Multiple Spanning Tree Protocol

This chapter introduces you to Multiple Spanning Tree Protocol (MSTP) which is one of the variants of Spanning Tree Protocol (STP) and describes how you can configure the MSTP feature.

Multiple Spanning Tree Protocol

The Multiple Spanning Tree Protocol (MSTP) is a Spanning Tree Protocols (STPs) variant that allows you to create multiple and independent spanning trees over the same physical network. You can configure the parameters for each spanning tree separately. You can select different network devices as the root bridge or different paths to form the loop-free topology. Therefore, you can block a given physical interface for some of the spanning trees and unblock for others.

After setting up multiple spanning tree instances, you can partition the set of VLANs in use. For example, you can assign VLANs 1–100 to spanning tree instance 1, VLANs 101–200 to spanning tree instance 2, VLANs 201–300 to spanning tree instance 3, and so on. Since each spanning tree has a different active topology with different active links, this has the effect of dividing the data traffic among the available redundant links based on the VLAN—a form of load balancing.

MSTP Supported Features

The Cisco 8000 Series Routers support MSTP, as defined in IEEE 802.1Q-2005, on physical Ethernet interfaces and Ethernet Bundle interfaces.This includes the Port Fast and bridge protocol data unit (BPDU) Guard features to break L2 loop. The routers can operate in either standard 802.1Q mode, or in Provide Edge (802.1ad) mode. In provider edge mode, a different MAC address is used for bridge protocol data units (BPDUs), and any BPDUs received with the 802.1Q MAC address are forwarded transparently.

When you have not configured the allow-legacy-bpdu command on MST default instance, and if one of the bridge ports receives legacy BPDU, the port enters error-disable state.

BPDU Guard

The BPDU Guard feature allows you to protect against misconfiguration of edge ports. It is an enhancement to the MSTP port fast feature. When you configure port fast on an interface, MSTP considers that interface to be an edge port and removes it from consideration when calculating the spanning tree. When you configure BPDU Guard, MSTP additionally shuts down the interface using error-disable when an MSTP BPDU is received.

Flush Containment

Flush containment is a Cisco feature that helps prevent unnecessary MAC flushes due to unrelated topology changes in other areas of a network. This is best illustrated by example. The following figure shows a network containing four devices. Two VLANs are in use: VLAN 1 is only used on device D, while VLAN 2 spans devices A, B and C. The two VLANs are in the same spanning tree instance, but do not share any links.

Figure 1. Flush Containment

Flush Containment

If the link AB goes down, then in normal operation, as C brings up its blocked port, it sends out a topology change notification on all other interfaces, including towards D. This causes a MAC flush to occur for VLAN 1, even though the topology change which has taken place only affects VLAN 2.

Flush containment helps deal with this problem by preventing topology change notifications from being sent on interfaces on which no VLANs are configured for the MSTI in question. In the example network this would mean no topology change notifications would be sent from C to D, and the MAC flushes which take place would be confined to the right hand side of the network.


Note


Flush containment is enabled by default, but can be disabled by configuration, thus restoring the behavior described in the IEEE 802.1Q standard.

Bringup Delay

Bringup delay is a Cisco feature that stops MSTP from considering an interface when calculating the spanning tree, if the interface is not yet ready to forward traffic. This is useful when a line card first boots up, as the system may declare that the interfaces on that card are Up before the dataplane is fully ready to forward traffic. According to the standard, MSTP considers the interfaces as soon as they are declared Up, and this may cause it to move other interfaces into the blocking state if the new interfaces are selected instead.

Bringup delay solves this problem by adding a configurable delay period which occurs as interfaces that are configured with MSTP first come into existence. Until this delay period ends, the interfaces remain in blocking state, and are not considered when calculating the spanning tree.

Bringup delay only takes place when interfaces which are already configured with MSTP are created, for example, on a card reload. No delay takes place if an interface which already exists is later configured with MSTP.

Restrictions

These restrictions apply when using MSTP:

  • You can configure MSTP only on the main (L3 or L2 interface) interface.

  • The subinterfaces are mapped to MSTI instances by the outermost VLAN tag ID, even if the subinterface encapsulation is a QinQ or a single VLAN tag.

  • There’s no intersection with split-horizon group alignment and MSTI grouping using VLAN ID. Each grouping runs independently.

  • All subinterfaces in a bridge domain must use the same MSTI when MSTP is running on the corresponding main interfaces.

  • When MSTP runs on a main interface, untagged subinterface shouldn’t be created.

Configuring MSTP

This section describes the procedure for configuring MSTP:


Note


This section does not describe how to configure data switching. Refer to the Implementing Multipoint Layer 2 Services module for more information.


Enabling MSTP

By default, STP is disabled on all interfaces. MSTP should be explicitly enabled by configuration on each physical or Ethernet Bundle interface. When MSTP is configured on an interface, all the subinterfaces of that interface are automatically MSTP-enabled.

Configuring MSTP parameters

The MSTP Standard defines a number of configurable parameters. The global parameters are:

  • Region Name and Revision

  • Bringup Delay

  • Forward Delay

  • Max Age or Hops

  • Transmit Hold Count

  • Provider Bridge mode

  • Flush Containment

  • VLAN IDs (per spanning-tree instance)

  • Bridge Priority (per spanning-tree instance)

The per-interface parameters are:
  • External port path cost

  • Hello Time

  • Link Type

  • Port Fast and BPDU Guard

  • Root Guard and Topology Change Guard

  • Port priority (per spanning-tree instance)

  • Internal port path cost (per spanning-tree instance)

Per-interface configuration takes place in an interface submode within the MST configuration submode.


Note


The configuration steps listed in the following sections show all of the configurable parameters. However, in general, most of these can be retained with the default value.

SUMMARY STEPS

  1. configure
  2. spanning-tree mst protocol instance identifier
  3. bringup delay for interval { minutes | seconds }
  4. flush containment disable
  5. name name
  6. revision revision -number
  7. forward-delay seconds
  8. maximum { age seconds | hops hops }
  9. transmit hold-count count
  10. provider-bridge
  11. instance id
  12. priority priority
  13. vlan-id vlan-range [,vlan-range ][,vlan-range ] [,vlan-range ]
  14. interface { Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet } instance
  15. instance id port-priority priority
  16. instance id cost cost
  17. external-cost cost
  18. link-type { point-to-point | multipoint }
  19. hello-time seconds
  20. portfast [ bpdu-guard ]
  21. guard root
  22. guard topology-change
  23. Use the commit or end command.

DETAILED STEPS


Step 1

configure

Example:

RP/0/# configure

Enters the .

Step 2

spanning-tree mst protocol instance identifier

Example:


RP/0/(config)# spanning-tree mst a
RP/0/(config-mstp)#

Enters the MSTP configuration submode.

Step 3

bringup delay for interval { minutes | seconds }

Example:


RP/0/(config-mstp)#bringup delay for 10 minutes

Configures the time interval to delay bringup for.

Step 4

flush containment disable

Example:


RP/0/(config-mstp)#flush containment disable

Disable flush containment.

This command performs MAC flush on all instances regardless of the their state.

Step 5

name name

Example:


RP/0/(config-mstp)# name m1

Sets the name of the MSTP region.

The default value is the MAC address of the switch, formatted as a text string by means of the hexadecimal representation specified in IEEE Std 802.

Step 6

revision revision -number

Example:


RP/0/(config-mstp)# revision 10

Sets the revision level of the MSTP region.

Allowed values are from 0 through 65535.

Step 7

forward-delay seconds

Example:


RP/0/(config-mstp)# forward-delay 20

Sets the forward-delay parameter for the bridge.

Allowed values for bridge forward-delay time in seconds are from 4 through 30.

Step 8

maximum { age seconds | hops hops }

Example:

 
RP/0/(config-mstp)# max age 40
RP/0/(config-mstp)# max hops 30

Sets the maximum age and maximum hops performance parameters for the bridge.

Allowed values for maximum age time for the bridge in seconds are from 6 through 40.

Allowed values for maximum number of hops for the bridge in seconds are from 6 through 40.

Step 9

transmit hold-count count

Example:


RP/0/(config-mstp)# transmit hold-count 8

Sets the transmit hold count performance parameter.

Allowed values are from 1 through 10.

Step 10

provider-bridge

Example:


RP/0/(config-mstp)# provider-bridge

Places the current instance of the protocol in 802.1ad mode.

