2. 科技
    3. 交换机之stp(生成树协议) 拓展mstp(多生成树协议)

    交换机之stp(生成树协议) 拓展mstp(多生成树协议)

    科技2022-07-12  149

    交换机之stp(生成树协议) 拓展mstp(多生成树协议)

    文章目录

    交换机之stp(生成树协议) 拓展mstp(多生成树协议)前言一、stp是什么?1.BPDU(网桥协议数据单元)1.1 BPDU的功能:1.2 BPDU的类型 2. 选举根交换机的规则:3.设置成根网桥的两种方法:4.stp生成树的端口角色5.stp生成树的端口状态6.选举根端口,指定端口的规则: 二、STP类型1. 分类1.1 STP(生成树协议)1.2 RSTP:(快速生成树协议)1.2.1 作用: 1.3 MSTP(多生成树协议)1.3.1 作用: 三 MSTP项目1 项目需求:2 .原理解析:3.流程 总结

    前言

    当多个交换机之间存在两条或多条链路进行连接通信时,会形成环路,导致会出现广播风暴,MAC地址表不稳定问题的出现。这时通过stp生成树协议将可以解决此类问题。

    一、stp是什么?

    因为当有环路存在时,广播的发送引起全网的广播风暴,由此需要打破环路生成的条件,而生成树协议就是解决二层广播风暴的重要手段,另外我们会阻塞一些端口,打破环路生成条件,当链路出现问题时,这些被阻塞的端口可以过渡到转发状态,实现链路的备份的作用

    1.BPDU(网桥协议数据单元)

    STP的各种选举(选举根)是通过交换BPDU报文实现来实现的。BPDU是直接封装在以太网帧的。(802.3+803.2) 对于参与STP的所有的SW,它们都通过数据消息的交换来获取网络中其它SW的信息,这种消息就被称为BPDU。 BPDU是直接封装在二层(数据链路层)的协议

    1.1 BPDU的功能:

    1, 选举根桥 2, 确定冗余路径的位置 3, 通过阻塞特定端口来避免环路 4, 通告网络的拓扑变更 5, 监控生成树的状态

    BPDU每2s由根桥发送一次。(拥有bridge-id的交换机成为根桥) 最初的网络,每个SW都认为自己是根桥,都会发送BPDU,比较Lowest BID,选举一个根桥,此时就只有根桥发送BPDU。非根桥只能进行转发,转发时只修改bridge-id和cost字段。

    1.2 BPDU的类型

    1. 配置BPDU——通常由根网桥以周期性(2s)间隔发出,包括STP参数,用于进行各种选举。 2. TCNBPDU——这种BPDU是当交换机检测到拓扑发生变更时所产生。 这种BPDU是SW检测到拓扑变更时产生的。可由非根网桥发出

    2. 选举根交换机的规则:

    通过比较 Lowest BID进行选举 Lowest BID = 网桥优先级 + MAC地址(越小越优)选择 根桥 交换机默认网桥优先级是 32768 ,默认比较MAC地址大小,按顺序进行比较,小的是根

    3.设置成根网桥的两种方法:

    1.修改网桥优先级命令 [ ] stp priority 0 ( 数值是4096的倍数) 修改数值比默认的32768 小的数值(数值是4096的倍数)

    2.设置此网桥为根网桥 [ ] stp root primary (优先级将变为0) 直接把优先级将变为0

    3.查看谁是根网桥的命令 display stp

    4.查看值范围 [ ] stp priority ? (4096的倍数)

    4.stp生成树的端口角色

    RP ;根端口。每个非根网桥上有且只有一个,选举到达根网桥路径开销值最小的成为根端口

    DP:指定端口。根网桥上每个端口都是指定端口,非根网桥上需要转发数据的端口也是指定端口。

    AP;预备端口。该接口状态为blocking状态(堵塞状态),只收BPDU,不发BPDU.(TCNBPDU)

    5.stp生成树的端口状态

    Disabled (禁用状态) :不转发数据帧,不学习MAC地址表,不参与生成树计算。 Blocking(阻塞状态):不转发数据帧,不学习MAC地址表,接收并处理BPDU,不发送BPDU。 Listening(侦听状态):不转发数据帧,不学习MAC地址表,参与生成树计算,接收并发送BPDU Learning(学习状态):不转发数据帧,学习MAC地址表,参与生成树计算,接收并发送BPDU Forwarding(转发状态):转发数据帧,学习MAC地址表,参与生成树计算,接收并发送BPDU

    端口由Blocking过渡到Forwarding有50s 延时, Blocking到Listening有20s老化时间, Listening到Learning有15s过渡时间, Learning到Forwarding有15是过渡时间。

    6.选举根端口,指定端口的规则:

    Lowest path cost to root bridge 到达根的最小路径开销 (比较带宽大小,100M,10M)

    Lowest sender BID 最小的发送方BID (比较MAC地址大小)

    Lowset sender port ID 最小的发送方PID 端口优先级(默认128)+ 发送方端口号 (比较发送给这个端口数据的端口号大小)

    剩下的端口是AP

    二、STP类型

    1. 分类

    STP:(生成树协议)RSTP:(快速生成树协议)MSTP:(多生成树协议)

    1.1 STP(生成树协议)

    1.2 RSTP:(快速生成树协议)

    1.2.1 作用:

    可以缩短生成树端口由阻塞到转发状态的过渡时间 (Blocking 过渡到 Forwarding 有50s ,缩短时间是Blocking 过渡到 Listening的20s老化时间) 命令:

    stp enable stp mode rstp

    1.3 MSTP(多生成树协议)

    一个VLAN一棵生成树,实现链路的负载均衡

    1.3.1 作用:

    1.指定多个VLAN形成一个实例生成一棵树,根据这棵树会选根,围绕着根去选指定端口,根端口,预备端口。 2. 流量负载均衡

    命令:

    stp mode mstp 进入mstp模式 stp region-configuration 区域设置 region-name huawei 区域名称 huawei revision-level 1 版本号 instance 1 vlan 10 实例 1 instance 2 vlan 20 实例 2 active region-configuration 激活当前配置 [ ]stp instance 1 root primary 实例1的根 [ ]stp instance 2 root secondary 实例2的备份

    三 MSTP项目

    设备:两个PC机,三个交换机,一个路由器

    1 项目需求:

    vlan10 与 vlan20 实现互通 vlan 10: SW3——SW1——R1 vlan 20: SW3——SW2——R1

    2 .原理解析:

    在不进行MSTP的情况下,由于环路的存在,交换机上会存在端口处于被阻塞状态,可能会导致路径不通,无法通信。有时可以通信,有时不可以通信。应用MSTP划分不同区域的根,实现所有链路都处于转发状态,负载均衡。

    3.流程

    在SW3上

    [SW3]vlan bat 10 20 Info: This operation may take a few seconds. Please wait for a moment...done. [SW3]int e0/0/1 [SW3-Ethernet0/0/1]port hybrid pvid vlan 10 [SW3-Ethernet0/0/1]port hybrid untagged vlan 10 20 [SW3-Ethernet0/0/1]q [SW3]int e0/0/2 [SW3-Ethernet0/0/2]port hybrid pvid vlan 20 [SW3-Ethernet0/0/2]port hybrid untagged vlan 10 20 [SW3-Ethernet0/0/2]q [SW3]int e0/0/3 [SW3-Ethernet0/0/3]port hybrid pvid vlan 10 [SW3-Ethernet0/0/3]port hybrid untagged vlan 10 20 [SW3-Ethernet0/0/3]q [SW3]int e0/0/4 [SW3-Ethernet0/0/4]port hybrid pvid vlan 20 [SW3-Ethernet0/0/4]port hybrid untagged vlan 10 20 [SW3-Ethernet0/0/4]q [SW3]display stp brief MSTID Port Role STP State Protection 0 Ethernet0/0/1 DESI FORWARDING NONE 0 Ethernet0/0/2 DESI FORWARDING NONE 0 Ethernet0/0/3 ROOT FORWARDING NONE 0 Ethernet0/0/4 ALTE DISCARDING NONE [SW3]stp mode mstp [SW3]stp region-configuration [SW3-mst-region]region-name huawei [SW3-mst-region]revision-level 1 [SW3-mst-region]instance 1 vlan 10 [SW3-mst-region]instance 2 vlan 20 [SW3-mst-region]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. [SW3-mst-region]q <SW3>display current-configuration # sysname SW3 # vlan batch 10 20 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name huawei revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 20 # interface Ethernet0/0/2 port hybrid pvid vlan 20 port hybrid untagged vlan 10 20 # interface Ethernet0/0/3 port hybrid pvid vlan 10 port hybrid untagged vlan 10 20 # interface Ethernet0/0/4 port hybrid pvid vlan 20 port hybrid untagged vlan 10 20 # interface Ethernet0/0/5 # interface Ethernet0/0/6 # interface Ethernet0/0/7 # interface Ethernet0/0/8 # interface Ethernet0/0/9 # interface Ethernet0/0/10 # interface Ethernet0/0/11 # interface Ethernet0/0/12 # interface Ethernet0/0/13 # interface Ethernet0/0/14 # interface Ethernet0/0/15 # interface Ethernet0/0/16 # interface Ethernet0/0/17 # interface Ethernet0/0/18 # interface Ethernet0/0/19 # interface Ethernet0/0/20 # interface Ethernet0/0/21 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

    在SW1上

    SW1]vlan bat 10 20 Info: This operation may take a few seconds. Please wait for a moment...done. [SW1]int e0/0/1 [SW1-Ethernet0/0/1]port hybrid pvid vlan 10 [SW1-Ethernet0/0/1]port hybrid untagged vlan 10 20 [SW1-Ethernet0/0/1]q [SW1]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type trunk [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all [SW1-GigabitEthernet0/0/2]q [SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]port hybrid pvid vlan 10 [SW1-GigabitEthernet0/0/1]port hybrid untagged vlan 10 20 [SW1-GigabitEthernet0/0/1]q [SW1]stp mode mstp [SW1]stp region-configuration [SW1-mst-region]region-name huawei [SW1-mst-region]revision-level 1 [SW1-mst-region]instance 1 vlan 10 [SW1-mst-region]instance 2 vlan 20 [SW1-mst-region]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. [SW1-mst-region]q [SW1]stp instance 1 root primary [SW1]stp instance 2 root secondary <SW1>display current-configuration # sysname SW1 # vlan batch 10 20 # stp instance 1 root primary stp instance 2 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name huawei revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 20 # interface Ethernet0/0/2 # interface Ethernet0/0/3 # interface Ethernet0/0/4 # interface Ethernet0/0/5 # interface Ethernet0/0/6 # interface Ethernet0/0/7 # interface Ethernet0/0/8 # interface Ethernet0/0/9 # interface Ethernet0/0/10 # interface Ethernet0/0/11 # interface Ethernet0/0/12 # interface Ethernet0/0/13 # interface Ethernet0/0/14 # interface Ethernet0/0/15 # interface Ethernet0/0/16 # interface Ethernet0/0/17 # interface Ethernet0/0/18 # interface Ethernet0/0/19 # interface Ethernet0/0/20 # interface Ethernet0/0/21 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 20 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface NULL0 # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

    在SW2上

    [SW2]vlan bat 10 20 Info: This operation may take a few seconds. Please wait for a moment...done. [SW2]int e0/0/1 [SW2-Ethernet0/0/1]port hybrid pvid vlan 20 [SW2-Ethernet0/0/1]port hybrid untagged vlan 20 10 [SW2-Ethernet0/0/1]q [SW2]int g0/0/2 [SW2-GigabitEthernet0/0/2]port link-type trunk [SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all [SW2-GigabitEthernet0/0/2]q [SW2]int g0/0/1 [SW2-GigabitEthernet0/0/1]port hybrid pvid vlan 20 [SW2-GigabitEthernet0/0/1]port hybrid untagged vlan 10 20 [SW2-GigabitEthernet0/0/1]q [SW2]stp mode mstp [SW2]stp region-configuration [SW2-mst-region]region-name huawei [SW2-mst-region]revision-level 1 [SW2-mst-region]instance 1 vlan 10 [SW2-mst-region]instance 2 vlan 20 [SW2-mst-region]active region-configuration Info: This operation may take a few seconds. Please wait for a moment...done. [SW2-mst-region]q [SW2]stp instance 2 root primary [SW2]stp instance 1 root secondary <SW2>display current-configuration # sysname SW2 # vlan batch 10 20 # stp instance 1 root secondary stp instance 2 root primary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name huawei revision-level 1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface Ethernet0/0/1 port hybrid pvid vlan 20 port hybrid untagged vlan 10 20 # interface Ethernet0/0/2 # interface Ethernet0/0/3 # interface Ethernet0/0/4 # interface Ethernet0/0/5 # interface Ethernet0/0/6 # interface Ethernet0/0/7 # interface Ethernet0/0/8 # interface Ethernet0/0/9 # interface Ethernet0/0/10 # interface Ethernet0/0/11 # interface Ethernet0/0/12 # interface Ethernet0/0/13 # interface Ethernet0/0/14 # interface Ethernet0/0/15 # interface Ethernet0/0/16 # interface Ethernet0/0/17 # interface Ethernet0/0/18 # interface Ethernet0/0/19 # interface Ethernet0/0/20 # interface Ethernet0/0/21 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 port hybrid pvid vlan 20 port hybrid untagged vlan 10 20 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface NULL0 # user-interface con 0 idle-timeout 0 0 user-interface vty 0 4 # return

    在AR1上

    R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 10.1.10.254 24 [R1-GigabitEthernet0/0/0]undo shut Info: Interface GigabitEthernet0/0/0 is not shutdown. [R1-GigabitEthernet0/0/0]int g0/0/1 [R1-GigabitEthernet0/0/1]ip add 10.1.20.254 24 [R1-GigabitEthernet0/0/1]undo shut Info: Interface GigabitEthernet0/0/1 is not shutdown. [R1-GigabitEthernet0/0/1]q <R1>display current-configuration [V200R003C00] # sysname R1 # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load flash:/portalpage.zip # drop illegal-mac alarm # wlan ac-global carrier id other ac id 0 # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 10.1.10.254 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 10.1.20.254 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 authentication-mode password idle-timeout 0 0 user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return

    完成以上操作,进行PC间通信测试 可以互通 在SW3上,查看端口状态

    <SW3>display stp brief MSTID Port Role STP State Protection 0 Ethernet0/0/1 DESI FORWARDING NONE 0 Ethernet0/0/2 DESI FORWARDING NONE 0 Ethernet0/0/3 ROOT FORWARDING NONE 0 Ethernet0/0/4 ALTE DISCARDING NONE 1 Ethernet0/0/1 DESI FORWARDING NONE 1 Ethernet0/0/2 DESI FORWARDING NONE 1 Ethernet0/0/3 ROOT FORWARDING NONE 1 Ethernet0/0/4 ALTE DISCARDING NONE 2 Ethernet0/0/1 DESI FORWARDING NONE 2 Ethernet0/0/2 DESI FORWARDING NONE 2 Ethernet0/0/3 ALTE DISCARDING NONE 2 Ethernet0/0/4 ROOT FORWARDING NONE

    总结

    通过MSTP可以有效的解决环路问题,实现数据通信的流量负载均衡

    Processed: 0.011, SQL: 8