Know Where the Root Is
The primary function of the STA is to break loops that redundant links create in bridge networks. STP operates at Layer 2 of the OSI model. Nothing is Perfect so as STP and it can fail in some specific cases. Troubleshooting the problem can be headache for Network Admin and depends on the design of the network. That is why it is always recommended that you should perform the most important part of the troubleshooting before the problem occurs.
Very often information about the location of the root is not available at troubleshooting time. Do not leave it up to the STP to decide which bridge is root. For each VLAN, you can usually identify which switch can best serve as root. Generally, choose a powerful bridge in the middle of the network. If you put the root bridge in the center of the network with a direct connection to the servers and routers, you reduce the average distance from the clients to the servers and routers.
The figure shows:
If switch S2 is the root, the link from S1 to S3 is blocked on S1 or S3. In this case, hosts that connect to switch S2 can access the server and the router in two hops. Hosts that connect to bridge S3 can access the server and the router in three hops. The average distance is two and one-half hops.
If switch S1 is the root, the router and the server are reachable in two hops for both hosts that connect on S2 and S3. The average distance is now two hops.
The logic behind this simple example transfers to more complex topologies.
Note: For each VLAN, configure the root bridge and the backup root bridge using lower priorities.
To make it easier to solve STP problems, plan the organization of your redundant links. In non-hierarchical networks you might need to tune the STP cost parameter to decide which ports to block. However, this tuning is usually not necessary if you have a hierarchical design and a root bridge in a good location.
Note: For each VLAN, know which ports should be blocking in the stable network. Have a network diagram that clearly shows each physical loop in the network and which blocked ports break the loops.
Knowing the location of redundant links helps you identify an accidental bridging loop and the cause. Also, knowing the location of blocked ports allows you to determine the location of the error.
Minimize the Number of Blocked Ports
The only critical action that STP takes is the blocking of ports. A single blocking port that mistakenly transitions to forwarding can negatively impact a large part of the network. A good way to limit the risk inherent in the use of STP is to reduce the number of blocked ports as much as possible.
VTP Pruning
You do not need more than two redundant links between two nodes in a switched network. However, a configuration shown in the figure is common. Distribution switches are dual-attached to two core switches, switches, C1 and C2. Users on switches S1 and S2 that connect on distribution switches are only in a subset of the VLANs available in the network. In the figure, users that connect on switch D1 are all in VLAN 20; switch D2 only connects users in VLAN 30. By default, trunks carry all the VLANs defined in the VTP domain. Only switch D1 receives unnecessary broadcast and multicast traffic for VLAN 20, but it is also blocking one of its ports for VLAN 30. The are three redundant paths between core switch C1 and core switch C2. This redundancy results in more blocked ports and a higher likelihood of a loop.
Note: Prune any VLAN that you do not need off your trunks.
Manual Pruning
VTP pruning can help, but this feature is not necessary in the core of the network. In this figure, only an access VLAN is used to connect the distribution switches to the core. In this design, only one port is blocked per VLAN. Also, with this design, you can remove all redundant links in just one step if you shut down C1 or C2.
Use Layer 3 Switching
Layer 3 switching means routing approximately at the speed of switching. A router performs two main functions:
It builds a forwarding table. The router generally exchanges information with peers by way of routing protocols.
It receives packets and forwards them to the correct interface based on the destination address.
High-end Cisco Layer 3 switches are now able to perform this second function, at the same speed as the Layer 2 switching function.
In The Figure:
There is no speed penalty with the routing hop and an additional segment between C1 and C2.
Core switch C1 and core switch C2 are Layer 3 switches. VLAN 20 and VLAN 30 are no longer bridged between C1 and C2, so there is no possibility for a loop.
Redundancy is still present, with a reliance on Layer 3 routing protocols. The design ensures a convergence that is even faster than convergence with STP.
STP no longer blocks any single port, so there is no potential for a bridging loop.
Leaving the VLAN by Layer 3 switching is as fast as bridging inside the VLAN.
Final Points
Keep STP Even If It Is Unnecessary
Assuming you have removed all the blocked ports from the network and do not have any physical redundancy, it is strongly suggested that you do not disable STP.
STP is generally not very processor intensive; packet switching does not involve the CPU in most Cisco switches. Also, the few BPDUs that are sent on each link do not significantly reduce the available bandwidth. However, if a technician makes a connection error on a patch panel and accidentally creates a loop, the network will be negatively impacted. Generally, disabling STP in a switched network is not worth the risk.
Keep Traffic off the Administrative VLAN and Do Not Have a Single VLAN Span the Entire Network
A Cisco switch typically has a single IP address that binds to a VLAN, known as the administrative VLAN. In this VLAN, the switch behaves like a generic IP host. In particular, every broadcast or multicast packet is forwarded to the CPU. A high rate of broadcast or multicast traffic on the administrative VLAN can adversely impact the CPU and its ability to process vital BPDUs. Therefore, keep user traffic off the administrative VLAN.
Until recently, there was no way to remove VLAN 1 from a trunk in a Cisco implementation. VLAN 1 generally serves as an administrative VLAN, where all switches are accessible in the same IP subnet. Though useful, this setup can be dangerous because a bridging loop on VLAN 1 affects all trunks, which can bring down the whole network. Of course, the same problem exists no matter which VLAN you use. Try to segment the bridging domains using high-speed Layer 3 switches.
Note: As of Cisco IOS Software Release 12.1(11b)E, you can remove VLAN 1 from trunks. VLAN 1 still exists, but it blocks traffic, which prevents any loop possibility.
0 comments:
Post a Comment