Quick Notes: Multiple Spanning Tree: IEEE 802.1s (CCIE Official Cert Guide - Chapter 3)

From: CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1, 5th Edition

• IEEE 802.1s Multiple Spanning Tree (MST), sometimes referred to as Multiple STP (MSTP), defines a standards-based way to use multiple instances of STP in a network that uses 802.1Q VLANs.
• Like PVST+, it allows the tuning of STP parameters on a per-instance basis so that while some port blocks for one set of VLANs, the same port can forward for another set of VLANs.
• As opposed to PVST+, it does not run a separate STP instance for each and every VLAN because that is largely unnecessary: Usually only a handful of different spanning trees is required and configured in a network. Running a separate STP instance for each VLAN in PVST+ merely results in multiple instances creating exactly the same spanning tree while consuming multifold system resources.
• Instead, MST runs in instances whose existence is not directly related to any particular VLAN. Instances are created by configuration, and VLANs are subsequently mapped onto them. Spanning tree created by an MST instance is shared by all VLANs mapped onto that instance.
• MST uses 802.1w RSTP for rapid convergence in each instance, inheriting all its rapid convergence properties. The following advantages have been retained: general RSTP rules about BPDU expiry in a 3x Hello interval, acceptances of inferior BPDUs from designated switches, port roles/states/types, link types, Proposal/Agreement, and so on.
• At press time, various Catalyst platforms have a limit on the maximum number of concurrent (classic) STP instances. The 2960, 3560, and 3750 platforms, for example, support at most 128 (classic) STP instances.
• MST is the only standards-based and interoperable version of STP supporting VLANs and suitable in multivendor switched environments.

MST Principles of Operation

• MST organizes the network into one or more regions.
• An MST region is a group of switches that together use MST in a consistent way—they run the same number of MST instances and map the same sets of VLANs.
• One of the key benefits of MST over PVST+ is that it requires only one MST instance for a group of VLANs.
• The MST standard allows for at most 65 active MST instances (instance 0 plus at most 64 user-definable instances).
• This limit is also motivated by the fact that MST uses a single BPDU to carry information about all instances, and it must fit into a single Ethernet frame.
• In MST, a port sends BPDUs if it is Designated for at least one MST instance. As MST uses a single BPDU for all instances, it is possible to see both switches on a point-to-point link to send BPDUs to each other if each of these switches is Designated in a different MST instance.
• MST instance 0 has a special meaning. This instance is also called the Internal Spanning Tree, or IST, and serves several purposes. First, this instance always exists even if no other MST instances are created, providing a loop-free environment to VLANs mapped onto it within a region. Without any additional configuration, all VLANs are mapped onto the IST. Second, the IST is the only instance that interacts with STP run on switches outside the MST region.
• If the network consists of several MST regions, each of them can be visualized as a single switch. Obviously, the resulting network after this simplification can still contain loops if the regions are interconnected by redundant links. MST blocks these loops by building a so-called Common Spanning Tree (CST). This CST is simply a result of the interaction of individual ISTs on region boundaries, and constitutes a spanning tree between individual regions, consisting purely of links between MST regions.
• CST has two main purposes:
• It determines loop-free paths between regions. An important consequence is that loops between regions are blocked on inter-region links and not inside regions, just like loops between switches would be blocked on the inter-switch links, not somewhere “inside” those switches. This behavior is consistent with the simplifying notion that from outside, an MST region can be perceived as just a single switch.
• CST is the only spanning tree that can be understood and participated in by non-MST (that is, STP and RSTP) switches, facilitating the interoperation between MST and its predecessors. In mixed environments with MST and STP/RSTP, STP/RSTP switches unknowingly participate in CST. Costs in CST reflect only the costs of links between regions and in non-MST parts of the network. These costs are called external costs by MST.
• In each MST region, the CST on the region’s boundary merges with the IST inside the region. The resulting tree consists of a loop-free interconnection between MST regions “glued together” with loop-free interconnection inside each MST region, and is called the Common and Internal Spanning Tree, or CIST. This tree is the union of CST between regions and ISTs inside individual regions, and is a single spanning tree that spans the entire switched topology.
• As each MST region has its own IST root, CIST—consisting of ISTs inside regions and CST between regions—can have multiple root switches as a result. These switches are recognized as the CIST Root Switch (exactly one for the entire CIST) and CIST Regional Root Switches (exactly one for the IST inside each region). CIST Regional Root Switch is simply a different name for an IST root switch inside a particular region.
• The CIST Root Switch is elected by the lowest Bridge ID from all switches that participate in CIST, that is, from all MST switches across all regions according to their IST Bridge IDs (composed of IST priority, instance number 0, and their base MAC address), and from all STP/RSTP switches, if present, according to the only Bridge IDs they have. This switch will also become the root of IST inside its own MST region; that is, it will also be the CIST Regional Root Switch. As the CIST Root Switch has the lowest known Bridge ID in the CST, it is automatically the CST Root as well.
• In other MST regions that do not contain the CIST Root Switch, only MST switches at the region boundary (that is, having links to other regions) are allowed to assert themselves as IST root switches. This is done by allowing the CIST Regional Root ID to be set either to the Bridge ID of the switch itself if and only if the switch is also the CIST Root, or in all other cases, to the Bridge ID of an MST boundary switch that receives BPDUs from a different region. Remaining internal switches have therefore no way of participating in IST root elections. From boundary switches, IST root switches are elected first by their lowest external root path cost to the CIST Root Switch. The external root path cost is the sum of costs of inter-region links to reach the region with the CIST Root Switch, costs of links inside regions are not taken into account.
• In MST regions that do not contain the CIST Root Switch, the regional IST root switches might not necessarily be the ones with the lowest Bridge IDs.
• A CIST Regional Root Switch has a particular importance for a region: Its own CIST Root Port, that is, the Root Port to reach the CIST Root Switch outside the region, is called the Master port (this is an added port role in MST).

Interoperability Between MST and Other STP Versions

• MST interoperates with non-MST switches without any per-VLAN semantics. These non-MST switches run a single STP instance for all VLANs and so all VLANs share the same single spanning tree in the non-MST part of the network. Whatever role and state a non-MST switch puts a port into, this role and state are shared by all VLANs on that port.
• The MST region appears to STP/RSTP switches as a single switch. This single switch must speak a single instance of STP or RSTP on its boundary ports toward its non-MST neighbors, and whatever decisions are made about port roles and states on this boundary, they must apply to all VLANs.
• The non-MST switches accomplish this trivially by the very way they run IEEE STP/RSTP; the MST switches do this by speaking exclusively the MST instance 0, also called the IST, on boundary ports, formatted into ordinary STP or RSTP BPDUs, and applying the negotiated port roles and states on boundary ports to all VLANs on those ports. The MST instance 0 has a key role here—it speaks to non-MST neighbors and it processes BPDUs received from them.
• Interaction between MSTP and Cisco’s PVST+ is significantly more complex.
• PVST+ regions by definition run one STP or RSTP instance for each active VLAN.
• The idea of doing any “smart” mapping between PVST+ and MST instances will not work.
• Instead, the idea of interoperation between MST and PVST+ stems from the basic idea of interoperation between MST and IEEE STP/RSTP.
• For both MST and PVST+ regions, a single representative is chosen to speak on behalf of the entire region, and the interaction between these two representatives determines the boundary port roles and states for all VLANs.
• While the role and state of an MST boundary will be unconditionally imposed on all VLANs active on that port (that is how MST boundary ports work), PVST+ ports have independent roles and states for each VLAN.
• Every PVST+ instance should receive the same information to make an identical, consistent choice of the same port role and state.
• The purpose of the PVST Simulation mechanism is to allow for a consistent interoperation between MST and PVST+ regions.
• To allow the PVST+ region to make an identical, consistent decision based on IST’s attributes for all known VLANs, all PVST+ instances must receive the same IST information formatted in PVST+ BPDUs. Therefore, MST boundary ports replicate the IST’s BPDUs into PVST+ BPDUs for all active VLANs.
• In the opposite direction, MST takes the VLAN 1 as the representative of the entire PVST+ region, and processes the information received in VLAN 1’s BPDUs in IST.
• Let us analyze this in closer detail. The interaction of IST run on an MST boundary port and VLAN 1 PVST+ can basically result in three possible roles of the port: Designated, Root, or Non-Designated (whether that is Alternate or Backup is not relevant at this point).
• An MST boundary port will become a Designated Port if the BPDUs it sends out (carrying IST data) are superior to incoming VLAN 1 PVST+ BPDUs. A Designated boundary port will unconditionally become Forwarding for all VLANs, not just for VLAN 1.
• The boundary port must verify whether other PVST+ instances would also consider it to be a Designated Port. This is trivially accomplished by listening to all incoming PVST+ BPDUs and making sure that each of them is inferior to the boundary port’s own BPDUs. This forms the first PVST Simulation consistency criterion: PVST+ BPDUs for all VLANs arriving at a Designated boundary port must be inferior to its own BPDUs derived from IST.
• Conversely, an MST boundary port will become a Root Port toward the CIST root bridge if the incoming VLAN 1 PVST+ BPDUs are so superior that they beat the boundary port's own BPDUs and are the best VLAN 1 PVST+ BPDUs received on any of the boundary ports.
• This implies that the CIST Root is located in the PVST+ region and it is the root switch for VLAN 1.
• A root boundary port will unconditionally become forwarding for all VLANs. This in turn implies that the root bridges for these VLANs must also be located in the PVST+ region and the Root Port toward them is exactly this particular boundary port. This forms the second consistency PVST Simulation criterion: PVST+ BPDUs for VLANs other than VLAN 1 arriving at a root boundary port must be identical or superior to PVST+ BPDUs for VLAN 1.
• Note that if System ID Extension is used, PVST+ BPDUs for different VLANs cannot be identical, and in fact, with the same priority on a PVST+ root switch for multiple VLANs, PVST+ BPDU for VLAN x is inferior to BPDU for VLAN y if x>y . Therefore, to meet the second consistency criterion, priorities for PVST+ root switches in VLANs other than VLAN 1 must be lower by at least 4096 from the priority of the PVST+ VLAN 1 root switch.
• If the criterion for a particular port role is not met, the PVST Simulation process will declare a PVST Simulation inconsistency and will keep the port in the blocked state until the consistency criterion for the port’s role is met again. Older switches report the offending port as Root Inconsistent; recent switches use the PVST Simulation Inconsistent designation instead.
• Finally, an MST boundary port will become a Non-Designated port if the incoming VLAN 1 PVST+ BPDUs are superior to its own BPDUs but not that superior to make this port a Root Port. A Non-Designated boundary port will unconditionally become Blocking for all VLANs.
• For Non-Designated ports, there are no consistency checks performed because the port is blocked regardless.
• If it is necessary to operate a mixed MST and PVST+ network, it is recommended to make sure that the MST region appears as a root switch to all PVST+ instances by lowering its IST root’s priority below the priorities of all PVST+ switches in all VLANs.
• It is noteworthy to mention that if a Cisco MST switch faces a pure 802.1D STP or 802.1w RSTP switch, it will revert to the appropriate STP version on the interconnecting port, that is, STP or RSTP, according to the neighbor type. However, if a Cisco MST switch is connected to a PVST+ or RPVST+ switch, it will always revert to PVST+.
• Note PVST Simulation consistency criteria require that for an MST Boundary port toward a PVST+ region to be Forwarding, one of the following conditions must be met:
• Either the boundary port’s own IST BPDUs are superior to all received PVST+ BPDUs regardless of their VLAN (in this case, the port becomes Designated; “if be Designated Port for VLAN 1, then be Designated Port for all VLANs”)
• Or the boundary port’s own IST BPDUs are inferior to received PVST+ BPDUs for VLAN 1, and they are in turn identical or inferior to received PVST+ BPDUs for other VLANs (in this case, the port becomes Root Port; “if be Root Port for VLAN 1, then be Root Port for all VLANs”)

MST Configuration

• Configuring MST requires a certain degree of prior planning.
• First, it is necessary to decide whether multiple regions shall be used and where their boundaries shall be placed.
• Each region must be subsequently assigned its name, configuration revision number, and VLAN-to-instance mapping table. The name, revision number, and VLAN-to-instance mappings are three mandatory elements of MST configuration and must match on all switches of a single region.
• The name and configuration revision number are carried in MST BPDUs in their plain form. Instead of transmitting the entire VLAN-to-instance mapping table, an MD5 hash is performed over it and its value is carried in MST BPDUs.
• The region name, revision number, and the MD5 hash of the VLAN-to-instance mapping table are compared upon BPDU arrival and must match for two switches to consider themselves being in the same region. A modification to the MST region configuration (name, revision, mapping of VLANs onto instances) on a single switch causes the switch to create its own region and trigger a topology change, possibly causing a transient network outage.
• Upgrading an MST region to a new configuration will therefore require a maintenance window. As changes to VLAN-to-instance mappings are most common, it is recommended to premap VLANs into instances even before the VLANs are created.
• Creating (or deleting) a VLAN after itis mapped to an instance will not cause any topology change event with respect to MST.
• If it is necessary to operate a mixed MST and PVST+ network, it is recommended to make sure that the MST region becomes the region containing the CIST Root Switch. This can be accomplished by lowering the IST root switch’s priority (that is, the priority of the existing root of instance 0 in the MST region) below the priorities of all PVST+ switches in all VLANs.