other switches can modify its value to make it cumulative.

www.hanoictt.com



After a Root Bridge is decided, configuration BPDUs are only sent by the Root Bridge. All other bridges must forward or relay the BPDUs, adding their own Sender Bridge IDs to the message.)

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Three steps of STP convergence • The STP algorithm uses three simple steps to converge on a loop-free topology: – Step 1 Elect one Root Bridge – Step 2 Elect Root Ports

www.hanoictt.com

– Step 3 Elect Designated Ports

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Root Bridge Cost=19

1/1

1/2

Cost=19

Cat-A

Our Sample Topology 1/1

1/1

Cat-B

Cat-C

www.hanoictt.com

1/2

1/2

Cost=19

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Step 1 Elect one Root Bridge When the network first starts, all bridges are announcing a chaotic mix of BPDUs.



All bridges immediately begin applying the four-step sequence decision process.



Switches need to elect a single Root Bridge.



Switch with the lowest BID wins!



Note: Many texts refer to the term “highest priority” which is the “lowest” BID value.



This is known as the “Root War.”

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Step 1 Elect one Root Bridge Cat-A has the lowest Bridge MAC Address, so it wins the Root War!

www.hanoictt.com

All 3 switches have the same default Bridge Priority value of 32,768

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Step 1 Elect one Root Bridge

www.hanoictt.com

Its all done with BPDUs!

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

STP Convergence Step 1 Elect one Root Bridge

BPDU 802.3 Header Destination: 01:80:C2:00:00:00 Mcast 802.1d Bridge group Source: 00:D0:C0:F5:18:D1 LLC Length: 38 802.2 Logical Link Control (LLC) Header Dest. SAP: 0x42 802.1 Bridge Spanning Tree Source SAP: 0x42 802.1 Bridge Spanning Tree Command: 0x03 Unnumbered Information 802.1 - Bridge Spanning Tree Protocol Identifier: 0 Protocol Version ID: 0 Message Type: 0 Configuration Message Flags: %00000000 Root Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0 Cost Of Path To Root: 0x00000000 (0) Bridge Priority/ID: 0x8000/ 00:D0:C0:F5:18:C0 Port Priority/ID: 0x80/ 0x1D Message Age: 0/256 seconds (exactly 0 seconds) Maximum Age: 5120/256 seconds (exactly 20 seconds) Hello Time: 512/256 seconds (exactly 2 seconds) Forward Delay: 3840/256 seconds (exactly 15 seconds)

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Step 1 Elect one Root Bridge At the beginning, all bridges assume they are the center of the universe and declare themselves as the Root Bridge, by placing its own BID in the Root BID field of the BPDU.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

STP Convergence Step 1 Elect one Root Bridge



Once all of the switches see that Cat-A has the lowest BID, they are all in agreement that Cat-A is the Root Bridge.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Step 2 Elect Root Ports Now that the Root War has been won, switches move on to selecting Root Ports.



A bridge’s Root Port is the port closest to the Root Bridge.



Bridges use the cost to determine closeness.



Every non-Root Bridge will select one Root Port!



Specifically, bridges track the Root Path Cost, the cumulative cost of all links to the Root Bridge.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Root Bridge Cost=19

1/1

1/2

Cost=19

Cat-A

1/1

BPDU

BPDU

Cost=0

Cost=0

BPDU

BPDU

Cost=0+19=19

Cost=0+19=19

Cat-B

Cat-C

www.hanoictt.com

1/2

Step 1

1/1

1/2

Cost=19



Cat-A sends out BPDUs, containing a Root Path Cost of 0.



Cat-B receives these BPDUs and adds the Path Cost of Port 1/1 to the Root Path Cost contained in the BPDU.

Step 2 •

Cat-B add Root Path Cost 0 PLUS its Port 1/1 cost of 19 = 19

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Root Bridge Cost=19

1/1

1/2

Cost=19

Cat-A

1/1

BPDU

BPDU

Cost=0

Cost=0

BPDU

BPDU

Cost=19

Cost=19

Cat-B 1/2

BPDU

1/1

Cat-C BPDU

BPDU

Cost=19

Cost=19

1/2

BPDU

www.hanoictt.com

Cost=38 (19=19)

Cost=38 (19=19)

Step 3 •

Cost=19

Cat-B uses this value of 19 internally and sends BPDUs with a Root Path Cost of 19 out Port 1/2.

Step 4 •

Cat-C receives the BPDU from Cat-B, and increased the Root Path Cost to 38 (19+19). (Same with Cat-C sending to Cat-B.)

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Root Bridge Cost=19

The costs increment as BPDUs are received on a port, not as they are sent out of the port Root Port

1/1

1/1

1/2

Cat-A BPDU

BPDU

Cost=0

Cost=0

BPDU

BPDU

Cost=19

Cost=19

Cat-B

www.hanoictt.com

Root Port 1/1

Cat-C

1/2

Step 5

Cost=19

1/2

BPDU

BPDU

Cost=38 (19=19)

Cost=38 (19=19) Cost=19



Cat-B calculates that it can reach the Root Bridge at a cost of 19 via Port 1/1 as opposed to a cost of 38 via Port 1/2.



Port 1/1 becomes the Root Port for Cat-B, the port closest to the Root Bridge.



Cat-C goes through a similar calculation. Note: Both Cat-B:1/2 and Cat-C:1/2 save the best BPDU of 19 (its own).

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Step 3 Elect Designated Ports •

The loop prevention part of STP becomes evident during this step, electing designated ports.



A Designated Port functions as the single bridge port that both sends and receives traffic to and from that segment and the Root Bridge.



Each segment in a bridged network has one Designated Port, chosen

www.hanoictt.com

based on cumulative Root Path Cost to the Root Bridge. •

The switch containing the Designated Port is referred to as the Designated Bridge for that segment.



To locate Designated Ports, lets take a look at each segment.



Root Path Cost, the cumulative cost of all links to the Root Bridge.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N Root Path Cost = 0 Cost=19

Root Bridge

1/1

Segment 1

Root Path Cost = 0 1/2

Cost=19

Segment 2

Cat-A

Root Path Cost = 19 1/1

Root Path Cost = 19

Root Port

1/1

Root Port

Cat-B

Cat-C

1/2

1/2

Root Path Cost = 19

Root Path Cost = 19

Segment 3 www.hanoictt.com

Cost=19



Segment 1: Cat-A:1/1 has a Root Path Cost = 0 (after all it is the Root Bridge) and CatB:1/1 has a Root Path Cost = 19.



Segment 2: Cat-A:1/2 has a Root Path Cost = 0 (after all it is the Root Bridge) and CatC:1/1 has a Root Path Cost = 19.



Segment 3: Cat-B:1/2 has a Root Path Cost = 19 and Cat-C:1/2 has a Root Path Cost = 19. It’s a tie!

