ICND2 200-101

ICND2 200-101

Spanning Tree Protocol Explained

We will explore the spanning-tree protocol here, step by step. How do our switches determine which port has to be blocked? First thing we have to do is elect a root bridge. It's even okay to call it a root switch, but the terminology comes from the 1980s when we didn't have switches. This protocol was created by Radia Perlman for bridges, Ethernet transparent bridges. So the same nomenclature for the different reference points lives to this day. And so, don't be too confused when we say root switch or root bridge, they are the same, they are the same.

The Spanning-Tree Algorithm

  • The spanning-tree algorithm follows these steps:
  • Elect one root bridge per broadcast domain
  • Elect one root port per nonroot bridge
  • Elect one designated port per segment
  • The ports transition to the forwarding or blocking state

How do we elect this root bridge? Well it's not based on votes, so it's not purely democratic, but we need to have one. So we might have thousands of switches in a VLAN, which is overkill. We might have ten, we might have four. We need to choose one and spanning tree has a very consistent way of choosing what is better. It chooses it based on a number and spanning tree loves lower numbers. But let's look, okay, so we have to identify, we have to figure out this root bridge in the election process. And we do that based on looking at something called the bridge ID. Now there are two components of the bridge ID. There is a priority value and there is a Media Access Control, or MAC, address value, which is the MAC address, the first MAC address of the chassis. But priority is examined first. So, I look at all of the switches in my environment. I look at their priorities to see if we can choose the best priority, still haven't said what would be a good priority though. Which is better, lower or higher?

The golden rule of Spanning-Tree Protocol is lower is better. Lower is better. And I want to add something to that right now. I want to add that ties are unacceptable. So therefore, if there is a tie in our value with Spanning-Tree Protocol, there has to be a tiebreaker mechanism. There has to be a tiebreaker mechanism. So lower is better and ties are unacceptable.

Spanning-Tree Root Bridge Election

We just look at that MAC address. We will look to the MAC address and we then...if we have a tie in the priority, MAC address is the second step, lowest MAC address. And you should never have the same MAC address, so something's got to be lower. And we choose the lower MAC address if there is that tie, so lower is always better here.

Let's focus on step 2. Based on what we just explored, who will be the root bridge? Will it be switch X or switch Y? While you are answering that I notice it says we're going to elect the root bridge per broadcast domain. Now when we look at this topology, I don't see any VLAN-related information here, so I assume we're dealing with one VLAN and that's the correct approach to take. If you're not told explicitly, that there are two VLANs, five VLANs, ten VLANs, no, you assume there is one, so we have one VLAN here.

Designating ports

So when it comes to electing that root bridge, we'll find one and only one per broadcast domain. So if you saw a router in this topology with some switches on one side of the router and switches on the other side of the router, you would have to find two root bridges. One for each of these broadcast domains. So we're only finding one here. We have one broadcast domain, one root bridge who is it going to be?

Well did you folks figure it out? Look at it right now. Between X and Y, which is the best and will be elected? It's going to be X. X marks the spot for the root bridge. We only have one of those, so if there were more switches, X – assuming it had the lowest priority among all of them – would retain it's root bridge status.

So let's focus on step 3 and we can see the priority was the determining factor here. Will we have another root bridge in this topology? No we can only have one root bridge in the virtual LAN, or VLAN, so switch X takes up that role and responsibility.

Focus on step 4. This is not necessarily a step you have to do, but it's a great verification process. Identify the nonroot bridges. What is a nonroot bridge? It's anything that isn't the root. That's pretty simple. You're not the root bridge, you're a nonroot bridge inside that broadcast domain. So we have two switches, one is a root bridge, how many nonroot bridges do we have? It's basically N minus 1, where N is the total number of switches. So let's extend this a little bit. If we had 50 switches, 49 of them would be nonroots. Here 50% of them are nonroot bridges. It's switch Y that falls in line in that capacity.

So look at step 5 for a nonroot bridge. Now why do we want to determine the number of nonroot bridges? Because, it will allow us to verify our work as we progress through the rest of our steps here. Let's really go back to step 1, which is electing the root bridge. And I want you to think about why we did that now. Yes we elect it, and yes, it's the lowest priority or lowest bridge ID, but why? I want you to think about the name of this protocol, spanning tree, tree being the key. In a tree-based structure in logic, branches happen. Those branches don't wrap around themselves and that's what eliminates the loops, and the root bridge is the reference point. So now we have to think how is that reference point used. The ports are chosen based on which is the best way to get back to the root, kind of, like which roads lead back to Rome. We're trying to find our way back to the root bridge, so why did we talk about this for a moment? Well it's because, we have to figure out these root ports. I want you to read this statement. I need you to read this statement, select one root port per nonroot bridge. And sometimes when I write about this, I'd say select one and only one root port per nonroot bridge, because we need to be so super confident with exactly how this works. So I know switch Y is going to be an owner of a root port. How many root ports is switch Y going to have, folks? How many? Just one. But there are two possible ports that we could use here. So switch Y has to analyze and determine which of the ports is going to be the root port. How would it go about doing that?

It is based on cost. Cost, we've heard that term before. It was related to a dynamic routing protocol, Open Shortest Path First, or OSPF, specifically. We also call it cost here. And just like OSPF, it's inversely proportional to the bandwidth. Meaning, the higher the bandwidth, the lower the cost. Now the calculation is different. There are Institute of Electrical and Electronics Engineers, or IEEE, values associated with the cost of our Ethernet links. For example, a 100BASE-T has a cost of 19, 10BASE-T has a cost of 100, 1 Gb has a cost of 4, 10 Gb has cost of 2. So I would like you to focus on step 7. Position yourself on the switch. Do a dance, whatever you need to do, but notice, it's from the perspective of that nonroot bridge. Which port has the lower cost path back to that root bridge?

This is such a key step and I want you to think about position yourself on switch Y. You have to be in that location mentally. So don't just look at it from the outside. Looking in, put yourself on switch Y. It's got a choice. It's got a fork in the road. Do you want to go through the 10 Mb link or the 100 Mb link? We want to go through the 100 Mb link, so if we look at step 8, we can see the results of that in terms of Spanning-Tree Protocol. The root port is now determined. The root port is associated with the faster of the links. Now if you're wondering what's the operational difference between this and other kinds of ports, it's really not operationally any different. But we have to remember why we want this port to be on. Think about it again. We want to eliminate loops. A root port is seen as a desirable port, one that we do not want to block. So I'm not going to block that, I'm not going to sever the link, and it is because this is my best port back to the root bridge. It's a little weird, by the way, that the nonroot bridge has root ports, but here is why. Because this is the outbound port, topologically speaking, that would take us towards the root bridge. So that terminology is a little funky, but don't hate it.

So the root port takes us back to the root bridge, so we are moving up the tree back to the root bridge. Is it possible in that case for a root bridge to have a root port? Think about that. Would the root bridge ever have a root port?

It doesn't make sense. This is a port that goes towards the root, and secondly that would contradict these very concrete statements listed as bullets above. The only kind of switch that gets a root port is the nonroot bridge, so you have to come to terms with that.

All right. So let's check our work here. One nonroot bridge meaning we have to find one root port. Have we found our root port? Do we have to find any more root ports? Let's move on to the next process now of the spanning-tree operation.

Step 9, identify our designated ports. Let's look up where we see one designated port in our bullet point. Selects one designated port per segment. Let's pause. Let's define what a segment is. First and foremost how many segments do we have here? We have two segments. We have the upper segment 100BASE-T and we have the lower segment 10BASE-T. What's another name for segment? We have to dig deep here, we have to go all the way back to Interconnecting Cisco Networking Devices Part 1, or ICND1. But do you remember what another name for segment is? Collision domain. That's right, collision domain. So one designated port per segment. Let's dive in here. Focus on one designated port. What does it say? It says each segment or collision domain gets one and only one designated port. So let's figure out, let's predetermine how many designated ports we will have to find. Each segment gets one and only one. So if each segment gets one and only one designated port, how many designated ports will we need to find here? Count the number of segments, also known as collision domains, of which there are two. So we should be equally confident that because there are two collision domains or segments, that there are going to be two designated ports in this broadcast domain.

So we are focused on finding two designated ports here. Now how do we figure out which ones are designated ports? We are going to look for the port on the segment that is closest to the root bridge based on cost. Shift your attention over to step 10. We're not standing on top of the switch anymore, no, we are in the middle of the link and this is the way you want to position yourselves to determine the designated ports. Which is the lower cost path? Let's focus on Segment 2 right now. Which is the lower cost path? Now cost is cumulative. So if you are focused on a segment and it has a specific cost, if you have to go through another segment and another and another to get back to the root bridge, you have to add all of those together to determine the total cost. So let's do that here for segment number 2.

We put ourselves in that situation of being, kind of, in the middle of Segment 2 and then I steer myself towards the root. Just steer it. Let the, you know, the compass needle lead us to that north position and that is going to lead us towards the port on switch X. We're going to switch X not switch Y. That would be a pretty circuitous path selection because we can immediately hop on board and get ourselves to the root bridge, so that's really what the designated port is. It's the way from this segment's perspective of going towards the root, and you could say that by rule, all ports on the root bridge are designated. Now the reason why we cannot rely on that rule is because we may find ourselves in a downstream collision domain that is not directly connected to the root. So we still need to figure out, all right, I'm not connected to the root bridge, what's the best way to go? And I analyze it based on cost and I choose the best port on this collision domain leading me towards the root. If we've done that on step 11, we can see it also for Segment 1. We can see that the other port on switch X connected to the other segment, it's a designated port as well. But let's think about this, have we found all of the designated ports now? Let's check our work. How many designated ports did we expect? How many collision domains or segments were there? We have one and only one designated port, or DP, per segment. There are two segments, therefore, we found the two designated ports, we should expect no more and no fewer.

So we hit the mark, we found our two. So again, what is the point? Well the root ports, we leave them on their part of the nonlooped topology because they help nonroots get back to the root. Designated ports help a collision domain get towards the root bridge. So if you will, they're just reminders for why we want them. In step 11, we can see designated port has an F, root port has an F, that means it's a forwarding port. You know what does forwarding mean? It means it is working as we taught you earlier. Learning Media Access Control, or MAC, addresses, forwarding for destination MAC addresses, flooding to all ports except the port that they got the port in on, so it's fully functional. It's called forwarding, okay.

It is a lot of work and there is one more part of this operation, and that is, are there any ports left? You tell us. Are there any ports left here that are not labeled explicitly as designated or root port? We've checked our work. We've determined the root ports, we've determined the designated ports. Focus on step 12, are there any ports remaining without a label? Yep. The port on our nonroot bridge, switch Y, that is connected to Segment 2. So if we've finished the operational steps here, root bridge, root ports, designated ports, then what does that leave us with? It leaves us with nondesignated ports, ports that will be in the blocking state. So focus on step 13, nondesignated port, blocking state. Now what do we mean by blocking? Well we will not allow traffic in or out of this port. We want to stop the loop from happening. So traffic may be sent from switch X over to switch Y, switch Y won't allow it in or allow it out if the traffic came around from Segment 1.