STP Enhancements: UplinkFast, BackboneFast

on

UplinkFast

  • UplinkFast is a Cisco specific feature that improves the convergence time of STP in the event of the failure of an uplink.
  • The UplinkFast feature is designed to run in a switched environment when the switch has at least one alternate/backup root port (port in blocking state).
  • Cisco recommends that UplinkFast be enabled only for switches with blocked ports, typically at the access layer.
  • A typical redundant network design is an access switch dually connected to two core, or distribution, switches. As the redundant uplink introduces a loop in the physical topology of the network, the spanning tree algorithm (STA) blocks it.
  • In the event of failure of the primary uplink to core switch, STP recalculates and eventually unblocks the second uplink to the other core switch. With the default STP parameters, the recovery takes up to 30 seconds.
  • The UplinkFast feature is a Cisco proprietary technique that reduces the recovery time further down to the order of one second.
  • The UplinkFast feature is based on the definition of an uplink group.
  • On a given switch, the uplink group consists of the root port and all the ports that provide an alternate connection to the root bridge.
  • If the root port fails, which means if the primary uplink fails, a port with next lowest cost from the uplink group is selected to immediately replace it.
  • You can determine these about BPDUs and ports in a stable network:
    • When a port receives a BPDU, it has a path to the root bridge. This is because BPDUs are originated from the root bridge.
    • On any given switch, all ports that receive BPDUs are blocking, except the root port.
    • A self-looped port does not provide an alternate path to the root bridge.
  • On a given switch, the root port and all blocked ports that are not self-looped form the uplink group.
  • Note: UplinkFast only works when the switch has blocked ports. The feature is typically designed for an access switch that has redundant blocked uplinks. When you enable UplinkFast, it is enabled for the entire switch and cannot be enabled for individual VLANs.
  • With UplinkFast enabled, when the root path fails, an alternate port is immediately put in the forwarding mode, thus violating the standard STP convergence procedures.
  • When this fast switchover happens, the CAM table is no longer accurate.
  • In order to solve this problem, the switch begins to flood dummy packets with the different MAC addresses that it has in its CAM table as a source.
  • The destination is a Cisco proprietary multicast MAC address that ensures that the packet is flooded on the whole network and updates the necessary CAM tables on the other switches.
  • When the primary uplink comes back up, it is first kept blocked for about 35 seconds by UplinkFast, before it is immediately switched to a forwarding state.
  • The switchover time is 2 x Forward_Delay + 5 seconds = 35 seconds. The 5 seconds leaves time for other protocols, like DTP or EtherChannel, to negotiate.
  • This port is not able to do another UplinkFast transition for roughly the same period of time. The idea is to protect against a flapping uplink that keeps triggering UplinkFast too often, and can cause too many dummy multicasts to be flooded through the network.
  • As soon as Uplink Fast is configured, the switch automatically adjusts some STP parameters:
    • The bridge priority of the switch is increased to a significantly higher value than the default. This ensures that the switch is not likely to be elected root bridge, which does not have any root ports (all ports are designated).
    • All the ports of the switch have their cost increased by 3000. This ensures that switch ports are not likely be elected designated ports.
  • Warning: Be careful before you configure UplinkFast feature because the automatic changes of STP parameters can change the current STP topology.
  • UplinkFast can only be applied globally for the whole switch.
  • The global configuration command is spanning-tree uplinkfast.
  • UplinkFast is disabled by default.
  • For verification, use show spanning-tree uplinkfast.


The show spanning-tree command output before UplinkFast is enabled. Note the bridge priority and path cost values.

Switch#show spanning-tree

 VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    8193
             Address     0016.4748.dc80
             Cost        19
             Port        130 (FastEthernet3/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

   Bridge ID  Priority    32768
             Address     0009.b6df.c401
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

 Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa3/1            Altn BLK 19        128.129  P2p
Fa3/2            Root FWD 19        128.130  P2p



Enable the UplinkFast feature.

Switch(config)#spanning-tree uplinkfast


The show spanning-tree command output after the UplinkFast feature is enabled. Note the bridge priority and path cost values.

Switch# show spanning-tree

 VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    8193
             Address     0016.4748.dc80
             Cost        3019
             Port        130 (FastEthernet3/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

   Bridge ID  Priority    49152
             Address     0009.b6df.c401
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300
  Uplinkfast enabled

 Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa3/1            Altn BLK 3019      128.129  P2p
Fa3/2            Root FWD 3019      128.130  P2p




BackboneFast 

  • BackboneFast is a Cisco proprietary feature that, once enabled on all switches in the network, can save a switch up to 20 seconds (Max_Age) when it recovers from an indirect link failure.
  • BPDUs can be strictly classified by the fields they carry. Among these fields are the root bridge ID, path cost to the root, and sender bridge ID.
  • A BPDU is considered better than another BDPU for these reasons:
    • When one BPDU carries a better root bridge ID than another. The lower the value, the better.
    • When the root bridge ID values are equal, then the BPDU with the lowest path cost to the root is better.
    • When the root bridge ID values are equal and the costs to the root are the same, then the BPDU with the better sender bridge ID is better. The lower the value, the better.
  • The better a BPDU, the better the access to the root bridge.
  • A switch that receives a BPDU on a port better than the one it sends out, puts this port in blocking mode unless it is its root port. This means that on the segment connected to this port, there is another switch that is a designated switch. 
  • A switch stores the value of the BPDU on a port sent by the current designated switch.

Covengerce without BackboneFast

  • Below, assume that R is the root bridge and B is the backup root bridge. S blocks its port P and B is the designated switch for link L3.


  • If link L1 goes down, switch B immediately detects the failure and assumes it is the root. It starts to send BPDUs to switch S and claims to be the new root.
  • When S receives this new BPDU from B, it realizes it is inferior to the one it had stored for port P and ignores it.
  • After Max_Age timer expires (20 seconds by default), the BPDU stored on S for port P ages out. The port goes immediately to listening and S starts to send its better BPDU to B.
  • As soon as B receives the BPDU from S, it stops sending its BPDU.
  • Port P moves to the forwarding state through listening and learning states. This takes 2 x Forward_Delay value, an additional 30 seconds. Full connectivity is then restored.
  • It took the Max_Age value (20 seconds) plus 2 x Forward_Delay value (2 x 15 seconds) to recover from this indirect link failure. This is 50 seconds with the default parameters. 
  • The BackboneFast feature proposes to save Max_Age (20 seconds). 
  • In order to get rid of this Max_Age delay, BackboneFast introduces two enhancements:
    • The ability to detect an indirect link failure as soon as possible. This is achieved by tracking the inferior BPDUs that a designated switch sends when it experiences a direct link failure.
    • A mechanism that allows for an immediate check if the BPDU information stored on a port is still valid. This is implemented with the Root Link Query (RLQ).
  • Instead of passively waiting for Max_Age to age out, the RLQ is sent. The RLQ is used to achieve a kind of ping for the root on a non-designated port and allowed to quickly confirm if the BPDU stored on a port is still valid or needs to be discarded.
  • The two forms of RLQs are RLQ requests and RLQ responses.
  • The RLQ request is sent out on a port where you usually receive BPDUs, in order to check that you still have connectivity to the root through this port. The switch specifies its own root in the RLQ request and the RLQ response eventually comes back with a root bridge that can be accessed through this port. If the two roots are the same, connectivity is still alive, else, it is lost.
  • A switch that receives a RLQ request immediately answers if it knows it has lost connection to the root queried because it has a root bridge different to the one specified in the RLQ query, and if it is the root.
  • If this is not the case, then, it forwards the query toward the root through its root port.
  • The RLQ has the same packet structure as a normal STP BPDU, but there are some differences. Only the root ID and the sender bridge ID are used, the message type is different, and two different Cisco-specific SNAP addresses are used: one for the request and one for the reply.
  • This Cisco-specific feature needs to be configured on all switches in the network in order to process the RLQs.

Convergencve with BackboneFast Enabled

  • This scenario is based on the first example, but, this time with BackboneFast enabled on the three switches.


  • As soon as S receives the inferior BPDU from B, it starts to reconfirm its non-designated ports instead of waiting for Max_Age to expire. It sends a RLQ query on its root port for root bridge R.
  • Root bridge R receives the query and immediately answers with a RLQ response that specifies there is still a root R in that direction.
  • S has now checked all its non-designated ports, and it still has connectivity to the root. It can then age out the information stored on port P. P transitions to listening and starts to send BPDUs. 
  • B receives the better BPDU from S (R better root than B) and considers the port that lead to L3 as its root port.
  • When used, BackboneFast must be enabled on all switches in the network because BackboneFast requires the use of the RLQ request and reply mechanism in order to inform switches of root path stability.
  • The global configuration command is spanning-tree backbonefast.
  • By default, BackboneFast is disabled.
  • To verify the status of BackboneFast and show statistics, use the show spanning-tree backbonefast command.


Enable BackboneFast globally.

Switch(config)# spanning-tree backbonefast


View the status of BackboneFast and show statistics.

Switch# show spanning-tree backbonefast

 BackboneFast         is enabled

 BackboneFast statistics
-----------------------
Number of transition via backboneFast (all VLANs)           : 0
Number of inferior BPDUs received (all VLANs)               : 0
Number of RLQ request PDUs received (all VLANs)             : 0
Number of RLQ response PDUs received (all VLANs)            : 0
Number of RLQ request PDUs sent (all VLANs)                 : 0
Number of RLQ response PDUs sent (all VLANs)                : 0


Documentation

Comments

Post a Comment