Little-known MST. Multi-region implementation considerations

Denial of responsibility.

This article will discuss the logic of selecting the Root port on switches that perform the role of CIST Regional Root in the multi-regional implementation of the MST protocol. In the case of using good advice and criminal conclusions from this article in the production networks of enterprises, the author is not responsible for your subsequent actions, possible malfunctions in the functioning of the computer network, partial loss of data and damage to equipment.



Introduction

As part of getting acquainted with the MST protocol, I had to come across the fact that the information on the protocol on the Cisco Systems website is not much wider than in the Talmud I respect, “CCNP SWITCH 642-813” (whose main task, it seems to me, is to reduce the number of CCNP by the labor market, freeing up jobs for the children of the great Ganges), and speaking directly - at the links www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfc.shtml - Understanding Multiple Spanning Tree Protocol (802.1s) www.cisco .com / en / US / tech / tk389 / tk621 / technologies_tech_note09186a0080094366.shtml - Configuring MST (802.1s) / RSTP (802.1w) on Catalyst Series Switches Running CatOS
the reader expects the same cotton wool as in the product of the work of a Native American with an Indian surname (no, I'm not talking about Mithun Chakroborty, but about David Hucaby), mentioned earlier.
In addition to the above links, I managed to find another article on the Cisco website that gives answers to at least some questions - this is www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/ MST.html - Cisco Nexus 5000 Series NX-OS Software Configuration Guide - Configuring Multiple Spanning Tree . From this document, at least, it was possible to extract sound definitions of the terms CST, CIST, IST, MSTI, which, before that, caused me considerable difficulties.

Act 1. Scene 1.

But questions regarding the BPDU format, MSTP messages, switch interaction, selection algorithms, and other important aspects of the protocol's operation still had significantly more questions than answers to them. Having entered into a rage, I turned to the original source, but here I already encountered a diametrically different problem - the amount of information in the draft clearly exceeded my modest requests, and together with the methods of submitting it, thoughtful reading of the entire document threatened me with a partial loss of reason and joining the standard working group on an altruistic basis. As a result of the ongoing search for material and spiritual peace, I discovered a really good article, the notorious Peter Lapukhov (4xCCIE) - Understanding MSTP .
The absolute majority of my questions disappeared after reading, the tears of joy irrigated the unshaven face of the veteran, but ... carefully looking at all the topologies used in the article, I noticed one caveat - all Regional CIST Roots are connected to the region in which CIST ROOT is located through only one link. Figure 1 below shows an exaggerated version of this topology.


Fig. 1

Remembering the tasks posed before the article (something about Root ports) and looking at this topology, no questions arise - the choice of the Root port is simple and obvious. Regional Root (SW2) selects and uses its best port to CIST Root (SW1) as the Root port, the other boundary ports to the CIST Root side are blocked on it, and on the other switches in this region, the boundary ports become either Designated or Altn, depending whether they send the best or not BPDUs to the segment - everything is like with RSTP (elementary Watson).
In the case of using several parallel links with the same price (with a different CIST Regional Root will use a link with a lower price - this algorithm is described in detail in all documents on the MST - yes yes, even Mithun) CIST Regional Root will select the Root port as if using any another protocol of the STP family - based on the Lowest sender port ID .
But on what will the choice of the best BPDU be based if the CIST Regional Root is connected to the CIST Root region via several links to different switches with the same price (Fig. 2 - CIST Root is now SW2 and located in region 23).


Fig. 2

It would seem - well, there is a well-known algorithm:
All tiebreaking STP decisions are based on the following sequence of four conditions:

• Lowest root bridge ID
• Lowest root path cost to root bridge
• Lowest sender bridge ID
• Lowest sender port id

Well, use it, be happy, grow up children, love your family. But we are already guys off the street, we already know the principles of building CST, we know that - “However, due to the IST, the entire region appears as one virtual bridge that runs a single spanning tree (CST)" - excerpt from Understanding Multiple Spanning Tree Protocol (802.1s) . And also read at Lapukhov that

For clarity, I’ll give the BPDU format so that it is clear which fields are transmitted, which are not (what fields can be found by the above links, but the picture itself was taken from an article by Peter Lapukhov - not an advertisement !!!)

