Friday, October 24, 2008


Well I know this is not Cisco but I have just passed 30 min ago my JNCIA-ER exam with score of 90, to be honest that was one of the shortest test's I have ever had, usually I stay no meter what to the last minute but because I was pretty sure on my answers I have left after ~20 min. The resources provided from the site are excellent and answer 100% to the test questions. almost to good to be true. I must say that the last 3 weeks I have been playing with the junos (under my vmware setup) it seem to be realy nice and powerful OS. So for you professionals and experts I think it should be very nice knowledge edition, I am still thinking if I want to proceed with the JNCIS-ER exam or stop here with juniper, I will update you later. All of you have a nice weekend :-)

Friday, October 10, 2008

Spanning Tree Basics

Spanning Tree is one of the topics that most people a really scared as it is almost fully automatic feature People don’t bother to dig into it; my idea here is to give you a simple way to understand the protocol basics And also get a glance on its complex. First thing when I learn a new protocol I would like to look how it is working on the low level, so here I have drown you the BPDU structure, you can see that all implementations have a common ground and thus there is full backward support: Filed Description: PID = Protocol ID Always 0x0000 VID = Version ID 1) STP 0x00 2) R-PVST 0x02 BT = BPDU Type 1) STP 0x00 2) R-PVST / MST 0x02

TCN / TCN Ack is used only with IEEE 802.1D or with interoperation with RSTP. Proposal and agreement handshake are bits used to prevent loops, proposal sent from a designated port And agreement is sent from the root port. Unlike IEEE 802.1D in which any transition between the blocking and the forwarding state causes a topology change, Only transitions from the blocking to the forwarding state cause a topology change with RSTP. Root ID Show the Root Bridge Priority and the MAC address Root Cost Show your distance from the Root Bridge BID = Bridge ID Here the switch advertise his own Bridge MAC and Priority Port ID A 2 byte number, the first octet build from a configurable priority, the second octet is a number set by the Bridge for the port BPDU was sent from usually in newer Bridge model the port id is the Port number but in Older models it was a random number assigned to the port. Newer models: Show spanning-tree vlan 1 detail Older models: Show spanning-tree MAge = Message Age Indicate an estimated time required for a BPDU to be sent and received by any other bridge, although specified in time it is actually increasing The value by hop count. MA = Max Age This filed is given from the root bridge and by default set to 20 sec indicate the max age of a BPDU. Hello Indicate the time between each BPDU sent from the root bridge. Default 2 sec FWDD = Forward Delay Indicate the amount of time the bridge should stay in each state when transiting from blocking to forwarding. V1_L = Version 1 Length V3_L = Version 3 Length MST EXTENTION MST Config ID MST Config Name = configuration name MST Config Revision Number = configuration revision number MST Config digest = configuration digest CIST Bridge Identifier = CIST Internal Root Path Cost = cost to the root bridge CIST Remaining hops = default (20) state the max number of hops from the root bridge if packet received a packet with remaining hops set to 0 then he will Ignore the spanning tree BPDU and will be able to declare himself as Root Understand the debug as it is one of the tools you have to troubleshoot in real time, but with that said you need to make sure you do not activate spanning tree debug on production with logging console enable as you will probably end up locked out from your switch. ! Do before debug under global config No logging console logging buffered 200000 end clear logging debug spanning-tree bpdu ! output will be displayed under the “show logging” ! to disable debug un all Example output from the debug: *Apr 14 01:19:56: STP: enc 01 00 0C CC CC CD 00 14 F2 E9 44 16 00 32 AA AA 03 00 00 0C 01 0B ! you can see destination MAC 01 00 0C CC CC CD the Cisco multicast address for PVST+ also LCP show AA AA indicate to look into the next 5 byte of information in the LCP, the last 2 byte indicate the ethertype 010b is for PVST+ *Apr 14 01:19:56: STP: Data 000002023C60670014F2E944000000000060670014F2E9440080160000140002000F00 *Apr 14 01:19:56: STP: VLAN0103 Fa0/22:0000 02 02 3C 60670014F2E94400 00000000 60670014F2E94400 8016 0000 1400 0200 0F00 ! BPDU represented in hex *Apr 14 01:19:56: RSTP(103): Fa0/22 repeated msg *Apr 14 01:19:56: RSTP(103): Fa0/22 rcvd info remaining 6 *Apr 14 01:19:56: STP: VLAN0104 rx BPDU: config protocol = rstp, packet from FastEthernet0/22 , linktype SSTP , enctype 3, encsize 22 Short story on the LCP LLC (Logical Link Control) also called 802.2 header and is between 3 to 8 byte long containing protocol type information of the packet. The 3 first bytes are mandatory: DSAP Destination Service Access Point SSAP Source Service Access Point And one more byte that is important only when using SNA in any other cases it is ignored Now you will probably ask what the additional 5 byte is. Now this is where it gets little complex, when using standard STP IEEE or ISL trunks (Cisco Run ISL with PVST that is much similar to the standard accept for the vlan ID addition) then DSAP and SSAP will be set to 0x42 but when configuring DOT1Q trunks on Cisco then they use PVST+ and they are setting the SSAP and DSAP to 0xAA where it point to the additional 5 byte where we get the SNAP (SubNetwork Access Protocol) that is giving us a description of what protocol we are using in layer 3 (AppleTalk, IP, XNS….) Ok this until now are the basics for STP, once you have the structure in place it will be much easier (warning: it is not easy) to understand how it works. Recommended reading: