L2VPN and Ethernet Services Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 24.1.1 - Multiple Spanning Tree Protocol [Cisco Network Convergence System 5500 Series] (2024)

The BPDU Guard feature allows you to protect against misconfiguration of edge ports. It is an enhancement to the MSTP port fast feature. When you configure port fast on an interface, MSTP considers that interface to be an edge port and removes it from consideration when calculating the spanning tree. When you configure BPDU Guard, MSTP additionally shuts down the interface using error-disable when an MSTP BPDU is received.

The Flush Containment feature allows you to prevent unnecessary MAC flushes due to unrelated topology changes in other areas of a network.The following figure shows a network containing four devices. Two VLANs are in use: VLAN 1 is only used on device D, while VLAN 2 spans devices A, B and C. The two VLANs are in the same spanning tree instance, but do not share any links.

If the link BC goes down, then in normal operation, as C brings up its blocked port, it sends out a topology change notification on all other interfaces, including towards D. This causes a MAC flush to occur for VLAN 1, even though the topology change which has taken place only affects VLAN 2.

Flush containment helps deal with this problem by preventing topology change notifications from being sent on interfaces on which no VLANs are configured for the MSTI in question. In the example network this would mean no topology change notifications would be sent from C to D, and the MAC flushes which take place would be confined to the right hand side of the network.

The Bringup Delay feature allows you to stop MSTP from considering an interface when calculating the spanning tree when the interface is not yet ready to forward traffic. This is useful when a line card first boots up, as the system may declare that the interfaces on that card are Up before the dataplane is fully ready to forward traffic. According to the standard, MSTP considers the interfaces as soon as they are declared Up, and this may cause it to move other interfaces into the blocking state if the new interfaces are selected instead.

Bringup delay solves this problem by adding a configurable delay period which occurs as interfaces that are configured with MSTP first come into existence. Until this delay period ends, the interfaces remain in blocking state, and are not considered when calculating the spanning tree.

Bringup delay only takes place when interfaces which are already configured with MSTP are created, for example, on a card reload. No delay takes place if an interface which already exists is later configured with MSTP.

This section show MSTP running configuration.

!Configure/* Configure VLAN interfaces */interface TenGigE0/0/0/2.1001 l2transport encapsulation dot1q 1001!interface TenGigE0/0/0/3.1001 l2transport encapsulation dot1q 1001!interface TenGigE0/0/0/14.1001 l2transport encapsulation dot1q 1001interface TenGigE0/0/0/2.1021 l2transport encapsulation dot1q 1021!interface TenGigE0/0/0/3.1021 l2transport encapsulation dot1q 1021!interface TenGigE0/0/0/14.1021 l2transport encapsulation dot1q 1021!/* Configure L2VPN Bridge-domains */l2vpn bridge group mstp bridge-domain mstp1001 interface TenGigE0/0/0/2.1001 ! interface TenGigE0/0/0/3.1001 ! interface TenGigE0/0/0/14.1001 !bridge-domain mstp1021 interface TenGigE0/0/0/2.1021 ! interface TenGigE0/0/0/3.1021 ! interface TenGigE0/0/0/14.1021!/* Configure MSTP */spanning-tree mst abc name mstp1 instance 1001 vlan-ids 1001-1020 !instance 1021 vlan-ids 1021-1040 !interface TenGigE0/0/0/2 ! interface TenGigE0/0/0/3 ! interface TenGigE0/0/0/14/* Configure MSTP Parameters */spanning-tree mst a bringup delay for 10 minutes flush containment disable name m1 revision 10 forward-delay 20 max hops 30 transmit hold-count 8 provider-bridge instance 101 priority 8192 vlan-id 2-1005 interface FastEthernet 0/0/0/1 instance 101 port-priority 160 portfast bpduguard!!

Verify the MSTP configuration using the show spanning-tree mst command .

/* Verify the MSTP configuration */Router# show spanning-tree mst abc instance 121Mon Jan 23 12:11:48.591 UTCRole: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=MasterState: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup DelayedOperating in dot1q modeMSTI 121: VLANS Mapped: 121-130 Root ID Priority 32768 Address dceb.9456.b9d4 This bridge is the root Int Cost 0 Max Age 20 sec, Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address dceb.9456.b9d4 Max Age 20 sec, Forward Delay 15 sec Max Hops 20, Transmit Hold count 6Interface Port ID Role State Designated Port ID Pri.Nbr Cost Bridge ID Pri.Nbr------------ ------- --------- ---- ----- -------------------- -------BE1 128.1 10000 DSGN FWD 32768 dceb.9456.b9d4 128.1Te0/0/0/1 128.2 2000 DSGN FWD 32768 dceb.9456.b9d4 128.2Te0/0/0/16 128.3 2000 DSGN FWD 32768 dceb.9456.b9d4 128.3Te0/0/0/17 128.4 2000 DSGN FWD 32768 dceb.9456.b9d4 128.4

This section shows PVRST running configuration.

/* PVRST Configuration */configure spanning-tree pvrst stp forward-delay 10 maximum age 10 transmit hold-count 4 vlan 200 ! vlan 300 ! vlan 400 ! interface Bundle-Ether1 ! interface Bundle-Ether2 ! interface TenGigE0/0/0/21!/* Configure bridge-domain */l2vpn bridge group pvrst bridge-domain pvrst1001 interface Bundle-Ether1 !! interface Bundle-Ether2 ! interface TenGigE0/0/0/14.1001! interface TenGigE0/0/0/21

Router# show spanning-tree pvrst stpMon Jan 20 22:56:16.242 UTCRole: ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=BackupState: FWD=Forwarding, LRN=Learning, BLK=BlockedVLAN 200: Root ID Priority 32768 Address 008a.9610.08d8 Max Age 20 sec, Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 00bc.6021.a4d8 Max Age 10 sec, Forward Delay 10 sec Transmit Hold count 4Interface Port ID Role State Designated Port ID Pri.Nbr Cost Bridge ID Pri.Nbr ------------ ------- --------- ---- ----- -------------------- -------Te0/0/0/14 128.2 2000 DSGN FWD 32768 00bc.6021.a4d8 128.2 Te0/0/0/20 128.3 2000 DSGN FWD 32768 00bc.6021.a4d8 128.3 Te0/0/0/26 128.4 2000 DSGN FWD 32768 00bc.6021.a4d8 128.4 Te0/0/0/27 128.5 2000 DSGN FWD 32768 00bc.6021.a4d8 128.5 Te0/0/0/38 128.6 2000 ALT BLK 32768 008a.9610.08d8 128.4 Te0/0/0/6 128.1 2000 ROOT FWD 32768 008a.9610.08d8 128.2 ------------ ------- --------- ---- ----- -------------------- -------VLAN 300: Root ID Priority 32768 Address 008a.9610.08d8 Max Age 20 sec, Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 00bc.6021.a4d8 Max Age 10 sec, Forward Delay 10 sec Transmit Hold count 4Interface Port ID Role State Designated Port ID Pri.Nbr Cost Bridge ID Pri.Nbr ------------ ------- --------- ---- ----- -------------------- -------Te0/0/0/14 128.2 2000 DSGN FWD 32768 00bc.6021.a4d8 128.2 Te0/0/0/20 128.3 2000 DSGN FWD 32768 00bc.6021.a4d8 128.3 Te0/0/0/26 128.4 2000 DSGN FWD 32768 00bc.6021.a4d8 128.4 Te0/0/0/27 128.5 2000 DSGN FWD 32768 00bc.6021.a4d8 128.5 Te0/0/0/38 128.6 2000 ALT BLK 32768 008a.9610.08d8 128.4 Te0/0/0/6 128.1 2000 ROOT FWD 32768 008a.9610.08d8 128.2 ------------ ------- --------- ---- ----- -------------------- ------- VLAN 400: Root ID Priority 32768 Address 008a.9610.08d8 Max Age 20 sec, Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address 00bc.6021.a4d8 Max Age 10 sec, Forward Delay 10 sec Transmit Hold count 4Interface Port ID Role State Designated Port ID Pri.Nbr Cost Bridge ID Pri.Nbr ------------ ------- --------- ---- ----- -------------------- -------Te0/0/0/14 128.2 2000 DSGN FWD 32768 00bc.6021.a4d8 128.2 Te0/0/0/20 128.3 2000 DSGN FWD 32768 00bc.6021.a4d8 128.3 Te0/0/0/26 128.4 2000 DSGN FWD 32768 00bc.6021.a4d8 128.4 Te0/0/0/27 128.5 2000 DSGN FWD 32768 00bc.6021.a4d8 128.5 Te0/0/0/38 128.6 2000 ALT BLK 32768 008a.9610.08d8 128.4 Te0/0/0/6 128.1 2000 ROOT FWD 32768 008a.9610.08d8 128.2 ------------ ------- --------- ---- ----- -------------------- ------- 

All variants of STP operate in a similar fashion: STP frames (known as bridge protocol data units (BPDUs)) are exchanged at regular intervals over Layer 2 LAN segments, between network devices participating in STP. Such network devices do not forward these frames, but use the information to construct a loop free spanning tree.

The spanning tree is constructed by first selecting a device which is the root of the spanning tree (known as the root bridge), and then by determining a loop free path from the root bridge to every other device in the network. Redundant paths are disabled by setting the appropriate ports into a blocked state, where STP frames can still be exchanged but data traffic is never forwarded. If a network segment fails and a redundant path exists, the STP protocol recalculates the spanning tree topology and activates the redundant path, by unblocking the appropriate ports.

The selection of the root bridge within a STP network is determined by the lowest Bridge ID which is a combination of configured bridge priority and embedded mac address of each device. The device with the lowest priority, or with equal lowest priority but the lowest MAC address is selected as the root bridge.

Root port: is selected based on lowest root path cost to root bridge. If there is a tie with respect to the root path cost, port on local switch which receives BPDU with lowest sender bridge ID is selected as root port.

Designated port: Least cost port on local switch towards root bridge is selected as designated port. If there is a tie, lowest number port on local switch is selected as designated port.

The selection of the active path among a set of redundant paths is determined primarily by the port path cost. The port path cost represents the cost of transiting between that port and the root bridge - the further the port is from the root bridge, the higher the cost. The cost is incremented for each link in the path, by an amount that is (by default) dependent on the media speed. Where two paths from a given LAN segment have an equal cost, the selection is further determined by the lowest bridge ID of the attached devices, and in the case of two attachments to the same device, by the configured port priority and port ID of the neighboring attached ports.

Once the active paths have been selected, any ports that do not form part of the active topology are moved to the blocking state.

Network devices in a switched LAN perform MAC learning; that is, they use received data traffic to associate unicast MAC addresses with the interface out of which frames destined for that MAC address should be sent. If STP is used, then a recalculation of the spanning tree (for example, following a failure in the network) can invalidate this learned information. The protocol therefore includes a mechanism to notify topology changes around the network, so that the stale information can be removed (flushed) and new information can be learned based on the new topology.

A Topology Change notification is sent whenever STP moves a port from the blocking state to the forwarding state. When it is received, the receiving device flushes the MAC learning entries for all ports that are not blocked other than the one where the notification was received, and also sends its own topology change notification out of those ports. In this way, it is guaranteed that stale information is removed from all the devices in the network.

There are many variants of the Spanning Tree Protocol:

• Legacy STP (STP)—The original STP protocol was defined in IEEE 802.1D-1998. This creates a single spanning tree which is used for all VLANs and most of the convergence is timer-based.

• Rapid STP (RSTP)—This is an enhancement defined in IEEE 802.1D-2004 to provide more event-based, and hence faster, convergence. However, it still creates a single spanning tree for all VLANs.

• Multiple STP (MSTP)—A further enhancement was defined in IEEE 802.1Q-2005. This allows multiple spanning tree instances to be created over the same physical topology. By assigning different VLANs to the different spanning tree instances, data traffic can be load-balanced over different physical links. The number of different spanning tree instances that can be created is restricted to a much smaller number than the number of possible VLANs; however, multiple VLANs can be assigned to the same spanning tree instance. The BPDUs used to exchange MSTP information are always sent untagged; the VLAN and spanning tree instance data is encoded inside the BPDU.

• Per-Vlan Rapid Spanning Tree (PVRST)— This feature is the IEEE 802.1w (RSTP) standard implemented per VLAN, and is also known as Rapid PVST or PVST+. A single instance of STP runs on each configured VLAN (if you do not manually disable STP). Each Rapid PVST+ instance on a VLAN has a single root switch. You can enable and disable STP on a per-VLAN basis when you are running Rapid PVST+.

  PVRST uses point-to-point wiring to provide rapid convergence of the spanning tree. The spanning tree reconfiguration can occur in less than one second with PVRST (in contrast to 50 seconds with the default settings in the 802.1D STP).

• REP (Cisco-proprietary ring-redundancy protocol)— This is a Cisco-proprietary protocol for providing resiliency in rings. It is included for completeness, as it provides MSTP compatibility mode, using which, it interoperates with an MSTP peer.