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Root Bridge

Root Path Cost = 0 Cost=19

Root Path Cost = 0

1/1

1/2

Segment 1

Cost=19

Segment 2

Cat-A Designated Port

Designated Port

Root Path Cost = 19

Root Path Cost = 19

1/1

Root Port

1/1

Root Port

Cat-B

Cat-C

1/2

1/2

Root Path Cost = 19

Root Path Cost = 19

Segment 3 www.hanoictt.com

Segment 1 •

Cost=19

Because Cat-A:1/1 has the lower Root Path Cost it becomes the Designate Port for Segment 1.

Segment 2 •

Because Cat-A:1/2 has the lower Root Path Cost it becomes the Designate Port for Segment 2.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Root Bridge

Root Path Cost = 0 Cost=19

Root Path Cost = 0

1/1

1/2

Segment 1

Cost=19

Segment 2

Cat-A Designated Port

Designated Port

Root Path Cost = 19

Root Path Cost = 19

1/1

Root Port

1/1

Root Port

Cat-B

Cat-C

1/2

1/2

Root Path Cost = 19

Root Path Cost = 19

Segment 3 www.hanoictt.com

Segment 3

Cost=19



Both Cat-B and Cat-C have a Root Path Cost of 19, a tie!



When faced with a tie (or any other determination) STP always uses the four-step decision process: 1. Lowest Root BID;

2. Lowest Path Cost to Root Bridge;

3. Lowest Sender BID; 4. Lowest Port ID

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Root Path Cost = 0 Cost=19

Root Bridge

Root Path Cost = 0

1/1

Segment 1

Cost=19

1/2

Segment 2

Cat-A Designated Port

All port on Root bridge will Be designated port

Designated Port

Root Path Cost = 19

Root Path Cost = 19

1/1

Root Port

Cat-B 1/2

1/1

Root Port

32,768.CC-CC-CC-CC-CC-CC

Cat-C

32,768.BB-BB-BB-BB-BB-BB

Root Path Cost = 19

1/2

Root Path Cost = 19

www.hanoictt.com

Designated Port Segment 3 Non-Designated Port Segment 3 (continued)

Cost=19



1) All three switches agree that Cat-A is the Root Bridge, so this is a tie.



2) Root Path Cost for both is 19, also a tie.



3) The sender’s BID is lower on Cat-B, than Cat-C, so Cat-B:1/2 becomes the Designated Port for Segment 3.



Cat-C:1/2 therefore becomes the non-Designated Port for Segment 3.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Port Cost/Port ID

0/2 0/1

www.hanoictt.com

Assume path cost and port priorities are default (32). Port ID used in this case. Port 0/1 would forward because it’s the lowest.



If the path cost and bridge IDs are equal (as in the case of parallel links), the switch goes to the port priority as a tiebreaker.



Lowest port priority wins (all ports set to 32).



You can set the priority from 0 – 63.



If all ports have the same priority, the port with the lowest port number forwards frames.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Recap •

Recall that switches go through three steps for their initial convergence: STP Convergence Step 1 Elect one Root Bridge Step 2 Elect Root Ports Step 3 Elect Designated Ports



Also, all STP decisions are based on a the following predetermined sequence: FourFour-Step decision Sequence Step 1 - Lowest BID

www.hanoictt.com

Step 2 - Lowest Path Cost to Root Bridge Step 3 - Lowest Sender BID Step 4 - Lowest Port ID

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Convergence Recap Example: •

A network that contains 15 switches and 146 segments (every switchport is a unique segment) would result in: – 1 Root Bridge – 14 Root Ports

www.hanoictt.com

– 146 Designated Ports

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Spanning-Tree Port States

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning-Tree Port States

www.hanoictt.com

Blocked: •

All ports start in blocked mode in order to prevent the bridge from creating a bridging loop.



Port are listening (receiving) BPDUs. Does not transmit BPDUs



No user frame data is being sent/received.



The port stays in a blocked state if Spanning Tree determines that there is a better path to the root bridge.



May take a port up to 20 seconds to transition out of this state (max age). - coming soon.



Receives and responds to network management messages but does not transmit them

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning-Tree Port States Listen: The port transitions from the blocked state to the listen state



Attempts to learn whether there are any other paths to the root bridge



Listens to frames (sending and receiving BPDUs)



Port is not sending or receive user data



Listens for a period of time called the forward delay (default 15 seconds).



Ports that lose the Designated Port election become non-Designated Ports and drop back to Blocking state.



Receives and responds to network management messages

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning-Tree Port States

Designated Ports & Root Ports

www.hanoictt.com

Non-Designated Ports

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning-Tree Port States

www.hanoictt.com

Learn: •

The learn state is very similar to the listen state, except that the port can add information it has learned to its address table.



Gathering information, such as the source VLANs of data frames. The Learning state reduces the amount of flooding required when data forwarding begins.



Adds addresses to MAC Address Table



Still not allowed to send or receive user data



Learns for a period of time called the forward delay (default 15 seconds)



Receives and responds to network management messages

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning-Tree Port States

Forward: •

The port can send

and receive user data.



Adds addresses to MAC Address Table



Receives and responds to network management messages



A port is placed in the forwarding state if: – There are no redundant links

www.hanoictt.com

or – It is determined that it has the best path to the root

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning-Tree Port States Disabled: The port is shutdown.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Results of BPDU exchange •

www.hanoictt.com



A root port for each switch and a designated port for each segment is selected. – These ports provide the best path from the switch to the root switch (usually the lowest-cost path). – These ports are put in the forwarding mode. Ports that will not be forwarding are placed in the blocked state. – These ports will continue to receive BPDU information but will not be allowed to send or receive data.

If a bridge thinks it is the Root Bridge immediately after booting or in the absence of BPDUs for a certain period of time, the port transitions into the Listening state to determine the active topology

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Spanning-Tree Port States

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

2

2

Listening

3

5

4

1

Disabled or Down

4

Blocking

Learning

2 7 4

5

6

www.hanoictt.com

2

Forwarding

Standard States (1) Port enabled or initialized (2) Port disabled or failed (3) Port selected as Root or Designated Port (4) Port ceases to be a Root or Designated Port (5) Forwarding timer expires

Cisco Specific States (6) PortFast (7) Uplink Fast

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

STP Timers

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Timers

www.hanoictt.com

Forward Delay Timer • The default value of the forward delay (15 seconds) was originally derived assuming a maximum network size of 7 bridge hops, a maximum of three lost BPDUs, and a hello-time interval of 2 seconds. •

The Forward Delay timer also controls the bridge table age-out period after a change in the active topology.



Forward delay is used to determine the length of: – Listening state – Learning state

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Timers

Max Age Timer Max Age is the time that a bridge stores a BPDU before discarding it.



Each port saves a copy of the best BPDU it has seen.



If the device sending this best BPDU fails, it may take 20 seconds a switch transits the connected port to Listening.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Timers

www.hanoictt.com

Modifying Timers •

Do not change the default timer values without careful consideration.



Modify the STP timers only from the root bridge



The BPDUs contain three fields where the timer values can be passed from the root bridge to all other bridges in the network.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Timer Example

www.hanoictt.com

• It can take 30-50 seconds for a switch to adjust to a change in topology depends on the failure is on direct or indirect link.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Example

Hub

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Not seeing BPDU from Cat-B

X Fails

www.hanoictt.com

Hub Ages out BPDU and goes into Listening mode •

Cat-B:1/2 fails. Cat-C has no immediate notification because it’s still receiving a link from the hub. Cat-C notices it is not receiving BPDUs from Cat-B. 20 seconds (max Hub age) after the failure, Cat-C ages out the BPDU that lists Cat-B as having the DP for segment 3. This causes Cat-C:1/2 to transition into the Listening state in an effort to become the DP.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

50s to take Indirect link failure X Fails

www.hanoictt.com

Hub



Forwarding Listening Mode Mode

Because Cat-C:1/2 now offers the most attractive access from the Root Bridge to this link, it eventually transitions all the way into Forwarding Hub mode. In practice this will take 50 seconds (20 max age + 15 Listening + 15 Learning) for Cat-C:1/2 to take over after the failure of Cat-B:1/2.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

X Fails

Direct link failure 30s to take

www.hanoictt.com

Hub

Forwarding Listening Mode Mode



Because Cat-C:1/1 fails, Cat-C immediately knows, no need to wait 20 seconds for the old information to age out



Port-1/2 on Cat-C immediately goesHub into Listening mode in an attempt to become the new Root Port (STP convergence time = 15 Listening + 15 Learning)

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

BPDU format IEEE 802.1D Spanning-Tree Protocol BPDU frame



Cisco Spanning-Tree Protocol BPDU frame

www.hanoictt.com





The Frame Control field is always 01.



The Destination field indicates the destination address as specified in the Bridge Group Address table. For IEEE Spanning-Tree Protocol BPDU frames, the address is 0x800143000000.



The Source Address field indicates the base MAC address used by the switch. For Cisco Spanning-Tree Protocol BPDU frames, the multicast bit is set to indicate the presence of a Routing Information Field (RIF) in the header.



The Routing Information field is only applicable to Cisco Spanning-Tree Protocol BPDU frames, the Routing Information field must be set to 0x0200.



The Logical Link Control field controls all types of Spanning-Tree Protocol BPDU frames, this field is set to 0x424203.

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning Tree BPDU Protocol Identifier (2 bytes) Version (1 byte) Message Type (1 byte) Flags (1 byte) Root ID (8 bytes) Cost to Root (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message Age (2 bytes) Maximum Age (2 bytes) Hello Time (2 bytes) Forward Delay (2 bytes)



Protocol Identifier (2 bytes), always 0



Version (1 byte), always 0



Message Type (1 byte): Determines whether this is a Configuration BPDU or TCN BPDU



Flags (1 byte): Used with topology changes. Used with TCN BPDUs (see later)



Root BID (8 bytes): Indicates current Root Bridge on the network, includes: • Bridge Priority (2 bytes) • Bridge MAC Address (6 bytes) • Known as the Bridge Identifier of the Root Bridge

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning Tree BPDU Protocol Identifier (2 bytes) Version (1 byte) Message Type (1 byte) Flags (1 byte) Root ID (8 bytes) Cost to Root (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message Age (2 bytes) Maximum Age (2 bytes) Hello Time (2 bytes) Forward Delay (2 bytes)



Root Path Cost (Cost to Root) (4 bytes): Cumulative cost of the path from the bridge sending the BDPU to the Root Bridge indicated in the Root ID field. Cost is based on bandwidth.



(Sender’s) Bridge ID (8 bytes): Bridge ID sending the BDPU – 2 bytes: Bridge Priority – 6 bytes: MAC Address



Port ID (2 bytes): Port on bridge sending BDPU, including Port Priority value.

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning Tree BPDU Protocol Identifier (2 bytes) Version (1 byte) Message Type (1 byte) Flags (1 byte) Root ID (8 bytes) Cost to Root (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message Age (2 bytes) Maximum Age (2 bytes) Hello Time (2 bytes) Forward Delay (2 bytes)



Message Age (2 bytes): The Message Age field indicates the amount of time that has elapsed since the root sent the configuration message on which the current configuration message is based. Age of BDPU, encoded in 256ths of a second.



Maximum Age (2 bytes): When BDPU should be discarded (default 20 sec)



Hello Time (2 bytes): How often BDPU’s are to be sent (default 2 sec)



Forward Delay (2 bytes): How long bridge should remain in listening and learning states (default 15 sec)

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning Tree BPDU Protocol Identifier (2 bytes) Version (1 byte) Message Type (1 byte) Flags (1 byte) Root ID (8 bytes) Cost to Root (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message Age (2 bytes) Maximum Age (2 bytes) Hello Time (2 bytes) Forward Delay (2 bytes)

The Flags field includes one of the following: A Topology change (TC) bit, which signals a topology change, and signifies this BPDU as a Topology Change Notification (TCN) BPDU. Without this bit set, the BPDUs are Configuration BPDUs. A Topology change acknowledgment (TCA) bit, which is set to acknowledge receipt of a configuration message with the TC bit set.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Topology change problem • •

www.hanoictt.com



It can take 30-50 seconds for a single switch to adjust to a change in topology. While the network is converging, physical addresses that can no longer be reached are still listed in the MAC address table. Because these addresses are in the table, the switch will attempt to forward frames to devices it cannot reach.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Topology Changes •

The STP change process requires the switch to clear the table faster in order to get rid of unreachable physical addresses.



If a switch detects a change, it can send a Topology Change Notification (TCN) BPDU out its root port.

www.hanoictt.com

– The topology change BPDU is forwarded to the root switch, and from there, is propagated throughout the network. •

TCN does not start a STP recalculation.



TCN causes: TCA, TC, Root Bridge sets TC in CBPDU for a period of time = Forward Delay + Max Age



A bridge receiving a TC message from the Root Bridge will use the Forward Delay timer (15 seconds) to age out entries in the address table (until no more TC received). This allows the device to age out entries faster than the normal 5minute default so that stations no longer available are aged out faster.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Understanding Spanning-Tree Protocol Topology Changes

www.hanoictt.com

http://www.cisco.com/warp/public/473/17.html



Remember that a TCN does not start a STP recalculation. This fear comes from the fact that TCNs are often associated with unstable STP environments; TCNs are a consequence of this, not a cause. The TCN only has an impact on the aging time; it will not change the topology nor create a loop.