Step 11

instance id

Example:


RP/0/(config-mstp)# instance 101
RP/0/(config-mstp-inst)#

Enters the MSTI configuration submode.

Allowed values for the MSTI ID are from 0 through 4094.

Step 12

priority priority

Example:


RP/0/(config-mstp-inst)# priority 8192

Sets the bridge priority for the current MSTI.

Allowed values are from 0 through 61440 in multiples of 4096.

Step 13

vlan-id vlan-range [,vlan-range ][,vlan-range ] [,vlan-range ]

Example:


RP/0/(config-mstp-inst)# vlan-id 2-1005

Associates a set of VLAN IDs with the current MSTI.

List of VLAN ranges in the form a-b, c, d, e-f, g, and so on.

Note

 

Repeat steps 11 to 13 for each MSTI.

Step 14

interface { Bundle-Ether | GigabitEthernet | TenGigE | FastEthernet } instance

Example:


RP/0/(config-mstp)# interface FastEthernet 0/0/0/1
RP/0/(config-mstp-if)#

Enters the MSTP interface configuration submode, and enables STP for the specified port.

Forward interface in Rack/Slot/Instance/Port format.

Step 15

instance id port-priority priority

Example:


RP/0/(config-mstp-if)# instance 101 port-priority 160

Sets the port priority performance parameter for the MSTI.

Allowed values for the MSTI ID are from 0 through 4094.

Allowed values for port priority are from 0 through 240 in multiples of 16.

Step 16

instance id cost cost

Example:


RP/0/(config-mstp-if)# instance 101 cost 10000

Sets the internal path cost for a given instance on the current port.

Allowed values for the MSTI ID are from 0 through 4094.

Allowed values for port cost are from 1 through 200000000.

Repeat steps 15 and 16 for each MSTI for each interface.

Step 17

external-cost cost

Example:


RP/0/(config-mstp-if)# external-cost 10000

Sets the external path cost on the current port.

Allowed values for port cost are from 1 through 200000000.

Step 18

link-type { point-to-point | multipoint }

Example:


RP/0/(config-mstp-if)# link-type point-to-point

Sets the link type of the port to point-to-point or multipoint.

Step 19

hello-time seconds

Example:


RP/0/(config-mstp-if)# hello-time 1

Sets the port hello time in seconds.

Allowed values are 1 and 2.

Step 20

portfast [ bpdu-guard ]

Example:


RP/0/(config-mstp-if)# portfast
RP/0/(config-mstp-if)# portfast bpduguard

Enables PortFast on the port, and optionally enables BPDU guard.

Step 21

guard root

Example:


RP/0/(config-mstp-if)# guard root

Enables RootGuard on the port.

Step 22

guard topology-change

Example:


RP/0/(config-mstp-if)# guard topology-change

Enables TopologyChangeGuard on the port.

Note

 

Repeat steps 14 to 22 for each interface.

Step 23

Use the commit or end command.

commit - Saves the configuration changes and remains within the configuration session.

end - Prompts user to take one of these actions:

  • Yes - Saves configuration changes and exits the configuration session.
  • No - Exits the configuration session without committing the configuration changes.
  • Cancel - Remains in the configuration mode, without committing the configuration changes.

Verifying MSTP

These show commands allow you to verify the operation of MSTP:

  • show spanning-tree mst mst-name

  • show spanning-tree mst mst-name interface interface-name

  • show spanning-tree mst mst-name errors

  • show spanning-tree mst mst-name configuration

  • show spanning-tree mst mst-name bpdu interface interface-name

  • show spanning-tree mst mst-name topology-change flushes

Configuring MSTP: Examples

This example shows MSTP configuration for a single spanning-tree instance with MSTP enabled on a single interface:

config
spanning-tree mst customer1
name customer1
revision 1
instance 0
  priority 28672
!
instance 1
  vlan-ids 1001
  priority 28672
!
interface bundle-ether8171
!
interface bundle-ether861

interface Bundle-Ether861.10000 l2transport
encapsulation dot1q 1001
!
interface Bundle-Ether861.10001 l2transport
encapsulation dot1q 1002
 
interface Bundle-Ether8171.10000 l2transport
encapsulation dot1q 1001
!
interface Bundle-Ether8171.10001 l2transport
encapsulation dot1q 1002

