Shulou(Shulou.com)06/01 Report--

The STP protocol mentioned earlier and Cisco's proprietary protocol PVST+ belong to the single spanning Tree (SST) protocol, which means that devices that support multiple VLAN can only run a single spanning tree. You can refer to the blog post: Cisco equipment layer 2 switching technology-- detailed explanation of STP protocol

MSTP is a new protocol proposed in IEEE 802.1s for the combination of STP and VLAN. It not only inherits the advantages of rapid migration of RSTP ports, but also solves the problem that different VLAN in RSTP must run on the same spanning tree. Next, let's take a closer look at the MSTP protocol.

MSTP protocol is a public spanning tree protocol, which has been widely used in the actual production environment.

I. Overview of MSTP

The traditional spanning tree can only run one instance, and the convergence speed is slow. RSTP achieves the purpose of accelerating the convergence of network topology through improvement on the basis of traditional STP, but there are still some defects. Because STP and RSTP in the whole local area network, all VLAN share a spanning tree instance, so it is impossible to achieve load balancing based on VLAN. Backup links can not forward data traffic when the network environment is stable, resulting in a waste of bandwidth! As shown in the figure:

When switch S1 is the root bridge, the link between S2 and S3 will be blocked and no traffic can be forwarded. Even when the network is congested, the link between S2 and S3 cannot be used, resulting in a waste of resources!

Friends who have studied Cisco know that Cisco's PVST technology is a spanning tree technology based on VLAN. Each VLAN runs one spanning tree and all links can be reused, but when there are many VLAN in the enterprise production environment (for example, 100 VLAN), more than 100 spanning tree instances need to be run in the switching network, which will take up a lot of hardware resources and network overhead of the switching equipment.

Comparison of PVST and MSTP:

The following is a detailed introduction-- MSTP

MSTP is a multi-spanning tree technology that allows multiple spanning trees to be run in a switched environment, with each spanning tree becoming an instance. Spanning trees between instances are independent of each other, for example, a blocking interface under one instance may be a forwarding interface in another instance. Unlike PVST, MSTP allows multiple VLAN to run a spanning tree instance. In most cases, the benefit of running multiple spanning tree instances lies in link load sharing, but when there is only one redundant link, running two spanning tree instances can achieve load balancing and save system overhead at the same time. As shown in the figure:

In the real enterprise environment, it is very common to run multiple instances in the network environment. Because this can be achieved: the root bridges of different instances on different physical switches can not only achieve load sharing, but also will not occupy system resources because of too many instances.

MSTP prunes the ring network into a ring-free tree network to avoid broadcast storms and provides multiple redundant paths for data forwarding to achieve load balancing of VLAN data in the process of data forwarding. MSTP is also compatible with STP and RSTP.

MSTP divides a switching network into multiple domains, and multiple spanning trees are formed in each domain, which are independent of each other. Each spanning tree becomes a multiple spanning tree instance (MSTI), and each domain is called an MST domain.

MSTP connects VLAN and MSTI by setting up the VLAN mapping table. Each VLAN can only correspond to one MSTI, that is, data from the same VLAN can only be transmitted in one MSTI, while a MSTI can correspond to multiple VLAN. In this way, we can make full use of network bandwidth and effectively avoid waste of resources!

Second, the basic principle of MSTP

In MSTP. By dividing the entire interconnected layer 2 Ethernet into several domains. In the domain, divide the VLAN into several groups, each with the same topological structure, then define several MSTI and map these spanning tree instances to different VLAN!

An instance is a collection of multiple VLAN. By mapping multiple VLAN to a single instance, communication overhead and resource utilization can be saved. The calculation of the topology of each instance of MSTP is independent of each other, and load balancing can be achieved on these instances. Multiple VLAN with the same topological structure can be mapped to one instance, and the forwarding status of these VLAN on the interface depends on the state of the interface in the corresponding MSTP instance.

If it is just to prevent loop problems such as broadcast storms, running CST is already possible. The main purpose of running multiple instances is to make their load share the link load. So the number of spanning tree instances running generally depends on the number of redundant lines, and if there is only one redundant line, it is best to run two instances. If there are two redundant links, running three instances will be the best choice, and try to keep the traffic in each instance as small as possible.

Network hierarchy of 1.MSTP

A layer 2 switching network can be divided into multiple MSTI domains, each spanning tree domain can be divided into multiple MSTPs, and multiple MSTPs can be mapped in each instance. To give your friends a more detailed understanding, please take a look at the following picture:

The MSTP network in the figure contains three MST domains, A, B, and C, and each MST domain contains one or more MSTI. Take MSTP domain B as an example, which contains two MSTI, Instance1 and Instance2. Instance1 and VLAN1~5 mapping; Instance2 and VLAN6~10 mapping.

2.MST domain

The MST domain is a multi-spanning tree domain, which is composed of multiple switches in the local area network and the network segments between them. There can be multiple MST domains in a local area network, and the MST domains are physically directly or indirectly connected. Users can divide multiple switches into the same MST domain through the MSTP configuration command. The switches in the MST domain have MSTP enabled and are configured with the same domain name and VLAN mapping table.

3.MSTI

Multiple MSTI,MSTI can be run in a MST domain independently of each other, and MSTI can correspond to one or more VLAN. But a VLAN can only correspond to one MSTI.

4. Port role

To better understand the role of ports, take a look at the following figure:

The main roles in MSTP are as follows:

Root port: the port with the least cost from the non-root switch to the root switch is the root port of the switch. The root port can forward data traffic to the root switch; P3, P4, and P8 are the root ports in the figure.

Designated port: the port on which the switch sends BPDU or data traffic to the downstream switch; the P1, P2, P6 (R3 priority is higher than R2) ports in the figure are designated ports.

Edge port: located at the most edge of the network, does not participate in spanning tree calculation, and is generally used to connect non-switch devices, such as terminal servers, PC, etc.

Standby port: from the point of view of forwarding traffic, the standby port provides a backup link to the root switch. Its interface state is blocking and does not forward data traffic. When the root port is blocked, the standby port will become the new root port, mainly to back up the root port; P5 is the standby port in the figure.

Backup port: when two ports of the same switch are connected to each other, a loop is formed. When the switch blocks one of the ports, the backup port is the blocked port. From the point of view of sending BPDU, the backup port is the port blocked by learning the BPDU sent by other ports on this device. From the point of view of forwarding user traffic, the backup port, as a backup of the designated port, provides a backup link from the root switch to the leaf node (non-root switch); mainly the backup designated port; P7 is the designated port in the figure.

With the exception of edge ports, port roles in MSTP participate in the calculation process of MSTP. The same port can play different roles in different MSTI.

Port status of 5.MSTP

There are three types of ports for MSTP:

Forwarding: in this state, the port not only forwards user traffic, but also receives / sends BPDU messages, which is called forwarding state; Learning: this is a transitional state. In the Learning state, the switch learns the MAC address table based on the user traffic received, but does not forward user traffic, so it is called the learning state. The port in Learning state receives / sends BPDU messages, but does not forward user traffic; Discarding: in this state, the port only receives BPDU messages, which is called discarding state; III. MSTP protection function 1.BPDU protection

On a switch, ports that are directly connected to non-switch devices such as user terminals or file servers are usually configured as edge ports to achieve fast convergence of these ports. Normally, these ports do not receive BPDU. If someone falsifies BPDU to operate the switch maliciously, when these ports receive BPDU, the switch automatically sets these ports as non-edge ports and re-does spanning tree calculation, thus causing network shock.

After the BPDU protection function is enabled, if the interface receives the BPDU message, the interface will be automatically shutdown, thus avoiding the subsequent illegal operation and the resulting network shock. The configuration commands are as follows:

[SW1] stp bpdu-protection / / enable BPDU protection 2. Root protection

Due to management errors or malicious operations, the ports of legitimate switches in the network may receive higher priority BPDU, which will make the roots of the current network lose their root status, and then recalculate the spanning tree, causing network shock and possibly network congestion. In order to prevent this from happening, the switch provides root protection. The root protection function maintains the role of the port to protect the status of the root switch. For ports configured with root protection, the port role remains the designated port on all instances. When a port receives a higher priority BPDU, the role of the port does not become a non-designated port, but enters the listening state and no longer forwards messages. After a long enough time, if the port no longer receives a higher priority BPDU, the port will return to its original normal state. The configuration commands are as follows:

[SW1] int g0 stp root-protection / / turn on root protection function 3. Loop protection

The root port and other blocking port states periodically receive BPDU from upstream switches. When the link is congested or the unidirectional link fails, these ports cannot receive BPDU from the upstream switch, and the switch reselects the root port. The original root port is converted to a designated port, and the previously blocked port becomes a forwarding state, resulting in loops in the switched network. The loop protection function suppresses the generation of such loops. After the loop protection function is enabled, if the root port does not receive the BPDU from the upstream, the root port will be set to enter the blocking state, while the blocking port will remain in the blocking state and no longer forward packets, so that a loop will not be formed in the network. The port is activated only when the BPDU of the topology change is received. The configuration commands are as follows:

[SW1] int g0rampact 0Compact 1 [SW1-GigabitEthernet0/0/1] stp loop-protection / / enable loop protection function 4.TC protection

After receiving the TC-BPDU message, the switch will delete the MAC address table entry and the ARP table entry. If someone forges TC-BPDU messages to operate the switch illegally, the switch will receive a lot of TCP-BPDU messages in a short time. Frequent deletion operations will cause a great burden to the equipment and bring great hidden trouble to the stability of the network. After enabling the TC protection function, the number of TC type BPDU messages received by the MSTP process per unit time is greater than the configured threshold, then the MSTP process will only deal with the number of times specified by the threshold. For other TC type BPDU messages that exceed the threshold, the MSTP process will only process them once after the timer expires, which can avoid frequent deletion of MAC address table entries and ARP table entries, thus achieving the purpose of protecting the switch. The configuration commands are as follows:

[SW1] stp tc-protection threshold 3gamble / enable TC protection, and set a threshold of 3 IV, MSTP related configuration 1. The case environment is as follows:

two。 Case requirement

1. All switches enable MSTP protocol, area name is changed to huawei, and modified version level is 1

two。 Exchange visits between VLAN10 and VLAN20 using MSTP protocol

3.VLAN10 traffic direction: PC1 → S3 → S1 → R1

4.VLAN20 traffic direction: PC2 → S3 → S2 → R1

3. Case implementation (1) configure client and router IP addresses

The process of configuring client address is brief! Configure the router address as follows:

[R1] int g0rampact 1 [R1-GigabitEthernet0/0/1] ip add 10.1.10.254 24 [R1-GigabitEthernet0/0/1] int g0ramp 0 [R1-GigabitEthernet0/0/2] ip add 10.1.20.254 24max / Huawei device interface is enabled by default, or you can use undo shutdown to enable it! (2) configure VLAN and Trunk

In this experiment, the interface between client and switch is Access interface, the interface between layer 2 switch and switch is Trunk interface, and the interface between layer 2 switch and router is Hybrid interface. Common sense: routers cannot recognize data frames with VLAN tags.

S1 is configured as follows:

[S1] vlan batch 10 20 [S1] int g0/0/2 [S1-GigabitEthernet0/0/2] port link-type hybrid [S1-GigabitEthernet0/0/2] port hybrid untagged vlan 10 [S1-GigabitEthernet0/0/2] port hybrid pvid vlan 10 [S1-GigabitEthernet0/0/2] int g0/0/1 [S1-GigabitEthernet0/0/1] port link-type trunk [S1-GigabitEthernet0/0/1] port trunk allow-pass vlan all [S1-GigabitEthernet0/0/1] int g0/0/3 [S1 -GigabitEthernet0/0/3] port link-type trunk [S1-GigabitEthernet0/0/3] port trunk allow-pass vlan all// basic instructions don't mean anything here!

S2 is configured as follows:

[S2] vlan batch 10 20 [S2] int g0/0/2 [S2-GigabitEthernet0/0/2] port link-type hybrid [S2-GigabitEthernet0/0/2] port hybrid untagged vlan 20 [S2-GigabitEthernet0/0/2] port hybrid pvid vlan 20 [S2-GigabitEthernet0/0/2] int g0/0/1 [S2-GigabitEthernet0/0/1] port link-type trunk [S2-GigabitEthernet0/0/1] port trunk allow-pass vlan all [S2-GigabitEthernet0/0/1] int g0/0/3 [S2 -GigabitEthernet0/0/3] port link-type trunk [S2-GigabitEthernet0/0/3] port trunk allow-pass vlan all

The configuration of S3 is as follows:

[S3] vlan batch 10 20 [S3] int g0/0/1 [S3-GigabitEthernet0/0/1] port link-type trunk [S3-GigabitEthernet0/0/1] port trunk allow-pass vlan all [S3-GigabitEthernet0/0/1] int g0/0/2 [S3-GigabitEthernet0/0/2] port link-type trunk [S3-GigabitEthernet0/0/2] port trunk allow-pass vlan all [S3-GigabitEthernet0/0/2] int g0/0/3 [S3-GigabitEthernet0/0/3] port link-type access [S3-GigabitEthernet0/0/3] port default vlan 10 [S3-GigabitEthernet0/0/3] int g0 Universe 4 [S3-GigabitEthernet0/0/4] port link-type access [S3-GigabitEthernet0/0/4] port default vlan 20 (3) configuration MSTP

According to the experimental requirements, the experimental commands are as follows:

S1 is configured as follows:

[S1] stp mode mstp// configures the switch in MSTP mode [S1] stp region-configuration / / enters MSTP configuration mode [S1-mst-region] region-name huawei// configuration domain name is Huawei [S1-mst-region] revision-level 1 vlan / configuration version level is 1 [S1-mst-region] instance 1 vlan 10 picks / add VLAN10 to instance 1 [S1-mst-region] instance 2 vlan 20 / add VLAN20 to instance 2 [S1-mst -region] active region-configuration / / Activation configuration (must be configured) [S1-mst-region] people [S1] stp instance 1 root primary / / configure this switch as the primary root of instance 1 [S1] stp instance 2 root secondary / / configure this switch as the backup root of instance 2

S2 is configured as follows:

[S2] stp mode MSTP [S2] stp region-configuration [S2-mst-region] region-name huawei [S2-mst-region] revision-level 1 [S2-mst-region] instance 1 vlan 10 [S2-mst-region] instance 2 vlan 20 [S2-mst-region] active region-configuration [S2] stp instance 1 root secondary [S2] stp instance 2 root primary / / command is basically similar to S1.

The configuration of S3 is as follows:

[S3] stp mode MSTP [S3] stp region-configuration [S3-mst-region] region-name huawei [S3-mst-region] revision-level 1 [S3-mst-region] instance 1 vlan 10 [S3-mst-region] instance 2 vlan 20 [S3-mst-region] active region-configuration (4) Verification

Use the command on S3 to see the effect!

[S3] display stp brief / / View STP interface role and status information MSTID Port Role STP State Protection 0 GigabitEthernet0/0/1 DESI FORWARDING NONE 0 GigabitEthernet0/0/2 DESI FORWARDING NONE 0 GigabitEthernet0/0/3 DESI FORWARDING NONE 0 GigabitEthernet0/0/4 DESI FORWARDING NONE 1 GigabitEthernet0/0/1 ROOT FORWARDING NONE 1 GigabitEthernet0/0/2 ALTE DISCARDING NONE / / run instance 1 When the g0Accord 2 interface blocks 1 GigabitEthernet0/0/3 DESI FORWARDING NONE 2 GigabitEthernet0/0/1 ALTE DISCARDING NONE / / when running instance 2, the g0Charger 0 Lexus 1 interface blocks 2 GigabitEthernet0/0/2 ROOT FORWARDING NONE 2 GigabitEthernet0/0/4 DESI FORWARDING NONE

You can verify the effect by yourself! PC1 and PC2 can communicate, regardless of any line failure between any switch, it will not affect the communication (after simulating the line failure, test the communication later)!

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.