Improvements in STP

PortFast

Welcome back to a new article. This article would be quite short and focuses on improvements in STP. As discussed in previous articles, STP takes 30 seconds to converge, 15 seconds in the Listening state, and 15 seconds in the Learning state. So, a small change in the network would take 30 seconds to recover and will have a heavy number of broadcast frames to re-learn the new MAC addresses, as every switch that receives TCN BPDU will change its MAC address table timings from 300 seconds to 15 seconds. This means that each time I plug in or unplug the cable of an end device, spanning-tree will generate a topology change notification and will follow the process as mentioned above as well as in the previous article. This doesn’t seem alright as the end device doesn't affect the spanning-tree topology and therefore changes in it shouldn’t lead to recalculation/re-convergence of spanning-tree. To solve this issue, we have a feature known as Portfast. It basically does two things: A switch will never generate a TCN for an interface that has Portfast enabled, and interfaces with Portfast enabled that come up will go to the forwarding state immediately. They won’t go through the listening and learning state and therefore would save the re-convergence time. Therefore, it’s best to enable Portfast on the interfaces that are connected to the end devices.

UplinkFast

This feature will make the non-designated port go to the forwarding state immediately if the root port fails. Do you remember the Direct Topology change which we discussed in the previous article? If not, you can find it here:

By using this feature, we can save the 2*Forward_Time which the switch takes to re-converge.

BackboneFast

The feature which can be used for an Indirect Topology Change is Backbone Fast. We know that it takes Max-age + 2*Forward_Time to re-converge. If you are confused about what I am talking about, please go through the link provided above. I have tried to explain it in the simplest language possible. The switch waits for the old information to expire and then starts considering inferior BPDU. By enabling the BackboneFast feature, the switch will start accepting the inferior BPDU immediately, and this will help us save the Max-age time during the re-convergence.

Security Features in STP

Suppose we have a completely working Spanning-tree topology, and an attacker connects its host device to one of the switches and starts a tool that generates BPDUs with a superior bridge ID. After looking at this BPDU, switches in our network will believe that this is our new root and will start re-converging. This can lead to a man-in-the-middle attack, and the attacker could see all our data. To stop such kind of attack, there is a feature called BPDU guard. It will ensure that when we receive a BPDU on a BPDU guard-enabled interface, it will make that interface go into the error-disable state. You can also enable BPDU guard globally; it will be activated on all the interfaces that have Portfast enabled. There is one more feature known as BPDU Filter; the difference between these two is that BPDU Filter will just filter the BPDU, it will not make the port go into the error-disable state. RootGuard feature will make sure that you don’t accept any other switch as a root switch.

Thank you so much for reading this and I hope you enjoyed it! Feel free to comment with questions or additional insights! Let’s keep learning together.

要查看或添加评论,请登录

Jugal Modi的更多文章

  • Packet-Flow in different networks

    Packet-Flow in different networks

    Welcome back to another article on the journey of cracking an interview. The previous article discussed the packet flow…

  • Packet Flow

    Packet Flow

    Welcome back to the next installment in our interview prep series. In our previous article, we covered the IPv4 header,…

  • IPv4 Header

    IPv4 Header

    Welcome back to another article for interview preparation. We have already discussed the basics of switching in all the…

  • STP RECONVERGENCE

    STP RECONVERGENCE

    As this article requires great detail, I took help from the internet and would like to credit INE.com for this.

  • STP Example

    STP Example

    I hope you know the basics of STP, like what are the different port roles and how does it elect a root port and…

  • Introduction to STP

    Introduction to STP

    One of the most important topic for an interview is STP(Spanning Tree Protocol). Let’s start discussing about it.

  • VTP(VLAN Trunking Protocol)

    VTP(VLAN Trunking Protocol)

    Today's article is about VTP, which stands for VLAN Trunking Protocol. It's a Cisco proprietary Layer-2 protocol.

  • Dynamic Trunking Protocol

    Dynamic Trunking Protocol

    Welcome back to a new article on Networking Concepts. Let me first answer the question which was asked in the previous…

  • But what is a VLAN?

    But what is a VLAN?

    As we have already gone through the switching process in previous articles, we must think about a situation where we…

  • Unknown facts about process switching.

    Unknown facts about process switching.

    In the previous article, we learned how a switch learns about MAC addresses and stores them in the CAM table. You can…

其他会员也浏览了