Saturday, April 21, 2012

Portfast and BPDUfilter Combined

Cisco has some proprietary STP features for faster convergence at layer 2. Today lets discuss portfast and bpdufilter.
Portfast essentially does two main things when applied on the access ports of the switch. 
1. It skips listening and learning phases of stp and directly jumps to forwarding state whenever a host is alive on the respective connected port.
2. It does not generate TCN (Topology Change Notification) bit to inform root about the change in network topology. Generally when portfast is not applied and a host comes up on a switchport, stp generate a TCN bit to inform root switch about the change and then the root switch flush the CAM table of the entire layer 2 network which increases the convergence time. Therefore by using portfast it reduces the convergence time by insuring the host ports can not create loops.

There are two ways by which we can apply portfast on switch ports.
1. Directly on access switchports
#switchport access vlan X
#spanning-tree  portfast
2. Globally 
#spanning-tree portfast default

first will apply only on the respective port on which its applied and second will apply on all the access ports of the switch.

BPDUfilter isolates the switching domain by not receiving and sending (though it sends 11 initial bpdu to prevent transient loops) bpdu to the connected device. There are two ways to apply bpdufilter.
1. On interface
#spanning-tree bpdufilter enable
2. Globally
#spanning-tree portfast bpdufilter default

First applies only on interface while second applies on all the access ports on which portfast is enabled. In this case if bpdu is received on the portfast enabled access port, the portfast status on this port is disabled that means bpdufilter which applied globally does not have any significance. 

Lets try some applying combinations of these two features.

1. Both portfast and bpdufilter on interface

In this case bpdufilter take the precedence, that means this interface will not send and receive any bpdu. Here receive means it silently drops the bpdus on this interface. Therefore portfast will not be able to revert to disable state and port remains portfast enabled.

2. Portfast globally and bpdufilter on interface

This is same as case 1 except that since portfast is applied globally it will apply to all the access ports of the switch.

3. Both portfast and bpdufilter globally

In this case portfast will apply to all access ports of the switch and bpdufilter apply on all the portfast enabled ports. That means bpdu will not send out on these ports and if bpdus are received then porstfast is disabled on this port.  Now since portfast is diabled on this port bpdufilter will no long apply on this port.

4. Portfast on interface and bpdufilter globally

 In this case, when we apply bpdufilter globally it will apply only on portfast enabled ports. The port on which portfast is applied will not send any bpdu but if it receives any bpdu it will disable the porstfast from this port and therefore bpdufilter is also no longer applied on this interface.

Also note that we can also disable portfast or bpdufilter on per interface basis.
On interface
#spanning-tree portfast disable OR # spanning-tree bpdufilter diable

The above mentioned cases can be used in various scenarios at layer 2 switching to solve stp convergence issues.

For example

Task : Ensure only f0/1 and f0/2 should skip listening and learning phases and bpdus should not be send and receive on these ports, if any bpdu is received it should disables the portfast on these ports.

Solution : 
Globally "spanning-tree portfast bpdufilter default
Interface f0/1 and f0/2 "spanning-tree portfast"

here ONLY is the keyword lookout for. Which means apply portfast at interface level and on these interface apply bpdufilter by applying bpdufilter globally.

In this way we can have other tasks require our learning on these features though these features are being replaced by mstp and rstp. In these advance spanning tree technologies these features are inbuilt. 

Here is the end of this blog, we will take up other stp features in the future blogs.

Thanks









No comments: