Reset Search
 

 

Article

Connecting xSTP domains to Ethernet Fabric

« Go Back

Information

 
TitleConnecting xSTP domains to Ethernet Fabric
Symptoms
Interconnecting switches running Spanning Tree Protocol with VCS Ethernet Fabric 
Environment
VCS Ethernet Fabric 
Cause
Resolution

Spanning Tree Protocols Summary 


There are five different flavours of Spanning Tree:
  • IEEE Spanning Tree Protocol (STP) is the original version. It builds a single instance of Spanning Tree that controls and blocks redundant paths in network by blocking the ports that are have a higher cost to/further away from the Spanning Tree Root bridge
  • Per VLAN Spanning Tree (PVST) is the extension of STP that build multiple instances of STP (one per VLAN) and allows to block a set of ports for some VLAN and a different set of ports for other VLANs. While this allows to use all the links for traffic forwarding, the capacity should be planned so that traffic is not impacted during link failures
  • IEEE Rapid Spanning Tree (RSTP) is the next version, that introduces new port roles and mechanisms, less port states and better timers to allow for much faster convergence of STP
  • Rapid per VLAN Spanning Tree (RPVST) is an extension of RSTP that builds multiple instances of RSTP, one per VLAN, the same way as PVST does for STP
  • IEEE Multiple Spanning Tree (MSTP) is the latest options, which uses the same timers and design options are RSTP, but allow to build more complex topologies using MST instances and regions and allow for VLAN traffic engineering, while still using a single BPDU. It also introduces mechanisms for interoperability for classic STP domains on the edges of MST regions.

All of STP protocols Bridge Protocol Data Unit (BPDU) frames, which differ between versions by the destination MAC and payload, to build and maintain the network topology. There are three kinds of BPDUs:
  • Configuration BPDU, used by Spanning tree protocol to provide information to all switches.
  • TCN (Topology Change Notification), tell about changes in the topology.
  • TCA (Topology Change Acknowledgment), confirm the reception of the TCN.
Only the first one is used during normal operations and default the BPDUs are sent every 2 seconds.

The case studies below show the interaction of an Ethernet fabric in the middle with switches running xSTP connected to it. Even though all xSTP flavours are supported, RPVST and MSTP are mostly used in modern network, so only those two cases are considered. PVST uses the same BPDUs as RPVST and STP/RSTP use the same BPSUs are MST, so their behaviour should be identical.

Network Topology

All the cases discussed use the same network topology below
 
                     +--------+
                1/0/1|        |1/0/4
    +----------------+ MIDDLE +--------------+
    |                |        |              |
    |                +--------+              |
    |                                        |
    |                                        |
    |1/0/1                                   |1/0/3
+---+----+                              +----+---+
|        |                              |        |
|  LEFT  +-------------XXXXXX-----------+ RIGHT  |
|        |1/0/4                   1/0/4 |        |
+---+----+                              +----+---+
    |1/0/5                                   |1/0/5
    |                                        |
    |                                        |
    |                                        |
 +--+---+                                +---+--+
 | host |                                | host |
 +------+                                +------+

All of LEFT/MIDDLE/RIGHT can represent a switch/fabric/Layer2 domain and there are several VLAN configured on each one, as:
  • LEFT: 1,10,2,20
  • MIDDLE: 1,10,2,20,3,30,12,13
  • RIGHT: 1,10,3,30
LEFT switch is configured with a higher STP bridge priority for both VLANs 1 and 10, so when BPDUs pass the fabric successfully RIGHT will see LEFT as the root, and when they are dropped it will see itself as the root. VLAN10 is always allowed to pass, sometimes being native VLAN, sometimes VLAN1 is native instead. VLAN20 is only present on the LEFT and MIDDLE and VLAN30 is only present on RIGHT and MIDDLE, so for those the traffic will not pass and each switch will be the root for its own VLAN. VLAN2 is on LEFT only, VLANs 12,13 on MIDDLE only and VLAN3 on RIGHT only and they are used as unique VLANs for interface tagging.

The link LEFT 1/0/4 --- RIGHT 1/0/4  is normally shut down to avoid the loops and only enabled in the scenarios discussing loop prevention mechanisms

All the switches are globally configured to tag all the VLANs on trunk interfaces between each other, with vlan dot tag native, which is the default and recommended configuration.

