1. 端口状态机
STP端口状态机迁移过程:
运行了STP协议的端口状态有以下五种:
- Forwarding(简称FWD),转发状态,也就是说端口既可以转发用户流量也可以转发BPDU流量,还可以学习MAC地址,通常只有DP和RP口才能进入Forwarding状态。
- Learning(简称LRN),学习状态,在学习状态下的端口可以根据用户流量来构建MAC地址表但不转发用户流量,可以处理BPDU流量,其实Learning状态是临时用来防止环路的。
- Listening(简称LIS),侦听状态,在该状态下端口可以转发BPDU流量,但不能转发用户流量。
- Blocking(简称BLK),阻塞状态,在该状态下端口只能接受BPDU流量并处理,并不能转发BPDU流量,通常非指定端口(NDP)就是Blocking状态。
- Disabled,禁用状态,在该状态下端口无法处理和转发BPDU流量和用户流量。
2. STP链路收敛
STP链路收敛就是在STP网络中,如果某一台设备的链路发生故障时可以迅速切换到备用链路,保证网络拓扑的可靠稳定运行,这就是STP链路收敛的过程。一般STP链路收敛主要有两种:
- 直接链路收敛
- 间接链路收敛
2.1 直接链路收敛
例如上图中SW1的f0/0口到SW2的f0/1口的链路发生故障,SW2交换机的NDP端口能够直接检测到f0/0链路发生故障,这种情况通常称之为直接链路收敛(简单来说就是对于网络拓扑可以明显检测到的网络故障)。但是SW2交换机的NDP端口并不会等待30秒后才进行链路收敛,直接链路收敛会跳过端口状态机中的前20S,直接从Blocking状态变迁为Listening状态,然后才等待30S变迁为Forwarding状态,端口的角色也会发生改变,从NDP切换成RP口同时还会进行链路切换。
2.2 间接链路收敛
如果你已经明白了直接链路收敛的过程,那么间接链路收敛对你来说小菜一碟。
对于网络拓扑无法明显检测到的网络故障,例如上图中的SW1的f0/1口到SW3的f0/0口这条链路出故障时,SW1发送的BPDU包对于SW3设备来说是接收不到的,那么SW2的NDP端口就会等待50秒,根据端口状态机从Blocking状态依次变迁为Forwarding状态,并且端口角色会从NDP转变为DP端口(从阻塞端口转变为转发端口),同时SW3的f0/1口会从DP端口转变为RP端口,然后进行链路切换。
3. 实验1——直接链路收敛
所有设备开启Trunk模式,然后配置STP协议,略过......
现在通过实验来分别验证直接链路收敛和间接链路收敛的过程,在此之前需要先开启STP协议的调试功能:
debug spanning-tree events //开启生成树调试
查看SW2设备的端口信息:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 BLK 19 1024 cc03.29b4.0000 128.2
从show命令可以看到SW2交换机的f0/1口仍然是处于Blocking状态(BLK)。
重点来了!在SW2设备上开启STP协议调试功能,然后把SW2的f0/0口关闭,然后注意观察STP协议的调试信息:
SW2#debug spanning-tree events
Spanning Tree event debugging is on
SW2#
SW2#conf t
SW2(config)#int f0/0
SW2(config-if)#shutdown
SW2(config-if)#
*Mar 1 00:22:16.827: STP: VLAN1 Fa0/0 -> blocking
*Mar 1 00:22:16.827: STP: VLAN1 new root port Fa0/1, cost 38
//SW2的f0/1口直接从Blocking状态切换到了Listening状态
*Mar 1 00:22:16.831: STP: VLAN1 Fa0/1 -> listening
*Mar 1 00:22:17.331: %DTP-5-NONTRUNKPORTON: Port Fa0/0 has become non-trunk
//这行调试信息的意思就是f0/0接口已经关闭掉了
*Mar 1 00:22:18.799: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 00:22:18.827: STP: VLAN1 sent Topology Change Notice on Fa0/1
//STP协议更改了f0/0口的状态
*Mar 1 00:22:19.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
//f0/1口等待15秒后切换到了learning状态
*Mar 1 00:22:31.855: STP: VLAN1 Fa0/1 -> learning
*Mar 1 00:22:40.159: STP: VLAN1 we are the spanning tree root
*Mar 1 00:22:40.247: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/1
*Mar 1 00:22:40.247: current Root has 4096-cc02.0e64.0000
*Mar 1 00:22:40.247: supersedes 4096-cc02.0e64.0000
*Mar 1 00:22:40.247: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/1, cost 38
*Mar 1 00:22:40.251: STP: VLAN1 sent Topology Change Notice on Fa0/1
*Mar 1 00:22:41.251: STP: VLAN1 we are the spanning tree root
*Mar 1 00:22:42.571: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/1
*Mar 1 00:22:42.571: current Root has 4096-cc02.0e64.0000
*Mar 1 00:22:42.571: supersedes 4096-cc02.0e64.0000
*Mar 1 00:22:42.571: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/1, cost 38
*Mar 1 00:22:42.575: STP: VLAN1 sent Topology Change Notice on Fa0/1
//最终SW2的f0/1口经过30秒后最终切换到了forwarding状态。
*Mar 1 00:22:46.879: STP: VLAN1 Fa0/1 -> forwarding
SW2的f0/1口已经完成了从Blocking状态变迁为Forwarding状态的变迁。
然后通过show命令查看SW2的f0/1口的状态,如下所示:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 38
Port 2 (FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc03.29b4.0000 128.2
SW2#
从STP协议的调试信息中可以验证,对于网络拓扑中可以直接检测到的网络故障,STP协议会进行直接链路收敛完成端口的状态变迁和端口角色的改变,其过程只需要30秒。
喜欢思考的小伙伴可以会问,如果原来的链路恢复了的话,还会切换到原来的链路吗???
很明显,答案是会的,并且原来链路的端口角色和状态都会恢复。
进入SW2设备的f0/0口的配置模式并开启f0/0口,注意观察STP协议的调试信息:
SW2(config-if)#no shutdown
SW2(config-if)#
*Mar 1 00:56:02.587: STP: VLAN1 we are the spanning tree root
*Mar 1 00:56:02.631: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/1
*Mar 1 00:56:02.631: current Root has 4096-cc02.0e64.0000
*Mar 1 00:56:02.631: supersedes 4096-cc02.0e64.0000
*Mar 1 00:56:02.631: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/1, cost 38
*Mar 1 00:56:02.631: STP: VLAN1 sent Topology Change Notice on Fa0/1
//开启恢复f0/0端口后,直接进入Listening状态
*Mar 1 00:56:03.115: STP: VLAN1 Fa0/0 -> listening
*Mar 1 00:56:03.603: %DTP-5-TRUNKPORTON: Port Fa0/0 has become dot1q trunk
*Mar 1 00:56:03.631: STP: VLAN1 we are the spanning tree root
*Mar 1 00:56:03.655: STP: VLAN1 heard root 0-cc01.3174.0000 on Fa0/0
*Mar 1 00:56:03.655: current Root has 4096-cc02.0e64.0000
*Mar 1 00:56:03.655: supersedes 4096-cc02.0e64.0000
*Mar 1 00:56:03.655: STP: VLAN1 new root is 0, cc01.3174.0000 on port Fa0/0, cost 19
*Mar 1 00:56:03.659: STP: VLAN1 sent Topology Change Notice on Fa0/0
//f0/1端口从Forwarding状态切换到了Blocking
*Mar 1 00:56:04.419: STP: VLAN1 Fa0/1 -> blocking
*Mar 1 00:56:05.047: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:56:06.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 00:56:18.139: STP: VLAN1 Fa0/0 -> learning
*Mar 1 00:56:24.435: STP: VLAN1 Fa0/1 -> listening
*Mar 1 00:56:25.563: STP: VLAN1 heard root 1024-cc03.29b4.0000 on Fa0/1
*Mar 1 00:56:25.563: current Root has 0-cc01.3174.0000
*Mar 1 00:56:26.559: STP: VLAN1 Fa0/1 -> blocking
//然后f0/0经过30S后从Listening状态切换到了Forwarding状态
*Mar 1 00:56:33.163: STP: VLAN1 Fa0/0 -> forwarding
STP协议给出的调试信息可以看到SW2设备的f0/0和f0/1两个端口的角色和状态的切换过程。
再次通过show命令查看SW2设备STP配置信息:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 BLK 19 1024 cc03.29b4.0000 128.2
SW2#
说明链路和端口的角色和状态已经切换回来了。
4. 实验2——间接链路收敛
如果直接链路收敛的实验你已经会了的话,留个思考题:完成间接链路收敛的验证过程。
5. STP高级特性
如果当前网络发生故障时,STP链路收敛最少都要30秒的时间,网络才会恢复稳定。
这对于要求实时性严格的网络场景下,例如数据中心网络,是绝对不允许网络长时间出现故障,甚至一秒,两秒都不行,因为在实际的网络环境中,如果不能及时解决网络故障会对企业带来损失,时间越长损失也越大,所以这对网络的稳定有了更高的要求:当链路出现故障时能马上快速收敛(缩短收敛时间)。
既然我们能想到这个问题,那当时思科的工程师们在设计STP协议时肯定也考虑到了这个问题,STP提供了三个高级特性来完成STP链路加速收敛。
5.1 PortFast(端口加速)
Portfast:端口加速,主要是用于主机接入交换机的端口进行快速收敛,并且这些端口是不需要运行STP协议。
如上图所示,SW2交换机的f0/2和f0/3口就是主机接入交换机的端口,通常是用于主机接入交换机的,不需要运行STP协议,这意味着也不需要发送BPDU分组,不参与端口的选举,重点是链路收敛不需要等待30S,那么我们就可以把SW2交换机的f0/2和f0/3口设置为Portfast(端口加速技术)。
以SW2设备的f0/2端口为例,开启Portfast技术,配置如下:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/2
SW2(config-if)#spanning-tree portfast
在没有开启端口加速技术之前,关闭SW2的f0/2接口,然后再打开SW2的f0/2接口:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/2
SW2(config-if)#shutdown
SW2(config-if)#no shutdown
SW2(config-if)#
*Mar 1 00:05:40.967: %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
*Mar 1 00:05:42.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
SW2(config-if)#
SW2(config-if)#exit
*Mar 1 00:05:44.223: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up
*Mar 1 00:05:45.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
SW2(config)#
SW2(config)#exit
SW2#
show命令多次查看SW2设备的f0/2端口的状态:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1024
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc02.0e64.0000 128.2
FastEthernet0/2 128.3 128 19 LIS 19 1024 cc02.0e64.0000 128.3
FastEthernet0/3 128.4 128 19 FWD 19 1024 cc02.0e64.0000 128.4
SW2#
然后再次查看SW2设备的f0/2端口的状态:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1024
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc02.0e64.0000 128.2
FastEthernet0/2 128.3 128 19 FWD 19 1024 cc02.0e64.0000 128.3
FastEthernet0/3 128.4 128 19 FWD 19 1024 cc02.0e64.0000 128.4
SW2#
在没有开启端口加速技术之前,f0/2端口重启后需要等待30秒才会转换成Forwarding状态(Listening --> Learning --> Forwarding)。
现在SW2设备的f0/2端口开启Portfast技术,配置如下:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/2
SW2(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single host.
Connecting hubs, concentrators, switches, bridges, etc.to this interface
when portfast is enabled, can cause temporary spanning tree loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/2 but will only
have effect when the interface is in a non-trunking mode.
SW2(config-if)#
然后先关闭f0/2端口再开启,然后查看f0/2端口的状态:
SW2(config)#int f0/2
SW2(config-if)#shutdown
SW2(config-if)#no shutdown
SW2(config-if)#exit
SW2(config)#
*Mar 1 00:20:08.603: %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively downexit
SW2#
*Mar 1 00:20:11.363: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up
*Mar 1 00:20:11.683: %SYS-5-CONFIG_I: Configured from console by console sp
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 1024
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc02.0e64.0000 128.2
FastEthernet0/2 128.3 128 19 FWD 19 1024 cc02.0e64.0000 128.3
FastEthernet0/3 128.4 128 19 FWD 19 1024 cc02.0e64.0000 128.4
SW2#
由于f0/2开启了端口加速技术,f0/2端口重启后直接切换成了Forwarding状态,并没有等待30秒才切换。
5.2 UplinkFast(上联加速)
UplinkFast:是上联加速,用于加速直接链路收敛。
原先在学习直接链路收敛的时候,SW2设备的f0/0端口发生网络故障时,f0/1口需要等待30秒才会进行切换端口的角色和状态(切换链路)。
SW2设备开启UplinkFast技术,配置如下:
SW2(config)#spanning-tree uplinkfast
关闭f0/0端口,show命令查看f0/1端口的状态信息:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.08c8.0000
Cost 38
Port 2 (FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.1c80.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/1 128.2 128 19 FWD 19 1024 cc03.2f4c.0000 128.2
SW2#
当SW2设备开启了UplinkFast技术后,当SW2设备的f0/0端口关闭时,SW2的f0/1端口会马上切换到uplinkfast状态,不用等待30秒。
下面这条命令可以查看生成树汇总信息,并且还可以查看uplinkfast 技术是否被开启:
SW2#show spanning-tree summary
查看SW2的STP汇总信息:
SW2#show spanning-tree summary
Root bridge for: none.
PortFast BPDU Guard is disabled
//表示UplinkFast技术开启
UplinkFast is enabled
BackboneFast is disabled
Name Blocking Listening Learning Forwarding STP Active
-------------------- -------- --------- -------- ---------- ----------
VLAN1 0 0 0 1 1
-------------------- -------- --------- -------- ---------- ----------
1 VLAN 0 0 0 1 1
Station update rate set to 150 packets/sec.
UplinkFast statistics
-----------------------
Number of transitions via uplinkFast (all VLANs) : 0
Number of proxy multicast addresses transmitted (all VLANs) : 0
SW2#
5.3 Backbonefast(骨干加速)
Backbonefast:骨干加速,用于加速间接链路收敛,可以减少20s,开启Backbonefast技术还是需要等待30秒的时间。
根据之前我们所学的间接链路收敛可知,当SW1的f0/1口到SW3的f0/0口链路故障时,SW2的NDP口就无法收到对面发送的BPDU分组了。SW3可能会认为SW1作为Root设备出故障而无法发送BPDU分组,然后代替SW1成为Root发送BPDU分组(一般是发送次级BPDU分组)。
但是SW1左边的链路仍然还会每2秒向SW2设备发送BPDU分组,当所有的链路都部署了Backbonefast技术时,SW2设备收到SW1设备的BPDU分组时就会向SW1设备发送RLQ请求分组,SW1设备收到会发送一个RLQ响应分组,SW2设备的NDP口仍然会等待30秒切换成DP口(缩短了20秒)。
在所有链路上开启Backbonefast技术,配置如下:
SW1(config)#spanning-tree backbonefast
SW2(config)#spanning-tree backbonefast
SW3(config)#spanning-tree backbonefast
然后在SW3设备上把f0/0端口直接关闭:
SW3(config)#int f0/0
SW3(config-if)#shutdown
SW3(config-if)#
*Mar 1 00:07:43.331: %DTP-5-NONTRUNKPORTON: Port Fa0/0 has become non-trunk
*Mar 1 00:07:44.679: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 00:07:45.679: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
SW3(config-if)#
通过show命令查看SW2设备的NDP接口状态:
SW2#show spanning-tree vlan 1 brief
VLAN1
Spanning tree enabled protocol ieee
Root ID Priority 0
Address cc01.3174.0000
Cost 19
Port 1 (FastEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4096
Address cc02.0e64.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
-------------------- ------- ---- ----- --- ----- -------------------- -------
FastEthernet0/0 128.1 128 19 FWD 0 0 cc01.3174.0000 128.1
FastEthernet0/1 128.2 128 19 LIS 19 4096 cc02.0e64.0000 128.2
SW2#
根据show命令给出的信息可以看到,所有链路部署了Backbonefast技术后,当链路发生故障时,SW2交换机的NDP口马上从Blocking状态依次变迁为Listening状态(收敛时间减少了20秒),换句话说,开启了Backbonefast技术后,间接链路在收敛时确实减少了20秒时间。