Layer 2 Switching: (VLAN, Trunk, Spanning Tree)

Day 2
Layer 2 Switching
(VLAN, Trunk, Spanning Tree)
Johnson Liu
johnsonl@juniper.net reserved. 2011 Juniper Networks, Inc. All rights
| www.juniper.net
Oct. 13, 2011
Layer 2 Switching
2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net
Shared LANs Versus Switched LANs (1 of 2)

Shared LANs:
Combine all devices as part of a single collision domain which can increase the chance of collisions Flood traffic out all ports to all devices which can consume network resources and introduce security risks
User B Shared Medium / Collision Domain
User A Hub
User C
2011 Juniper Networks, Inc. All rights reserved.
Traffic sent from User A to User C is seen by all other users on segment
www.juniper.net | 3
Shared LANs Versus Switched LANs (2 of 2)

Bridged (or switched) LANs:
Break a single collision domain into multiple smaller collision domains; minimizing the chance of collisions Perform intelligent forwarding decisions based on the contents of the forwarding table (or bridge table)
Bridge Table User A Switch User C
Shared Medium / Collision Domain
Traffic sent from User A to User C is forwarded based on bridge table

User B
www.juniper.net | 4
How Does Bridging Work?

Bridging builds and maintains bridge table using the following mechanisms:
Bridging Mechanisms
Learning Forwarding
Floodin Filtering g
Agin g
Bridge Table
User A
Switch
User C
User B
www.juniper.net | 5
Bridging Mechanisms: Learning

Bridging Mechanisms
Learning Forwarding
Floodin Filtering g Agin g
The switch learns the source MAC addresses of all incoming Ethernet frames
MAC addresses are associated with an incoming interface Bridge Table
MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 00:26:88:02:74:88
ge-0/0/6 ge-0/0/7 ge-0/0/8
Pre DA
SA Type
Data
FCS
User A MAC: 00:26:88:02:74:86
Switch
ge-0/0/6 ge-0/0/8 ge-0/0/7
User C MAC: 00:26:88:02:74:88
User B MAC: 00:26:88:02:74:87
www.juniper.net | 6
Bridging Mechanisms: Forwarding (1 of 2)

Bridging Mechanisms
Learning Forwarding
ge-0/0/6 ge-0/0/7 ge-0/0/8
The switch consults the bridge table to find a forwarding entry for the destination MAC address of the received Ethernet frames Bridge Table
Pre DA SA Type Data FCS
MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 00:26:88:02:74:88
User A MAC: 00:26:88:02:74:86
Switch
ge-0/0/6 ge-0/0/8 ge-0/0/7
User C MAC: 00:26:88:02:74:88
User B MAC: 00:26:88:02:74:87
www.juniper.net | 7
Bridging Mechanisms: Forwarding (2 of 2)

Bridging Mechanisms
Learning Forwarding
Floodin Filtering g
VLAN 10
Agin g
MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 ge-0/0/6 ge-0/0/7 ge-0/0/8 ge-0/0/9
In
The switch organizes the bridge table by VLAN to ensure that Layer 2 traffic belonging to one broadcast domain is not forwarded to devices on another broadcast domain
11 00:26:88:02:74:88 00:26:88:02:74:89
Bridge Table VLAN 10

User A MAC: 00:26:88:02:74:86 172.23.10.100/24
VLAN 11
Switch
ge-0/0/6 ge-0/0/7
ge-0/0/9
ge-0/0/8
User D MAC: 00:26:88:02:74:89 172.23.11.100/24
User B MAC: 00:26:88:02:74:87 172.23.10.200/24

User C MAC: 00:26:88:02:74:88 172.23.11.200/24

www.juniper.net | 8
Bridging Mechanisms: Flooding

Bridging Mechanisms
Learning Forwarding
ge-0/0/6 All
The switch floods frames out all other ports belonging to the same VLAN when the destination MAC address is unknown
MAC Address 00:26:88:02:74:86 *
Pre DA
SA Type
Data
FCS
Bridge Table
The switch updates the bridge table when return traffic is received
User C MAC: 00:26:88:02:74:88
User A MAC: 00:26:88:02:74:86
Switch
ge-0/0/6 ge-0/0/8 ge-0/0/7
User B MAC: 00:26:88:02:74:87
www.juniper.net | 9
Bridging Mechanisms: Filtering

Bridging Mechanisms
Learning Forwarding
ge-0/0/6 ge-0/0/7 ge-0/0/7 ge-0/0/9
The switch filters (or discards) frames when the destination MAC address is associated with the ingress interface
User A MAC: 00:26:88:02:74:86
Bridge Table
MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 00:26:88:02:74:88 00:26:88:02:74:89 User D MAC: 00:26:88:02:74:89
Switch
ge-0/0/6 ge-0/0/9 ge-0/0/7
Hub
User B MAC: 00:26:88:02:74:87 User C MAC: 00:26:88:02:74:88
Pre DA
SA Type
Data
FCS
DA = 00:26:88:02:74:88
www.juniper.net | 10
Bridging Mechanisms: Aging

Bridging Mechanisms
Learning Forwarding
To keep bridge table entries current, the switch monitors activity of MAC addresses and ages out bridge table entries after a specific amount of time of inactivity
VLAN 10 MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 11 00:26:88:02:74:88 00:26:88:02:74:89
Interface ge-0/0/6 ge-0/0/7 ge-0/0/8 ge-0/0/9

Think About It
Given the topology and bridge table below, what devices will receive the packet sent by User B?
Bridge Table
MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 00:26:88:02:74:88 00:26:88:02:74:89 Interface ge-0/0/6 ge-0/0/7 ge-0/0/7 ge-0/0/9
User A MAC: 00:26:88:02:74:86
Switch
ge-0/0/6 ge-0/0/9 ge-0/0/7
User D MAC: 00:26:88:02:74:89
Hub
User B MAC: 00:26:88:02:74:87 User C MAC: 00:26:88:02:74:88
Pre DA
SA Type
Data
FCS
DA = 00:26:88:02:74:89
Hierarchical Design
Switched networks are often hierarchical and may consist of access, aggregation, and core layers
Benefits of a hierarchical network design include:
Modularityfacilitates change Function-to-layer mappingisolates faults
WAN Edge Device
Core Layer
Aggregation Layer
Access Layer
Functions of Layers
Layers are defined to aid successful network design and to represent functionality found within a network
Core layer switches relay packets between aggregation switches and function as the gateway to the WAN edge device Aggregation layer switches connect access switches and often provide interVLAN routing and policy-based connectivity Access layer switches facilitate enduser and device access and enforce access policy Note: All three layers support CoS
2011 Juniper Networks, Inc. All rights reserved. www.juniper.net | 14
WAN Edge Device
Consolidation of Layers
Simplify large complex switched networks
Junipers 3-2-1 architectural solutions
Virtual Chassis is a technology that can be implemented to combine functions of various layers into a single managed device QFabric is another technology that is being developed to simplify and combine all of the functions of a multitiered Qfabric switched network into a single managed device
Virtual Chassis
Virtual Local Area Networks (VLAN)
What Is a VLAN?
A logical LAN that allows you to assign users to a common broadcast domain based on business needs and regardless of physical location
User A 172.23.10.86/24
Switch-1
Switch-2
User C 172.23.10.87/24
User B 172.23.20.86/24
User D 172.23.20.87/24
VLAN 10 is associated with the 172.23.10.0/24 broadcast domain

