Self-study CCNA Security lesson 1: SPANNING TREE PROTOCOL protocol
1. IEEE 802.1D overview:
A robust network is designed not only to efficiently transmit packets or frames, but also to consider how to quickly restore network operations in the event of a network failure. In a Layer 3 environment, routing protocols use a backup path to the destination network so that when the primary path fails, it quickly takes advantage of the second. Layer 3 routing allows multiple paths to the destination to preserves network health and also enables cross-path load balancing.
You are viewing: What is Spanning Tree?
In a layer 2 environment (switching or bridging), which does not use routing protocols and does not allow redundant paths, instead bridges provide data transfer between networks or switch ports. The Spanning Tree protocol provides link redundancy so that the Layer 2 switched network can recover from failure without timely intervention. STP is defined in the IEEE 802.1D standard.
1.1. What is Spanning Tree and why use it?
Spanning Tree Protocol (STP) is a loopback prevention protocol that allows bridges to communicate with each other to detect physical loops in the network. This protocol then specifies an algorithm by which the bridge can generate a logical topology containing loop-free. In other words, STP will create a free-loop tree structure of leaves and branches connecting the entire Layer 2 network.
Loops occur in networks for many reasons. Most of the usual causes are the result of computational efforts to provide redundancy, in which case one link or switch fails, other links or switches continue to function, however the loops can also occur due to errors. Figure 3.1 shows a typical switch network and how loops are intentionally used to provide redundancy.
The two main causes of fatal loopback in switched networks are broadcasts and bridge table errors.
Broadcast Loop Broadcast Loop and layer 2 loop are a dangerous combination. Figure 3.2 shows a broadcast that creates a feedback loop.
Assuming that there are no switches running STP:
• Step 1: Host A sends a frame using the broadcast MAC address (FF-FF-FF-FF-FF-FF). • Step 2: frame to both Cat-1 and Cat-2 over port 1/1 • Step 3: Cat-1 will send the frame over port 1/2. • Step 4: frame is transmitted to all nodes on the Ethernet segment including port 1/2 of Cat-2. • Step 5: Cat-2 delivers this frame to its port 1/1. • Step 6: Again, the frame appears on port 1/1 of Cat-1. • Step 7: Cat-1 will send this frame to port 1/2 a second time. Thus forming a loop here.
Attention: This frame also overflows the Ethernet segment and forms a loop in the opposite direction, the feedback loop occurs in both directions. Another important conclusion in Figure 3.2 is that the bridging loop is much more dangerous than the routing loop. Figure 3.3 depicts the format of a DIXv2 Etheframe.
The DIXv2 EtheFrame contains only 2 MAC addresses, a Type field and a CRC. The IP header contains a time-to-live (TTL) field that is set at the origin host and it is decremented each time it passes through a router. Packets will be dropped if TTL = 0, which allows routers to prevent datagrams from being “run-away”. Unlike IP, Ethe has no TTL field, so after a frame starts looping in the network it continues until someone breaks one of the bridges or breaks a link.
In a more complex network than the one depicted in Figures 3.1 and 3.2, a very fast feedback loop can be exponential. Because each frame overflows many ports of the switch, the total number of frames increases greatly.
See also: What are treasury shares, and when does the company have treasury shares
Also pay attention to the broadcast storm on the users of hosts A and B in Figure 3.2. Broadcast is handled by the CPU in all devices on the network. In this case, the PCs are all trying to handle the broadcast storm. If we disconnect one of the hosts from the LAN, it’s back to normal. However, as soon as we connect it back to the LAN, the broadcast will use 100% of the CPU. If we don’t handle this and continue to use the network, we will create a physical loop in the VLAN.
Bridge table misalignment: Many switch/bridge administrators are aware of the basic problem of broadcast storms, but it is important to know that even unicast frames can propagate forever in networks that contain loops. Figure 3.4 depicts this.
• Step 1: Host A wants to send a unicast packet to host B, but host B has left the network, and true to the switch’s bridge table there is no address for host B.
• Step 2: Assuming that both switches are not running STP, the frame arrives at port 1/1 on both switches.
• Step 3: Because host B is down, Cat-1 doesn’t have the BB-BB-BB-BB-BB-BB MAC address in the bridge table, and it overflows the frames across the ports.
• Step 4: Cat-2 received the frame on port 1/2 . There are 2 problems.
o Step 5: Cat-2 overflows because it doesn’t learn the BB-BB-BB-BB-BB-BB MAC address, which creates a feedback loop and brings down the network.
o Cat-2 notices that it only receives one frame on port 1/2 with the MAC address AA-AA-AA-AA-AA-AA. It changes the MAC address of host A in the bridge table leading to the wrong port.
See also: Angry Fruits
Because the frame is looped in the opposite direction, we see that host A’s MAC address is confused between port 1/1 and 1/2. This not only causes the network to overflow with unicast packets, but also corrects the bridge table. So it’s not just broadcasts that damage the network.