LiveAction Spanning Tree Protocol (STP) Application Note

LiveAction Application Note

Spanning Tree Protocol (STP) Using LiveAction to monitor PVST+, Rapid PVST+, and MSTP

January 2013

http://www.actionpacked.com

http://www.actionpacked.com/

Table of Contents

1. Introduction .......................................................................................................................... 1

2. Understanding STP ........................................................................................................... 2

3. Configuring Spanning Tree Support for LiveAction ........................................................ 3

4. Spanning Tree Topology View ......................................................................................... 4

5. Spanning Tree Alerts ........................................................................................................ 6

6. Spanning Tree State Report ............................................................................................. 8

7. Spanning Tree Use Case Scenario: Identifying Rogue Switches .................................... 9

1. Introduction

Spanning Tree Protocol (STP) is a mechanism which provides loop-free paths within a pure layer 2 topology. STP allows for link redundancy by temporarily blocking ports in order to have a single path. Upon the detection of a link, or port failure, STP will re-converge to leverage the other unused port. This prevents broadcast storms and the duplication of packets from floating around in the network endlessly. There are multiple flavors of STP, each with their own features and nuances, which includes: Per VLAN Spanning Tree Protocol Plus (PVST+), Rapid Per VLAN Spanning Tree Protocol Plus (Rapid PVST+), and Multiple Spanning Tree Protocol (MSTP).

With LiveAction 2.6 and greater, users have higher levels of situational awareness and visibility on their switched network infrastructure by providing a topological representation of each Spanning Tree instance, as well as providing alerts on the transitioning port state events. This helps network administrators to act quickly and identify the insertion of rogue and/or misconfigured switches promptly. Similarly, the STP path representation can be used to identify suboptimal layer 2 paths in a switched network. This application note provides instructions on enabling the STP functionality within LiveAction and will cover the aforementioned use case.

http://www.actionpacked.com 1

2. Understanding STP

STP uses the terminology of “bridges” to represent layer 2 devices in the topology. With Cisco’s implementation of PVST+ and Rapid PVST+, each VLAN in the network represents one STP instance. This allows the user to select the layer 2 path based on the VLAN ID, and is generally used for load-balancing. The open standard MSTP version (IEEE 802.1s) uses a similar technique but requires the user to define MSTP instances and assign multiple VLANs to each instance.

Since layer 2 frames do not have a loop prevention mechanism – like TTL values for layer 3 packets – it is important to ensure that only one path exists within the STP instance. The STP algorithm achieves this by designating a single switch as the Root Bridge. The Root Bridge is the switch with the lowest STP priority value in the switch topology, and determines the overall path within the network. Each switch port then assumes a specific role – which dictates whether or not it will be forwarding or blocking – in the STP instance. The common port roles are: Root Port (RP), Designated Port (DP), and Non-Designated Port (NDP). RPs and DPs are always forwarding, while NDPs are considered to be blocking. The following diagrams show two different layer 2 STP instances, and how the Root Bridge position affects traffic flow between the switches:


3. Configuring Spanning Tree Support for LiveAction

In order to provide detailed information regarding all of the available spanning tree instances in LiveAction, the following IOS configurations must be enabled. This only applies to devices which use SNMPv3. SNMPv2 works with no configurations required.

Given the following SNMPv3 configurations (please note the “show run” command suppresses the SNMP user configuration):

L2c2960SCOPE-AS-153#show run | in snmp snmp-server group READONLY v3 priv

L2c2960SCOPE-AS-153#show snmp user user

User name: user Engine ID: 8000000903002C36F8843F81 storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: AES128 Group-name: READONLY We simply add the line: snmp-server group READONLY v3 priv context vlan- match prefix No other changes are required. We are only adding the ability to read VLAN context on the configured SNMPv3 group. The resulting SNMPv3 configuration would be as follows: L2c2960SCOPE-AS-153#show run | in snmp snmp-server group READONLY v3 priv snmp-server group READONLY v3 priv context vlan- match prefix It is important to note that no changes were made to the existing user account; however, in order to view the STP data, LiveAction must use a user within the contextually aware SNMPv3 group to manage the switches.


4. Spanning Tree Topology View

The main benefit of using LiveAction, within the context of a layer 2 focused infrastructure, is that each STP instance can be easily visualized. This greatly aids in troubleshooting performance and connectivity issues within the local area network.

With VLAN 10, we can clearly see L2c3560SCOPE-DS-150 as our root bridge. Hovering over any of the switches displays more information, similar to what we would find in the IOS CLI.


By changing the LAN tab selector to the desired VLAN, it is possible to see various STP instance configurations.

Hovering over a non-root bridge device shows us which ports are blocked, reducing the need to hop into each switch in order to run the “show spanning-tree vlan x” command. The current configuration is placed in front of you in an easy to read format.

As an added benefit, LiveAction is able to properly identify MSTP configurations and has the exact same workflow as the other STP variations. Utilizing the drop down selector for the VLANs in the same MSTP instance will yield the exact same data. There are no extra configurations required to make MSTP work.


5. Spanning Tree Alerts

A stable STP instance is one where the port states remain fairly static. Changes to port states indicate some form of network change and can cause STP to reconverge. Depending on the implemented protocol, the convergence time can take upwards of 45 seconds, causing temporary outages and data loss for critical network services. As part of LiveAction’s high visibility features, an alerting system has been implemented to notify users of any changes in the STP topology. To access this functionality, select Tools > Configure Alerts, and access the LAN Triggers tab.

The result, upon changing the priority of the root bridge, shows a fairly verbose output of the LiveAction’s alerting system during a topology change. For PVST+, it is also possible to see the LEARNING and LISTENING transition states in the topology, indicated by a yellow arrow. For all intents and purposes these transition states are still considered to be BLOCKING, but can give the administrator a visual cue on STP convergence in the network. In order to simplify the alerts, only FORWARD and BLOCK states will be noted.


Since the real-time alert system will only display the last 100 alerts, we can leverage the “Historical search” feature to sift through these events for further analysis. The Historical Alerts is accessible through the In-Application Alerts window.


6. Spanning Tree State Report

LiveAction’s Spanning Tree State Report allows the user the ability to see the STP configuration at any point in time. This is particularly useful when troubleshooting the addition and modification of switches in the network. Another potential use case for this report is also for the planning phase of a network design process, as it focuses on key STP information, as well as the connected device and interface. To access the report, select Reporting > LAN > Reports, and use the Spanning Tree State Report. Here we see the VLAN 10 and VLAN 20 settings for the device, L2c3560SCOPE-DS-150:

Another option is to view all of the devices in the topology, to get a holistic view of the selected VLAN. This benefits greatly from a configuration management perspective and is comparable to running a combination of “show spanning-tree vlan 20” and “show cdp neighbors” command on ALL of your switches.


7. Spanning Tree Use Case Scenario: Identifying Rogue Switches

One of the ways we can spot the inclusion of rogue switches into the network is through the LAN Topology View. By selecting the “Show Spanning Tree” option, we clearly see another connection hanging off of L2c2960SCOPE-AS-152. Because the interface connected to this new switch is not in our topology, as an added interface, we see a stray arrow pointing out to the middle of nowhere.

Hovering over the Bridge ID icon shows a tooltip with the same information. It looks like the added switch is also assuming the role as the root bridge, because of its low bridge priority value (10). The converged topology now seems to be using a suboptimal layer 2 path. For example, in order for a workstation connected to L2c2960SCOPE-AS-153 to reach a server on L2c3560SCOPE-DS-151, the traversed path would be:

L2c2960SCOPE-AS-153 L2c3560SCOPE-DS-150 L2c2960SCOPE-AS-152 L2c3560SCOPE-DS-151


In order to further investigate this device, the Spanning Tree State Report is executed for VLAN10. We see that none of the switches in the topology are currently configured as the Root Bridge and a stray entry has been added, which points to the rogue switch. It seems like it is connected to Fa0/8 on L2c2960SCOPE-AS-152. LiveAction will not display the connected device’s name under the Spanning Tree State Report unless it is a configured device. To view the actual device name, we can double-click the device in question in order to enter the LAN Device View.

It looks like the culprit is another Cisco switch with the name “sc-switch”! It might be possible that the device was just misconfigured with the wrong priority, but having LiveAction enables us to quickly visualize the error and conduct the necessary remediation steps. Similarly, identifying rogue devices helps us initiate incident response at a much faster rate.

Copyright © 2013 ActionPacked! Networks. All rights reserved. ActionPacked!, the ActionPacked! logo and LiveAction are trademarks of ActionPacked! Networks. Other company and product names are the trademarks of their respective companies.

ActionPacked! Networks 155 Kapalulu Place, Suite 222 Honolulu, HI 96819


LiveAction Spanning Tree Protocol (STP) Application Note

Technology

Transcript of LiveAction Spanning Tree Protocol (STP) Application Note