Spanning Tree Protocol
Spanning Tree is an often ignored component of local area networks as it self-configures to form a functional network. However, a “functional network” may not be an optimal network. Spanning Tree results in a single viable path through a switched Ethernet network. Optimising layer 2 (STP) involves trying to align common traffic paths with the Spanning Tree structure. If you have a network where there are frequent flows between different pairs of devices, you may always have a less than optimal traffic flow. Don’t get too hung up on this. STP is an old protocol with limitations. We do the best we can with what we have.
To optimise Spanning Tree, you must look at the expected flows in the network. Think about what flows occur in a hotel. What do guests do? What do staff do? I would suggest that virtually all guest activity involves the Internet. Perhaps some traffic is internal to the hotel; this could include billing, room service applications or streaming media for in-house movies. In terms of flow, all of this traffic heads out of the VLAN to somewhere else. Inbound guest traffic will originate from outside the VLAN (Internet / data-centre). What this means is that the guest devices are almost exclusively sending and receiving traffic from their gateway. There is little host to host communication amongst guests. In fact, from a security perspective, we would prefer no direct interaction between guest devices.
So for our guests, we see that flows are mainly to the default-gateway. In the three-layer hierarchy, the default gateway resides at the distribution layer. Given that the Spanning Tree Protocol generates a tree that is optimally connected to a root-bridge, it makes sense that the root bridge for a VLAN is the same device as the default gateway for that VLAN.
In the scenario overview, your attention is drawn to these requirements, although it is left to the reader to interpret them in a meaningful way.
Routing Requirements You must provide intervlan routing, such that all devices can ping one another. - Staff should use DL1 as their default gateway. - Guests should use DL2 as their default gateway. - Use HSRP with the active router for staff and guests being on a different router. Optimisation Wherever possible, within the limitations of EVE, you should: - Maximise the redundancy of links and devices through configuration. Note, however, that you cannot alter the topology from that provided. You are also not permitted to add any additional routers or switches to the topology. - Ensure sensible and efficient traffic paths. In particular, you should pay attention to the STP topology and the allocation of gateway addresses. - Ensure full use of the available bandwidth, link and router capacity through the use of redundant links and devices. Note that the use of the load-balancing features of some routing protocols is outside the scope of this assignment.
If you look at the routing requirements and the location of the gateways, we can see how to proceed. We know from the above that the Staff who are in VLAN 1000 use DL1 as their default gateway. Therefore DL1 should be the root-bridge for the Staff VLAN.
Similarly DL2 should be the root-bridge for the hotel guests.
Further optimisation
802.1d (conventional) STP is slow. The configuration of rapid spanning tree (MST activates this) would make sense in this application. Given that there are only two devices (DL switches) in each LAN that need to be the root bridge, there are only two required STP topologies. However, there may be many VLANS (guest floors). Creating two instances of MST (One for each DL) and mapping the VLANs to these will minimise the BPDU traffic and CPU load on the switches. I would encourage you to go down this path.
What you need to do
- Create two instances of MST and call them 1 & 2.
- Name your MST configuration HCG (Hotel California Group)
- Map your staff VLAN to MST instance 1.
- Map your guest VLANS to MST instance 2.
- Set DL1 as the primary root for MST instance 1.
- Set DL2 as the primary root for MST instance 2.
Where to configure this
Remember LANs (VLAN) reside in the access layer and the distribution layer.
- All your access layer devices and distribution devices need to have MST instances created and the appropriate VLAN mappings made.
- On your DL switches, execute the appropriate spanning-tree mst xxx root primary command.
How you will know it is configured correctly
The following commands will provide information as to your STP configuration. You are mainly looking to see that DL1 is the root for MST instance 1 and DL2 is the root for MST instance 2.
You also need to verify that you have the correct VLAN to MST mapping.
show spanning-tree
show spanning-tree mst configuration
show spanning-tree root
PERDL1#sh spanning-tree root
Root Hello Max Fwd
MST Instance Root ID Cost Time Age Dly Root Port
---------------- -------------------- --------- ----- --- --- ------------
MST0 32768 aabb.cc00.4100 0 2 20 15
MST1 24577 aabb.cc00.4100 0 2 20 15
MST2 24578 aabb.cc00.5100 4000000 2 20 15 Et1/0
PERDL1#
PERDL1#sh spanning-tree mst configuration Name [HCG] Revision 1 Instances configured 3 Instance Vlans mapped -------- --------------------------------------------------------------------- 0 1-19,21-24,26-999,1001-4094 1 1000 2 20,25 ------------------------------------------------------------------------------- PERDL1#
What questions might you see on the practical exam?
- Which switch is the root for VLAN xx? (May or may not use MST)
- Which VLANs are associated with MST instance X?
- What is the BID for a particular switch?
- Make device X the root for VLAN xx? (May or may not use MST)
- You may be told that the traffic flow is suboptimal and be expected to identify that STP is the issue and recommend a solution. (Often making a different switch the root bridge for a particular VLAN).
- You may be told that a particular switch switch has failed and asked about the resulting spanning-tree. For example: If DL1 hails, which switch will be the root for VLAN x?