Bridging Protocols Overview

Bridge Functions Consortium

 Bridging Protocols

Filtering Database (802.1Q/802.1D)

Spanning Tree Protocol (802.1D clauses 8 & 9)
VLANs (802.1Q)
GARP/GVRP (802.1D clause 12/802.1Q clause 11)
GARP/GMRP (802.1D clause 10 & 12)
Link Aggregation (802.3ad)
 Bridging History
Back in the days before Ethernet was the
clear winning technology on the LAN,
Token Ring and FDDI were popular
This meant two different methods of
bridging
1) Source Route Bridging
a. Used by Token Ring and FDDI
2) Transparent Bridging
a. Used by Ethernet
 Source Route Bridging
Source Route Bridging allows load balancing to
avoid congestion. This is done by routing packets
over two or more routes to a destination.

Destination
Source LAN Switch 2 LAN
Switch 1 Server

Switch 3
 Transparent Bridging
The transparent bridging method follows the plug and
play philosophy.
Each bridge contains one (or more) Filtering Databases
that learn and remember MAC addresses on its networks.
Forwarding decisions are then made with consultation of
the Filtering Database. If a destination MAC address has
been learned, the packet is then forwarded out of that
port.
These addresses then will be cleared from the Filtering
Database if they are not active for a specific amount of
time. This range is defined by Aging Time, which can be
set in the management.
 Filtering Database
One database Entry
1
MAC Addr
0800900A2580
Port
1
active
yes
contains MAC 2
3
002034987AB1
00000C987C00
1
2
yes
yes
addresses, which 4 00503222A001 2 yes

port theyre on, and 5

6
if theyre active or 7
8
disabled 9
10
Duplicate MAC 11

addresses not
12

allowed (the second one

would replace the first)
 Learning of Addresses
The Filtering Database learns a stations location
from the source address on an incoming frame

Frame with source address

00Frames
22 22 33 33the
with 44 destination
is
received
addresson
00Port 1. 33 33 44 are
22 22 Port 1
Destination addresson
only forwarded notport
yet 1learned.
This source
Packet addressout
is forwarded is all ports.
Switch
learned by the filtering
database. All future frames
Frame with destination address Port 4
destined for this MAC address
00 22 22 33 33 44 is received
will be forwarded ONLY out of
on Port 4.
this Port.
 Multicast Frames
Multicast Frames originate from one source and
have the possibility of going to more than one
destination. An example of this is the Spanning
Tree BPDU.
Switch 2 Switch 3 Switch 4

Shared LAN

Switch 1
 The Permanent Database
Upon Bridge Initialization, a reserved block of Multicast
Addresses is transferred to the Filtering Database
Assignment Value
Bridge Group Address (Span. Tree) 01 80 C2 00 00 00
IEEE Std. 802.3, Full Duplex Pause Operation 01 80 C2 00 00 01
Slow Protocols Multicast Address 01 80 C2 00 00 02
Reserved for future standardization 01 80 C2 00 00 03
To
01 80 C2 00 00 0F

Currently only 3 of these multicast addresses are

standardized. The rest are reserved for future use.
Frames containing these addresses in the source are never
learned or forwarded.
Basic/Extended Filtering Services
Bridges that support Basic Filtering Services
can dynamically learn all MAC addresses
except those from the Permanent Database
These addresses can also be statically
configured so that they do not age out
Switches filtering frames from the Permanent
Database are said to support Basic Filtering
Services
Extended Filtering Services are implemented
by devices that support advanced features
like GARP
 Aging Time
Aging time is defined as a range of 10 to one million
seconds
One million seconds = 11 days 13 hrs 46 min and 40 sec
The default time is 300 seconds
The Filtering Database starts aging time when an address is
learned and resets it whenever another frame arrives on
that port
Why is aging time important?
When aging time expires, the address and port are discarded from
the Filtering Database.
 Filtering Database Review
Every bridge has a table called a Filtering
Database
Entries in this table are updated upon receipt
of frames, the source addresses and the
ports they arrive on are learned
Once a MAC address is associated with a
port, frames containing that destination
address are only forwarded out of that port
Filtering Database Review (cont.)

In real switches these tables vary in

size, most have the capability of holding
several thousand MAC addresses. Ive
seen one that has the capacity to learn
more than 150,000 addresses
(3Com9100).
 Spanning Tree Protocol (STP)
An algorithm,, used to prevent logic loops in
a bridged network by creating a spanning tree
When multiple paths exist,, STA lets a bridge
use only the most efficient one. If that path
fails, STA automatically reconfigures the
network to make another path become active,
sustaining network operations
Definition of Spanning Tree Algorithm from Newtons Telecom Dictionary.
The Spanning Tree Poem
I think that I shall never see
A graph more lovely than a tree.