Fig. 3

So, the first 3 points of the algorithm seem to disappear - the Root Path is the same under our conditions, and the sender bridge ID, as read, both BPDUs are the same and equal to CIST Root ID. The fourth item remains - Lowest sender port ID. Hmm ... Quite ambiguous - how to compare Port IDs from BPDUs coming from different switches. Then thoughts about calculating Port ID for the leaving BPDU region as the sum of the Port ID from the BPDU created on the CIST ROOT and Port ID boundary ports got into my head. Or, the option of preserving the Port ID CIST Root while passing the BPDU through the region (and if the first option still seems quite robust to me, the second, of course, does not stand up to criticism - since the first parallel links and hello - tie cannot be broken). But everything turned out to be much more prosaic, as the team showedshow spanning-tree mst detail- only the switch port from which this BPDU was sent to the BPDU is transmitted, regardless of whether it is CIST ROOT or ordinary BRIDGE. And as a logical consequence - a change in the port ID, whether by physical switching of links or a change port-priority, did not produce results. Since I didn’t see the point of going up the tiebreaking STP decisions list - everything was pretty obvious and unambiguously written on these your Internet sites (see the explanation in the previous paragraph), I decided to try the option with changing the new Max-hop parameter, which replaces the timer for MST Max-Age (only until interacting with other variations of STP!). And indeed - BPDUs coming from SW3 have this parameter 1 less than BPDUs coming from SW2. But here, shame and all kinds of fiasco awaited me. = ( Well then, take a look at the output

SW1#show spanning-tree mst
##### MST0 vlans mapped: 1-9,11-19,21-4094
Bridge address f025.724e.ac00 priority 32768 (32768 sysid 0)
Root address f025.7250.9800 priority 0 (0 sysid 0)
port Gi0/18 path cost 20000
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/18 Root FWD 20000 128.18 P2p Bound(RSTP)
Gi0/37 Altn BLK 20000 16.37 P2p Bound(RSTP)



show spanning-tree mst detailonce again and more attentively: Oops ... Let's focus on the lines with Designated bridge address . We sharpen ... We sharpen ... Everything !!! Harosh point! So, all the same, information about the internal topology is transmitted outside. Out of idle curiosity, we launch WireShark and compare the BPDUs received on the two ports of the SW1 switch (here I present only one BPDU with the noted differences from the second): Fig. 4 So the differences:

SW1#show spanning-tree mst 0 detail
##### MST0 vlans mapped: 1-9,11-19,21-4094
Bridge address f025.724e.ac00 priority 32768 (32768 sysid 0)
Root address f025.7250.9800 priority 0 (0 sysid 0)
port Gi0/18 path cost 20000
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

GigabitEthernet0/18 of MST0 is root forwarding
Port info port id 128.18 priority 128 cost 20000
Designated root address f025.7250.9800 priority 0 cost 0
Design. regional root address f025.7250.9800 priority 0 cost 0
Designated bridge address f025.7250.9800 priority 0 port id 128.18
Timers: message expires in 4 sec, forward delay 0, forward transitions 7
Bpdus sent 5917, received 50941

GigabitEthernet0/37 of MST0 is alternate blocking
Port info port id 128.37 priority 128 cost 20000
Designated root address f025.7250.9800 priority 0 cost 0
Design. regional root address f025.7250.9800 priority 0 cost 0
Designated bridge address f025.724e.c780 priority 32768 port id 16.37
Timers: message expires in 5 sec, forward delay 0, forward transitions 14
Bpdus sent 5842, received 56720


• Port identifier
• CIST Internal Path Cost
• CIST Bridge Identifier (and others like it, respectively)
• Max hop

And since the fact that Port Identifier and Max hop do not affect the choice of the best BPDU, we already found out that we have two suspects left - CIST Bridge Identifier and CIST Internal Path Cost. Moreover, it is worth noting that we already saw the CIST Bridge Identifier in the output show spanning-tree mst detail.
Well, what to do - we will check these two parameters, nothing else remains - the rest of the BPDUs are identical. But, the topology used is not suitable for verification, CIST Root is located on the border of the region and sends BPDU to SW1, so CIST Bridge Identifier is always better than any other in the region (it was chosen based on the best CIST Bridge Identifier among the switches of all regions), and the CIST Internal Path Cost parameter in its BPDU will always be zero.
Therefore, CIST Root must be removed from the boundaries of the region and the topology is converted to the following:

Fig. 5

According to the results, after changing the topology, the roles of the ports on SW1 remained the same - But so far this does not mean anything, because with equal default values ​​of priority 32768, SW-4 has the smallest MAC. We increase the priority value on SW-4 to 40960 and study the conclusion. So, changing the CIST Bridge Identifier gave, finally, the long-awaited results - the decision on choosing the best BPDU was changed. Despite this, the variant with the change in CIST Internal Path Cost was also tested, but it, like its early predecessors, was ineffective. According to the WireShark logs, the changed value of the Internal Path Cost was transmitted, but it did not affect the choice of the best BPDU. Summary.Gi0/18 Root; Gi0/37 – Altn.

SW1#show spanning-tree mst 0

##### MST0 vlans mapped: 1-9,11-19,21-4094
Bridge address f025.724e.ac00 priority 32768 (32768 sysid 0)
Root address f025.7250.9800 priority 0 (0 sysid 0)
port Gi0/18 path cost 20000
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/18 Root FWD 20000 128.18 P2p Bound(RSTP)
Gi0/37 Altn BLK 20000 128.37 P2p Bound(RSTP)

sh spanning-tree mst 0 detail

SW1#sh spanning-tree mst 0 detail

##### MST0 vlans mapped: 1-9,11-19,21-4094
Bridge address f025.724e.ac00 priority 32768 (32768 sysid 0)
Root address f025.7250.9800 priority 0 (0 sysid 0)
port Gi0/37 path cost 20000
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

GigabitEthernet0/18 of MST0 is alternate blocking
Port info port id 128.18 priority 128 cost 20000
Designated root address f025.7250.9800 priority 0 cost 0
Design. regional root address f025.7250.9800 priority 0 cost 0
Designated bridge address 0027.0c0e.e900 priority 40960 port id 128.18
Timers: message expires in 4 sec, forward delay 0, forward transitions 7
Bpdus sent 5917, received 52386

GigabitEthernet0/37 of MST0 is root forwarding
Port info port id 128.37 priority 128 cost 20000
Designated root address f025.7250.9800 priority 0 cost 0
Design. regional root address f025.7250.9800 priority 0 cost 0
Designated bridge address f025.724e.c780 priority 32768 port id 16.37
Timers: message expires in 4 sec, forward delay 0, forward transitions 14
Bpdus sent 42, received 88169





This article is not intended to acquaint the reader with the basics of the MSTP protocol, but rather the opposite - the reader should already be fairly knowledgeable about the properties and logic of the protocol - documents suitable for familiarization are given at the beginning of the article. The only question that she reveals is the logic of choosing the best BPDU for CIST Regional Root when connecting it to the region where CIST Root is located, using several non-parallel links (to different switches) with the same price. It turned out to be possible to influence this only by changing the CIST Bridge Identifier on the switches from which the links go, and provided that the CIST Root is not one of these boundary switches (I’ll clarify again - the price on the links is the same, that changing it will affect the choice - it’s clear )

• Lowest External path cost to CIST Root bridge (here, here is the link price change - and you asked!)
• Lowest CIST Bridge Identifier

Since in the materials I read, the second point of the mechanism was not mentioned anywhere, and even vice versa it was noted that internal information about the region’s switches (including the CIST Bridge Identifier) ​​is not transmitted / used outside the region native to the switch, its (point) searches took a lot of time and resulted in a whole poem.