User E 172.23.10.88/24
Switch-3

User F 172.23.20.88/24
Switch Port Designations

Switch ports operate in either access or trunk mode
By default all switch ports are access ports and belong to the default VLAN, which is an untagged VLAN
Switch-1
Switch-2
Trunk Ports
Switch-3
Access Ports
Access Ports
Access Ports
Access ports typically connect to end-user devices such as computers, IP phones, and printers
Access ports typically carry untagged traffic
Switch-1
Switch-2
Switch-3
Access Ports
Access Ports
Trunk Ports
Trunk ports typically connect switches to other switches or a router with VLAN tagging configured
Trunk ports typically carry tagged traffic
Switch-1
Switch-2
Trunk Ports
Switch-3
Example of Tagging Traffic: Step 1

User A sends traffic toward User C through an access port on Switch-1; the traffic is received by Switch-1 as untagged frames:
User A 172.23.10.86/24 MAC: 00:26:88:02:74:86 Access Ports User B 172.23.20.86/24 MAC: 00:26:88:03:78:86
Switch-1
Trunk Ports
Switch-2
Access Ports
User C 172.23.10.87/24 MAC: 00:26:88:02:74:87 User D 172.23.20.87/24 MAC: 00:26:88:03:78:87



Switch-1 performs a lookup in its bridge table, tags the Ethernet frames with VLAN ID 10 and forwards the frames out its trunk port:
Pre DA SA Tag Type Data FCS
Switch-1
Trunk Ports
Switch-2
Access Ports



Switch-2 performs a lookup in its bridge table, removes the VLAN tag and forwards the frames out the appropriate access port toward User C:
Switch-1
Trunk Ports
Switch-2
Access Ports


What If?
What if an IP phone and a PC are connected to the same switch port and you want the traffic sourced from those devices associated with different VLANs?
MAC: MAC: 00:26:88:02:74:86 00:26:88:02:72:13 ge-0/0/6.0 Access Port
Switch-1
Network
Data
Voice
Voice VLAN
The voice VLAN feature enables access ports to accept both untagged (data) and tagged (voice) traffic and separate that traffic into different VLANs
Used with CoS to differentiate data and voice traffic Voice VLAN and CoS values can be communicated to IP phones through Link Layer Discovery Protocol (LLDPMED)
MAC: MAC: 00:26:88:02:72:13 00:26:88:02:74:86 ge-0/0/6.0
Switch-1
Network
Voic e Data
Tagged Untagged
Note: Detailed coverage of CoS and LLDP are outside the scope of this material.
What If ?
The default behavior for trunk ports is to only send and receive tagged traffic. What if you needed to pass untagged Layer 2 traffic through trunk ports?
Untagged Traffic
host-a1: 172.23.0.10/24 VLAN: default (untagged) host-a2: 172.23.0.20/24 VLAN: default (untagged)
Switch-1
host-b1: 172.23.14.10/24 VLAN: v14 / VLAN ID: 14
Switch-2
ge-0/0/12.0
host-c1: 172.23.15.10/24 VLAN: v15 / VLAN ID: 15
Trunk Ports
Access Ports
The native-vlan-id Option

The native-vlan-id option enables trunk ports to accept untagged traffic in addition to tagged traffic
Configured on trunk ports of all switches expected to Untagged Traffic process untagged traffic
host-a1: 172.23.0.10/24 VLAN: default (untagged) host-a2: 172.23.0.20/24 VLAN: default (untagged)
Switch-1
Switch-2
ge-0/0/12.0
The native-vlan-id option should be added to the ge-0/0/12.0 interface on both switches for the default VLAN
What Is It?
A routed VLAN interface (RVI) is a logical Layer 3 interface defined on an EX Series switch that facilitates inter-VLAN routing
Switch-1 User-group A VLAN: v14 172.23.14.0/24 User-group C VLAN: v16 172.23.16.0/24
User-group B VLAN: v15 172.23.15.0/24
Note: Host devices require a default gateway which points to RVI defined on the switch.
Implementing RVIs
RVIs are typically defined on aggregation or access switches, depending on the implementation
All EX Series switches support RVIs as well as other Layer 3 routing operations
WAN Edge Device
Core Layer
Aggregation Layer Access Layer
Case Study: Topology and Objectives