This example shows the output from the show spanning-tree mst command, which produces an overview of the spanning tree protocol state:

show spanning-tree mst customer1 
Role:  ROOT=Root, DSGN=Designated, ALT=Alternate, BKP=Backup, MSTR=Master
State: FWD=Forwarding, LRN=Learning, BLK=Blocked, DLY=Bringup Delayed
 
Operating in dot1q mode
 
 
MSTI 0 (CIST):
 
  VLANS Mapped: 1-1000,1006-4094
 
  CIST Root  Priority    24576
             Address     b026.80da.e800
             Ext Cost    0
 
  Root ID    Priority    24576
             Address     b026.80da.e800
             Int Cost    10000
             Max Age 20 sec, Forward Delay 15 sec
 
 
  Bridge ID  Priority    28672 (priority 28672 sys-id-ext 0)
             Address     00bc.6025.64d8
             Max Age 20 sec, Forward Delay 15 sec
             Max Hops 20, Transmit Hold count  6
 
 
Interface    Port ID           Role State Designated           Port ID
             Pri.Nbr Cost                 Bridge ID            Pri.Nbr 
------------ ------- --------- ---- ----- -------------------- -------
BE8171       128.2   10000     ALT  BLK   28672 14a2.a05c.6600 128.1  
BE861        128.1   10000     ROOT FWD   24576 b026.80da.e800 128.1  
 
 
MSTI 1:
 
  VLANS Mapped: 1001-1005
 
  Root ID    Priority    24576
             Address     14a2.a05c.6600
             Int Cost    10000
             Max Age 20 sec, Forward Delay 15 sec
 
 
  Bridge ID  Priority    28672 (priority 28672 sys-id-ext 0)
             Address     00bc.6025.64d8
             Max Age 20 sec, Forward Delay 15 sec
             Max Hops 20, Transmit Hold count  6
 
 
Interface    Port ID           Role State Designated           Port ID
             Pri.Nbr Cost                 Bridge ID            Pri.Nbr 
------------ ------- --------- ---- ----- -------------------- -------
BE8171       128.2   10000     ROOT FWD   24576 14a2.a05c.6600 128.1  
BE861        128.1   10000     ALT  BLK   24576 b026.80da.e800 128.1  

In the show spanning-tree mst example output, the first line indicates whether MSTP is operating in dot1q or the Provider Bridge mode, and this information is followed by details for each MSTI.

For each MSTI, the following information is displayed:

  • The list of VLANs for the MSTI.

  • For the CIST, the priority and bridge ID of the CIST root, and the external path cost to reach the CIST root. The output also indicates if this bridge is the CIST root.

  • The priority and bridge ID of the root bridge for this MSTI, and the internal path cost to reach the root. The output also indicates if this bridge is the root for the MSTI.

  • The max age and forward delay times received from the root bridge for the MSTI.

  • The priority and bridge ID of this bridge, for this MSTI.

  • The maximum age, forward delay, max hops and transmit hold-count for this bridge (which is the same for every MSTI).

  • A list of MSTP-enabled interfaces. For each interface, the following information is displayed:

    • The interface name

    • The port priority and port ID for this interface for this MSTI.

    • The port cost for this interface for this MSTI.

    • The current port role:

      • DSGN—Designated: This is the designated port on this LAN, for this MSTI

      • ROOT—Root: This is the root port for the bridge for this MSTI.

      • ALT—Alternate: This is an alternate port for this MSTI.

      • BKP—Backup: This is a backup port for this MSTI

      • MSTR—Master: This is a boundary port that is a root or alternate port for the CIST.

      The interface is down, or the bringup delay timer is running and no role has been assigned yet.

    • The current port state:

      • BLK—The port is blocked.

      • LRN—The port is learning.

      • FWD—The port is forwarding.

      • DLY—The bringup-delay timer is running.

    • If the port is a boundary port, and not CIST and the port is not designated, then only the BOUNDARY PORT is displayed and the remaining information is not displayed.

    • If the port is not up, or the bringup delay timer is running, no information is displayed for the remaining fields. Otherwise, the bridge priority and bridge ID of the designated bridge on the LAN that the interface connects to is displayed, followed by the port priority and port ID of the designated port on the LAN. If the port role is Designated, then the information for this bridge or port is displayed.

