Wednesday, February 19, 2020

Multiple Spanning Tree (MST)

By default Cisco Catalyst Switches run PVST+ or Rapid PVST+ (Per VLAN Spanning Tree). This means that each VLAN is mapped to a single spanning tree instance. When you have 20 VLANs, it means there are 20 instances of spanning tree.
Is this a problem? Like always…it depends, let’s take a look at an example:
cisco mst topology 200 vlans
Take a look at the topology above. We have three switches and a lot of VLANs. There’s 199 VLANs in total. If we are running PVST or Rapid PVST this means that we have 199 different calculations for each VLAN. This requires a lot of CPU power and memory.
When SW2 is the root bridge for VLAN 100 – 200 and SW3 for VLAN 201 – 300 our spanning-tree topologies will look like this:
cisco mst two topologies
SW2 is the root bridge for VLAN 100 up to VLAN 200. This means that the fa0/17 interface of SW1 or the fa0/14 interface on SW3 will be blocked. I’ll have 100 spanning tree calculations but they all look the same for these VLANs…
The same thing applies for VLAN 201 – 300. SW3 is the root bridge for VLAN 201 up to 300. The fa0/14 interface on SW1 or SW2 will be blocked for all these VLANs.
Two different outcomes but I still have 200 different instances of spanning tree running. That’s a waste of CPU cycles and memory right?
MST (Multiple Spanning Tree) will solve this issue. Instead of calculating a spanning tree for each VLAN we can use instances and map VLANS to each instance. For the network above I could do something like this:
  • Instance 1: VLAN 100 – 200
  • Instance 2: VLAN 201 – 300
Sounds logical right? Only two spanning tree calculations (instances) are required for all these VLANs.
MST works with the concept of regions. Switches that are configured to use MST need to find out if their neighbors are running MST.
MST Region A Region B

When switches have the same attributes they will be in the same region. It’s possible to have one or more regions and here are the attributes that need to match:
  • MST configuration name.
  • MST configuration revision number.
  • MST instance to VLAN mapping table.
When switches have the same attributes configured they will be in the same region. If the attributes are not the same the switch is seen as being at the boundary of the region. It can be connected to another MST region but also talk to a switch running another version of spanning tree.
The MST configuration name is just something you can make up, it’s used to identify the MST region. The MST configuration revision number is also something you can make up and the idea behind this number is that you can change the number whenever you change your configuration. It doesn’t matter what you pick as long as it’s the same on all switches within the MST region. VLANs will be mapped to an instance by using the MST instance to VLAN mapping table. This is something we have to do ourselves.
Within the MST region, we will have one instance of spanning tree that will create a loop-free topology within the region. When you configure MST there is always one default instance used to calculate the topology within the region. We call this the IST (Internal Spanning Tree). By default Cisco will use instance 0 to run the IST. In case you were wondering…its rapid spanning tree that we run within the MST.
MST Region Instance 0
I could create instance 1 for VLAN 100 – 200 and instance 2 for VLAN 201 – 300. Depending on which switch will become root bridge for each instance a different port will be blocked. It could look like this:
MST Region Instance 1 Instance 2
The switch outside the MST region doesn’t see what the MST region looks like. For this switch it’s like it’s talking to one big switch or a ‘black box’:
MST Region Outside
If you want to know the details of how MST and PVST+ work together, check out our MST and PVST+ interoperability lesson.  Let’s have some fun with the configuration.

MST Configuration

I will use the following topology:
mst region three switches example
We’ll start with a single MST region with the following attributes:

  • MST configuration name: “Networklessons”
  • MST configuration revision number: 1 (this is just a number that I made up)
  • MST instance to VLAN mapping table:
    • Instance 2: VLAN 10, 20 and 30.
    • Instance 3: VLAN 40, 50 and 60.
This is what we will do:
SW1(config)#spanning-tree mode mst
SW2(config)#spanning-tree mode mst
SW3(config)#spanning-tree mode mst
This is how we enable MST on our switches. Let’s look at the default MST instance:
SW1#show spanning-tree mst configuration 
Name      []
Revision  0     Instances configured 1

Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-4094
-------------------------------------------------------------------------------
SW2#show spanning-tree mst configuration 
Name      []
Revision  0     Instances configured 1

Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-4094
-------------------------------------------------------------------------------
SW3#show spanning-tree mst configuration 
Name      []
Revision  0     Instances configured 1

Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-4094
-------------------------------------------------------------------------------
We can use the show spanning-tree mst configuration command to see the MST instances. I haven’t created any additional instances so only instance 0 is available. You can see that all VLANs are currently mapped to instance 0. Let’s see what else we can find:
SW1#show spanning-tree mst 

##### MST0    vlans mapped:   1-4094
Bridge        address 0011.bb0b.3600  priority      32768 (32768 sysid 0)
Root          address 000f.34ca.1000  priority      32768 (32768 sysid 0)
              port    Fa0/17          path cost     0        
Regional Root address 000f.34ca.1000  priority      32768 (32768 sysid 0)
                                      internal cost 200000    rem hops 19
Operational   hello time 2 , forward delay 15, max age 20, txholdcount 6 
Configured    hello time 2 , forward delay 15, max age 20, max hops    20

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Desg FWD 200000    128.16   P2p 
Fa0/17           Root FWD 200000    128.19   P2p
You can also use the show spanning-tree mst command. We can see the VLAN mapping but also information about the root bridge. Before we can add more instances we have to do our chores…time to add some VLANs and configure the links between the switches as trunks:
SW1(config)#interface fa0/14
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config)#interface fa0/17
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW2(config)#interface fa0/14
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config)#interface fa0/16
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW3(config)#interface fa0/14
SW3(config-if)#switchport trunk encapsulation dot1q
SW3(config-if)#switchport mode trunk
SW3(config)#interface fa0/16
SW3(config-if)#switchport trunk encapsulation dot1q
SW3(config-if)#switchport mode trunk
That takes cares of the trunks, and here are the VLANs:
SW1, SW2 & SW3:
(config)#vlan 10
(config-vlan)#vlan 20
(config-vlan)#vlan 30
(config-vlan)#vlan 40
(config-vlan)#vlan 50
(config-vlan)#vlan 60
(config-vlan)#exit
Now we can configure MST and the instances:
SW1(config)#spanning-tree mst configuration 
SW1(config-mst)#name Networklessons
SW1(config-mst)#revision 1
SW1(config-mst)#instance 2 vlan 10,20,30
SW1(config-mst)#instance 3 vlan 40,50,60
SW1(config-mst)#exit
SW2(config)#spanning-tree mst configuration 
SW2(config-mst)#name Networklessons
SW2(config-mst)#revision 1
SW2(config-mst)#instance 2 vlan 10,20,30
SW2(config-mst)#instance 3 vlan 40,50,60
SW2(config-mst)#exit
SW3(config)#spanning-tree mst configuration 
SW3(config-mst)#name Networklessons
SW3(config-mst)#revision 1
SW3(config-mst)#instance 2 vlan 10,20,30
SW3(config-mst)#instance 3 vlan 40,50,60
SW3(config-mst)#exit
This is how we configure MST. First you need the spanning-tree mst configuration command to enter the configuration of MST. We set the name by using the name command. Don’t forget to set a revision number and map the instances with the instance command. Let’s verify our work:
SW1#show spanning-tree mst configuration 
Name      [Networklessons]
Revision  1     Instances configured 3

Instance  Vlans mapped
--------  ---------------------------------------------------------------------
0         1-9,11-19,21-29,31-39,41-49,51-59,61-4094
2         10,20,30
3         40,50,60
-------------------------------------------------------------------------------
We can use the show spanning-tree mst configuration command to verify our configuration. You can see that we now have two instances. The VLANS are mapped to instance 2 and 3. All the other VLANs are still mapped to instance 0.
So far so good, let’s play some more with MST and change the root bridge:
mst region switch a root bridge
Within our region I want to make sure that SW1 is the root bridge. We’ll have to change the priority for the IST (Internal Spanning Tree):
SW1(config)#spanning-tree mst 0 priority 4096
This is how I change the priority for MST instance 0.
SW1#show spanning-tree mst               

##### MST0    vlans mapped:   1-9,11-19,21-29,31-39,41-49,51-59,61-4094
Bridge        address 0011.bb0b.3600  priority      4096  (4096 sysid 0)
Root          this switch for the CIST
Here you can see that SW1 is the root bridge for the IST. It says CIST which stands for Common and Internal Spanning Tree.
Let’s take a look at the interfaces:
SW1#show spanning-tree mst 0 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Desg FWD 200000    128.16   P2p 
Fa0/17           Desg FWD 200000    128.19   P2p
SW2#show spanning-tree mst 0 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Root FWD 200000    128.16   P2p 
Fa0/16           Altn BLK 200000    128.18   P2p
SW3#show spanning-tree mst 0 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Root FWD 200000    128.14   P2p 
Fa0/16           Desg FWD 200000    128.16   P2p
Now we know the state of all interfaces. Let’s draw a picture so we know what the IST looks like:
mst internal spanning tree
Now I want to make some changes to instance 2 so SW2 will be root bridge:
SW2(config)#spanning-tree mst 2 priority 4096
We’ll change the priority on SW2 for instance 2.
SW2#show spanning-tree mst 2

##### MST2    vlans mapped:   10,20,30
Bridge        address 0019.569d.5700  priority      4098  (4096 sysid 2)
Root          this switch for MST2
This command proves that SW2 is the root bridge for instance 2. Let’s check the interfaces:
SW1#show spanning-tree mst 2 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Root FWD 200000    128.16   P2p 
Fa0/17           Altn BLK 200000    128.19   P2p
SW2#show spanning-tree mst 2 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Desg FWD 200000    128.16   P2p 
Fa0/16           Desg FWD 200000    128.18   P2p
SW3#show spanning-tree mst 2 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Desg FWD 200000    128.14   P2p 
Fa0/16           Root FWD 200000    128.16   P2p
This is what instance 2 looks like. Let’s turn that into a nice picture:
mst instance 2 port states
Here’s a fancy picture of instance 2 to show you the port roles. Note that this topology looks different than the one for instance 0.
Last but not least I’m now going to make some changes for instance 3:
SW3(config)#spanning-tree mst 3 priority 4096
SW3 will become the root bridge for instance 3.
SW3#show spanning-tree mst 3

##### MST3    vlans mapped:   40,50,60
Bridge        address 000f.34ca.1000  priority      4099  (4096 sysid 3)
Root          this switch for MST3
SW3 is now the root bridge for instance 3. Let’s look at the interfaces:
SW1#show spanning-tree mst 3 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Desg FWD 200000    128.16   P2p 
Fa0/17           Root FWD 200000    128.19   P2p
SW2#show spanning-tree mst 3 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Altn BLK 200000    128.16   P2p 
Fa0/16           Root FWD 200000    128.18   P2p
SW3#show spanning-tree mst 3 | begin Interface
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/14           Desg FWD 200000    128.14   P2p 
Fa0/16           Desg FWD 200000    128.16   P2p
And we can draw another topology picture:
mst instance 3 port states
Let’s compare instance 2 and 3 next to each other:
mst instance 2 and 3
On the left side you see instance 2 and on the right side is instance 3.
By changing the root bridge per instance we end up with different topologies:
  • Instance 2: fa0/17 on SW1 is blocked for VLAN 10, 20 and 30.
  • Instance 3: fa0/14 on SW2 is blocked for VLAN 40, 50 and 60.
Is this making sense so far? I sure hope so!
What happens when I add another switch that is running PVST to our topology? Let’s find out!
Mst Four Switches
SW4(config)#spanning-tree mode pvst
PVST is the default on most Cisco switches but I’m showing it here so you really know I’m running PVST.
SW4(config)#interface fa0/16
SW4(config-if)#switchport trunk encapsulation dot1q 
SW4(config-if)#switchport mode trunk
SW4(config)#interface fa0/19
SW4(config-if)#switchport trunk encapsulation dot1q 
SW4(config-if)#switchport mode trunk
SW4(config)#vlan 10
SW4(config-vlan)#vlan 20
SW4(config-vlan)#vlan 30
SW4(config-vlan)#vlan 40
SW4(config-vlan)#vlan 50
SW4(config-vlan)#vlan 60
SW4(config-vlan)#exit
I want to make sure that we have trunk to SW2 and SW3 and that SW4 knows about all the VLANs. Let’s see what SW4 thinks of all this:
SW4#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    4096
             Address     0011.bb0b.3600
             Cost        19
             Port        19 (FastEthernet0/19)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0009.7c36.2880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/16              Altn BLK 19        128.16   P2p 
Fa0/19              Root FWD 19        128.19   P2p
This is what SW4 sees about VLAN 1. Keep in mind this VLAN was mapped to instance 0. It sees SW1 as the root bridge and you can see which port is in forwarding and blocking mode.
SW4#show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    4096
             Address     0011.bb0b.3600
             Cost        19
             Port        19 (FastEthernet0/19)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0009.7c36.2880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/16              Altn BLK 19        128.16   P2p 
Fa0/19              Root FWD 19        128.19   P2p
Here’s VLAN 10 which is mapped to instance 2. SW4 sees SW1 as the root bridge for this VLAN even though we configured SW2 as the root bridge for instance 2. This is perfectly normal because MST will only advertise BPDUs from the IST to the outside world. We won’t see any information from instance 2 or instance 3 on SW4.
SW4#show spanning-tree vlan 40

VLAN0040
  Spanning tree enabled protocol ieee
  Root ID    Priority    4096
             Address     0011.bb0b.3600
             Cost        19
             Port        19 (FastEthernet0/19)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32808  (priority 32768 sys-id-ext 40)
             Address     0009.7c36.2880
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/16              Altn BLK 19        128.16   P2p 
Fa0/19              Root FWD 19        128.19   P2p
VLAN 40 is mapped to instance 3 but you can see that SW4 sees SW1 as the root bridge. SW4 receives the same BPDU for all VLANS.
That’s all I have about MST for now! I hope this tutorial was useful for you and that you learned something here.

No comments:

Post a Comment