A tree whose crucial property

Is loop-free connectivity.

A tree that must be sure to span

So packets can reach every LAN.

First, the root must be selected.

By ID, it is elected.

Least-cost paths from root are traced.

In the tree, these paths are placed.

A mesh is made by folks like me,

Then bridges find a spanning tree.

-Radia Perlman
 What is a Spanning Tree?
Only one active path
exists between any
two devices.
Resembles a family
tree. (problems arise in both
when loops occur)
Why Spanning Tree?
The purpose of Spanning Tree is to
have bridges dynamically discover a
subset of the topology that is loop-free
and yet has just enough connectivity so
that there is a path between every pair
of nodes in the LAN.
How does Spanning Tree work?
The basic idea behind the Spanning
Tree Protocol is that bridges transmit
special messages to each other that
allow them to calculate a spanning tree
Configuration Bridge Protocol Data
Units (BPDUs)
Sometimes referred to a Config. BPDUs
STP Example
Root

A B

C D E F
Port States
Bridge ports operate the Spanning Tree
Algorithm using the following states:
Blocking incoming frames are discarded
Listening incoming frames are discarded, but the
port is in the process of transitioning to Learning
Learning incoming frames are discarded, but
their source addresses and ports are placed in the
Filtering Database
Forwarding incoming frames are forwarded,
source addresses are learned
Disabled the port is disabled by management
 Configuration BPDUs
The Configuration BPDU contains enough info so
that bridges can do the following:
1) Elect a single bridge to be Root Bridge
2) Calculate the distance of the shortest path from
themselves to the Root Bridge
3) Elect a Designated Bridge for each LAN segment,
which is the bridge in the LAN segment closest to the
Root Bridge, to forward packets from that LAN
segment toward the Root Bridge.
4) Choose the port, called the root port, that gives the
best path from themselves to the Root Bridge.
5) Select ports to be included in the spanning tree.
These include only root ports and designated ports.
 Inside Config BPDUs
Destination MAC Address: 01 80 C2 00 00 00
Special Multicast address for Spanning

Tree
Root ID
ID of the bridge assumed to be root

Bridge ID
ID of the bridge transmitting BPDU

Cost
Cost of least-cost path to the root from

the transmitting bridge (at least the best

path of which the transmitting bridge is
currently aware of)
 Inside Config BPDUs
Protocol ID = 0x0000
Protocol Version ID and BPDU
Type = 0x00
If transmitting bridge is Root,
Message Age = Zero, otherwise
it is set to the value of the Root
Ports Message Age timer plus
an increment of one*
Path Cost
Path costs are designed to be
associated with the speed of the link
Link Speed Recommended Recommended Range
value range
4 Mb/s 250 1001000 165 535

10 Mb/s 100 50600 165 535

16 Mb/s 62 40400 165 535

100 Mb/s 19 1060 165 535

1 Gb/s 4 310 165 535

10 Gb/s 2 15 165 535

 Bridge Initialization
Root ID set to Bridge ID
Root Path Cost set to zero
All ports on bridge become designated
ports
Configuration BPDU transmitted on each
designated port
Hello Timer is started
 How this all works together
A bridge continuously receives
Configuration BPDUs on each of its ports
and saves the best configuration
message from each port. The bridge
determines the best configuration
message by comparing not only the
Configuration BPDUs received on a
particular port, but also the configuration
message that the bridge would transmit
on that port.
 How is best determined?
Given two Configuration BPDUsC1 and C2
C1 is the best if:
the root ID in C1 is numerically lower then the root
ID in C2
If the root IDs are equal, then if the cost in C1 is
numerically lower than the cost in C2
If the root IDs and cost are equal, then if the Bridge
ID in C1 is numerically lower than the Bridge ID in
C2
The final tiebreaker is the port ID. Each port
on a switch has a port ID. Useful if two ports
from the same switch are on one LAN segment.
Transmitting BPDUs
If Hold Timer is active the Configuration
BPDU will be transmitted upon
expiration.
Ensures no more than one
Configuration BPDU is transmitted per
Hold Time period
Transmit only if Message Age < Max
Age
After transmission Hold Timer is reset
BPDU Processing
Received Configuration BPDU is
checked against stored BPDU
If the received BPDU is better or the
same but with a smaller age, then
stored BPDU is overwritten
Bridge then recalculates root, root path
cost, and root port
Message Age
Each Configuration BPDU contains a
message age field
Incremented after every unit of time
If message age = max age then the
BDPU is discarded
 Root or Path to Root Fails
Bridge will no longer receive fresh BPDUs
Gradually increases message age on
currently stored Configuration BPDU
When max age occurs bridge will recalculate
root, root path cost, and root port
Hello Time/Root BPDU Propagation
The Root Bridge periodically transmits
Configuration BPDUs every hello time
When the Root Bridge generates a
Configuration BPDU the message age field is
set to 0
Upon receipt, Bridge will transmit
Configuration BPDU on each port for which it
is the Designated Bridge, and increment the
message age by at least one*
Designated Bridge
Topology Change?
 Stopping Loops during Topology Change

Use two substates: Listening and Learning

Data received while in these states is not
forwarded
Received Configuration BPDUs are stored
Root, root path cost, and root port are
calculated
 Topology Change Procedure
1) Bridge notices that the Spanning Tree
algorithm has caused it to transition a port
into or out of the blocking state
2) Bridge periodically transmits a Topology
Change Notification BPDU with same period
as hello time. It continues this until the
Root bridge acknowledges by setting the
topology change bit in its Configuration
BPDUs.
 Topology Change Procedure (cont.)

3) A bridge that receives a Topology Change

Notification BPDU on a port for which it is the
Designated Bridge does two things:
1) Performs step 2 from previous slide (notifies the
root bridge of topology change)
2) Sets the topology change acknowledgement flag
in the next Configuration BPDU it transmits on the
LAN from which the Topology Change Notification
BPDU was received
Topology Change Procedure (cont.)

4) Root Bridge sets the topology change

flag in its Configuration BPDUs for a
period equal to the sum of forward
delay and max age, if the Root Bridge
a. Notices a topology change because one
of its ports has changed state, or
b. Receives a topology change notification
message
Topology Change Procedure (cont.)

5) A bridge that is receiving

Configuration BPDUs with the
topology change flag set (or the Root
Bridge that is setting the topology
change flag in its Configuration
BPDUs) uses the forward delay timer
until it starts receiving Configuration
BPDUs without the topology change
flag set
Networkwide Parameters
For correct operation some parameters need
to be uniform throughout the Spanning
Tree. The Root Bridge includes the
following values in its Configuration BPDUs:
1) Max age: time after which Configuration BPDUs
are discarded
2) Hello time: interval, used by the Root Bridge,
between issuing Configuration BPDUs
3) Forward Delay: amount of time in learning and
listening states (half the time of transition from
blocking to forwarding)
Management Parameters
Bridge priority: a 2-octet value that
allows the network admin. to influence
the choice of the Root Bridge and the
Designated Bridge
Port Priority: a 1-octet value that allows
the network admin. to influence the
choice of port when a bridge has two
ports connected to the same LAN
segment
Why eliminate Loops?
Loops cause traffic to build up in a
network until the network no longer
function due to full bandwidth usage

LAN Connection
A B

Incoming broadcast
frame
Performance Issues
Two properties make bridge
performance crucial:
1) Lack of receipt of BPDUs causes bridges
to add connectivity. If a bridge does not
receive any Configuration BPDUs on
some port it will take over as the
Designated Bridge on that port.
2) Extra connectivity will cause loops
What affects Bridge Performance?
Network Congestion
Bridge will discard packets before looking
at them if CPU cant keep up
Bridge must be able to transmit BPDUs
no matter how congested the network is
This involves being able to move BPDUs to
the front of the queue
 VLANs (Virtual Local Area Network)
A means by which LAN users on different
physical LAN segments are afforded priority
access privileges across the LAN backbone in
order that they appear to be on the same
physical segment on an enterprise-level logical
LAN. VLAN solutions, which are priority in
nature, are implemented in LAN switches, and
VLAN membership is defined by the LAN
administrator on the basis of either port address
or MAC address.
Definition of VLAN from Newtons Telecom Dictionary.
 How VLANs work:
1) LAN Bridge receives tagged data from workstation
2) Bridge reads current tag, and forwards data with a VLAN
ID (tag) corresponding to the VLAN the data came from
(explicit tagging)
OR
1) LAN Bridge receives untagged data from workstation
2) Bridge determines the VLAN membership of data by
noting the port on which it arrives (implicit tagging)
 Basic VLAN Concepts
Port-based VLANs
Each port on a switch is in one and only one VLAN
(except trunk links)
Tagged Frames
VLAN ID and Priority info is inserted (4 bytes)
Trunk Links
Allow for multiple VLANs to cross one link
Access Links
The edge of the network, where legacy devices attach
Hybrid Links
Combo of Trunk and Access Links
Basic VLAN Concepts (cont.)

Priority-tagged frame
tag header carries priority info., but no
VLAN ID
VLAN-tagged frame
tag header carries both VLAN ID and
priority info.
Port VLAN ID (PVID)
provides the VID for untagged and priority-
tagged frames received on that Port
Trunk Link

Attaches two VLAN-aware switches

Carries Tagged frames ONLY.
Access Links

Access Links are Untagged for VLAN unaware

devices
The VLAN switch adds Tags to received
frames, and removes Tags when transmitting
frames.
 VLAN ID (Tag)

4 Bytes inserted after

Destination and Source
Priority Bit
Address Range: 0-7
Length/Type Field VLAN ID
VLANs = 0x8100 Range: 0-4094
Tagging Conversions
 Port VLAN ID
Each port has a VLAN ID configured on it
Indicates which VLAN untagged data
should be associated with
Does not constrain the port to a specific
VLAN, nor does it mean that only
untagged data can be processed
Sample VLANs
Traffic Segregation
Workgroups: Physically Defined
A mobile user from
workgroup C, in
building 2, needs to
do work in building 1.
By physically changing
buildings he must
change the workgroup
section of the LAN
which he/she is in.
VLANs: Logically Defined
With VLANs he/she
can physically
change buildings,
but remain in the
same workgroup.
Broadcast Domains (Layer 2)
broadcast domain: a network (or portion of a
network) that will receive a broadcast packet
from any node located within that network
broadcast packet: an Ethernet packet sent to
the broadcast address (FF:FF:FF:FF:FF:FF)
which designates the packet as destined for
all nodes in the broadcast domain
Constricting Broadcast Domains
What defines the edge of a layer 2
broadcast domain?
Router: does not forward layer 2 broadcast
frames
Filtering Database: by configuring the
broadcast address to be not forwarded
VLANs: broadcast packets are tagged so
they do not leave the configured topology
of the VLAN
Security
Data is contained in the VLANs topology
By allotting sensitive data its own VLAN,
only those nodes in the VLAN will see it.
GARP/GVRP
Generic Attribute Registration Protocol

GARP VLAN Registration Protocol

 How does GARP work?
Devices declare their desire for a given
attribute by making a declaration
Done by issuing a Join event
Declarations can be withdrawn by issuing
a Leave event
Devices enter a registration for an
attribute on a given port when they hear a
declaration for the attribute on that port
GARP
General-purpose protocol that supports
a specific class of applications within
bridges
Defines a subset of the spanning tree
that contains devices interested in a
given network commodity
Referred to as an attribute
GVRP - GARP VLAN Registration Protocol

Disadvantages to Static VLANs

Static VLANs are created via management
Must be maintained by a network admin
Static VLANs must be reconfigured for
every network topology change
GVRP Simplifies All This!
GVRP creates dynamic VLANs
No manual configuration needed
GVRP is maintained by the devices
themselves
Topology change? No problem, GVRP
recreates the dynamic VLAN automatically
What can GVRP do for you?
Allows the creation of VLANs with a specific
VID and a specific port, based on updates
from GVRP-enabled devices.
Advertises manually configured VLANs to
other GVRP-enabled device. As a result of
this the GVRP-enable devices in the core of
the network need no manual configuration in
order to inter-operate.
GVRP Info
GVRP is a GARP application that
registers attributes for dynamic VLANs
GVRP deals only with the management
of dynamic VLANs
Everything that you have learned about
static VLAN packet format and
transmission applies
How GVRP does all this:
The method of advertisement used by
GVRP-enabled devices consists of
sending Protocol Data Units (PDUs),
similar to Spanning Tree BPDUs, to a
known multicast MAC address (01 80 C2
00 00 21) to which all GVRP-enabled
devices listen to for updates. GVRP
advertisement follows the definition of
GARP.
What do these PDUs contain?
A single PDU may contain several different
messages telling the GVRP-enabled device to
perform a specific action.
Join: register the port for the specified VLAN
Leave: de-register the port for the specified VLAN
LeaveAll: de-register all VLAN registrations on that port
Empty: request to re-advertise dynamically and
statically configured VLANs
Windows screenshot >

Vendors (current):
Cisco Systems, 3Com
and Hewlett Packard
Several others are
developing working
implementations also.
Industry Implementation Example
3Com manufactures Network Interface Cards that take
advantage of GVRP
Accessed via the Control Panel (DynamicAccess )

Extremely easy to configure

 Example: GARP/GVRP
S

E E

S S

RED E E GOLD
THE END

Any Questions?