1. 端口狀態機
STP端口狀態機遷移過程:
運行了STP協議的端口狀態有以下五種:
- Forwarding(簡稱FWD),轉發狀態,也就是說端口既可以轉發用戶流量也可以轉發BPDU流量,還可以學習MAC地址,通常只有DP和RP口才能進入Forwarding狀態。
- Learning(簡稱LRN),學習狀態,在學習狀態下的端口可以根據用戶流量來構建MAC地址表但不轉發用戶流量,可以處理BPDU流量,其實Learning狀態是臨時用來防止環路的。
- Listening(簡稱LIS),偵聽狀態,在該狀態下端口可以轉發BPDU流量,但不能轉發用戶流量。
- Blocking(簡稱BLK),阻塞狀態,在該狀態下端口只能接受BPDU流量並處理,並不能轉發BPDU流量,通常非指定端口(NDP)就是Blocking狀態。
- Disabled,禁用狀態,在該狀態下端口無法處理和轉發BPDU流量和用戶流量。
2. STP鏈路收斂
STP鏈路收斂就是在STP網絡中,如果某一臺設備的鏈路發生故障時可以迅速切換到備用鏈路,保證網絡拓撲的可靠穩定運行,這就是STP鏈路收斂的過程。一般STP鏈路收斂主要有兩種:
- 直接鏈路收斂
- 間接鏈路收斂
2.1 直接鏈路收斂
例如上圖中SW1的f0/0口到SW2的f0/1口的鏈路發生故障,SW2交換機的NDP端口能夠直接檢測到f0/0鏈路發生故障,這種情況通常稱之爲直接鏈路收斂(簡單來說就是對於網絡拓撲可以明顯檢測到的網絡故障)。但是SW2交換機的NDP端口並不會等待30秒後才進行鏈路收斂,直接鏈路收斂會跳過端口狀態機中的前20S,直接從Blocking狀態變遷爲Listening狀態,然後纔等待30S變遷爲Forwarding狀態,端口的角色也會發生改變,從NDP切換成RP口同時還會進行鏈路切換。
2.2 間接鏈路收斂
如果你已經明白了直接鏈路收斂的過程,那麼間接鏈路收斂對你來說小菜一碟。
對於網絡拓撲無法明顯檢測到的網絡故障,例如上圖中的SW1的f0/1口到SW3的f0/0口這條鏈路出故障時,SW1發送的BPDU包對於SW3設備來說是接收不到的,那麼SW2的NDP端口就會等待50秒,根據端口狀態機從Blocking狀態依次變遷爲Forwarding狀態,並且端口角色會從NDP轉變爲DP端口(從阻塞端口轉變爲轉發端口),同時SW3的f0/1口會從DP端口轉變爲RP端口,然後進行鏈路切換。
3. 實驗1——直接鏈路收斂
所有設備開啓Trunk模式,然後配置STP協議,略過......
現在通過實驗來分別驗證直接鏈路收斂和間接鏈路收斂的過程,在此之前需要先開啓STP協議的調試功能:
debug spanning-tree events //開啓生成樹調試
查看SW2設備的端口信息:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 BLK 19 1024 cc03.29b4.0000 128.2
從show命令可以看到SW2交換機的f0/1口仍然是處於Blocking狀態(BLK)。
重點來了!在SW2設備上開啓STP協議調試功能,然後把SW2的f0/0口關閉,然後注意觀察STP協議的調試信息:
SW2#debug spanning-tree events
Spanning Tree event debugging is on
SW2#
SW2#conf t
SW2(config)#int f0/0
SW2(config-if)#shutdown
SW2(config-if)#
*Mar 1 00:22:16.827: STP: VLAN1 Fa0/0 -> blocking
*Mar 1 00:22:16.827: STP: VLAN1 new root port Fa0/1, cost 38
//SW2的f0/1口直接從Blocking狀態切換到了Listening狀態
*Mar 1 00:22:16.831: STP: VLAN1 Fa0/1 -> listening
*Mar 1 00:22:17.331: %DTP-5-NONTRUNKPORTON: Port Fa0/0 has become non-trunk
//這行調試信息的意思就是f0/0接口已經關閉掉了
*Mar 1 00:22:18.799: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 00:22:18.827: STP: VLAN1 sent Topology Change Notice on Fa0/1
//STP協議更改了f0/0口的狀態
*Mar 1 00:22:19.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
//f0/1口等待15秒後切換到了learning狀態
*Mar 1 00:22:31.855: STP: VLAN1 Fa0/1 -> learning
*Mar 1 00:22:40.159: STP: VLAN1 we are the spanning tree root
*Mar 1 00:22:40.247: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/1
*Mar 1 00:22:40.247: current Root has 4096-cc02.0e64.0000
*Mar 1 00:22:40.247: supersedes 4096-cc02.0e64.0000
*Mar 1 00:22:40.247: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/1, cost 38
*Mar 1 00:22:40.251: STP: VLAN1 sent Topology Change Notice on Fa0/1
*Mar 1 00:22:41.251: STP: VLAN1 we are the spanning tree root
*Mar 1 00:22:42.571: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/1
*Mar 1 00:22:42.571: current Root has 4096-cc02.0e64.0000
*Mar 1 00:22:42.571: supersedes 4096-cc02.0e64.0000
*Mar 1 00:22:42.571: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/1, cost 38
*Mar 1 00:22:42.575: STP: VLAN1 sent Topology Change Notice on Fa0/1
//最終SW2的f0/1口經過30秒後最終切換到了forwarding狀態。
*Mar 1 00:22:46.879: STP: VLAN1 Fa0/1 -> forwarding
SW2的f0/1口已經完成了從Blocking狀態變遷爲Forwarding狀態的變遷。
然後通過show命令查看SW2的f0/1口的狀態,如下所示:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 38
Port 2 (FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc03.29b4.0000 128.2
SW2#
從STP協議的調試信息中可以驗證,對於網絡拓撲中可以直接檢測到的網絡故障,STP協議會進行直接鏈路收斂完成端口的狀態變遷和端口角色的改變,其過程只需要30秒。
喜歡思考的小夥伴可以會問,如果原來的鏈路恢復了的話,還會切換到原來的鏈路嗎???
很明顯,答案是會的,並且原來鏈路的端口角色和狀態都會恢復。
進入SW2設備的f0/0口的配置模式並開啓f0/0口,注意觀察STP協議的調試信息:
SW2(config-if)#no shutdown
SW2(config-if)#
*Mar 1 00:56:02.587: STP: VLAN1 we are the spanning tree root
*Mar 1 00:56:02.631: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/1
*Mar 1 00:56:02.631: current Root has 4096-cc02.0e64.0000
*Mar 1 00:56:02.631: supersedes 4096-cc02.0e64.0000
*Mar 1 00:56:02.631: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/1, cost 38
*Mar 1 00:56:02.631: STP: VLAN1 sent Topology Change Notice on Fa0/1
//開啓恢復f0/0端口後,直接進入Listening狀態
*Mar 1 00:56:03.115: STP: VLAN1 Fa0/0 -> listening
*Mar 1 00:56:03.603: %DTP-5-TRUNKPORTON: Port Fa0/0 has become dot1q trunk
*Mar 1 00:56:03.631: STP: VLAN1 we are the spanning tree root
*Mar 1 00:56:03.655: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/0
*Mar 1 00:56:03.655: current Root has 4096-cc02.0e64.0000
*Mar 1 00:56:03.655: supersedes 4096-cc02.0e64.0000
*Mar 1 00:56:03.655: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/0, cost 19
*Mar 1 00:56:03.659: STP: VLAN1 sent Topology Change Notice on Fa0/0
//f0/1端口從Forwarding狀態切換到了Blocking
*Mar 1 00:56:04.419: STP: VLAN1 Fa0/1 -> blocking
*Mar 1 00:56:05.047: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:56:06.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 00:56:18.139: STP: VLAN1 Fa0/0 -> learning
*Mar 1 00:56:24.435: STP: VLAN1 Fa0/1 -> listening
*Mar 1 00:56:25.563: STP: VLAN1 heard root 1024-cc03.29b4.0000 on Fa0/1
*Mar 1 00:56:25.563: current Root has 0-cc01.3174.0000
*Mar 1 00:56:26.559: STP: VLAN1 Fa0/1 -> blocking
//然後f0/0經過30S後從Listening狀態切換到了Forwarding狀態
*Mar 1 00:56:33.163: STP: VLAN1 Fa0/0 -> forwarding
STP協議給出的調試信息可以看到SW2設備的f0/0和f0/1兩個端口的角色和狀態的切換過程。
再次通過show命令查看SW2設備STP配置信息:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 BLK 19 1024 cc03.29b4.0000 128.2
SW2#
說明鏈路和端口的角色和狀態已經切換回來了。
4. 實驗2——間接鏈路收斂
如果直接鏈路收斂的實驗你已經會了的話,留個思考題:完成間接鏈路收斂的驗證過程。
5. STP高級特性
如果當前網絡發生故障時,STP鏈路收斂最少都要30秒的時間,網絡纔會恢復穩定。
這對於要求實時性嚴格的網絡場景下,例如數據中心網絡,是絕對不允許網絡長時間出現故障,甚至一秒,兩秒都不行,因爲在實際的網絡環境中,如果不能及時解決網絡故障會對企業帶來損失,時間越長損失也越大,所以這對網絡的穩定有了更高的要求:當鏈路出現故障時能馬上快速收斂(縮短收斂時間)。
既然我們能想到這個問題,那當時思科的工程師們在設計STP協議時肯定也考慮到了這個問題,STP提供了三個高級特性來完成STP鏈路加速收斂。
5.1 PortFast(端口加速)
Portfast:端口加速,主要是用於主機接入交換機的端口進行快速收斂,並且這些端口是不需要運行STP協議。
如上圖所示,SW2交換機的f0/2和f0/3口就是主機接入交換機的端口,通常是用於主機接入交換機的,不需要運行STP協議,這意味着也不需要發送BPDU分組,不參與端口的選舉,重點是鏈路收斂不需要等待30S,那麼我們就可以把SW2交換機的f0/2和f0/3口設置爲Portfast(端口加速技術)。
以SW2設備的f0/2端口爲例,開啓Portfast技術,配置如下:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/2
SW2(config-if)#spanning-tree portfast
在沒有開啓端口加速技術之前,關閉SW2的f0/2接口,然後再打開SW2的f0/2接口:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/2
SW2(config-if)#shutdown
SW2(config-if)#no shutdown
SW2(config-if)#
*Mar 1 00:05:40.967: %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
*Mar 1 00:05:42.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
SW2(config-if)#
SW2(config-if)#exit
*Mar 1 00:05:44.223: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up
*Mar 1 00:05:45.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
SW2(config)#
SW2(config)#exit
SW2#
show命令多次查看SW2設備的f0/2端口的狀態:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1024
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc02.0e64.0000 128.2
FastEthernet0/2 128.3 128 19 LIS 19 1024 cc02.0e64.0000 128.3
FastEthernet0/3 128.4 128 19 FWD 19 1024 cc02.0e64.0000 128.4
SW2#
然後再次查看SW2設備的f0/2端口的狀態:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1024
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc02.0e64.0000 128.2
FastEthernet0/2 128.3 128 19 FWD 19 1024 cc02.0e64.0000 128.3
FastEthernet0/3 128.4 128 19 FWD 19 1024 cc02.0e64.0000 128.4
SW2#
在沒有開啓端口加速技術之前,f0/2端口重啓後需要等待30秒纔會轉換成Forwarding狀態(Listening --> Learning --> Forwarding)。
現在SW2設備的f0/2端口開啓Portfast技術,配置如下:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/2
SW2(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/2 but will only
have effect when the interface is in a non-trunking mode.
SW2(config-if)#
然後先關閉f0/2端口再開啓,然後查看f0/2端口的狀態:
SW2(config)#int f0/2
SW2(config-if)#shutdown
SW2(config-if)#no shutdown
SW2(config-if)#exit
SW2(config)#
*Mar 1 00:20:08.603: %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively downexit
SW2#
*Mar 1 00:20:11.363: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up
*Mar 1 00:20:11.683: %SYS-5-CONFIG_I: Configured from console by console sp
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1024
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc02.0e64.0000 128.2
FastEthernet0/2 128.3 128 19 FWD 19 1024 cc02.0e64.0000 128.3
FastEthernet0/3 128.4 128 19 FWD 19 1024 cc02.0e64.0000 128.4
SW2#
由於f0/2開啓了端口加速技術,f0/2端口重啓後直接切換成了Forwarding狀態,並沒有等待30秒才切換。
5.2 UplinkFast(上聯加速)
UplinkFast:是上聯加速,用於加速直接鏈路收斂。
原先在學習直接鏈路收斂的時候,SW2設備的f0/0端口發生網絡故障時,f0/1口需要等待30秒纔會進行切換端口的角色和狀態(切換鏈路)。
SW2設備開啓UplinkFast技術,配置如下:
SW2(config)#spanning-tree uplinkfast
關閉f0/0端口,show命令查看f0/1端口的狀態信息:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.08c8.0000
Cost 38
Port 2 (FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.1c80.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc03.2f4c.0000 128.2
SW2#
當SW2設備開啓了UplinkFast技術後,當SW2設備的f0/0端口關閉時,SW2的f0/1端口會馬上切換到uplinkfast狀態,不用等待30秒。
下面這條命令可以查看生成樹彙總信息,並且還可以查看uplinkfast 技術是否被開啓:
SW2#show spanning-tree summary
查看SW2的STP彙總信息:
SW2#show spanning-tree summary
Root bridge for: none.
PortFast BPDU Guard is disabled
//表示UplinkFast技術開啓
UplinkFast is enabled
BackboneFast is disabled
Name Blocking Listening Learning Forwarding STP Active
-------------------- -------- --------- -------- ---------- ----------
VLAN1 0 0 0 1 1
-------------------- -------- --------- -------- ---------- ----------
1 VLAN 0 0 0 1 1
Station update rate set to 150 packets/sec.
UplinkFast statistics
-----------------------
Number of transitions via uplinkFast (all VLANs) : 0
Number of proxy multicast addresses transmitted (all VLANs) : 0
SW2#
5.3 Backbonefast(骨幹加速)
Backbonefast:骨幹加速,用於加速間接鏈路收斂,可以減少20s,開啓Backbonefast技術還是需要等待30秒的時間。
根據之前我們所學的間接鏈路收斂可知,當SW1的f0/1口到SW3的f0/0口鏈路故障時,SW2的NDP口就無法收到對面發送的BPDU分組了。SW3可能會認爲SW1作爲Root設備出故障而無法發送BPDU分組,然後代替SW1成爲Root發送BPDU分組(一般是發送次級BPDU分組)。
但是SW1左邊的鏈路仍然還會每2秒向SW2設備發送BPDU分組,當所有的鏈路都部署了Backbonefast技術時,SW2設備收到SW1設備的BPDU分組時就會向SW1設備發送RLQ請求分組,SW1設備收到會發送一個RLQ響應分組,SW2設備的NDP口仍然會等待30秒切換成DP口(縮短了20秒)。
在所有鏈路上開啓Backbonefast技術,配置如下:
SW1(config)#spanning-tree backbonefast
SW2(config)#spanning-tree backbonefast
SW3(config)#spanning-tree backbonefast
然後在SW3設備上把f0/0端口直接關閉:
SW3(config)#int f0/0
SW3(config-if)#shutdown
SW3(config-if)#
*Mar 1 00:07:43.331: %DTP-5-NONTRUNKPORTON: Port Fa0/0 has become non-trunk
*Mar 1 00:07:44.679: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 00:07:45.679: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
SW3(config-if)#
通過show命令查看SW2設備的NDP接口狀態:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 LIS 19 4096 cc02.0e64.0000 128.2
SW2#
根據show命令給出的信息可以看到,所有鏈路部署了Backbonefast技術後,當鏈路發生故障時,SW2交換機的NDP口馬上從Blocking狀態依次變遷爲Listening狀態(收斂時間減少了20秒),換句話說,開啓了Backbonefast技術後,間接鏈路在收斂時確實減少了20秒時間。