This example shows the output of show spanning-tree mst , which displays details about the topology changes that have occurred for each MSTI on each interface:

spanning-tree mst customer1 topology-change flushes 
STI 0 (CIST):
Interface     Last TC               Reason                           Count
------------  --------------------  -------------------------------- -----
BE8171        23:05:36 Jun  6 2023  Role change: ROOT to ALT             1
BE861         --------------------  No flushes                           0
 
 
MSTI 1:
Interface     Last TC               Reason                           Count
------------  --------------------  -------------------------------- -----
BE8171        --------------------  No flushes                           0
BE861         --------------------  Flush Containment active         -----

Information About Multiple Spanning Tree Protocol

To configure Ethernet services access lists, you must understand these concepts:

Spanning Tree Protocol Overview

Ethernet is no longer just a link-layer technology used to interconnect network vehicles and hosts. Its low cost and wide spectrum of bandwidth capabilities coupled with a simple plug and play provisioning philosophy have transformed Ethernet into a legitimate technique for building networks, particularly in the access and aggregation regions of service provider networks.

Ethernet networks lacking a TTL field in the Layer 2 (L2) header and, encouraging or requiring multicast traffic network-wide, are susceptible to broadcast storms if loops are introduced. However, loops are a desirable property as they provide redundant paths. Spanning tree protocols (STP) are used to provide a loop free topology within Ethernet networks, allowing redundancy within the network to deal with link failures.

There are many variants of STP; however, they work on the same basic principle. Within a network that may contain loops, a sufficient number of interfaces are disabled by STP so as to ensure that there is a loop-free spanning tree, that is, there is exactly one path between any two devices in the network. If there is a fault in the network that affects one of the active links, the protocol recalculates the spanning tree so as to ensure that all devices continue to be reachable. STP is transparent to end stations which cannot detect whether they are connected to a single LAN segment or to a switched LAN containing multiple segments and using STP to ensure there are no loops.

STP Protocol Operation

All variants of STP operate in a similar fashion: STP frames (known as bridge protocol data units (BPDUs)) are exchanged at regular intervals over Layer 2 LAN segments, between network devices participating in STP. Such network devices do not forward these frames, but use the information to construct a loop free spanning tree.

The spanning tree is constructed by first selecting a device which is the root of the spanning tree (known as the root bridge), and then by determining a loop free path from the root bridge to every other device in the network. Redundant paths are disabled by setting the appropriate ports into a blocked state, where STP frames can still be exchanged but data traffic is never forwarded. If a network segment fails and a redundant path exists, the STP protocol recalculates the spanning tree topology and activates the redundant path, by unblocking the appropriate ports.

The selection of the root bridge within a STP network is determined by the lowest Bridge ID which is a combination of configured bridge priority and embedded mac address of each device. The device with the lowest priority, or with equal lowest priority but the lowest MAC address is selected as the root bridge.

Root port: is selected based on lowest root path cost to root bridge. If there is a tie with respect to the root path cost, port on local switch which receives BPDU with lowest sender bridge ID is selected as root port.

Designated port: Least cost port on local switch towards root bridge is selected as designated port. If there is a tie, lowest number port on local switch is selected as designated port.

The selection of the active path among a set of redundant paths is determined primarily by the port path cost. The port path cost represents the cost of transiting between that port and the root bridge - the further the port is from the root bridge, the higher the cost. The cost is incremented for each link in the path, by an amount that is (by default) dependent on the media speed. Where two paths from a given LAN segment have an equal cost, the selection is further determined by the lowest bridge ID of the attached devices, and in the case of two attachments to the same device, by the configured port priority and port ID of the neighboring attached ports.

Once the active paths have been selected, any ports that do not form part of the active topology are moved to the blocking state.

Variants of STP

The following are the supported variants of the Spanning Tree Protocol:

  • Legacy STP (STP)—The original STP protocol was defined in IEEE 802.1D-1998. This creates a single spanning tree which is used for all VLANs and most of the convergence is timer-based.

