Per VLAN Spanning Tree

June 03, 2013

All modern Cisco switch support PVST. As name indicates what per VLAN Spanning Tree does is add a VLAN number to the priority of the BPDU headers. e.g., the default priority is 32768; if you run VLAN 10 on your switch then new priority would be 32778. The result of this is you have one Root Bridge per VLAN. If your network has multiple VLAN then you have multiple Root Bridge per VLAN. In that case if you don't change anything, by default same switch will elected as Root Bridge for every single VLAN number.


From the diagram above we have VLAN 10 and 20 running on Switches which are trunked each other. We have two VLAN here that means we have two completely separate network of Spanning Tree running. Now the trunk link has run both VLAN 10 & 20. We already discuss by default priority is 32678, and then new priority would be 326778 for VLAN 10 and 32688 for VLAN 20. If that so then it’s all tied and VLAN 10 only communicate with VLAN 10 and VLAN 20 only Communicated its instance. They would end up with electing same switch for Root Bridge for both VLANs. Let’s see above topology switch4 wins the Root Bridge, it’s may have the lowest mac address and block switch1 port Fa1/1. This will block upper side of the network. That would be the primary link if we left all by default. So if we tuned the priority then Switch1 wins Root for VLAN 20 and Switch3 for VLAN 10. Now we have two separate Root Bridges.


Let's see on the topology if a VLAN 10 packet wants to traverse then it use switch3 path and VLAN 20 user Switch1 path. Because Switch3 block one port for VLAN 20 and Switch1 block for VLAN 10. That means VLAN 10 traffics doesn't goes through Switch1 and VLAN 20 traffic doesn't goes through Switch3.This could load balance effectively.  
Tags # cisco # network Continue Reading
By at
Tags ,

Spanning Tree Electing Root Bridge

June 02, 2013
Per-VLAN Spanning Tree Concepts

Let’s began with how Spanning tree work in enterprise network. From the figure we can identified who will be the root bridge and config to choose who will be the root bridge in our network.

Let’s start with default state of Spanning tree. A real world Spanning tree example. We have 3 tiered network structure of enterprise network. Top of Switch is Access, which is directly connected with the user and middle is Distribution then core switch, at bottom server FARM switches. We don't change anything priority and mac address are the same; now guess who will be the Root Bridge.

Obviously switch0, because it has the lowest mac address. That access layer switch became the Root Bridge. Now do we want that switch became Root Bridge in our network? No we didn't want it to be Root Bridge. That isn't the center of the network.


Remember that all switch finds best way to reach Root Bridge and block all other redundant links. Switches think that's the center of the network. Now switches are selecting their root port with the lowest cost path to reach the Root Bridge.

Switch2 directly connected port became Root Port because it has 100M link with cost 19. Just like Switch2, Switch3, Switch4 and other also elect Root Port. Block all other port left over. 

Okay let’s remove block port and see the network. That's the real topology of the switch look like. Take a look at this, the problem is what links got block. e.g the major link of distribution(Switch3 to Swtich2) link has been cut off as well as core switch(Switch4 to Swtich2) also cutoff, that’s what we really don't want.


Distribution Switch have a flood of traffic which is forwarded to the Root Bride, the limit of network congestion, that access switch might be low performance with lower quality like Catlyst 2900xl. It may have 100M links with definitely can't handle so much traffic coming from the distribution switch. This could be bottle-necking of the entire network. All is working fine, switch led are blinking green but user feels slow because congestion of the link. A tone of traffic is coming from the distribution switch which causes Root Bridge crashing. That could happen complete network down for 10 to 30 or more. This could depend on how big the network is? That happen because bad Root Bridge has been elected, then what switch had to be the Root Bridge.

The answer is, Core Switchs in the network should be the Root Bridge. So everybody finds the best way to reach the Root Bridge and block other redundant link. That’s the good way to configure the Spanning tree. Make sure you change the priority to lower, so the Core switch can wins the Root Bridge election, don't let mac address break the tie between the switches.

Tags # cisco # network Continue Reading
By at
Tags ,

Mikrotik SXT 5nD r2 setup in bridge mode

May 31, 2013
How to connect two Mikrotik RouterBoard SXT 5nD r2 devices together in Bridge Mode
Upgrading you SXT's to the Latest version of RouterOS
Doing a Bandwidth Test between two RouterBoard SXT-5nD's


Mikrotik routerboard default IP is 192.168.88.1

You can connect with routerboard by WinBox through IP and MAC address. You need to download WinBox from mikrotik website.

By default routerboard have Admin as username and blank password.

If you want to connect with device through IP then don't forget to add same network address into your pc NIC, otherwise connection isn't established. Else you can connect through MAC so choose MAC address from Elipsis next to "connect" field.

When you login, "RouterOS Default configuration" screen is popup. click okay.

Do same for other device to login to routerOS
If you followed the process then you already open both device.

Now you can set a HostName for those devices.

  • Click on the system button on the left then Identity
  • Change the name to something useful.
  • Make the change to both radios

Connecting Wireless radio

 Steps to followed

  • Click the wireless button on the top left
  • "Wlan1" interface is grayed or dimmed, this means its currently disabled.
  • Right click "wlan1" interface and click Enable from dorpdown menu or just Blue Check button on top of menu bar. Now you can see the interface is enabled.

Its time to change radios device to Accesspoint and "Client"

Step to followed to make AccessPoint.
Access Point Configuration
  • Double click on Wlan1
  • Click the wireless tab at the top, next to General tab
  • Click the Mode drop-down menu and choose "Bridge"
  • Click the Band drop-down menu and choose "5Ghz-only-N"
  • On Channel Width  drop-down choose "20/40MHz HT Above
  • Choose "nv2" on Wireless Portocol
  • Click the HT tab at the top, next to wireless tab
  • From HT Guard Interval drop-down menu choose "long"
  • Select all 4 HT chain options and also select  all HT AMPDU priorities 
  • Click on WDS tab, on WDS mode drop-down menu choose dynamic.
  • And WDS Default  Bridge "bridge1"
  • On Nstreme tab select "Disable CSMA" and Framer policy "dynamic size"
  • Now select Apply button on the top right.








Client Configuration


 Step to follow for client
  • Double click on wlan1
  • Click on Scan button on the right
  • The AP must show up, if it isn't, follow above steps again, if its does, then click on the SSID shown in the list and click the "connect" button then 'close'
After doing so you have connect client to AP. Wait we need change something more here .

Go to back to the wireless tab.
  • Click the Mode drop-down menu and choose "Station Bridge"
  • Click the Band drop-down menu and choose "5Ghz-only-N"
  • On Channel Width  drop-down choose "20/40MHz HT Above
  • Click the wireless protocol drop-down and choose "Any"
  • ON HT tab next to wireless tab select 4 HT chain options
  • From HT Guard Interval drop-down menu choose "long"
  • Then select all HT AMPDU priorities
  • Now click Apply button on right side.






On the wireless tables window you can see "R" next to the Wlan Interface. This indicate the cleint is register and connected to the AP.

Bandwidth test Between two SXT

  • Click the Tools button on the left then choose Bandwidth Test
  • Change the "Test To:" field to the address of the client - 192.168.88.1
  • From Protocol either choose "udp" or "tcp"
  • On Direction drop-down menu either choose of your choice 
  • Click the "user" field and enter admin for the username.
  • Now click Start button top right of the menu.
Here is my bidirectional TCP test.


Tags # mikrotik # network Continue Reading
By at
Tags ,

Spanning Tree Protocol

May 31, 2013
What is STP?
Spanning Tree protocol was created to prevent loops in redundant network.

What is BPDU?

Switches send "PROBES” into the network called Bride Protocol data units (BPDUS) to discover loops. All switched in the network have that probes data back. Flipping all the switches. Checking out every single links. Actually it’s a Multicast packet. If there is redundancy in the network the switch will gets its own BPDU. Switches know there is redundant link in the network. Now switch work to find it out. That’s the goal of the BPDU.

What is ROOT Bridge?

BPDU also help to elect Root Bridge. The root bridge of the network, STP election will pick the oldest switch of the network as the root bridge by default.  All switches will find the best way to reach Root Bridge.  All other path which aren't fast to reach the root end of getting block which disable redundancy of the network.

BPDU and Elections?

BPDU are sent once every two seconds out every single port. This could identify if your primary link gone down and it’s trying to find out backup link to the root bridge. e.g, Lets imagine Switch0 send its "probes"  switch1 and switch2 broadcast this probes  and also switche1 and 2 know there is switch 0 in the network, this "probes" gets back to the switch0, it’s know s there is loops in the network. When switch find out loops, its go for the election process.

In every single BPDU packets there is two major fields.
-Priority
-Mac Address

The priority is value between 0 to 61440, the default is 32768. You can't set priority to 0 or 1 or 9, it has to set on increment of 4096 because priority field have 4 bits reserved, using 4 bits we can’t use 61440 values. By default every switch has same priority so every switch ties on priority. So every switch relay on its mac address. Who have lower mac address which is elected to root bridge, which breaks the ties between switches?  In diagram switch1 is lower than switch2 and switch 2 is lower than switch0. So the switch1 wins the election. Lower the MAC Address is older the switch, because manufacturer start to produce first switch with first mac address and go for higher and higher mac address. So the newer switches have higher mac address.

All switches know each other and same priority and mac address. And also know switch1 has the lowest MAC Address. Switch1 wins the root bridge election, it’s became the core switch of the network. Other switches of the network loss the election. Root Bridge never ever blocks the port; all its port considered being forwarding or designated port. Other switches on the networks find best way to get that root bridge. Switches calculate link cost to get Root Bridge, fast Ethernet 100M link have 19 costs. So it’s calculated which have lowest cost to reach root bridge. So switch2 and switch0 are directly connected port to Root Bridge became root port, the best way to get the root. Here is tip whenever you do show command in a switch and saw root port don't be fool that isn't Root Bridge. If the switch has a root port it can't be the root bridge because that is going out that port to reach Root Bridge.

Designated port or forwarding port is one per link so Root bridge have all designated port switch2 have one root port and one designated port one side block the link which is on the swirch0. You may think why switch0 block the port not switch2, which is because switch0 have higher mac address.

How STP major Best Path?

-Elect the Root
-Switch find lowest cost path to Root.

Link Bandwidth         STP cost
4Mbps                       250
10Mbps                    100
16Mbps                    62
45Mbps                    39
100Mbps                  19
155Mbps                  14
622Mbps                   6
1Gbps                       4
10Gbps                     2




You may think what if cost may tie?
In that case switch use lower Bridge ID. Bridge ID is priority plus Mac address. Switches broadcast its Bridge ID, whoever have lower Bridge ID preferred to be best path to reach to root bridge, other path may block.

If two switch connected with two crossover cable in that scenario lower port to break a tie. That means lower remain unblock, higher port block the redundant.










Tags # cisco # network Continue Reading
By at
Tags ,