Module 7

Module 7: Spanning-Tree Protocol 
7.1 Redundant Topologies 
7.1.1 Redundancy

This page will explain how redundancy can improve network reliability and performance.

本小節說明備援是如何改善網路可靠度和性能。

7.1.2 Redundant topologies

A goal of redundant topologies is to eliminate network outages caused by a single point of failure. All networks need redundancy for enhanced reliability.

備援拓撲的目標是消除由一個單一的失效點所造成的網路停止運作。所有的網路都需要備援來增加可靠度。


7.1.3 Redundant switched topologies

If Switch A fails, traffic can still flow from Segment 2 to Segment 1 and to the router through Switch B.

假如交換器A失效，網路流量仍然能夠透過區段2送到區段1。

7.1.4 Broadcast storms

If Host X sends a broadcast, like an ARP request for the Layer 2 address of the router, then Switch A will forward the broadcast out all ports. Switch B is on the same segment and also forwards all broadcasts. Switch B receives all the broadcasts that Switch A forwarded and Switch A receives all the broadcasts that Switch B forwarded. Switch A forwards the broadcasts received from Switch B. Switch B forwards the broadcasts received from Switch A.

假如主機X送一個廣播，例如ARP請求來詢問路由器第2層位址，交換器A會將這個廣播訊框傳送到每個埠。交換器B和交換器A是在同一個區段，同時也會傳送廣播訊框到每個埠。交換器B會收到由交換器A所傳送的所有廣播訊框，同樣的交換器A也會收到由交換器B所傳送的所有廣播訊框。然後交換器A會再轉送交換器B所傳送的所有廣播訊框，交換器B也會再轉送交換器A所傳送的所有廣播訊框。

7.1.5 Multiple frame transmissions

Switch A does not have the MAC address of Router Y and will therefore flood the frame out its ports. Switch B also does not know which port Router Y is on. Switch B then floods the frame it received. This causes Router Y to receive multiple copies of the same frame. This results in unnecessary utilization of network resources.

交換器A因為沒有路由器Y的MAC位址，所以會將這個訊框從所有的埠泛流出去。交換器B也不知道路由器Y是接到哪一個埠，因此交換器B也會將這個訊框從所有的埠泛流出去。這將引起路由器Y收到同一個訊框的多重副本。這會導致網路資源不必要的使用。

7.1.6 Media access control database instability

In a redundant switched network it is possible for switches to learn the wrong information. A switch can incorrectly learn that a MAC address is on one port, when it is actually on a different port. In this example the MAC address of Router Y is not in the MAC address table of either switch.

在備援的交換網路中，交換器是有可能學習到錯誤的資訊。一個交換器可能將某一個MAC位址誤認為是在某一埠，但它卻是連接在另一個埠。在這個例子中，路由器Y的MAC位址並沒有在這兩台交換器的MAC位址表中。

Host X sends a frame directed to Router Y. Switches A and B learn the MAC address of Host X on port 0.

主機X直接傳送一個訊框給路由器Y。交換器A和B將主機X的MAC位址對應到埠0。

The frame to Router Y is flooded on port 1 of both switches. Switches A and B receive this information on port 1 and incorrectly learn the MAC address of Host X on port 1. When Router Y sends a frame to Host X, Switch A and Switch B also receive the frame and will send it out port 1. This is unnecessary, but the switches have incorrectly learned that Host X is on port 1.

這個傳送到路由器Y的訊框會被泛流到這兩台交換器的埠1。交換器A和B從埠1收到這個資訊，然後會誤認為主機X的MAC位址是對應到埠1。然後當路由器Y要傳送一個訊框到主機X，交換器A和交換器B也會同時收到這個訊框，並將送它從埠1傳送出去。這是不必要的，因為這兩個交換器已經誤認為主機X是對應到埠1。

In this example the unicast frame from Router Y to Host X will be caught in a loop.

在這個例子中，從路由器Y傳送到主機X的單點廣播訊框將會造成迴圈。

7.2 Spanning-Tree Protocol 
   
7.2.1 Redundant topology and spanning tree

In the Layer 2 header, there is no Time To Live (TTL) value. If a frame is sent into a Layer 2 looped topology of switches, it can loop forever. This wastes bandwidth and makes the network unusable.

在第2層的表頭裡並沒有存活時間(TTL)的設定值。假如一個訊框被送到一個第2層迴圈的交換器拓撲中，可能會造成無窮迴圈。這會浪費網路頻寬並造成網路無法使用。

A physical topology that contains switching or bridging loops is necessary for reliability, yet a switched network cannot have loops.

實體拓樸內應含有交換器或橋接器的迴圈，然而交換網路卻不能含有迴圈。這會造成一個左右為難的狀況。

The solution is to allow physical loops, but create a loop free logical topology. For this logical topology, traffic destined for the server farm attached to Cat-5 from any user workstation attached to Cat-4 will travel through Cat-1 and Cat-2. This will happen even though there is a direct physical connection between Cat-5 and Cat-4.

解決方法是允許實體拓樸有迴圈，但不要讓邏輯拓撲有迴圈。在這個邏輯拓撲中，從連接到CAT-4交換器的任何使用者工作站，傳送網路流量到連接至CAT-5交換器的伺服器群，都必須流經CAT-1與CAT-2交換器。儘管CAT-5與CAT-4交換器有直接的連結，這樣的情況仍然有可能會發生。

The loop free logical topology created is called a tree. This topology is a star or extended star logical topology. This topology is the spanning-tree of the network. It is a spanning-tree because all devices in the network are reachable or spanned.

沒有迴圈的邏輯拓撲叫做樹。這種拓撲是星狀或延伸式星狀的邏輯拓撲。這種拓撲是擴充樹的網路。因為網路上所有裝置都是可到達的或是可擴展的，所以稱為擴充樹。

The algorithm used to create this loop free logical topology is the spanning-tree algorithm. This algorithm can take a relatively long time to converge. A new algorithm called the rapid spanning-tree algorithm was developed to reduce the time for a network to compute a loop free logical topology.

用來建立沒有迴圈的邏輯拓撲之演算法通常稱為擴充樹演算法。這個演算法會花比較長的時間去收斂。一個新的演算法叫做快速擴充樹演算法，是開發用來減少網路上，計算一個沒有迴圈的邏輯拓撲所需的時間。

7.2.2 Spanning-tree protocol

Ethernet bridges and switches can implement the IEEE 802.1d Spanning-Tree Protocol and use the spanning-tree algorithm to construct a loop free shortest path network.

乙太網路橋接器和交換器能實作國際電機電子工程學會(IEEE)802.1d的擴充樹協定，並可使用擴充樹演算法建立一個沒有迴圈的最短路徑網路。

Shortest path is based on cumulative link costs. Link costs are based on the speed of the link.

最短的路徑是依據累計的連結成本來決定的。連結成本是依據連結速度來決定的。

The Spanning-Tree Protocol establishes a root node called the root bridge. The Spanning-Tree Protocol constructs a topology that has one path for every node on the network. This tree originates from the root bridge. Redundant links that are not part of the shortest path tree are blocked.

擴充樹協定建立一個根節點叫根橋接器。擴充樹協定建立了一個網路拓撲，其中每一個節點都存在一條路徑。擴充樹源自於根橋接器。不是最短路徑的備援連結將被阻隔。

It is because certain paths are blocked that a loop free topology is possible. Data frames received on blocked links are dropped.

因為某些特定的路徑被阻隔，所以才有可能建立沒有迴圈的拓撲。在阻隔連結上所收到的資料訊框將被丟棄。

The Spanning-Tree Protocol requires network devices to exchange messages to detect bridging loops. Links that will cause a loop are put into a blocking state.

擴充樹協定需要網路裝置互相交換訊息來偵測橋接的迴圈。會引起迴圈的連結將被歸類為阻斷狀況。

Switches send messages called the bridge protocol data units (BPDUs) to allow the formation of a loop free logical topology. BPDUs continue to be received on blocked ports. This ensures that if an active path or device fails, a new spanning-tree can be calculated.

交換器送出所謂的橋接器協定資料單元(BPDUs)訊息來確認沒有迴圈的邏輯拓撲之形成。在被阻隔的埠上會持續收到BPDUs訊息。如此可確保當一個正常運作的路徑或裝置失效時，會重新計算擴充樹。

BPDUs contain information that allow switches to perform specific actions:

Select a single switch that will act as the root of the spanning-tree.
Calculate the shortest path from itself to the root switch.
Designate one of the switches as the closest one to the root, for each LAN segment. This switch is called the designated switch. The designated switch handles all communication from that LAN segment towards the root bridge.
Choose one of its ports as its root port, for each non-root switch. This is the interface that gives the best path to the root switch.
Select ports that are part of the spanning-tree. These ports are called designated ports. Non-designated ports are blocked.

BPDUs包含了允許交換器完成特定行為的資訊：

選擇一個單一的交換器來擔任這個擴充樹的根交換器。
計算從自己到根交換器的最短的路徑。
在每個區域網路區段中，選定一個最靠近根交換器的的交換器。稱之為指定交換器。指定交換器管理由區域網路區段到根橋接器的所有通訊。
在每個非根交換器各選擇其中一個埠來當做該交換器的根埠。這是到根交換器最佳路徑的界面。
被選擇的埠是擴充樹的一部分。這些埠被叫做指定埠。而非指定埠將被阻隔。

7.2.3 Spanning-tree operation

When the network has stabilized, it has converged and there is one spanning-tree per network.

當網路已經穩定，它已經收斂並且每個網路有一個擴充樹。

As a result, for every switched network the following elements exist:

One root bridge per network
One root port per non-root bridge
One designated port per segment
Unused, or non-designated ports

其結果是每一個交換網路存在以下的元件：

每一個網路有一個根橋接器
每一個非根橋接器有一個根埠
每個網路區段有一個指定埠
其他的為沒有用到的或非指定的埠

Root ports and designated ports are used for forwarding (F) data traffic.

根埠及指定埠是用來轉送(F)資料流量。

Non-designated ports discard data traffic. These ports are called blocking (B) or discarding ports.

非指定埠會丟棄資料流量。這些埠稱為阻隔(B)或丟棄埠。

7.2.4 Selecting the root bridge

When a switch is turned on, the spanning-tree algorithm is used to identify the root bridge. BPDUs are sent out with the bridge ID (BID). The BID consists of a bridge priority that defaults to 32768 and the switch MAC address. By default BPDUs are sent every two seconds.

當一個交換器被開機時，擴充樹演算法會先去找根橋接器。他會送出含有橋接器代號(BID)的BPDUs。 BID包含了橋接器優先權(預設值為32768)和交換器的MAC位址。預設狀況下， BPDUs每隔二秒會送出一次。

When a switch first starts up, it assumes it is the root switch and sends BPDUs that contain the switch MAC address in both the root and sender BID. These BPDUs are considered inferior because they are generated from the designated switch that has lost its link to the root bridge. The designated switch transmits the BPDUs with the information that it is the root bridge as well as the designated bridge. These BPDUs contain the switch MAC address in both the root and sender BID. The BIDs are received by all switches. Each switch replaces higher root BIDs with lower root BIDs in the BPDUs that are sent out. All switches receive the BPDUs and determine that the switch with the lowest root BID value will be the root bridge.

當一個交換器啟動時，就假設它是根交換器，並送出BPDUs訊息，其中根BID及傳送者BID都包含交換器的MAC位址。這些BPDUs訊息被認定為次級的，這是因為它們是從失去根橋接器連結後而產生的。這個指定交換器傳送BPDUs訊息，其中包含了它是根橋接器也是指定橋接器的資訊。這些BPDUs訊息之根BID及傳送者BID都包含交換器的MAC位址。而所有的交換器都會接收到這些BID。每個交換器在傳送BPDUs訊息時會將較大的根BID以較小的根BID取代。所有的交換器都會收到這個BPDUs，而且會認定有最小BID的交換器為根橋接器。

Network administrators can set the switch priority to a smaller value than the default, which makes the BID smaller. This should only be implemented when the traffic flow on the network is well understood.

網路管理者能將交換器的優先權設定成比預設值還小，這會造成BID變小。只能在網路流量能確實掌握時才能這樣做。

7.2.5 Stages of spanning-tree port states

Time is required for protocol information to propagate throughout a switched network. Topology changes in one part of a network are not instantly known in other parts of the network due to propagation delay. Data loops can occur when a switch changes the state of a port too quickly.

協定資訊在通過一個交換網路時是需要時間的。由於傳播延遲，某部份的網路拓撲改變時，在網路的另一個部分並不見得能立即知道。當交換器的埠狀態改變太快時，資料迴圈就會發生。

Each port on a switch that uses the Spanning-Tree Protocol has one of five states, as shown in Figure .

使用擴充樹協定的交換器，每個埠有五種狀態，如圖所示。

In the blocking state, ports can only receive BPDUs. Data frames are discarded and no addresses can be learned. It may take up to 20 seconds to change from this state.

在阻隔狀況下，埠只可接收BPDUs。資料訊框會被丟棄，而且不學習任何位址。在20秒後會改變到下個狀態。

Ports transition from the blocking state to the listening state. In this state, switches determine if there are any other paths to the root bridge. The path that is not the least cost path to the root bridge returns to the blocking state. The listening period is called the forward delay and lasts for 15 seconds. In the listening state, data is not forwarded and MAC addresses are not learned. BPDUs are still processed.

埠從阻隔狀態改變到傾聽狀態。在這個狀態，交換器會決定是否有任何其他路徑可以通到根橋接器。如果這個路徑不是通往根橋接器的最低成本路徑，將會回到阻隔狀態。傾聽期間又稱為轉送延遲，會持續15秒鐘的時間。在傾聽狀態下，資料是不被轉送的，同時也不學習MAC位址了。但BPDUs仍然會被處理。

Ports transition from the listening state to the learning state. In this state, data is not forwarded, but MAC addresses are learned from traffic that is received. The learning state lasts for 15 seconds and is also called the forward delay. BPDUs are still processed.

埠從傾聽狀態轉換到學習狀態。在這個狀態，資料不被轉送，但從收到的網路流量中MAC位址會被學習。這學習狀態會持續15秒鐘的時間，同時也被稱為轉送延遲。BPDUs仍然會被處理。

Ports transitions from the learning state to the forwarding state. In this state user data is forwarded and MAC addresses continue to be learned. BPDUs are still processed.

埠從學習狀態轉換到轉送狀態。在這個狀態下，使用者資料會被轉送，MAC位址持續被學習。BPDUs仍然會被處理。

A port can be in a disabled state. This disabled state can occur when an administrator shuts down the port or the port fails.

一個埠有可能是處於關閉狀態。當管理者關閉這個埠或這個埠失效時，關閉狀態便產生了。

The time values given for each state are the default values. These values have been calculated on an assumption that there will be a maximum of seven switches in any branch of the spanning-tree from the root bridge.

上述每個狀態的時間值是預設值。這些值是在一種假設下所計算出來的，假設從根橋接器衍伸的任何擴充樹的分支最多有七個交換器。

7.2.6 Spanning-tree recalculation

A switched internetwork has converged when all the switch and bridge ports are in either the forwarding or blocking state. Forwarding ports send and receive data traffic and BPDUs. Blocking ports only receive BPDUs.

當交換網路中全部的交換器與橋接器的埠處於轉送或阻隔狀態，表示這個網路已經收斂。轉送埠傳送及接收資料流量和BPDUs訊息。阻隔埠只接收BPDUs訊息。

When the network topology changes, switches and bridges recompute the spanning-tree and cause a disruption in network traffic.

當網路拓撲改變，交換器與橋接器會重新計算擴充樹，此時會導致網路流量的中斷。

Convergence on a new spanning-tree topology that uses the IEEE 802.1d standard can take up to 50 seconds. This convergence is made up of the max-age of 20 seconds, plus the listening forward delay of 15 seconds, and the learning forward delay of 15 seconds.

使用國際電機電子工程學會(IEEE)802.1d標準讓一個新的擴充樹拓撲收斂最多花費50秒鐘的時間。其中，最大過期時間為20秒，傾聽的轉送延遲15秒，還有學習的轉送延遲15秒。

Lab Exercise: Spanning-Tree Recalculation

In this lab, the student will create a basic switch configuration and verify it and observe the behavior of spanning-tree algorithm in presence of switched network topology changes.

7.2.7 Rapid spanning-tree protocol

The Rapid Spanning-Tree Protocol is defined in the IEEE 802.1w LAN standard. The standard and protocol introduce new features:

Clarification of port states and roles
Definition of a set of link types that can go to forwarding state rapidly
Concept of allowing switches in a converged network to generate BPDUs rather than relaying root bridge BPDUs

快速擴充樹協定是定義在國際電機電子工程學會(IEEE)802.1w區域網路標準中。這個標準與協定介紹了下列新的特色：

說明了埠的狀況與角色
定義了一組連結型態使其能快速的轉送狀態資訊
提出允許交換器在收斂網路中重新產生BPDUs訊息的觀念，而非轉送根橋接器的BPDUs訊息

The blocking state of a port is renamed as the discarding state. The role of a discarding port is that of an alternate port. The discarding port can become the designated port if the designated port of the segment fails.

阻隔狀態被重新命名為丟棄狀態。丟棄埠的角色是一個輪替埠。假如網路區段上的指定埠失效，丟棄埠就可能變成指定埠。

Link types have been defined as point-to-point, edge-type, and shared. These changes allow rapid discovery of link failure in switched networks.

連結類型可以被定義為點對點、端點類型和分享。而這些狀態的改變是為了要快速的發現交換網路的連結失效。

Point-to-point links and edge-type links can go to the forwarding state immediately.

點對點連結及端點類型連結能立即成為轉送狀態。

Network convergence should take no longer than 15 seconds with these changes.

藉由這些狀態的改變，網路收斂將不會超過15秒鐘的時間。

The Rapid Spanning-Tree Protocol, IEEE 802.1w, will eventually replace the Spanning-Tree Protocol, IEEE 802.1d.

快速擴充樹協定，國際電機電子工程(IEEE)802.1w，最後將會取代擴充樹協定，國際電機電子工程(IEEE)802.1d。