  • Multiple STP (MSTP)—A further enhancement was defined in IEEE 802.1Q-2005. This allows multiple spanning tree instances to be created over the same physical topology. By assigning different VLANs to the different spanning tree instances, data traffic can be load-balanced over different physical links. The number of different spanning tree instances that can be created is restricted to a much smaller number than the number of possible VLANs; however, multiple VLANs can be assigned to the same spanning tree instance. The BPDUs used to exchange MSTP information are always sent untagged; the VLAN and spanning tree instance data is encoded inside the BPDU.

MSTP Regions

Along with supporting multiple spanning trees, MSTP also introduces the concept of regions. A region is a group of devices under the same administrative control and have similar configuration. In particular, the configuration for the region name, revision, and the mapping of VLANs to spanning tree instances must be identical on all the network devices in the region. A digest of this information is included in the BPDUs sent by each device, so as to allow other devices to verify whether they are in the same region.

The following figure shows the operation of MST regions when bridges running MSTP are connected to bridges running legacy STP or RSTP. In this example, switches SW1, SW2, SW3, SW4 support MSTP, while switches SW5 and SW6 do not.

Figure 2. MST Interaction with Non-MST Regions

MST Interaction with Non-MST Regions

To handle this situation, an Internal Spanning Tree (IST) is used. This is always spanning tree instance 0 (zero). When communicating with non-MSTP-aware devices, the entire MSTP region is represented as a single switch. The logical IST topology in this case is shown in the following figure.

Figure 3. Logical Topology in MST Region Interacting with Non-MST Bridges

Logical Topology in MST Region Interacting with Non-MST Bridges

The same mechanism is used when communicating with MSTP devices in a different region. For example, SW5 in the above figure could represent a number of MSTP devices, all in a different region compared to SW1, SW2, SW3 and SW4.

MSTP Port Fast

MSTP includes a Port Fast feature for handling ports at the edge of the switched Ethernet network. For devices that only have one link to the switched network (typically host devices), there is no need to run MSTP, as there is only one available path. Furthermore, it is undesirable to trigger topology changes (and resultant MAC flushes) when the single link fails or is restored, as there is no alternative path.

By default, MSTP monitors ports where no BPDUs are received, and after a timeout, places them into edge mode whereby they do not participate in MSTP. However, this process can be speeded up (and convergence of the whole network thereby improved) by explicitly configuring edge ports as port fast.


Note


  • You must disable and re-enable the port for Port Fast configuration to take effect. Use shutdown and no shutdown command (in interface configuration mode) to disable and re-enable the port.

  • Port Fast is implemented as a Cisco-proprietary extension in Cisco implementations of legacy STP. However, it is encompassed in the standard for MSTP, where it is known as Edge Port.


MSTP Root Guard

In networks with shared administrative control, it may be desirable for the network administrator to enforce aspects of the network topology and in particular, the location of the root bridge. By default, any device can become the root bridge for a spanning tree, if it has a lower priority or bridge ID. However, a more optimal forwarding topology can be achieved by placing the root bridge at a specific location in the centre of the network.


Note


The administrator can set the root bridge priority to 0 in an effort to secure the root bridge position; however, this is no guarantee against another bridge which also has a priority of 0 and has a lower bridge ID.

The root guard feature provides a mechanism that allows the administrator to enforce the location of the root bridge. When root guard is configured on an interface, it prevents that interface from becoming a root port (that is, a port via which the root can be reached). If superior information is received via BPDUs on the interface that would normally cause it to become a root port, it instead becomes a backup or alternate port. In this case, it is placed in the blocking state and no data traffic is forwarded.

The root bridge itself has no root ports. Thus, by configuring root guard on every interface on a device, the administrator forces the device to become the root, and interfaces receiving conflicting information are blocked.


Note


Root Guard is implemented as a Cisco-proprietary extension in Cisco implementations of legacy STP. However, it is encompassed in the standard for MSTP, where it is known as Restricted Role.

MSTP Topology Change Guard

In certain situations, it may be desirable to prevent topology changes originating at or received at a given port from being propagated to the rest of the network. This may be the case, for example, when the network is not under a single administrative control and it is desirable to prevent devices external to the core of the network from causing MAC address flushing in the core. This behavior can be enabled by configuring Topology Change Guard on the port.


Note


Topology Change Guard is known as Restricted TCN in the MSTP standard.