Define three RVIs, one for each VLAN shown below, to function as the gateway for the respective VLAN
Use an IP address of 172.23.1x.1/24, where x is the User-group C subnet uniqueVLAN:User-group AID: 14 to the correspondingID: 16 value / assigned v14 VLAN VLAN: v16 / VLAN
Switch-1 host-a1: 172.23.14.10/24
vlan.14 vlan.16
host-c1: 172.23.16.10/24
host-a2: 172.23.14.20/24
vlan.15
host-c2: 172.23.16.20/24
host-b1: 172.23.15.10/24
host-b2: 172.23.15.20/24 User-group B VLAN: v15 / VLAN ID: 15
Spanning Tree Protocol(STP)
Test Your Knowledge

What will Switch-1 and Switch-2 do if they receive a broadcast frame or a frame destined to an unknown MAC address?
Example: Source MAC: 00:26:88:02:74:86 / Destination MAC: 00:26:88:02:74:95
User A MAC: 00:26:88:02:74:86
Switch-1
Switch-2
User C MAC: 00:26:88:02:74:88
User B MAC: 00:26:88:02:74:87
User D MAC: 00:26:88:02:74:89
Both switches would flood the frames out all ports except the port on which the frames arrived
What If ?
What if a broadcast frame or a frame with an unknown destination MAC address were sent into a Layer 2 network with redundant paths?
Example: Source MAC: 00:26:88:02:74:86 / Destination MAC: 00:26:88:02:74:95
User A MAC: 00:26:88:02:74:86
Switch-1
Switch-2
User C MAC: 00:26:88:02:74:88
User B MAC: 00:26:88:02:74:87
Flood
Layer 2 Loop
Flood
User D MAC: 00:26:88:02:74:89
Switch-3
Flood
User E MAC: 00:26:88:02:74:90
User F MAC: 00:26:88:02:74:91

Spanning Tree Protocol

STP
Defined in the IEEE 802.1D-1998 specification Builds loop-free paths in redundant Layer 2 networks Automatically rebuilds tree when topology changes
Switch-1
User Traffic
User Traffic
Loop Free Environment
Host A Switch-2 Switch-3
Host B
No User Traffic
How Does it Work?

Steps for creating a spanning tree include:
1. 2. 3. 4. Switches exchange bridge protocol data units (BPDUs) Root bridge is elected Port role and state are determined Tree is fully converged
Switch-1 Switch-1 (Root Bridge)
BPDUs
Loop Free Environment
User Traffic
Switch-2
Switch-3
Switch-2
No User Traffic
Switch-3
Terms and Concepts (1 of 2)

Key terms and concepts of STP:
: Unique identifier for each switch : Switch with the lowest bridge ID : The port on each bridge closest to the root bridge
: A bridges calculated cost to get from itself to the root bridge
Equal to the received root path cost from configuration BPDUs plus the port cost of the root port on the bridge
: Every interface on a bridge has an assigned port cost value

Used in the calculation of the root path cost for the local bridge Configurable value (1200000000) The default value is 20000 for 1 Gigabit Ethernet www.juniper.net | 36 2011 Juniper Networks, Inc. All rights reserved.
Terms and Concepts (2 of 2)

Key terms and concepts of STP (contd.):
: A switch representing the LAN segment : A unique identifier for each port on each switch : The designated bridges forwarding port on a LAN segment
The port used by a designated bridge to send traffic from the direction of the root to the LAN or from the LAN toward the root
: Packets used to exchange information between switches

Configuration BPDU Topology change notification BPDU
Port States
Each individual port of each bridge can be in one of four states:
The port drops all data packets and listens to BPDUs The port is not used in active topology The port drops all data packets and listens to BPDUs The port is transitioning and will be used in active topology The port drops all data packets and listens to BPDUs The port is transitioning and the switch is learning MAC addresses The port receives and forwards data packets and sends and receives BPDUs The port has transitioned and the switch continues to learn MAC addresses
Building a Spanning Tree (1 of 3)

Switches exchange configuration BPDUs:
They do not floodinstead each bridge uses information in the received BPDUs to generate its own
Root bridge is elected based on BPDU information:

Criterion for election is the bridge ID
The election process reviews priority firstlowest priority wins If the priority values are the same, bridge addresses (MAC) are comparedthe lowest identifier wins
Switch-1 (Root Bridge) Switches initially exchange configuration BPDUs, claiming themselves as the root bridge. Host A Switch-2
Switch-1 is elected as the root bridge based on the received configuration BPDU information.
Host B Switch-3

Least-cost path calculation to root bridge determines port role; port role determines port state: Port Role and State Designations
All ports on root bridge assume designated port role and forwarding state Root ports on switches are placed in the forwarding state; root bridge has no root ports Designated ports on designated bridges are placed in the forwarding state All other ports are placed in the blocking state
F,R = Forwarding and root port
F,D = Forwarding and designated
B
Switch-1 (Root Bridge)

F,D F,D
port = Blocking
F,R F,R F,D
B
Host A
F,D
F,D
Host B
Switch-2
Switch-3

The tree is fully converged
All traffic between Host A to Host B flows through the root bridge (Switch-1)
F F
Host A
Host B
Switch-2
Switch-3
STP Drawbacks
Slow convergence time
STP uses timers to transition between port states
STP can take 30 to 50 seconds to respond to a topology change (20 seconds for a BPDU to age out, 15 seconds for the listening state, and 15 seconds for the learning state)
Root bridge is responsible for communicating the current tree topology
Rapid Spanning Tree Protocol(RSTP)
Rapid Spanning Tree Protocol

RSTP was first defined in IEEE 802.1w and later incorporated into IEEE 802.1D-2004 Convergence improvements:
Point-to-point link designation Edge port designation
A port that connects to a LAN with no other bridges attached It is always in the forwarding state
Allows for rapid recovery from failures

A new root port or designated port can transition to forwarding without waiting for the protocol timers to expire
Direct and indirect link failure and recovery

RSTP Port Roles

RSTP introduces new port roles:
Alternate port:
Provides an alternate path to the root bridge (essentially a backup root port) Blocks traffic while receiving superior BPDUs from a neighboring switch
D DD D
R A
R A
Switch-2
D B
Switch-3
A A
Backup port:
Provides a redundant path to a segment (on designated switches only) Blocks traffic while a more preferred port functions as the designated port
Root Port = R Designated Port = D Alternate Port = A Backup Port = B
RSTP continues to use the root and designated port roles

STP and RSTP Port States

RSTP uses fewer states than STP but has the same functionality
802.1D-1998 STP
Blocking Discarding Listening Learning Forwarding Learning Forwarding
Root and Designated Ports
802.1D-2004 RSTP
Alternate Backup, and Disabled Ports
Rapid Spanning Tree BPDUs

Rapid Spanning Tree BPDUs:
Act as keepalives
RSTP-designated ports send Configuration BPDUs every hello time (default of 2 seconds)
Provide faster failure detection

If a neighboring bridge receives no BPDU within 3 times the hello interval (3 x 2 = 6 seconds), connectivity to the neighbor is faulty
DDDD
RA
R A A A
Switch-2
DB
Switch-3
Transitioning to the Forwarding State

STP:
Takes 30 seconds before the ports start forwarding traffic after port enablement
2x forwarding delay (listening + learning)
RSTP:
Uses a proposal-and-agreement handshake on point-topoint links instead of timers
Exceptions are alternate ports that immediately transition to root, and edge ports that immediately transition to the forwarding state Nonedge-designated ports transition to the forwarding state once they receive explicit agreement
Indirect Link Failure