The number or the rate of topology changes is not an issue in itself. The problem is to know what the topology change means. A healthy network can experience a high rate of topology change. Nevertheless, ideally, a topology change would be related to a significant event in the network like a server going up or down or a link transitioning. This can be achieved by enabling portfast on ports that are going up and down as part of their normal operation.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Host D DD-DD

Hub

DD-DD 1/1 EE-EE 1/1

DD-DD 1/1

Host E

DD-DD 1/1

EE-EE 1/2

EE-EE

EE-EE 1/1

X Fails Hub

www.hanoictt.com



Forwarding Listening Mode Mode

Host-D is communicating with Host-E, via Cat-B, while Cat-B:1/2 fails. As discussed earlier, Cat-C:1/2 takes over as the DP in 50 seconds. However, without TCN BPDUs, the data traffic continues to be be sent to Cat-B for another 4 minutes and 10 seconds. Why? Prior to the failure notice the MAC Address Tables. All three switches have the traffic traveling counter-clockwise, because Cat-C:1/2 was in blocking mode. Although the change in Cat-C:1/2 is in forwarding mode, the MAC Address Tables are not correctly reflecting the change in STP topology.

Hub

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Host D DD-DD

Hub

DD-DD 1/1 EE-EE 1/2 1/1

Config BPDU (TC) DD-DD 1/1

Host E

EE-EE 1/1 1/2

EE-EE

TCN BPDU

DD-DD 1/1 EE-EE 1/2 1/1

X Fails Hub

Forwarding Listening Mode Mode

One option is to wait for the normal timeout of this entry in the MAC Address Table, which is 300 seconds (5 minutes). (This is where we got the 4 minutes and 10 seconds, plus 50 seconds for the STP timers.) A better solution is for switches to send out TCN BPDUs when there is a change in the forwarding state of a port, so switches age out their MAC Address Tables from 300 seconds to 15 seconds (Forward Delay). Doesn’t flush MAC Address Table, just accelerates the aging process. Devices that continue to speak for that 15 seconds will remain in the table. All other frames are flooded until the switch learns otherwise.

www.hanoictt.com



Hub

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Topology Changes

A Bridge originates a TCN BPDU in two conditions: 1. It transitions a port into Forwarding state and it has at lease one Designated Port or Root Port.

www.hanoictt.com

2. It transitions a port from either Forwarding or Learning states to the Blocking state. •

On bridges with Designated Ports accept and process TCN BPDUs.



The Root Bridge will send out Configuration BPDUs

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

TCN BPDU •

Much simpler than a Configuration BPDU.



Only three fields, Protocol ID, Version, and Type (TCN).

www.hanoictt.com

Type (TCN)

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Enhancements •

Enhancements of the IEEE 802.1D specification have been developed in an attempt to speed up STP alternate path selection because in L3 environment protocols such as OSPF and EIGRP are able to provide an alternate path in less time.



It would be advantageous to decrease STP convergence time and reduce the length of the disruption (while convergence) – PortFast – UplinkFast

www.hanoictt.com

– BackboneFast

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Enhancements: PortFast PortFast is a Catalyst feature that causes a switch or trunk port to enter the spanning tree Forwarding state immediately, bypassing the Listening and Learning states



When PortFast is enabled on a switch or trunk port, the port is immediately transitioned to the Forwarding state. As soon as the switch detects the link, the port is transitioned to the Forwarding state (less than 2 seconds after the cable is plugged in)



If a loop is detected and PortFast is enabled, the port is transitioned to the Blocking state. PortFast begins only when the port first initializes. If the port is forced into the Blocking state for some reason and later needs to return to the Forwarding state, the usual Listening and Learning processes are performed



The PortFast feature gives immediate end-station access and the safety net of STP (STP is needed for redundancy)

www.hanoictt.com



Access layer

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Enhancements: UplinkFast UplinkFast is a Catalyst feature that accelerates the choice of a new Root Port when a link or switch fails or when STP reconfigures itself



The Root Port transitions to the Forwarding state immediately without going through the Listening and Learning states,



UplinkFast also limits the burst of multicast traffic by reducing the max-update-rate. For IOS the default for this parameter is 150 packets per second.



It easy for the local switch to update its bridging table of MAC addresses to point to the new uplink. However, UplinkFast also provides a mechanism for the local switch to notify other upstream switches that stations downstream (or on toward the access layer) can be reached over the newly activated uplink.



This action is accomplished by sending dummy multicast frames to destination 0100.0ccd.cdcd from source addresses of the stations in the Content-Addressable Memory (CAM) table. These multicast frames are sent out at a rate specified by the max-update-rate parameter in packets per second. The default is 150 packets per second (pps), but the rate can range from 0 to 65,535 pps. If the value is 0, no dummy multicasts are sent.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

STP Enhancements: UplinkFast •

Switches receiving these dummy multicast frames immediately update their bridge table entries for each source MAC address to use the new port, allowing the switches to begin using the new path almost immediately.



In the event that connectivity on the original Root Port is restored, the switch waits for a period equal to twice the Forward Delay time plus 5 seconds before transitioning the port to the Forwarding state in order to allow the neighbor port time to transition through the Listening and Learning states to the Forwarding state.

www.hanoictt.com

This change takes approximately 1 to 5 seconds. (block to forward state)

Use in Access layer not backbone

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

STP Enhancements: BackboneFast •

BackboneFast is a Catalyst feature that is initiated when a Root Port or blocked port on a switch receives inferior BPDUs from its Designated Bridge. An inferior BPDU identifies one switch as both the Root Bridge and the Designated Bridge. When a switch receives an inferior BPDU, it means that a link to which the switch is not directly connected (an indirect link) has failed. That is, the Designated Bridge has lost its connection to the Root Bridge. Under STP rules, the switch ignores inferior BPDUs for the configured Max Age (the default is 20s).



The role of BackboneFast is essentially to shorten this 20-second delay by: –

Actively identify alternative path to root bridge by use protocol Root Link Query



RLQ is a kind of ping for the root on a non-designated port and allowed to quickly confirm if the BPDU stored on a port is still valid or needs to be discarded.



Age out (shorten Max Age timer) on port receiving inferior BPDU (adapt to new topology) or recalculate STP

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

BackboneFast: How it does work ?

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N



BackboneFast purpose is short-circuiting the Max Age Timer when needed. Although this function shortens the time a switch waits to detect a Root Path failure, ports still must go through full-length Forward Delay Timer intervals during the Listening and Learning states



While PortFast and UplinkFast enable immediate transitions, BackboneFast can only reduce the maximum convergence delay from 50 to 30 seconds.



When used, BackboneFast (Cisco proprietary) should be enabled on all switches in the network because BackboneFast requires the use of the RLQ Request and Reply mechanism to inform switches of Root Path stability.



The RLQ protocol is active only when BackboneFast is enabled on a switch. By default,BackboneFast is disabled.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

802.1w Rapid Spanning-Tree Protocol Rapid Spanning-Tree Protocol (RSTP; IEEE 802.1w) can be seen as an evolution of the 802.1D



RSTP performs better than Cisco's proprietary extensions without any additional configuration



802.1w is also capable of reverting back to 802.1D in order to interoperate with legacy bridges on a per-port basis

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

STP evolution

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP states •

RSTP is able to actively confirm that a port can safely transition to forwarding without relying on any timer configuration



There is now a real feedback mechanism that takes place between RSTPcompliant bridges



New concepts: – Edge ports (Cisco PortFast feature)

www.hanoictt.com

– Link type

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

n Con

Edge port

d o en ect t

Conn e

ct to s

on directly stati transition to forwarding

witch

directly transition to forwarding

www.hanoictt.com

t poin t to Poin

Link type

becomes a normal spanning tree port

Link type identify automatically: Full duplex => P-t-P

Conn e

ct to H

UB

Half duplex => shared link Shared link, work as normal

Today, most links are operating in full-duplex mode makes them candidates for rapid transition to forwarding.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP port roles

Blocking port

Port blocked by receiving more useful BPDUs from the same bridge it is on

www.hanoictt.com

Port blocked by receiving more useful BPDUs from another bridge

REALLY alternate path to the root bridge

uplink fast usage (Cisco)

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP port roles •

The spanning-tree algorithm (STA) determines the role of a port based on Bridge Protocol Data Units (BPDUs)



RSTP calculates the final topology for the spanning tree using exactly the same criteria as 802.1D.



The name blocking is used for the discarding state in Cisco implementation.

Port role is determined by RTSP but its current state may different. E.g. a port to be designated role but its current state is blocking.

www.hanoictt.com

(This will typically happen for very short periods of time, it simply means that this port is in a transitory state towards designated forwarding)

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Spanning Tree BPDU Protocol Identifier (2 bytes) Version (1 byte) Message Type (1 byte) Flags (1 byte) Root ID (8 bytes) Cost to Root (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message Age (2 bytes) Maximum Age (2 bytes) Hello Time (2 bytes) Forward Delay (2 bytes)



Version (1 byte), always 0,



In RSTP BPDU is now of type 2, version 2. The implication of this is that legacy bridges must drop this new BPDU. This property makes it easy for an 802.1w bridge to detect legacy bridges connected to it.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP BPDU Format ƒA few changes have been introduced by RSTP to the BPDU format. Only two flags, Topology Change (TC) and TC Acknowledgment (TCA), were defined in 802.1d, however RSTP now uses all six remaining bits of the flag byte

www.hanoictt.com

Spanning Tree BPDU Protocol Identifier (2 bytes) Version (1 byte) Message Type (1 byte) Flags (1 byte) Root ID (8 bytes) Cost to Root (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message Age (2 bytes) Maximum Age (2 bytes) Hello Time (2 bytes) Forward Delay (2 bytes)

Port + status

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP BPDU Format ƒA few changes have been introduced by RSTP to the BPDU format. Only two flags, Topology Change (TC) and TC Acknowledgment (TCA), were defined in 802.1d, however RSTP now uses all six remaining bits of the flag byte

www.hanoictt.com

RSTP uses an interactive process so that two neighboring switches can negotiate state changes. Some BPDU bits are used to flag messages during this negotiation.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Synchronization •

RSTP handles the complete STP convergence of the network as a propagation of handshakes over pointto-point links. When a switch needs to make an STP decision, a handshake is made with the nearest neighbor. After that is successful, the handshake sequence is moved to the next switch and the next, as an ever-expanding wave moving toward the network’s edges.



During each handshake sequence, a switch must take measures to be completely sure it will not introduce a bridging loop before moving the handshake out. This is done through a synchronization process.

www.hanoictt.com

•A port is in-sync if it meets either of the following criteria: •It is in a Blocking state (which means discarding, in a stable topology). •It is an edge port. •The proposal agreement mechanism is very fast, as it does not rely on any timers

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP convergence To participate in RSTP convergence, a switch must decide the state of each of its ports. Nonedge ports begin in the Discarding state. After BPDUs are exchanged between the switch and its neighbor, the Root Bridge can be identified. If a port receives a superior BPDU from a neighbor, that port becomes the Root Port.



For each nonedge port, the switch exchanges a proposal-agreement handshake to decide the state of each end of the link. Each switch assumes that its port should become the Designated Port for the segment, and a proposal message (a Configuration BPDU) is sent to the neighbor suggesting this.

www.hanoictt.com



If a designated discarding port does not receive an agreement after having sent a proposal, it slowly transitions to the x1, falling back to the traditional 802.1D Listening-Learning sequence (remote bridge does not understand RSTP BPDUs, or if the remote bridge port is blocking)

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N http://www.cisco.com/warp/public/473/146.html

www.hanoictt.com

802.1d vs. 802.1w convergence

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

New BPDU handling: not relay BPDU, faster aging of information ƒA bridge now sends a BPDU with its current information every seconds (2 by default), even if it does not receive any from the root bridge (not simply relayed anymore).

www.hanoictt.com

ƒBPDUs are now used as a keep-alive mechanism between bridges. A bridge considers that it has lost connectivity to its direct neighboring root or designated bridge if it misses three BPDUs in a row. ==> quick failure detection, detected even much faster in case of physical link failures

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

New BPDU handling: accepting inferior BPDUs •

The IEEE 802.1w committee decided to incorporate a backbone fast mechanism into RSTP. When a bridge receives inferior information from its designated or Root Bridge, it immediately accepts it and replaces the one previously stored.



E.g. Bridge C still knows the root is alive and well and immediately sends a BPDU to Bridge B containing information about the root bridge. As a result, Bridge B stops sending its own BPDUs and accepts the port leading to Bridge C as its new root port.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP topology change mechanism has been changed Only non-edge ports moving to the Forwarding state cause a topology change. This means



that a loss of connectivity is not considered as a topology change any more, contrarily to 802.1D (that is, a port moving to blocking does no longer generates a TC) •

When a RSTP bridge detects a topology change, the following happens:





It starts the TC While timer with a value equal to twice the hello time for all its non-edge designated ports and its root port if necessary.



It flushes the MAC addresses associated with all these ports.

Note: As long as the TC While timer is running on a port, the BPDUs sent out of that port

www.hanoictt.com

have the TC bit set. BPDUs are also sent on the root port while the timer is active.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP topology change •

Topology Change Propagation - when a bridge receives a BPDU with the TC bit set from a neighbor, the following happens: – It clears the MAC addresses learnt on all its ports except the one that received the topology change.

www.hanoictt.com

– It starts the TC While timer and sends BPDUs with TC set on all its designated ports and root port (RSTP no longer uses the specific TCN BPDU, unless a legacy bridge needs to be notified).

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP topology change •

The TC propagation is now a one step process.



In fact, the initiator of the topology change is flooding this information throughout the network (as opposed to 802.1D where only the root could do so).

www.hanoictt.com

This mechanism is much faster than the 802.1D equivalent. There is no need to wait for the root bridge to be notified and then maintain the topology change state for the whole network for seconds.

In just a few seconds (a small multiple of hello times), most of the entries in the CAM tables of the entire network (VLAN) are flushed. This approach results in potentially more temporary flooding, but on the other hand, it clears potential stale information that prevents rapid connectivity restitution.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Fallback of RSTP •

Because RSTP distinguishes its BPDUs from 802.1D BPDUs, it can coexist with switches still using 802.1D. Each port attempts to operate according to the STP BPDU that is received.



For example, when an 802.1D BPDU (version 0) is received on a port, that port begins to operate according to the 802.1D rules. However, each port has a measure that locks the protocol in use for the duration of the migration delay timer. This keeps the protocol type from flapping or toggling during a protocol migration. After the timer expires, the port is free to change protocols if needed.

RSTP detects a neighbor failure in three Hello intervals (default 6 seconds), vs. the Max Age Timer interval (default 20 seconds) for 802.1D.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Types of STP STP modes: PVST (Per-VLAN Spanning Tree), PVST+, and Mono Spanning Tree



Common spanning tree (CST) is specified in the IEEE 802.1Q standard. CST defines a single instance of Spanning Tree for all VLANs. CST BPDUs are transmitted over the native VLAN (VLAN 1) as untagged frames Î no capability for load balancing.



Per-VLAN spanning tree (PVST) is a Cisco-proprietary implementation requiring ISL trunk encapsulation. PVST runs a separate instance of STP for each VLAN. Load balancing is possible over redundant links when the links are assigned to different VLANs.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

PVST pros and cons •

Reduces the overall size of the spanning tree topology



Improves scalability and decreases convergence time

www.hanoictt.com





Utilization of switches (such as CPU load) to support spanning tree maintenance for multiple VLANs



Utilization of bandwidth on trunk links to support BPDUs for each VLAN



PVST+ is a Cisco-proprietary STP mode that allows CST and PVST to exist on the same network.

Provides faster recovery and better reliability

In networks where PVST and CST coexist, interoperability problems occur. Each requires a different trunking method, so BPDUs will never be exchanged between STP types.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

PVST+ PVST+ provides support for 802.1Q trunks and the mapping of multiple spanning trees to the single spanning tree of non-Cisco 802.1Q switches.



PVST+ is automatically enabled on Catalyst 802.1Q trunks. It runs one instance of STP per VLAN when Catalyst switches are connected by 802.1Q trunks.



PVST+ is the default Spanning-Tree Protocol used on all Ethernet, Fast Ethernet, and Gigabit Ethernet port-based VLANs on Catalyst 4000 and 6000 family switches. O on n e T e (C S S P ST TP (M ) of ST PV ) ST to +

O

www.hanoictt.com

ne

to

on

eS

TP



Mono spanning tree (MST) is the spanning tree implementation used by non-Cisco 802.1Q switches. One instance of STP is responsible for all VLAN traffic

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

MISTP Mode, the need of Multiple Spanning Tree •

Multiple Spanning Tree (MST) is a new IEEE standard inspired from the Cisco proprietary Multiple Instances Spanning Tree Protocol (MISTP) implementation

www.hanoictt.com

PVST+ Case, 1000 STP instances for only two different final logical topologies

802.1q Case, 1 STP instances No load balancing is possible

MST Case, 2 STP instances AND load balancing

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

MISTP Mode A MISTP instance is a virtual logical topology defined by a set of bridge and port parameters. A MISTP instance becomes a real topology when VLANs are mapped to it. Each MISTP instance has its own Root Switch and a different set of forwarding links (that is, different bridge and port parameters). This Root Switch propagates the information associated with that instance of MISTP to all other switches in the network.



There is only one BPDU for each MISTP instance, so there is less over-head in the network, a VLAN can be mapped to only a single MISTP instance.



MISTP discards any PVST+ BPDUs it sees.



MISTP-PVST+ is (Catalyst 4000 and 6000) needed to allow interoperability between PVST+ and MISTP

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

MST (802.1s), Multiple Spanning Tree not Mono Spanning Tree •

MST is specified in IEEE 802.1s, an amendment to IEEE 802.1Q. MST extends the IEEE 802.1w rapid spanning tree (RST)



Cisco implementation of MST is backward compatible with 802.1D STP, 802.1w (RSTP), and the Cisco PVST+ architecture.



802.1w provides the structure on which the 802.1s feature operates –

VLANs can be grouped and associate to spanning tree instances



enables load balancing



easier to administer and utilize redundant paths



Consistent VLAN instance assignments on switches



set of bridges with the same MST configuration information



Interconnected bridges that have the same MST configuration are called MST regions



MST, like MISTP, provides interoperability with PVST+ regions

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Load balancing Using load sharing, traffic can be divided between the links according to which VLAN the traffic belongs.



Load sharing can be configured on trunk ports by using STP port priorities or STP path costs.



For load sharing using STP port priorities, both load-sharing links must be connected to the same switch. For load sharing using STP path costs, each load-sharing link can be connected to the same switch or to two different switches.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Load Sharing Using STP Port Priorities Switch_1# configure terminal



Switch_1(config-if)# interface fa0/1



Switch_1(config-if)# spanning-tree vlan 8 9 10 port-priority 10



Switch_1(config-if)# end



Switch_1(config)# interface fa0/2



Switch_1(config-if)# spanning-tree vlan 3 4 5 6 port-priority 10



Switch_1# show running-config



interface FastEthernet0/1



switchport mode trunk



spanning-tree vlan 8 priority 10



spanning-tree vlan 9 priority 10



spanning-tree vlan 10 priority 10



!



interface FastEthernet0/2

www.hanoictt.com





switchport mode trunk



spanning-tree vlan 3 priority 10



spanning-tree vlan 4 priority 10



spanning-tree vlan 5 priority 10



spanning-tree vlan 6 priority 10



!



interface FastEthernet0/3

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Load Sharing Using STP Path Cost http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/c2900sa4/sa4sc/masctrnk.htm#xtocid180495



Switch_1# configure terminal



Switch_1(config)# interface fa0/1



Switch_1(config-if)# spanning-tree vlan 2 3 4 cost 30



Switch_1(config-if)# end

• Switch_1# configure terminal



Switch_1(config)# interface fa0/2



Switch_1(config-if)# spanning-tree vlan 8 9 10 cost 30



Switch_1# show running-config



interface FastEthernet0/1



switchport mode trunk



spanning-tree vlan 2 cost 30



spanning-tree vlan 3 cost 30



spanning-tree vlan 4 cost 30

www.hanoictt.com





!



interface FastEthernet0/2



spanning-tree vlan 8 cost 30



spanning-tree vlan 9 cost 30

• •

spanning-tree vlan 10 cost 30 !

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Switch port tuning using BPDU guard •

The BPDU guard feature was developed to further protect the integrity of switch ports that have PortFast enabled. If any BPDU (whether superior to the current Root or not) is received on a port where BPDU guard is enabled, that port is immediately put into the errdisable state. The port is shutdown in an error condition and must either be manually re-enabled or automatically recovered through the errdisable timeout function.

Switch# configure terminal Switch(config)# spanning-tree portfast bpduguard Expected root Switch(config)# end

1

2

Switch# show spanning-tree summary totals Root bridge for: none. PortFast BPDU Guard is enabled Etherchannel misconfiguration guard is enabled

www.hanoictt.com

UplinkFast is disabled BackboneFast is disabled Default pathcost method used is short Name Blocking Listening Learning Forwarding STP Active -------------------- -------- --------- -------- ---------- ---------34 VLANs 0 0 0 36 36

New root unexpected

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Switch port tuning using root guard •

Root guard is configured on a per-port basis, and does not allow the port to become a STP root port. This means that the port is always STP-designated, and if there is a better BPDU received on this port, BPDU guard disables the port, rather than taking the BPDU into account and electing a new STP root.



The port will be put in a special STP state (root-inconsistent), which is effectively the same as the listening state. No traffic will pass through the port in this state. When the superior BPDUs are no longer received, the port will be unblocked again and will go, via STP, into states of listening, learning, and eventually transition to Forwarding state. Recovery is automatic, no human intervention is required.



Note: Even the root bridge priority is zero, there is still no guarantee, as there might be a bridge with priority zero and a lower bridge ID.

Expected root

1

2

www.hanoictt.com

Switch(config-if)# spanning-tree guard root

New root unexpected

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Enough ?

www.hanoictt.com

Practice please !!!

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Default STP (PVST/PVST+) configuration settings

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Enabling and disabling STP, change root Bridge http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_12/config/spantree.htm#93252

•The root switch for each spanning-tree instance should be a backbone or distribution switch •diameter adjusts automatically an optimal hello time, forward-delay time, and maximum-age time. The hello keyword can be used to override this value manually •To return the switch to default setting: config# no spanning-tree vlan vlanid root www.hanoictt.com

•Optional: •spanning-tree vlan vlan-id hellotime •spanning-tree vlan vlan-id forwardtime •spanning-tree vlan vlan-id max-age

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Enabling and disabling STP, change root Bridge http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_12/config/spantree.htm#93252

•Directly modify the Bridge Priority:

Switch (config)# spanning-tree vlan vlan-id priority bridge-priority

•Let the switch become the Root by automatically choosing a Bridge Priority value: Switch(config)# spanning-tree vlan vlan-id root {primary | secondary} [diameter diameter] NOTE The spanning-tree vlan vlan-id root is actually a macro executing other switch commands. The actual commands and values produced by the macro will be shown, however. For example, the macro can potentially adjust the four STP values as follows: Switch(config)#spanning-tree vlan 1 root primary

Better

www.hanoictt.com

vlan 1 bridge priority set to 24576 vlan 1 bridge max aging time unchanged at 20 vlan 1 bridge hello time unchanged at 2 vlan 1 bridge forward delay unchanged at 15

Be aware that this macro doesn’t guarantee that the switch will become the Root and maintain that status.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Setting the priority for ports and VLANs •To return the interface to its default setting, use the no spanning-tree [vlan vlan-id] port-priority interface configuration command.

EL

www.hanoictt.com

SL

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Setting the port cost •To return the interface to its default setting, use the no spanning-tree [vlan vlan-id] cost interface configuration command.

EL

www.hanoictt.com

SL

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring switch priority of a VLAN •To return the switch to its default setting, use the no spanning-tree vlan vlan-id priority global configuration command.

www.hanoictt.com

•For most situations, using the spanning-tree vlan vlan-id root primary and the spanning-tree vlan vlan-id root secondary global configuration commands

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring PortFast • When the voice VLAN feature is enabled, the PortFast feature is automatically enabled. When voice VLAN is disabled, the PortFast feature is not automatically disabled.

www.hanoictt.com

• Enable this feature if the switch is running PVST or MSTP. The MSTP is available only if the EI is installed on the switch.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring UplinkFast •

UplinkFast RSTP = Cisco uplink fast proprietary spanning tree extension.



The 802.1w topology change mechanism clears the appropriate entries in the Content Addressable Memory (CAM) tables of the upstream bridges, no need of dummy multicast generation



UplinkFast cannot be enabled on VLANs that have been configured for switch priority, we must first restore the switch priority on the VLAN to the default value by using the no spanning-tree vlan vlanid priority global configuration command.



When UplinkFast is enabled, it affects all VLANs on the switch. UplinkFast cannot be configured on an individual VLAN.



The UplinkFast feature is supported only when the switch is running PVST

Restore back no spanning-tree uplinkfast max-update-rate

www.hanoictt.com

no spanning-tree uplinkfast

Detail in curriculum

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring BackboneFast The BackboneFast feature is supported only when the switch is running PVST



Must be enabled it on all switches in the network (supported with other vendors)

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring BPDU guard

www.hanoictt.com

spanning-tree bpduguard enable interface Configuration command to enable BPDU guard on any port without also enabling the Port Fast feature



BPDU guard is enabled globally on ports that are Port Fast-enabled, spanning tree shuts down Port Fast-enabled ports that receive BPDUs (puts the port in the errordisabled state - must be manually restore)



The BPDU guard feature can be enabled if the switch is running PVST or MSTP. The MSTP is available only if the EI is installed on the switch.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring root guard •

Root guard enabled on an interface applies to all the VLANs to which the interface belongs



This feature can be enabled if the switch is running PVST or MSTP. The MSTP feature is available only if the EI installed on the switch.

Do not enable the root guard on interfaces to be used by the UplinkFast feature

www.hanoictt.com

Root guard and loop guard cannot both be enabled at the same time

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Verifying STP, RSTP, and MTSP configuration

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

RSTP and MST Configuration

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Default RSTP and MSTP configuration

www.hanoictt.com



The switch uses the default settings of PVST/PVST+. By default RSTP/MST are not enabled

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

RSTP and MSTP configuration guidelines

www.hanoictt.com

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12111yj4/lrescg/swmstp.htm



MST is enabled using the spanning-tree mode mst global configuration command, RSTP is enabled but Per-VLAN RSTP is not supported (PVRST)



Only one version can be active at any time (PVST, PVST+, MSTP)



VTP doesn’t work with MST. Manually configure the MST configuration (region name, revision number, and VLAN-to-instance mapping) on each switch using CLI or SNMP



For load balancing across redundant paths, all VLAN-to-instance mapping assignments must match. Otherwise, all traffic flows on a single link



Should not partition the network into a large number of regions if this situation is unavoidable, the switched LAN be partitioned into smaller LANs interconnected by routers or non-Layer 2 devices



It may be necessary to manually configure the switches (IST master, PVST+ , MST regions )

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Enabling RSTP & MSTP •

In one MST region, switches must have the same VLAN-to-instance mapping, the same configuration revision number, and the same name.



A region can have one member or multiple members



Each member must be capable of processing RSTP BPDUs.



There is no limit to the number of MST regions in a network, but each region can support up to 16 spanning tree instances.



A VLAN can be assigned to only one spanning tree instance at a time.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Example

Remove config. no spanning-tree mst configuration no instance instance-id [vlan vlanrange] no name www.hanoictt.com

To re-enable PVST, use the no spanning-tree mode or the spanning-tree mode pvst global configuration command.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Configuring the MST root switch

Same concept of normal STP



The switch with the lowest bridge ID (priority + MAC) becomes the root switch for the group of VLANs



Config# spanning-tree mst instance-id root cause priority from the default value (32768) to 24576. If any root switch for the specified instance has a switch priority lower than 24576, the switch sets its own priority to 4096 less than the lowest switch priority.



Optional: (config. Mode)



spanning-tree mst hello-time



spanning-tree mst forward-time



spanning-tree mst max-age



Restore default setting, use the no spanning-tree mst instance-id root

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring MST switch priority Should use (Marco command) spanning-tree mst instance-id root primary , spanning-tree mst instance-id root secondary global configuration commands to modify the switch priority



To return the switch to its default setting, use the no spanning-tree mst instance-id priority global configuration command.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Configuring MST path cost •

Assign lower cost values to interfaces that the network administrator wants selected first and higher cost values to interfaces that the administrator wants selected last



The show spanning-tree mst interface interface-id privileged EXEC command displays information only for ports that are in a link-up operative state. Otherwise, use the show running-config privileged EXEC command to confirm the configuration.



To return the interface to its default setting, use the no spanning-tree mst instance-id cost interface configuration command.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring MST port priority The show spanning-tree mst interface interface-id privileged EXEC command displays information only if the port is in a link-up operative state. Use the show running-config interface privileged EXEC command to confirm the configuration.



To return the interface to its default setting, use the no spanning-tree mst instance-id port-priority interface configuration command.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Configuring maximum hop count

www.hanoictt.com



To return the switch to its default setting, use the no spanning-tree mst max-hops global configuration command.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

EtherChannel

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

EtherChannel background

www.hanoictt.com



EtherChannel is a Cisco-proprietary, "resiliency" with disaster link, hardware…. –

Standard EtherChannel (2-8 links)



Fast EtherChannel (FEC) (2-8 links)

Depends on platform &



Gigabit EtherChannel (GEC) (2-8 links)

IOS



10-Gigabit EtherChannel (2-8 links)



Ethernet trunks frequently go with EtherChannel links



All ports in each EtherChannel must be the same speed

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Benefits of EtherChannel Transparent to networked applications



Operates as either an access link or trunk link



Load balancing transparently across multiple links



Automatic recovery for loss of a link

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Distribution based on source only (MAC, IP, or port), destination only (MAC, IP, or port), or both source and destination (MAC, IP, or port)

IP MAC

port

hash

hash

IP MAC

port

source



destination

EtherChannel frame distribution uses a Cisco-proprietary hashing algorithm. The algorithm is deterministic; if you use the same addresses and session information, you always hash to the same port in the channel. This method prevents out-of-order packet delivery.

source



destination

www.hanoictt.com

Frame distribution

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

EtherChannel methods

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Port Aggregation Protocol (PAgP)

allow ports to negotiate with connected ports

By default, ports are in autosilent mode



Port Aggregation Protocol (PAgP) is a Cisco-proprietary



Automatic creation of EtherChannels by exchanging packets



Dynamically groups similarly configured interfaces into a single logical link based on hardware, administrative, and port. (E.g., PAgP groups the interfaces with the same speed, duplex mode, native VLAN, VLAN range, and trunking status/type into an Ether-Channel, then PAgP adds the group to the spanning tree as a single switch port).

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Etherchannel modes

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Link Aggregation Control Protocol (LACP), IEEE 802.3ad

By default, ports are in passive negotiating state



Open-standard equivalent to PAgP



Both Cisco & other can form Etherchannel



LACP tries to configure the maximum number of compatible ports in a channel, up to the maximum allowed by the hardware (eight ports for Catalyst switches).



If LACP cannot aggregate all the ports that are compatible, these ports that cannot be actively included in the channel are put in hot standby state and are used only if one of the channeled ports fails.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Modifying port cost for EtherChannel groups The STP Port Cost is updated based on the current Port Costs of the channeling ports.



If channel Port Cost is specified, the Port Costs of member ports in the channel are modified to reflect the new cost (This enables load balancing of VLAN traffic across multiple channels configured with trunking, because some VLANs in the channel have Port VLAN Cost values and the others have Port Cost values)



This might not sound useful (or meaningful), but this allows, as an example, the configuration of VLAN traffic to load-balance between one EtherChannel connected to one core switch and another EtherChannel connected to another core switch.

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

EtherChannel configuration guidelines •

Assign all ports in an EtherChannel to the same VLAN, or configure them as trunk ports (same trunk mode, same allowed range of VLANs)



Do not configure the ports in an EtherChannel as dynamic VLAN ports



If a broadcast limit is configured on the ports, configure the broadcast limit as a percentage limit for the channeled ports (unicast packets might get dropped for 1s when the broadcast limit is exceeded )



An EtherChannel will not form with ports that have the port security feature enabled



If IGMP multicast filtering is using one port in an EtherChannel, set the EtherChannel mode for both PAgP and LACP to off.



An EtherChannel will not form if one of the ports is a Switched Port Analyzer (SPAN) destination port



Each EtherChannel can have up to eight compatibly configured Ethernet interfaces (same speed and duplex modes)



Enable all interfaces in an EtherChannel (no shutdown)



It is preferable to set STP port costs to be equal for all ports in an EtherChannel (different STP Port Costs can form an EtherChannel as long as they are compatible )

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Which ports can be used when configuring an EtherChannel Catalyst 4000 and 6000 allow use of an even or odd number of links in the EtherChannel. The ports do not have to be contiguous or even on the same line card, these features are not available on all Catalyst hardware.



Older Catalyst switches use an Ethernet Bundle Controller (EBC) to manage aggregated EtherChannel ports



……………………..



Check the hardware documentation before attempting to create EtherChannel bundles



See example in the curriculum !!!

www.hanoictt.com



HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Configuring Fast EtherChannel •

On each of the participating interfaces (up to eight), enter the command channel-group channel-group-number mode{auto [nonsilent] | desirable [non-silent] | on}. (remove by no channel-group )



To verify: use the command show etherchannel [channel-group-number] {brief | detail | load-balance| port | port-channel | summary}.



To specify the technique for load balancing (frame distribution) among links comprising an EtherChannel, use the command portchannel load-balance {dst-mac | src-mac}



Verify the configuration with the command show etherchannel load-balance.



To view PAgP status information, use the command show pagp [channel-groupnumber] {counters | internal | neighbor.

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

Hands-on Lab Exercises

• View the lab notes first !!! • Do E-lab

www.hanoictt.com

• Practice actual lab

www.hanoictt.com

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

HANOICTT NETWORKING ACADEMY CCNA P SSeem meesstteerr13 - B C M S N

www.hanoictt.com

Guidelines for Applying STP Protection Features •

Root guard: Apply to ports where root is never expected.



BPDU guard: Apply to all user ports where PortFast is enabled.



Loop guard: Apply to nondesignated ports; but okay to apply to all ports.



UDLD: Apply to all fiber optic links between switches (must be enabled on both ends).



Permissible Combinations on a Switch port:





Loop guard and UDLD



Root guard and UDLD

Not permissible on a switch port: –

Root guard and Loop guard



Root guard and BPDU guard

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF