iTranslated by AI

The content below is an AI-generated translation. This is an experimental feature, and may contain errors. View original article

CCNP ENCOR Exam Prep 2-5: Tracking STP Behavior During Topology Changes and Failures

に公開
EVE-NG
CCNP
tech

Verifying Topology Changes and Failures in EVE-NG

Introduction

  • In this session, we will cover "STP Topology Changes," "Converging with Direct Link Failures," and "Indirect Failures" as described in the text.
  • This is the part of Chapter 2 where we go beyond how STP looks in a "normal state" and explore how it reacts when changes occur.

Scope of the Text for This Session

  • STP Topology Changes
  • Example 2-7 (Note: The configuration may not exactly match the text)
  • Converging with Direct Link Failures
  • Indirect Failures

Objectives for This Verification

  • Identifying what to look for in show spanning-tree vlan 10 detail when a topology change occurs.
  • The difference in roles between the TCN BPDU and the Topology Change flag.
  • What happens during a direct failure.
  • Why the Max Age timer is effective in cases of indirect failure.

Verification Topology

Configuration (Skipped as it is the same as the previous session)

Commands Used

Enter on SW1:

show spanning-tree vlan 10 detail

As needed, we will run the same command on the switch where the change occurred, but we will start by checking the overall changes on the root bridge, SW1.

In our initial verification, we will assign the roles as follows:

  • Triggering the failure: shutdown the Gi0/0 interface on SW1 to induce a change between SW1 and SW2.
  • Observing the differences: Run show spanning-tree vlan 10 detail on SW1 and monitor changes in Number of topology changes, last change occurred, and from interface.
  • Capturing traffic:
    • Check for TCN BPDU received from SW2 on the Gi0/0 side of SW4.
    • Check for the Configuration BPDU with the Topology Change flag returning from SW1 to SW3 on the Gi0/0 side of SW3.

Execution result on SW1:

SW1#show spanning-tree vlan 10 detail

 VLAN0010 is executing the ieee compatible Spanning Tree protocol
  Bridge Identifier has priority 4096, sysid 10, address 5000.0001.0000
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag not set, detected flag not set
  Number of topology changes 5 last change occurred 00:01:43 ago
          from GigabitEthernet0/0
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 0, notification 0, aging 300

 Port 1 (GigabitEthernet0/0) of VLAN0010 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.1.
   Designated root has priority 4106, address 5000.0001.0000
   Designated bridge has priority 4106, address 5000.0001.0000
   Designated port id is 128.1, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 56, received 71

 Port 2 (GigabitEthernet0/1) of VLAN0010 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.2.
   Designated root has priority 4106, address 5000.0001.0000
   Designated bridge has priority 4106, address 5000.0001.0000
   Designated port id is 128.2, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 309, received 3

If necessary, run the same command on the switch that triggered the change to supplement our observation of last change occurred and from interface.

How to Interpret show spanning-tree vlan 10 detail

Using this command, we focus on the following points in line with Example 2-7 in the text:

  • Number of topology changes
  • last change occurred
  • from GigabitEthernet... (which interface triggered it)
  • Topology Change flag

Observation points:

  • How many topology changes have occurred recently?
  • How long ago was the last change?
  • Which port was the trigger?

Since the Topology Change flag is set temporarily, it may have already cleared by the time you run the show command. The primary observation points that remain visible for analysis are Number of topology changes, last change occurred, and from interface, so we will focus on these three.

Verifying TCN BPDU and Topology Change Flag During a Direct Failure

Here, we use the previously observed SW1 show spanning-tree vlan 10 detail as a baseline to identify differences. For our first verification, we target the link between SW1 and SW2 and perform the following steps:

  1. Start capturing on the relevant interfaces of SW3 and SW4.
    Observation locations:
    Capture on SW3 Gi0/0 side, Capture on SW4 Gi0/0 side

Points to verify:

  • Start the capture before inducing the topology change due to the direct failure to avoid missing the TCN BPDU and Topology Change flag.
  • On SW4 Gi0/0, ensure the TCN BPDU from the SW2 side can be captured.
  • On SW3 Gi0/0, ensure the Topology Change flag in the Configuration BPDU returning from SW1 to SW3 can be captured.
  1. Shutdown SW1's Gi0/0 to induce the change between SW1 and SW2.
    Observation location:
    SW1
configure terminal
interface gi0/0
shutdown
  1. Confirm receipt of TCN BPDU on SW4 Gi0/0.
    Observation location:
    Capture on SW4 Gi0/0 side

Points to verify:

  • Confirm receipt of the TCN BPDU coming from the SW2 side on SW4 Gi0/0.
  • Identify it as a TCN BPDU by observing BPDU Type = 0x80.
  • Confirm that the change occurring on the SW2 side is being notified upstream.

Capture result:


You can see from the Src that it is a TCN BPDU from SW2.
By the way, SW3 receives TCN BPDUs from both SW4 and SW5 and forwards them to SW1 twice.

  1. Confirm the Topology Change flag on the SW1-facing interface of SW3.
    Observation location:
    Capture on SW3 Gi0/0 side

Points to verify:

  • The Topology Change flag should be set in the Configuration BPDU returning from SW1 to SW3.
  • Observe the Flags field to track the difference between normal Configuration BPDUs and those sent after a topology change.

Capture result:


You can see that Topology Change: YES is indicated.

Standard BPDUs after convergence look like this:


It has changed to Topology Change: NO.

  1. Run show spanning-tree vlan 10 detail on SW1 again and observe the differences.
    Observation location:
    SW1

Points to verify:

  • Number of topology changes
  • last change occurred
  • from interface
  • Topology Change flag
  • The disappearance of Port 1 from the display.

Notes:

  • For access ports without PortFast enabled, you might observe a topology change upon shutdown / no shutdown.
  • Be aware that behavior may vary depending on PortFast or edge port configurations.
  • To keep this verification simple, we will primarily observe trunk link shutdown / no shutdown between switches.

Execute on SW1:

show spanning-tree vlan 10 detail

Differences:

SW1#show spanning-tree vlan 10 detail

 VLAN0010 is executing the ieee compatible Spanning Tree protocol
  Bridge Identifier has priority 4096, sysid 10, address 5000.0001.0000
  Configured hello time 2, max age 20, forward delay 15
  We are the root of the spanning tree
  Topology change flag set, detected flag set
  Number of topology changes 6 last change occurred 00:00:08 ago
          from GigabitEthernet0/0
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 1, topology change 26, notification 0, aging 15

 Port 2 (GigabitEthernet0/1) of VLAN0010 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.2.
   Designated root has priority 4106, address 5000.0001.0000
   Designated bridge has priority 4106, address 5000.0001.0000
   Designated port id is 128.2, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 326, received 3
  • This is immediately after shutdown.
  • Note that Topology change flag set, detected flag set has changed.
  • Number of topology changes has increased from 5 to 6.
  • Timers: ... Aging time has been shortened to 15 seconds.
  • Port 1 has disappeared.

*Using a file comparison tool like WinMerge will make these differences much easier to see.

Observations from Direct Failure

The verification conducted so far simulated a direct failure between SW1 and SW2 by shutting down SW1's Gi0/0 interface.

In a direct failure, since the link-down event can be detected immediately at Layer 1, there is no need to wait for the Max Age timer to expire, unlike in an indirect failure.

The findings from this verification are as follows:

Verification Results:

  • An STP topology change was triggered by the link-down event.
  • A TCN BPDU was sent from the non-root switch toward the Root Bridge.
  • A Configuration BPDU containing a Topology Change flag was sent from the Root Bridge.
  • Number of topology changes increased in the show spanning-tree vlan 10 detail output.
  • Topology change flag set, detected flag set were observed temporarily.
  • The MAC address table aging time was shortened from 300 seconds to 15 seconds.
  • The shutdown Port 1 disappeared from the VLAN 10 STP display.

About Indirect Failures

An indirect failure is a scenario where the link itself remains up, but BPDUs stop being received.

The shutdown command used in our EVE-NG verification results in an interface-down state, which is detected directly, making it a direct failure. To observe an indirect failure as described in textbooks, one might need a physical environment where frames are lost in only one direction, such as using a unidirectional broken fiber optic cable or disconnecting one strand of a two-core cable.

However, depending on the device and SFP behavior, this may be detected as a link-down or err-disable state, so it is necessary to verify whether the interface remains up while only BPDUs fail to arrive.

Therefore, in this session, we will treat indirect failure as a conceptual review rather than a physical capture.

The key points of an indirect failure are as follows:

  • The interface remains up.
  • BPDUs are no longer received.
  • Link-down cannot be detected directly.
  • Wait for the old BPDU information on the Root Port to expire based on the Max Age timer.
  • Subsequently, the alternate port proceeds to forwarding through listening and learning states.

For exam preparation, remember: direct failure involves direct detection of link-down, while indirect failure involves detecting missing BPDUs via the Max Age timer.

Key Takeaways

  • Number of topology changes, last change occurred, and from interface are the easiest fields to monitor in show spanning-tree vlan X detail.
  • The TCN BPDU sent by a non-root switch and the Topology Change flag set in a Configuration BPDU by the root bridge serve different roles.
  • In a direct failure, the aging time is shortened to flush old MAC address table entries more quickly.
  • In an indirect failure, the Max Age timer is critical because link-down cannot be detected directly.

Summary

In this session, we verified how STP reacts not only in its normal tree structure but also when topology changes or failures occur.

Next, we will switch to RSTP and organize our understanding of port states, roles, handshakes, and convergence.

  • Full set of configurations used in this session for observing topology changes and failures

https://github.com/MK-1020/ccnp-encor-labs/tree/main/ccnp_guided_lab_packets/02_spanning_tree_protocol/configs/05_topology_changes_and_failures

Discussion