When an indirect link failure occurs:
Switch-2s root port failsit assumes it is the new root Switch-3 receives inferior BPDUs from Switch-2it moves the alternate port to the designated port role Switch-2 receives superior BPDUs, knows it is not the root, and designates the port connecting to Switch-3 as the Note: The failure is from the perspective of Switchroot port 3
F F
Before
After

F
Forwarding = F Blocking = B Root Port = R Designated Port = D Alternate Port = A
R F D F Inferior PDU A B
R F R F D Superior PDU F
R F
Switch-2
Switch-3
Switch-2
Switch-3
Direct Link Failure

When a direct link failure occurs:
Alternate port transitions to forwarding state and assumes root port role following the failure of the old root port Switch-3 signals upstream switches to flush their MAC tables by sending RSTP TCNs out new root port
Upstream switches only flush MAC entries that they learned on active ports that did not receive the RSTP TCNsNote: The failure is from (except edge Switch-1 (Root Bridge) the perspective of SwitchBefore Switch-1 (Root Bridge) After ports)
3
F F F
Forwarding = F Blocking = B Root Port = R Designated Port = D
R F D F A B
R F
R F D F R F
Alternate Port = A
Switch-2
Switch-3
Switch-2
Switch-3
RSTP Interoperability with STP

STP and RSTP interoperability considerations:
If a switch supports only the STP protocol, it discards any RSTP BPDUs it receives If an RSTP-capable switch receives BPDUs, it reverts to STP mode on the receiving interface only and sends STP BPDUs
STP
RSTP
Switch-1 Protocol Version0 (STP)
Switch-2 Protocol Version0x02 (RSTP)
Switch-3 Protocol Version0x02 (RSTP)
What If?
Given the topology below, what if User A connects a personal (unauthorized) switch running the spanning tree protocol to Switch-2?
Part of the spanning tree Switch-1
BPDUs User A Switch-2 Switch-3 User A Switch-2 Switch-3
BPDUs would be exchanged, a new STP calculation would occur, and the rogue switch would become part of the spanning tree, potentially leading to a network outage
BPDU Protection
BPDU protection prevents rogue switches from connecting to the network and causing undesired Layer 2 topology changes and possible outages
If a BPDU is received on a protected interface, the interface is disabled and transitions to the blocking state
Edge port is disabled if BPDU is received on protected interface
User A Switch-2 Switch-3
What If?
Given the topology below, what if BPDUs sent by Switch-2 were not received by Switch-3?
Switch-1 (Root Bridge) Switch-1 (Root Bridge)
Layer 2 Loop
R D A R R D A D R
Switch-2
Switch-3
Switch-2
Switch-3
BPDUs not received due to a uni-directional link failure or a software configuration issue
Switch-3 waits until the max-age timer expires then transitions its alternate port to the designated port role and the forwarding state thus removing the blocked port and causing a Layer 2 loop www.juniper.net | 57
Loop Protection
The loop protection feature provides additional protection against Layer 2 loops by preventing nondesignated ports from becoming designated ports
Enable loop protection on all non-designated ports
Ports that detect the loss of BPDUs transition to the loop inconsistent role which maintains the blocking state Port automatically transitions back to previous or new role when it receives a BPDU Switch-1 (Root Bridge)
D D
R D
Loop Protection
A
Switch-2
Switch-3
What If?
Given the topology and details below, what if a rogue switch with a bridge priority of 4K was connected to the Layer 2 network?
Switch-1 (Root Bridge) Priority = 8k New root bridge Switch-1
Aggregation
Access BPDUs
Switch-2 Priority = 32k
Switch-2
Switch-3
BPDUs would be exchanged, a new STP calculation would occur, and the rogue switch would become the new root bridge potentially leading to a network outage
Root Protection
Enable root protection to avoid unwanted STP topology changes and root bridge placement
If a superior BPDU is received on a protected interface, the interface is disabled and transitions to the blocking state
Switch-1 (Root Bridge) Priority = 4k Root protection is typically configured on the ports of aggregation switches that connect to access switches Switch-2 Priority = 8k
Aggregation Access
Multiple Spanning Tree Protocol (MSTP)
What If ?
Refer to the topology below and assume no spanning tree protocol is currently in use; what would happen if User A sent traffic to User Z?
DS-1 DS-2
AS-1
AS-2
AS-3
User A 172.23.10.86/24
All switch ports belong to vlan-10 which is associated with 172.23.10.0/24
User Z 172.23.10.88/24
The traffic would be flooded repeatedly through a Layer 2 loop

Understanding the Default Configuration

By default, RSTP is enabled on EX Series switches which helps ensure a loop-free Layer 2 topology
One of the participating switches is selected as the root bridge DS-1 (Root bridge) DS-2
AS-1
AS-2
AS-3
User A 172.23.10.86/24
All switch ports belong to vlan-10 which is associated with 172.23.10.0/24
User Z 172.23.10.88/24
Traffic will be forwarded through the root bridge towards the destination
A Limitation of STP and RSTP

STP and RSTP provide no load-balancing functionality which means some links will not be used
DS-1 (Root bridge) DS-2 All links connected to DS-2 will not be used unless a failure occurs
AS-1
AS-2
AS-3
User A 172.23.10.86/24
User B 172.23.20.86/24
User C 172.23.10.87/24
User D 172.23.20.87/24
User E 172.23.10.88/24
User F 172.23.20.88/24
vlan-10 is associated with the 172.23.10.0/24 broadcast domain


Multiple Spanning Tree Protocol

MSTP provides extensions to RSTP which allow you to: Create multiple spanning tree instances (MSTIs) DS-2 DS-1 in order to balance traffic flows over all available (Root bridge for Instance-2) (Root bridge for Instance-1) links
AS-1 AS-2 AS-3
User A 172.23.10.86/24
User B 172.23.20.86/24
User C 172.23.10.87/24
User D 172.23.20.87/24
User E 172.23.10.88/24
User F 172.23.20.88/24


Multiple Spanning Tree Region

A group of switches with the same region name, revision level, and VLAN-to-instance mapping
You can configure a maximum of 64 MSTIs per MST region with one regional root bridge per instance
Instance-1 = VLANs 10-19 DS-1 (Root bridge for Instance-1) Region-1 Instance-2 = VLANs 20-29
DS-2
(Root bridge for Instance-2)
AS-1
AS-2
AS-3
VLAN Spanning Tree Protocol

VSTP maintains a separate spanning-tree instance for each VLAN allowing load balancing of Layer 2 traffic
Proprietary protocol that is compatible with similar protocols from other vendors including instance 1and RapidPVST+ VSTP Vlan-1 PVST+ VSTP instance 2 Vlan-2
Vlan-3 Vlan-4 Vlan-5
DS-1 DS-2
VSTP instance 3 VSTP instance 4 VSTP instance 5
AS-1
AS-2
AS-3
VSTP Considerations (1 of 2)
Some VSTP considerations include:
Supports up to 253 different spanning-tree topologies
You selectively determine which VLANs participate in VSTP We recommend that you enable RSTP in addition to VSTP to account for any VLANs above and beyond 253
Vlan-1 Vlan-2 Vlan-253 Vlan-254 Vlan-255 Vlan-1 Vlan-2 Vlan-253 Vlan-254 Vlan-255
VSTP RSTP
VSTP Considerations (2 of 2)
Some VSTP considerations include (contd):
As you add VLANs, more CPU resources are consumed
A separate BPDU is sent out for each configured VLAN
Vlan-1 Vlan-2 Vlan-3
VLAN TAG
DA
SA
LLC SNAP
BPDU
FCS
VSTP BPDU format is the same as RSTP format with an added type, length, and value that advertises the same VLAN ID found in the VLAN tag

Layer 2 Switching: (VLAN, Trunk, Spanning Tree)

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Layer 2 Switching: (VLAN, Trunk, Spanning Tree)

Încărcat de

Drepturi de autor:

Formate disponibile

Day 2

Oct. 13, 2011

2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net

Shared LANs Versus Switched LANs (1 of 2)

2011 Juniper Networks, Inc. All rights reserved.

Shared LANs Versus Switched LANs (2 of 2)

Shared Medium / Collision Domain

Traffic sent from User A to User C is forwarded based on bridge table

How Does Bridging Work?

2011 Juniper Networks, Inc. All rights reserved.

Bridging Mechanisms: Learning

MAC addresses are associated with an incoming interface Bridge Table

MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 00:26:88:02:74:88

ge-0/0/6 ge-0/0/7 ge-0/0/8

User A MAC: 00:26:88:02:74:86

User C MAC: 00:26:88:02:74:88

User B MAC: 00:26:88:02:74:87

2011 Juniper Networks, Inc. All rights reserved.

Bridging Mechanisms: Forwarding (1 of 2)

MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 00:26:88:02:74:88

User A MAC: 00:26:88:02:74:86

User C MAC: 00:26:88:02:74:88

User B MAC: 00:26:88:02:74:87

2011 Juniper Networks, Inc. All rights reserved.

Bridging Mechanisms: Forwarding (2 of 2)

MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 ge-0/0/6 ge-0/0/7 ge-0/0/8 ge-0/0/9

Bridge Table VLAN 10

User D MAC: 00:26:88:02:74:89 172.23.11.100/24

User B MAC: 00:26:88:02:74:87 172.23.10.200/24

User C MAC: 00:26:88:02:74:88 172.23.11.200/24

Bridging Mechanisms: Flooding

MAC Address 00:26:88:02:74:86 *

User A MAC: 00:26:88:02:74:86

User B MAC: 00:26:88:02:74:87

2011 Juniper Networks, Inc. All rights reserved.

Bridging Mechanisms: Filtering

MAC Address 00:26:88:02:74:86 00:26:88:02:74:87 00:26:88:02:74:88 00:26:88:02:74:89 User D MAC: 00:26:88:02:74:89

2011 Juniper Networks, Inc. All rights reserved.

Bridging Mechanisms: Aging

Interface ge-0/0/6 ge-0/0/7 ge-0/0/8 ge-0/0/9

User A MAC: 00:26:88:02:74:86

User D MAC: 00:26:88:02:74:89

2011 Juniper Networks, Inc. All rights reserved.

2011 Juniper Networks, Inc. All rights reserved.

WAN Edge Device

2011 Juniper Networks, Inc. All rights reserved.

Virtual Local Area Networks (VLAN)

2011 Juniper Networks, Inc. All rights reserved. | www.juniper.net

VLAN 10 is associated with the 172.23.10.0/24 broadcast domain

VLAN 20 is associated with the 172.23.20.0/24 broadcast domain

Switch Port Designations

2011 Juniper Networks, Inc. All rights reserved.

2011 Juniper Networks, Inc. All rights reserved.

2011 Juniper Networks, Inc. All rights reserved.

Example of Tagging Traffic: Step 1

User C 172.23.10.87/24 MAC: 00:26:88:02:74:87 User D 172.23.20.87/24 MAC: 00:26:88:03:78:87

VLAN 10 is associated with the 172.23.10.0/24 broadcast domain

VLAN 20 is associated with the 172.23.20.0/24 broadcast domain

Example of Tagging Traffic: Step 2

User C 172.23.10.87/24 MAC: 00:26:88:02:74:87 User D 172.23.20.87/24 MAC: 00:26:88:03:78:87

VLAN 10 is associated with the 172.23.10.0/24 broadcast domain

VLAN 20 is associated with the 172.23.20.0/24 broadcast domain