SK Networking Class: August 2019

Friday, August 30, 2019

Electing Root Ports

Electing Root Ports

Now that a reference point has been nominated and elected for the entire switched network, each nonroot switch must figure out where it is in relation to the root bridge. This action can be performed by selecting only one root port on each nonroot switch. The root port always points toward the current root bridge.

STP uses the concept of cost to determine many things. Selecting a root port involves evaluating the root path cost. This value is the cumulative cost of all the links leading to the root bridge. A particular switch link also has a cost associated with it, called the path cost. To understand the difference between these values, remember that only the root path cost is carried inside the BPDU. (Refer to Table 2.2.) As the root path cost travels along, other switches can modify its value to make it cumulative. The path cost, however, is not contained in the BPDU. It is known only to the local switch where the port (or“path” to a neighboring switch) resides.

Path costs are defined as a 1-byte value, with the default values shown in Table 2.3. Generally, the higher the bandwidth of a link, the lower the cost of transporting data across it. The original IEEE 802.1D standard defined path cost as 1000 Mbps divided by the link bandwidth in megabits per second. These values are shown in the center column of the table. Modern networks commonly use Gigabit and 10-Gigabit Ethernet, which are both either too close to or greater than the maximum scale of 1000 Mbps. The IEEE now uses a nonlinear scale for path cost, as shown in the right column of the table.

Table 6-3 STP Path Cost

Link Bandwidth Old STP Cost New STP Cost

4 Mbps 250 250

10 Mbps 100 100

16 Mbps 63 62

45 Mbps 22 39

100 Mbps 10 19

155 Mbps 6 14

622 Mbps 2 6

1 Gbps 1 4

10 Gbps 0 2

The root path cost value is determined in the following manner:

1. The root bridge sends out a BPDU with a root path cost value of 0 because its ports sit directly on the root bridge.

2. When the next-closest neighbor receives the BPDU, it adds the path cost of its own port where the BPDU arrived. (This is done as the BPDU is received.)

3. The neighbor sends out BPDUs with this new cumulative value as the root path cost.

4. The root path cost is incremented by the ingress port path cost as the BPDU is received at each switch down the line.

5. Notice the emphasis on incrementing the root path cost as BPDUs are received. When computing the spanning-tree algorithm manually, remember to compute a new root path cost as BPDUs come in to a switch port, not as they go out.

After incrementing the root path cost, a switch also records the value in its memory. When a BPDU is received on another port and the new root path cost is lower than the previously recorded value, this lower value becomes the new root path cost. In addition, the lower cost tells the switch that the path to the root bridge must be better using this port than it was on other ports. The switch has now determined which of its ports has the best path to the root: the root port.

Figure 2.4 shows the same network from Figure 2.3 in the process of root port selection.

Figure 2.4 Example of Root Port Selection

The root bridge, Switch A, already has been elected. Therefore, every other switch in the network must choose one port that has the best path to the root bridge. Switch B selects its port gi1/0/1, with a root path cost of 0 plus 19. Port gi1/0/2 is not chosen because its root path cost is 0 (BPDU from Switch A) plus 19 (path cost of A–C link), plus 19 (path cost of C–B link), or a total of 38. Switch C makes an identical choice of port gi1/0/1.

Thursday, August 29, 2019

Electing a Root Bridge

Electing a Root Bridge

For all switches in a network to agree on a loop-free topology, a common frame of reference must exist to use as a guide. This reference point is called the root bridge.

An election process among all connected switches chooses the root bridge. Each switch has a unique bridge ID that identifies it to other switches. The bridge ID is an 8-byte value consisting of the following fields:

■ Bridge Priority (2 bytes ): The priority or weight of a switch in relation to all other switches. The Priority field can have a value of 0 to 65,535 and defaults to 32,768 (or 0x8000) on every Switch.

■ MAC Address (6 bytes ): The MAC address used by a switch can come from the Supervisor module, the backplane, or a pool of 1024 addresses that are assigned to every supervisor or backplane, depending on the switch model. In any event, this address is hard-coded and unique, and the user cannot change it.

When a switch first powers up, it has a narrow view of its surroundings and assumes that it is the root bridge itself. (This notion probably will change as other switches check in and enter the election process.) The election process then proceeds as follows

1. Every switch begins by sending out BPDUs with a root bridge ID equal to its own bridge ID and a sender bridge ID that is its own bridge ID.

2. The sender bridge ID simply tells other switches who is the actual sender of the BPDU message. After a root bridge is decided on, configuration BPDUs are sent only by the root bridge. All other bridges must forward or relay the BPDUs, adding their own sender bridge IDs to the message.)

3. Received BPDU messages are analyzed to see if a “better” root bridge is being announced. A root bridge is considered better if the root bridge ID value is lower than another. Again, think of the root bridge ID as being broken into Bridge Priority and MAC Address fields. If two bridge priority values are equal, the lower MAC address makes the bridge ID better. When a switch hears of a better root bridge, it replaces its own root bridge ID with the root bridge ID announced in the BPDU. The switch then is required to recommend or advertise the new root bridge ID in its own BPDU messages, although it still identifies itself as the sender bridge ID.

4. Sooner or later, the election converges and all switches agree on the notion that one of them is the root bridge. As might be expected, if a new switch with a lower bridge priority powers up, it begins advertising itself as the root bridge. Because the new switch does indeed have a lower bridge ID, all the switches soon reconsider and record it as the new root bridge. This can also happen if the new switch has a bridge priority equal to that of the existing root bridge but has a lower MAC address. Root bridge election is an ongoing process, triggered by root bridge ID changes in the BPDUs every 2 seconds.

As an example, consider the small network shown in Figure 2.3. For simplicity, assume that each switch has a MAC address of all 0s, with the last hex digit equal to the switch label.

Figure 2.3 Example of Root Bridge Election

In this network, each switch has the default bridge priority of 32,768. The switches are interconnected with Gigabit Ethernet links. All three switches try to elect themselves as the root, but all of them have equal bridge priority values. The election outcome produces the root bridge, determined by the lowest MAC address—that of Switch A.

Related Links:

MPLS Benefits

IP Networking Online Exam Simulator

Who needs BGP

BGP and RIP/EIGRP Split-Horizon Rule.

IP Networking Interview Questions and Answers

Interview Questions and Answers

Q 1: What is the primary purpose of a LAN?

A: The primary purpose of a local-area network is to allow resource sharing. The resources may be devices, applications, or information. Examples of shared resources are files, databases, e-mail, modems, and printers.

2: What is a protocol?

A: A protocol is an agreed-upon set of rules. In data communications, the rules usually govern a procedure or a format.

3: What is the purpose of a MAC protocol?

A: A Media Access Control protocol defines how a given LAN medium is shared, how LAN devices connected to the medium are identified, and how frames transmitted onto the medium are formatted.

4: What is a frame?

A: A frame is a digital "envelope" that provides the information necessary for the delivery of data across a data link. Typical components of a frame are identifiers (addresses) of the source and destination devices on the data link, an indicator of the type of data enclosed in the frame, and error-checking information.

5: What feature is common to all frame types?

A: A feature common to all frame types is a format for identifying devices on the data link.

6: What is a MAC address or MAC identifier?

A: A Media Access Control address or identifier is a means by which individual devices connected to a data link are uniquely identified for the purpose of delivering data.

7: Why is a MAC address not a true address?

A: An address specifies a location. A MAC address is not a true address because it is permanently associated with the interface of a specific device and moves whenever the device moves. A MAC identifies the device, not the location of the device.

8: What are the three sources of signal degradation on a data link?

A: The three sources of signal degradation on a data link are attenuation, interference, and distortion. Attenuation is a function of the resistance of the medium. Interference is a function of noise entering the medium. Distortion is a function of the reactive characteristics of the medium, which react differently to different frequency components of the signal.

9: What is the purpose of a repeater?

A: A repeater is a device that extends the useful range of a physical medium by reading a degraded signal and producing a "clean" copy of the signal.

10: What is the purpose of a bridge?

A: A bridge is a device that increases the capacity of a LAN. A bridge divides the data link into segments, forwarding only traffic that is generated on one segment and is destined for another segment. By controlling and limiting the traffic on a data link, more devices may be attached to the LAN.

11: What makes a transparent bridge transparent?

A: A transparent bridge "listens promiscuously" on each of its ports. That is, it examines all frames on all media to which it is attached. It records the source MAC identifiers of the frames, and the ports on which it learns the identifiers, in a bridging table. It can then refer to the table when deciding whether to filter or forward a frame. The bridge is transparent because it performs this learning function independently of the devices that originate the frames. The end devices themselves have no knowledge of the bridge.

12: Name three fundamental differences between LANs and WANs.

A: Three fundamental differences between local-area and wide-area networks are:

LANs are limited to a small geographic area, such as a single building or small campus. WANs cover a large geographic area, from citywide to worldwide.

LANs usually consist entirely of privately-owned components. Some components of a WAN, such as a packet switching network or point-to-point serial links, are usually leased from a service provider.

A LAN provides high bandwidth at a relatively cheap price. The bandwidth across a WAN is significantly more expensive.

13: What is the purpose of a broadcast MAC identifier? What is the broadcast MAC identifier, in hex and in binary?

A: A broadcast MAC identifier, when used as the destination address of a frame, signifies that the data is for all devices attached to the data link. In binary, the broadcast MAC identifier is all ones. In hex, it is ffff.ffff.ffff.

14: What is the primary similarity between a bridge and a router? What is the primary difference

between a bridge and a router?

A: The primary similarity between a bridge and a router is that both devices increase the number of hosts that may be interconnected into a common communications network. The difference is that a bridge works by interconnecting separate segments of a single network, whereas a router interconnects separate networks.

15: What is a packet? What is the primary similarity between a frame and a packet? What is the

primary difference between a frame and a packet?

A: A packet is the means by which data is transported from one network to another. The similarity between a frame and a packet is that they both encapsulate data and provide an addressing scheme for delivering the data. The difference between a frame and a packet is that the frame delivers data between two devices sharing a common data link, whereas a packet delivers data across a logical

pathway, or route, spanning multiple data links.

16: As a packet progresses across an internetwork, does the source address change?

A: Neither the source nor the destination address of a packet changes as it progresses from the source of the packet to the destination.

17: What is a network address? What is the purpose of each part of a network address?

A: Network addresses are the addresses used in packets. Each network address has a network part, which identifies a particular data link, and a host or node part, which identifies a specific device on the data link identified by the network part.

18: What is the primary difference between a network address and a data link identifier?

A: A packet identifies a device from the perspective of the entire internetwork. A frame identifies a device from the perspective of a single data link. Because the connection between two devices across an internetwork is a logical path, a network address is a logical address. Because the connection between two devices across a data link is a physical path, a data link identifier is a physical address.

Related Links:

MPLS Benefits

IP Networking Online Exam Simulator

Who needs BGP

BGP and RIP/EIGRP Split-Horizon Rule.

Please share your suggestion in the comment box.

Wednesday, August 28, 2019

Preventing Loops with Spanning Tree Protocol

Preventing Loops with Spanning Tree Protocol

Switching loops form because parallel switches are unaware of each other. STP was developed to overcome the possibility of switching loops so that redundant switches and switch paths could be used for their benefits. Basically, the protocol enables switches to become aware of each other so they can negotiate a loop-free path through the network.

STP is communicated among all connected switches on a network. Each switch executes the spanning-tree algorithm based on information received from other neighboring switches. The algorithm chooses a reference point in the network and calculates all the redundant paths to that reference point. When redundant paths are found, the spanning-tree algorithm picks one path by which to forward frames and disables, or blocks, forwarding on the other redundant paths.

As its name implies, STP computes a tree structure that spans all switches in a subnet or network. Redundant paths are placed in a Blocking or Standby state to prevent frame forwarding. The switched network is then in a loop-free condition. However, if a forwarding port fails or becomes disconnected, the spanning-tree algorithm recomputes the spanning-tree topology so that the appropriate blocked links can be reactivated.

Spanning-Tree Communication: Bridge Protocol Data Units

STP operates as switches communicate with one another. Data messages are exchanged in the form of bridge protocol data units (BPDUs). A switch sends a BPDU frame out a port, using the unique MAC address of the port itself as a source address. The switch is unaware of the other switches around it, so BPDU frames are sent with a destination address of the well-known STP multicast address 01-80-c2-00-00-00.

Two types of BPDU exist:

■ Configuration BPDU, used for spanning-tree computation

■ Topology Change Notification (TCN) BPDU, used to announce changes in the network topology

The Configuration BPDU message contains the fields are shown in Table 2.3.

Table 2.2 Configuration BPDU Message Content

Field Description Number of Bytes

Protocol ID (always 0) 2

Version 1

Message Type (Configuration or TCN BPDU) 1

Flags 1

Root Bridge ID 8

Root Path Cost 4

Sender Bridge ID 8

Port ID 2

Message age (in 256ths of a second) 2

Maximum age (in 256ths of a second) 2

Hello time (in 256ths of a second) 2

Forward delay (in 256ths of a second) 2

The exchange of BPDU messages work toward the goal of electing reference points as a foundation for a stable spanning-tree topology. Also, loops can be identified and removed by placing specific redundant ports in a Blocking or Standby state. Notice that several key fields in the BPDU are related to switch identification, path costs, and timer values. These all work together so that the network of switches can converge on a common spanning-tree topology and select the same reference points within the network.

By default, BPDUs are sent out all switch ports every 2 seconds so that current topology information is exchanged, and loops are identified quickly.

“Next, we will discuss about Root Bridge Selection Process”

Related Links

What are the MPLS benefits?

IP Networking Online Exam Simulator

Who needs BGP

BGP and RIP/EIGRP Split-Horizon Rule.

Tuesday, August 27, 2019

Virtual LANs (VLANs)

Virtual LANs

Consider a network design that consists of Layer 2 devices only. For example, this design could be a single Ethernet segment, an Ethernet switch with many ports, or a network with several interconnected Ethernet switches. A full Layer 2-only switched network is referred to as a flat network topology. A flat network is a single broadcast domain, such that every connected device sees every broadcast packet that is transmitted anywhere in the network. As the number of stations on the network increases, so does the number of broadcasts.

A switched environment offers the technology to overcome flat network limitations. Switched networks can be subdivided into virtual networks, or VLANs. By definition, a VLAN is a single broadcast domain. All devices connected to the VLAN receive broadcasts sent by any other VLAN members. However, devices connected to a different VLAN will not receive those same broadcasts.

A VLAN consists of hosts defined as members, communicating as a logical network segment. In contrast, a physical segment consists of devices that must be connected to a physical cable segment. Layer 2 switches are configured with a VLAN mapping and provide the logical connectivity among the VLAN members.

Figure 1-1 shows how a VLAN can provide logical connectivity between switch ports. Two workstations on the left switch are assigned to VLAN 1, whereas a third workstation is assigned to VLAN 100. In this example, no communication can occur between VLAN 1 and VLAN 100. VLAN 1 can also be extended into the right switch by assigning both ends of the link between the Switches to VLAN 1. One workstation on the right Switch also is assigned to VLAN 1. Because there is end-to-end connectivity of VLAN 1, any of the workstations on VLAN 1 can communicate as if they were connected to the same physical network segment.

Figure 1-1 VLAN Functionality

VLAN Membership

When a VLAN is provided at an access layer switch, an end user must have some means of gaining membership to it. Two membership methods exist on Cisco switches:

■ Static VLAN configuration

■ Dynamic VLAN assignment

Static VLANs

Static VLANs offer port-based membership, in which switch ports are assigned to specific VLANs. End-user devices become members in a VLAN based on the physical switch port to which they are connected.

Switch ports are assigned to VLANs through manual intervention and configuration, hence the static nature. Each port receives a port VLAN ID (PVID) that associates it with a VLAN number. The ports on a single switch can be assigned and grouped into many VLANs. Even though two devices are connected to the same switch, traffic will not pass between them if they are connected to ports on different VLANs. To perform this function, you could use either a Layer 3 device to route packets or an external Layer 2 device to bridge packets between the two VLANs.

The static port-to-VLAN membership is normally handled in hardware with application specific integrated circuits (ASICs) in the switch. This membership provides good performance because all port mappings are done at the hardware level, with no complex table lookups needed.

Configuring Static VLANs

To use a VLAN, it must be created on the switch, if it does not already exist. Then, the VLAN must be assigned to specific switch ports. VLANs are always referenced by a VLAN number, which can range from 1 to 1005. VLANs 1 and 1002 through 1005 automatically are created and are set aside for special uses.

VLAN 1 is the default VLAN for every switch port. VLANs 1002 to 1005 are reserved for legacy functions related to Token Ring and FDDI switching. VLAN 1 is set to be a VLAN type of Ethernet and have a maximum transmission unit (MTU) size of 1500 bytes.

Switches can also support extended-range VLAN numbers 1006 through 4094. With the addition of the extended-range VLANs VLAN numbers can be 1 to 4094—the same range of numbers as the IEEE 802.1Q standard. The extended range is enabled only when the switch is configured for VTP transparent mode with the vtp mode transparent global configuration command. This is because of limitations with VTP Versions 1 and 2. VTP Version 3 does allow extended range VLANs to be used and advertised.

To configure a VLAN, begin by defining the VLAN with the following commands in global configuration mode:

Switch(config)# vlan vlan-num

Switch(config-vlan)# name vlan-name

The VLAN numbered vlan-num is immediately created and stored in the database, along with a descriptive text string defined by vlan-name (up to 32 characters with no embedded spaces). The name command is optional; if it is not used, the default VLAN name is of the form VLANXXX, where XXX represents the VLAN number. If you need to include spaces to separate words in the VLAN name, use underscore characters instead.

As an example, you can use the following commands to create VLANs 2 and 101:

Switch(config)# vlan 2

Switch(config-vlan)# name Engineering

Switch(config-vlan)# vlan 101

Switch(config-vlan)# name Marketing

To delete a VLAN from the switch configuration, you can use the no vlan vlan-numcommand.

Next, you should assign one or more switch ports to the VLAN. Use the following configuration

commands:

Switch(config)# interface type member/module/number

Switch(config-if)# switchport

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan vlan-num

The initial switchport command configures the port for Layer 2 operation. Switch ports on most switch platforms default to Layer 2 operation. In that case, the switchport command will already be present in the configuration and you will not have to enter it explicitly. Otherwise, the switch will reject any Layer 2 configuration command if the port is not already configured for Layer 2 operation.

The switchport mode access command forces the port to be assigned to only a single VLAN, providing VLAN connectivity to the access layer or end user. The port is given a static VLAN membership by the switchport access vlan command. Here, the logical VLAN is referenced by the vlan-num setting (1 to 1005 or 1 to 4094). In Example 4-1 , several switch ports are put into access mode and assigned to VLANs 2 and 101.

Example 1.1 Assigning Switch Ports to VLANs

Switch(config)# interface range gigabitethernet4/0/1 - 24

Switch(config-if)#switchport

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 2

Switch(config)#interface range gigabitethernet2/0/1 - 24

Switch(config-if)#switchport

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 2

Switch(config-if)#exit

Switch(config)#

To verify VLAN configuration, use the show vlan or show vlan brief command to output a list of all VLANs defined in the switch, along with the ports that are assigned to each VLAN. Example 1.2 shows some sample output from the show vlan command, based on the configuration listed in Example 1.1.

Example 4-2 Verifying VLAN Configuration with the show vlan Command

Switch#show vlan

VLAN Name Status Ports

---------------------------------------------------------------------------------------------------

1 default active Gi1/0/1, Gi1/0/2, Gi3/0/20, Gi4/0/20

2 Engineering active Gi4/0/2, Gi4/0/3, Gi4/0/4, Gi4/0/5

Gi4/0/6, Gi4/0/7, Gi4/0/8, Gi4/0/9

Gi4/0/10, Gi4/0/11, Gi4/0/12

101 Marketing active Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8

Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/12

Gi2/0/13, Gi2/0/14, Gi2/0/15, Gi2/0/16

Gi2/0/17, Gi2/0/18

Next, we will publish about “Dynamic VLAN” stay connected