Root port vs. Designated Ports


I'm sorry if this is a totally beginners question.  At one point I thought I had a full understanding of STP, but then I started thinking a bit deeper and realized I had no understanding of the differences between root ports and designated ports.

 

This is what I understand:

 - The election process for the root bridge, root port, and designated ports

 - I understand that BPDUs are sent on all ports, no matter what port state

 

My question is basically, are designated ports only ports that will forward traffic that is received from a switch below them?  And if a switch has fa0/1 as the root port, and fa0/2 as the designated port, it will only forward traffic out of fa0/1, even if a host it's trying to reach is directly connected to a switch on it's designated port?

 

Thanks!

Comments

  • The root bridge will only have designated ports. The other bridges will have a root port and designated ports depending on their cost to the root bridge.

    Think of a topology of three switches connected in a triangle where the top switch is the root. All links are of equal speed. If we didn't change any values the switch with the lowest MAC would become the root bridge. Lets assume we lowered the priority so that the top switch became the root. Both of its ports to switches below will be designated. Since both the lower switches have the same cost to the root we will have to use tie breakers. Assume that the lower switch on the left hand side became the designated bridge because of the tiebreakers. This switch will have the port connecting directly to the root as its root port. It will be the designated bridge for the segment so its port connecting to the right hand switch will be designated and the other switch will have its port as blocking.

    This means that traffic will flow through the root bridge when they need to send traffic between each other.

    The switches don't have to send traffic through the root port. The could receive traffic on a designated port and send the traffic out there. Remember that they will look for the source MAC address on the frame and will learn where to send traffic out base on which port the frame was received on.

    Disclaimer: I wrote this while being really tired so I hope I didn't mess it up :)

  • I understand that BPDUs are sent on all ports, no matter what port state

    This statement is not true.  Also you have missed out blocked ports (more later).

    So imagine that the election for the root bridge has happened.  By defintion all ports must be designated and forwarding.  If you see a different state then something is likely to be wrong with the L2 topology (out of scope for this post).

    When a port is in the desginated state it means that the port originates BPDUs.

    Now consider a downstream switch directly connected to the root bridge. It has identifed which port has the lowest cost to the root bridge (lowest cost, then lowest sending BID and finally lowest sending port priority).  This port becomes the root port.  It listens to BPDUs sent form the root bridge but it does not originate any BPDUs!

    This process is repeated on each downstream switch.

    The other thing to consider in classic spanning tree (IEEE) is that a downstream switch will not generate an STP until it has recieved one from the root bridge.  In the olden days we need skew detection as the propagation of BPDU was processed switched and could cause problems on some switches.

    If the topology is looped then we see blocking ports.  A port is blocked to prevent a L2 loop which would cause packets to loop for ever arround all of the switches causing a packet storm! Not good news in a production network when running delay senstitive traffic like voice!

    On a particular segment the port with the worst cost to the root bridge will be blocked.  This means that it listens for BPDUs form the designated port for the segment but will not learn mac address for devices on this port.

    As with all technologies there are some small exceptions to the rules. For example when there if a link goes down in the topology, this cause a topology change BPDU to generated. These are a set upstream to root bridge which then announces this to all downstream switches.  This causes all affected CAM tables to set their max age to the forwarding delay (default 20s). This impoves convergence after topology change.

    Note that all of the above processes refer to classic spanning tree - which has been improved on via RSTP (802.1w) and MSTP (802.1s - improvement on PVST+)

    I think the trick with spanning tree is to read about it first e.g. Interconnections Second Editon, Bridges, Routers, Switches and Interworking Protocols by Radia Perlman.  She has a "God like" status in the networking world!

    BTW - this book is recommended in the INE reading list before you start really getting your hands dirty with labs :-)

    Once this makes sense then start playing with the kit in your lab.

    HTH this helps

    Disclaimer: I wrote this while being really tired so I hope I didn't mess it up :)

    Daniel get some sleep - you haven't got an appoint in Brussels in six days :-)

     

     

     


  • Hi,

    Try to visualize STP segments as one
    way traffic lanes where a designated port
    is the traffic destination
    for a particular segment. Since the root
    bridge is the destination
    for all segments that
    are connected to it, all
    ports on that bridge will be designated ports.

    In addition, the following is a
    link to some Cisco STP documentation:

    http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_6_ea2c/configuration/guide/swgstp.html

    Following is a general link to
    some more STP documentation:

    http://en.wikipedia.org/wiki/Spanning_Tree_Protocol

    1. Switch priority and
      mac-addresses (BID) are used by STP to elect the root bridge

    2. Path (media) costs and port
      priorities are used to select one of many redundant paths

    3. Lowest port priority wins

    4. If path cost and port priority
      are equal, the redundant path containing the switch with the lowest
      BID will be favored

    5. A redundant segment between
      switches on the lowest port number will be favored

    HTH

    Ernie

  • Hello,

    Once STP is converged, ports can have state FWD and BLK only. Port role and state are different. Data traffic flows as directed by MAC address table ie data flows through FWD state ports only. So in your question, if destination is near to designated port (this is role of port) switch will forward data through designated port which is in FWD state.

    Thanks,

    Dinesh

  • To keep it simple:

     

    Root Port:  The port through which the Root Bridge is the closest.

    Designated Port: The port sending best BPDUs on a segment.

     

    Going by this, the Root-bridge always sends the best BPDUs, so all its ports will be designated.  And every non-root-bridge will have one root port.

  • yeah i agree with denial 

    root bridge have all designated port but others does have root port as well as designated port depands on cost then rest of the switch might have blocking port

  • Kerx,

       We could write pages and pages and books about STP. Better write here the root bridge, root port, designated port election process (short), which ports do actively send BPDUs when topology is converged, which ports can actively forward traffic. We will let you know were,if, you are wrong.

    Good luck with your studies!

  • This should help : http://www.cisco.com/warp/public/473/spanning_tree1.swf

     

    Also if we talk about ports states for example "BLOCK/NDP", it's still a logical state. A part could be NDP for one vlan and could be in forwarding state for another vlan. Google " STP Load Balancing using Port Priority" and you will come to know what I am trying to say.

    ALso in short summary - All ports on Root SW will be in deisgnated port state for most of the time. Root port though can only be found on non ROOT SW devices which basically tells the shortest path to reach the root.

     

    As you mentioned, the L2 path may not be optimal after STP convergence, but there are few tweaks available in STP to fine tune those things upto some level.

     

    HTH...

    Deepak Arora

    http://deepakarora1984.blogspot.com

     

  • Deepak, this is a great explanation.  I really understood basically everything in this video when it came to the election process.  I guess my lack of understanding was the term 'segments' and how a DP is selected and a NDP is selected on each segment, which is a single link between two switches that are not root bridges.

    I believe I have a full understanding now, to continue to move deeper.  I know I will have more questions, and will be sure to ask :)

     

    Thanks everyone!

  • Just to get a much better idea, and a deeper understanding, it would be nice to see much more complicated setups of Spanning Tree in a single VLAN using Cisco default PVST+.  I see that in all of my training materials, INE Videos, books, Cisco documentation, I don't find good examples of STP layouts of let's say 6 interconnected switches, and another 2 to 3 leaves that are not interconnected, with multiple links to every switch.  This way I can see the process for how multiple designated ports will flow, and get an idea of the traffic flows.

    If you know of some training material that exists for this type of layout, I'd greatly appreciate it.  (At this time, I don't have enough $$$ to buy 10 switches)  :)

  • Hello kerx,

    IEEE 802.1d 1998 document has example of 5 switches. The book understanding linux kernel network internals, in chapter 15, has an example with 8 switches, 2 in core, 2 in distribution and 4 in access layer.

    Thanks,

    Dinesh

  • Thanks Dinesh, just grabbed it on my Kindle, and will be reading it after I get some rest.  This is more what I wanted to see.  Similar to a real world setup.  If you find anything else, please let me know.  If I find something also, I will make sure to update here.

    Thanks!

  • Root Bridge election process:

    1. Initially, every switch considers itself the root bridge
    2. When a switch first powers up on the network, it sends out a BPDU with its own BID as the root BID
    3. When the other switches receive the BPDU, they compare the BID to the one they already have stored as the root BID
    4. If the new root BID has a lower value, they replace the saved one
    5. But if the saved root BID is lower, a BPDU is sent to the new switch with this BID as the root BID. When the new switch receives the BPDU, it realizes that it is not the root bridge and replaces the root BID in its table with the one it just received.
    6. Finally the Bridge having lowest Bridge ID wins the game and become the root bridge.

    SW1 is the root bridge because of having lowest Bridge ID (Priority + MAC Address).

    SW1#show spanning-tree vlan 200

    VLAN0200
      Spanning tree enabled protocol ieee
      Root ID    Priority    200
                 Address     aabb.cc00.0700
                 This bridge is the root
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

      Bridge ID  Priority    200    (priority 0 sys-id-ext 200)
                 Address     aabb.cc00.0700
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
                 Aging Time 300

    A designated port is the connection used to send and receive packets to a specific segment.
    1. Designated ports are selected based on the lowest path cost to the root bridge for a segment
    2. The root bridge will have a path cost of  0, any ports on it that are connected to segments will become designated ports

    SW1 is the root bridge because of having lowest Bridge ID (Priority + MAC Address). So all ports connected to SW2, SW3 and SW4 are Designated port.

    SW1#show spanning-tree vlan 200

    VLAN0200
      Spanning tree enabled protocol ieee
      Root ID    Priority    200
                 Address     aabb.cc00.0700
                 This bridge is the root
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

      Bridge ID  Priority    200    (priority 0 sys-id-ext 200)
                 Address     aabb.cc00.0700
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
                 Aging Time 300

    Interface           Role Sts Cost      Prio.Nbr Type
    ------------------- ---- --- --------- -------- ------------------------
    Et1/0               Desg FWD 100       128.33   Shr
    Et1/1               Desg FWD 100       128.34   Shr
    Et1/2               Desg FWD 100       128.35   Shr
    Et2/0               Desg FWD 100       128.65   Shr
    Et2/1               Desg FWD 100       128.66   Shr
    Et2/2               Desg FWD 100       128.67   Shr
    Et3/0               Desg FWD 100       128.97   Shr
    Et3/1               Desg FWD 100       128.98   Shr

    4. For other switches, the path cost is compared for a given segment. If one port is determined to have a lower path cost, it becomes the designated port for that segment.

    Note: all other ports connected to segment are called non-designagted port and state of these ports are blocked.

    SW3#show spanning-tree vlan 200

    VLAN0200
      Spanning tree enabled protocol ieee
      Root ID    Priority    200
                 Address     aabb.cc00.0700
                 Cost        100
                 Port        33 (Ethernet1/0)
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

      Bridge ID  Priority    32968  (priority 32768 sys-id-ext 200)
                 Address     aabb.cc00.0900
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
                 Aging Time 300

    Interface           Role Sts Cost      Prio.Nbr Type
    ------------------- ---- --- --------- -------- ---------------------
    Et1/0               Root FWD 100       128.33   Shr
    Et1/1               Altn BLK 100       128.34   Shr
    Et1/2               Altn BLK 100       128.35   Shr
    Et2/0               Altn BLK 100       128.65   Shr
    Et2/1               Altn BLK 100       128.66   Shr
    Et2/2               Altn BLK 100       128.67   Shr

    Et3/0               Desg FWD 100       128.97   Shr


    Root port is the port closet to the Root Bridge, every non-root bridge has a root port and root port selection is based on root path cost (cumulative cost).

    SW3#show spanning-tree vlan 200

    VLAN0200
      Spanning tree enabled protocol ieee
      Root ID    Priority    200
                 Address     aabb.cc00.0700
                 Cost        100
                 Port        33 (Ethernet1/0)
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

      Bridge ID  Priority    32968  (priority 32768 sys-id-ext 200)
                 Address     aabb.cc00.0900
                 Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
                 Aging Time 300

    Interface           Role Sts Cost      Prio.Nbr Type
    ------------------- ---- --- --------- -------- -----------------------------
    Et1/0               Root FWD 100       128.33   Shr
    Et1/1               Altn BLK 100       128.34   Shr
    Et1/2               Altn BLK 100       128.35   Shr
    Et2/0               Altn BLK 100       128.65   Shr
    Et2/1               Altn BLK 100       128.66   Shr
    Et2/2               Altn BLK 100       128.67   Shr
    Et3/0               Desg FWD 100       128.97   Shr

    SW3#

    [:D]

  • Please tell me what you think of this complicated topology running default PVST+.  I'm curious to know what the port states would reflect here.  Thanks everyone for your support!

    EDIT: It looks like the image didn't come out all the way, so I uploaded it here.  Please click here to view:

    http://kerx.dyndns.tv/cisco/inestuff/pvstp.png

     

    image

  • I see (correct me if i'm wrong) tha nobody actually outlined a correct process in here:

    1. Root bridge election is based on lowest bridge priority (lowest switch priority with or without extended systemID, if a tie lowest MAC address wins)

    2. Root Port election: lowest path cost too root bridge, if a tie lowest upstream (towards root bridge, ports receiving superior BPDUs) bridge ID, if a tie lowest upstream port priority

    3. Alternate Ports: all other non root ports on non-root bridge receiving superior BPDUs (from root bridge) with a less better cost to the root bridge than the current active root port

    4. Designated Ports: all ports on root bridge and some ports on non root bridges which send BPDUs on respective segments (downstream/away from the root bridge, towards leafs/stubs); if more non root bridges are on a segment, the one with lowest cost towards root birdge will win and mark its port as designated for that segment; if a tie, the non root bridge with lowest priority wins

    5. Blocking ports: ports connected to upstream designated ports, receiving BPDUs from the root bridge, not sending BPDUs, not active in the forwarding plane

    6.Backup Ports: a switch marks down a port as backup and puts it to blocking when it receives its own BPDU on that segment (for example when switch has multiple conenctions to a hub and BPDU sent out on one port it is received back on other ports or when the switch has a physical loop to itself).

    As for complex topologies, once you know technology, again it does not matter if you have 3,4,5,10,100 switches; you just need to work longet to deduct.discover the active toplogy.

    Good luck with your studies!

  • Lets take a stab - the only asumption I have made is that A1 has a lower port number than A2 and that port priorities are the same

     

    Switch A is the root so all ports are forwarding and are designated

    Lets work out the root ports

    Switch B - B1 and B2 will have see the same cost to the root (0) the same BID so lowest port priority from Switch A will win i,e. B1 (BDPU sent via A1 has lowest priority). So B1 is the root port for switch B

    Likewise C2 (Switch C), D3 (Switch D) will be root ports on their respective switches.

    Now onto blocking ports - B2 and C2 will be blocking and will be backup.

    On switch B B3,B4 and B5 will be designated as switch B has lower BID than either switch C and D even though the costs to the root are the same (38) this means that D1, D2 and C3 are blocking.

    On switch C, C4,C5 will be designated - same cost to root as D but C has lower BID, which means D4 and D5 are blocking.

    On switch E, E1 will be the root port as D advertises a cost of 19 whereas C a cost of 38, so D6 is a designated port. E2 will be blocking as C has a lower BID (same costs to root) so C6 must be designated.

    HTH

    Update - here is a quick drawing that I have done - Topology

    Updated port states - all root ports and designated ports are forwarding.  All other ports are blocking.

    Updated port roles B2 and C2 are Backup, all other ports, except desiginated or root ports are alternate.

     

     

     

  • Welshydragon, I appreciate your response and the work you did on the image especially.

    Can you please confirm the RP on SwitchE?  To me it looks like E2 would be the RP and E1 would go into blocking.

  • yes you are correct, welshydragon must have made a typo error.

  • Can you please confirm the RP on SwitchE

    Yes you are completely right.  The reason why E2 is forwarding is as follows - C and D offer equal cost to the root, so BID takes over. C has the lowest BID.

    Here is a corrected topology - Updated diagram

    In the real world I have seen some complicated L2 topologies e.g data centres resilience via L2 and all the trouble this can cause.  Essentially if you are reviewing a network you need a baseline of the states, before you try to implement traffic engineering.  If you are careful you can have unforseen behaviour.

    Note also that the forwading topology is likely to be different on a per VLAN (PVST+ and Rapid) and on a per instance basis in MSTP (otherwise why bother).

    Anyhow L2 convergence on spanning tree is really poor and there are a lot of alternative designs out there - if you have the money, but they do drive up complexity. 

    Maybe you could ask yourself the question what happens if I change this cost or this port priority?  Your topology would be easy to implement on INE's standard rack rental if you don't have acess to 4 switches.  Although it's only semantic I would like to confirm whether I am right about the backup ports - technically they're blocking so it doesn't change the spanning tree.

    Also you may want to create/add to the diagram by including port roles?

  • Hi Kerx,

     

    Finding examples with lots of switches has not been easy for me either.  The following link will provide troubleshooting techniques that will make it easy for you to determine which ports will be blocked, etc.

    http://astorinonetworks.com/2011/06/30/spanning-tree-port-priority/ 

     

    HTH

     

    Ernie

  • Thanks everyone for your support.  I'm starting to really get a better grasp of PVST+.  I know that ultimately I'm going to have to put in many hours in labbing, but until then I'll settle with the theory.

    Also, I don't know about you guys, but drawing out complex STP layouts is almost like solving a puzzle.  I'm going to try to put up more complex STP layouts, and post 'em up here, just incase you guys are bored and want to deal w/ a puzzle.  I'll start to add more variables into the mix as well, like diff. port ID's, bridge ID's, path Costs, etc.  to make it more fun :)

  • Anyhow L2 convergence on spanning tree is really poor and there are a lot of alternative designs out there - if you have the money, but they do drive up complexity.

    Welshydragon, I was wondering about this.  I know that most of the stuff that Data centers use are covered in the SP track.  I remember hearing about something like this in Scott's STP Audio CD in the INE Audio Part1 series.

    Just for an idea, do you know what Service Providers use in the backbone instead of STP?






  • Kerx,

    Service Providers use Layer 3 in the backbone, MPLS or even Point-to-Point PoS interfaces.  All are reasons why they don't need STP in the backbone.

    Somebody correct me if I am wrong.

    Net_OG



    imagekerx:
    Anyhow L2 convergence on spanning tree is really poor and there are a lot of alternative designs out there - if you have the money, but they do drive up complexity.
    Welshydragon, I was wondering about this.  I know that most of the stuff that Data centers use are covered in the SP track.  I remember hearing about something like this in Scott's STP Audio CD in the INE Audio Part1 series.

    Just for an idea, do you know what Service Providers use in the backbone instead of STP?



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • Hi Kerx,

     

    STP options available on modern Cisco switches follow:

     

    1. PVST - Per VLAN STP+, which works with 802.1Q rather than ISL - Slow convergence time - Happens to be the default

    2. Rapid-PVST - Also works with 802.1Q - has a link-failure reconvergence time in the low milliseconds and a switch convergence time of about 6 seconds - Limited to about 128 spanning tree instances

    3. MST - Similar convergence times as #2 above - Maximum spanning tree instances about 65 - Several VLANs can be associated with an instance, thus more VLANs can participate in the spanning tree

     

    When ease of load balancing traffic associated with a large number of VLANs is considered, MST or even Rapid PVST+ might be favored over a routing solution.

     

    HTH

     

    Ernie

  • Hello Kerx

     

    Everybody has Explain the concepts in a very easy way. Apart from that i Would like to recommend you to watch the Brian Switch Bootcamp where he has taught the Switch STP

    Functionality in a very easy way.  This is the sample video of the Switch bootcamp

    http://www.ine.com/all-access-pass/training/playlist/ccnp-routing-switching/advanced-stp-1102000.html

    Happy studying

  • CMIIW, but in modern networks, we are trying to avoid having a big network of spanning tree by containing the L2 broadcast domain within a single access switch or evern a pair of access switches. And use L3 for high availability instead, because it converges much much faster than STP and supports load balancing. What is your experience?

    Nice thread.

  • I concur with the idea of pushing L2 to L3. routing makes more sense and
    "easier" to troubleshoot and manipulate. Expanding L2 broadcast domain
    might not be a good idea and limited to flat networks only.

    Yes, expanding L2 to WAN is also possible but containing the broadcast
    domain is what I have in mind.

    Thx
    David Sudjiman
    www.davidsudjiman.info

    On 30/08/2011 2:47 PM, Alexander.Halim wrote:
    > CMIIW, but in modern networks, we are trying to avoid having a big
    > network of spanning tree by containing the L2 broadcast domain within a
    > single access switch or evern a pair of access switches. And use L3 for
    > high availability instead, because it converges much much faster than
    > STP and supports load balancing. What is your experience?
    >
    > Nice thread.
    >
    >
    >
    >
    > INE - The Industry Leader in CCIE Preparation
    > http://www.INE.com
    >
    > Subscription information may be found at:
    > http://www.ieoc.com/forums/ForumSubscriptions.aspx
  • Welshydragon, I was wondering about this.  I know that most of the stuff that Data centers use are covered in the SP track.  I remember hearing about something like this in Scott's STP Audio CD in the INE Audio Part1 series.

    As people have said MPLS is the prevailing technology for service providers - with a BGP free core.

    In the enterprise I have seen a number networks which not followed some of the best pratices - here are some of the problems I have seen -

    • Campus wide VLANs - OK really simple to implement whats the problem? Even worse if the network is running PVST+ with no optimisations.  The network was being used for multicast video and unicast video to provide live pause.  We found that we getting unicast flooding of 50-60 Mbits regularly.  Root cause trunk port connected to printer in an unrealated area.  This was cause TCA and TCN to happen setting the max age to 20 seconds - ergo unicast flooding!!! The key thing was that the unicast (UDP) streams were one way - if the video decoder didn't source any traffic within 20 seconds the traffic flooded the whole VLAN which was building wide.
    • Keep VLANs within a single wiring closet or stack.  This means that you don't suffer from the above and fault finding is easier.  I had to hop through 20 plus switches to get to the bottom of my problems - I was called in as a consultant to fix them.
    • If you can afford to use L3 between access and distribution go for it - your network will converge more quickly.
    • Make sure you implement all of the optional protection mechanisms - you are using BPDUguard?
    • Make you that your root switch priority is sufficently low - you have chosen your root and primary root - don't leave it to chance.
    • Make sure that you baseline your network.
    • The driver for large L2 domains can be down to applications - make sure that spanning tree is optimised - my example was high availability in VMWARE across data centres.

    I am sure there more I could come with given some more time.

     

     

Sign In or Register to comment.