Interfaces Te 1/0/5 on both LEFT and RIGHT are connected to hosts, which could also be hypervisors. Those are trunk interfaces, that are untagged in native VLAN 1 and tagged in VLAN 10.
 

Spanning tree disabled in the middle

Networks running RPVST

As RPVST uses combination of untagged (with two different dst MAC addresses) and tagged BPDUs, there can be many different ways of passing or dropping those.

Disabling STP on egress of edge switches or BPDU filtering on ingress of fabric can allow complete isolation of LEFT and RIGHT. In some cases it may be desirable to allow some of VLANs to cross fabric and form STP with the remote side, while blocking the others and the examples below illustrate how native VLAN and its tagging can be modified to achieve that.

The table below shows the results of different configurations the interfaces between switches, where:

First four columns show which VLAN is configured as native on each side of two links and whether it's tagged (T) or untagged (U)
Columns 5 and 6 show whether data traffic between hosts is able to pass VLAN1 and VLAN10
Columns 7 and 8 show which bridge is seen as STP root on RIGHT
 
| L->M | M->L | M->R | R->M | v1 traffic | v10 traffic | v1 STP root | v10 STP root |
| ---- | ---- | ---- | ---- | ---------- | ----------- | ----------- | ------------ |
| v1U  | v1U  | v1U  | v1U  | PASS       | PASS        | LEFT        | LEFT         |
| v1T  | v1T  | v1T  | v1T  | PASS       | PASS        | LEFT        | LEFT         |
| v10U | v10U | v10U | v10U | FAIL       | PASS        | RIGHT       | LEFT         |
| v10T | v10T | v10T | v10T | FAIL       | PASS        | RIGHT       | LEFT         |
| v1U  | v12U | v12U | v1U  | PASS       | PASS        | LEFT        | LEFT         |
| v1U  | v12T | v12T | v1U  | FAIL       | PASS        | LEFT        | LEFT         |
| v1U  | v12U | v13U | v1U  | FAIL       | PASS        | LEFT        | LEFT         |
| v1U  | v12T | v13T | v1U  | FAIL       | PASS        | LEFT        | LEFT         |
| v10T | v12T | v13T | v10T | FAIL       | PASS        | RIGHT       | LEFT         |
| v2U  | v12T | v13T | v3U  | FAIL       | PASS        | RIGHT       | LEFT         |
| v2T  | v12T | v13T | v3T  | FAIL       | PASS        | RIGHT       | LEFT         |
| v2T  | v12U | v13U | v3T  | FAIL       | PASS        | RIGHT       | LEFT         |

For different test cases in the table above native VLAN and trunk tagging was manipulated on inter switch links with:
[no] switchport trunk tag native-vlan
[no] switchport trunk native-vlan #


Networks running MSTP

Since MSTP uses a single untagged BPDU for its configuration, there are fewer options in this case.
When MIDDLE is transparently passing BPDUs received on edge ports MSTP will form normally:
 
LEFT# sh spann

 Spanning-tree Mode: Multiple Spanning Tree Protocol

 Root Id: 1000.01e0.5200.d466 (self)
 Bridge Id: 1000.01e0.5200.d466
 Reg Root Id: 1000.01e0.5200.d466 (self)


RIGHT# sh spann

 Spanning-tree Mode: Multiple Spanning Tree Protocol

 Root Id: 1000.01e0.5200.d466
 Bridge Id: 8000.01e0.5200.704b
 Reg Root Id: 1000.01e0.5200.d466

 Root Port: Te 1/0/3

Normally breaking MSTP Layer2 domain by blocking BPDUs is not necessary, as MSTP topologies can be instead natively configured as different regions, if necessary. To block MSTP crossing the fabric, BPDU filtering can be configured on ingress of the ports with `bpdu-drop`. This will block MSTP frames only and data traffic can still pass on native VLAN. BPDU filtering should be configured on all ports that connect to MSTP domain (Te1/0/4 and Te1/0/1 on MIDDLE) and not just towards the MSTP root bridge. If other ports are allowed to send BPDUs, the MSTP domain will still be broken into two parts, but the port on the original MSTP root will keep receiving inferior BPDUs and put itself into *Discarding* state.

Using different native VLAN on the interfaces going to LEFT/RIGHT + tagged interfaces on MIDDLE, will stop data traffic on that VLAN, but will not break MSTP, as BPDUs are transmitted untagged to IEEE STP dst MAC. In the example below LEFT/RIGHT have their native VLAN as v1T, while MIDDLE has v20T and v30T to LEFT and RIGHT correspondingly:
 
MIDDLE# do sh run int te 1/0/1
interface TenGigabitEthernet 1/0/1
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20
 switchport trunk tag native-vlan
 switchport trunk native-vlan 20
 spanning-tree shutdown


LEFT# sh spann
 Spanning-tree Mode: Multiple Spanning Tree Protocol

 Root Id: 1000.01e0.5200.d466 (self)
 Bridge Id: 1000.01e0.5200.d466
 Reg Root Id: 1000.01e0.5200.d466 (self)


RIGHT# sh spann

 Spanning-tree Mode: Multiple Spanning Tree Protocol

 Root Id: 1000.01e0.5200.d466
 Bridge Id: 8000.01e0.5200.704b
 Reg Root Id: 1000.01e0.5200.d466

 Root Port: Te 1/0/3


[root@localhost ~]# fping -c 2 10.10.10.12 10.1.1.12
10.10.10.12 : [0], 84 bytes, 0.11 ms (0.11 avg, 0% loss)
10.10.10.12 : [1], 84 bytes, 0.10 ms (0.10 avg, 0% loss)

10.10.10.12 : xmt/rcv/%loss = 2/2/0%, min/avg/max = 0.10/0.10/0.11
10.1.1.12   : xmt/rcv/%loss = 2/0/100%


Spanning tree enabled in the middle

Networks running RPVST


The fabric will form per VLAN STP domains with the rest of switches on its edge ports and will be seen as a single switch. Normal RPVST configuration options are applicable for any tuning.


Networks running MSTP

With consistent VLAN configuration on trunks, the fabric will form a continuous MSTP domain with the connected switches. Logical separation into different domains/regions can be achieved by MSTP configuration options.

When Primary VLAN ID is different and both sides are running STP (below MIDDLE has default VLAN set to 10 on both sides) the ports will go into inconsistent state:
LEFT:
VLAN 10
      Root ID      Priority 4106
                   Address 01e0.5200.d466
      Bridge ID    Priority 4106
                   Address 01e0.5200.d466
 Interface     Role  Sts  Cost       Prio  Link-type        Edge
 ---------------------------------------------------------------------
 Te 1/0/1      DES   PVID_Inc  2000       128   P2P               No
MIDDLE:
VLAN 10
      Root ID      Priority 4106
                   Address 01e0.5200.d466
      Bridge ID    Priority 32778
                   Address 01e0.5200.0187
 Interface     Role  Sts  Cost       Prio  Link-type        Edge
 ---------------------------------------------------------------------
 Te 1/0/1      RTPT  PVID_Inc  2000       128   P2P               No
 Te 1/0/4      DES   PVID_Inc  2000       128   P2P               No
RIGHT:
VLAN 10
      Root ID      Priority 32778
      Bridge ID    Priority 32778
Interface     Role  Sts  Cost       Prio  Link-type        Edge
---------------------------------------------------------------------
Te 1/0/3      DES   PVID_Inc  2000       128   P2P               No
Te 1/0/5      DES   FWD  2000       128   P2P               No
In this case the data packets do not pass VLAN 10 as well


Loop Protection Mechanisms

There are some additional options that can be used together or instead of xSTP protocols to protect the network from the loops.

Edge Loop Detection

Edge Loop Detection (ELD) provides a reactive method to block loops in the network. It can be enabled on fabric edge ports, when the fabric is not running STP with the other switches. It can also co-exist with STP, but each edge port can only have either ELD or STP enabled.

ELD works by sending out proprietary STP-like control frames on all port+VLAN combinations, where is it enabled, and detects the loops when those frames arrive back to fabric on another port, where ELD should also be enabled for the same VLAN:
01:38:06.236286 50:eb:1a:f6:0a:4b > 53:eb:1a:f6:0a:40, 802.3, length 65: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP Unknown STP protocol (0x3c)
01:38:06.236333 50:eb:1a:f6:0a:4b > 53:eb:1a:f6:0a:40, ethertype 802.1Q (0x8100), length 69: vlan 10, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP Unknown STP protocol (0x3c)
01:38:06.236345 50:eb:1a:f6:0a:4b > 53:eb:1a:f6:0a:40, ethertype 802.1Q (0x8100), length 69: vlan 30, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP Unknown STP protocol (0x3c)
01:38:07.213460 50:eb:1a:f6:0a:4b > 53:eb:1a:f6:0a:40, 802.3, length 65: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP Unknown STP protocol (0x3c)
01:38:07.213508 50:eb:1a:f6:0a:4b > 53:eb:1a:f6:0a:40, ethertype 802.1Q (0x8100), length 69: vlan 10, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP Unknown STP protocol (0x3c)
01:38:07.213516 50:eb:1a:f6:0a:4b > 53:eb:1a:f6:0a:40, ethertype 802.1Q (0x8100), length 69: vlan 30, p 0, LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP Unknown STP protocol (0x3c)
The example below shows ELD configuration options on the MIDDLE switch, verification commands and how it helps to break the loops

ELD is enabled on the interfaces going to LEFT and RIGHT:
interface TenGigabitEthernet 1/0/1
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,20
 switchport trunk tag native-vlan
 edge-loop-detection port-priority 20
 edge-loop-detection vlan 1,10,20
 spanning-tree shutdown
 no shutdown

interface TenGigabitEthernet 1/0/4
 switchport
 switchport mode trunk
 switchport trunk allowed vlan add 10,30
 switchport trunk tag native-vlan
 edge-loop-detection port-priority 30
 edge-loop-detection vlan 1,10,30
 spanning-tree shutdown
 no shutdown

Note that even ELD should be enabled for each VLAN, it will shutdown the interface itself when a loop happens, so offers less granularity than RPVST.

In the environments high Port+VLAN edge combinations per platform scalability limits should be considered. It maybe necessary to configure ELD for some VLANs only, in which case default, native and VLANs carrying most of the traffic on the port would be good candidates.

By default ELD will shut down the interface with a higher port number. ELD port-priority interface level configuration option can be used to control that behavior. When priority is changed from the default, ELD will shut down the port with a higher priority. If the priority for a port is set to "0", then ELD will never shut that port down.

Outputs below show ELD in normal operating state, where there is no loop:
MIDDLE# show edge-loop-detection globals


Edge-loop-detection global configuration values are as below:

PDU receive limit (packets):    1
Shutdown-time (minutes):        0
Hello-time (msec):              1000
MAC-refresh time (sec):         0
MAC-refresh type:               N/A


MIDDLE# show edge-loop-detection rb 1


Number of edge-loop-detection instances enabled: 6

Interface: Te 1/0/1
------------------------
        Enabled on VLANs:       1,10,20
        Priority:               20
        Protocol status:        UP
        Auto enable in:         Never


Interface: Te 1/0/4
------------------------
        Enabled on VLANs:       1,10,30
        Priority:               30
        Protocol status:        UP
        Auto enable in:         Never



MIDDLE# show edge-loop-detection interface te 1/0/1


Number of eld instances: 3
Enabled on VLANs:       1,10,20
Priority:               20
Protocol status:        UP
Auto enable in:         Never

Packet Statistics:
vlan            sent            rcvd
1               214             0
10              214             0
20              214             0


MIDDLE# show edge-loop-detection detail


Number of edge-loop-detection instances enabled: 6

        Data for Rbridge-id: 1
        Total_instances: 6
        Eld-mac: 53:eb:1a:10:d2:9d

        Data for interface: te0/1
        Eld-instance no. (enabled for VLANs): 3
        Priority: 20    If_status: 1
        Shutdown-vlan: 0        Vlag-master-id: 0       Age-left:    0 mins
        Port-type : 3   pvid_frame_type: 2      Brcd-agg-type: 0
        Eld stats:      Tx      Rx
                        663     0
        Enabled for Vlan-id: 1
        Send-untagged: 0
        time-rxlimit : 0
        Vlan stats:     Tx      Rx
                        221     0

        Enabled for Vlan-id: 10
        Send-untagged: 0
        time-rxlimit : 0
        Vlan stats:     Tx      Rx
                        221     0

        Enabled for Vlan-id: 20
        Send-untagged: 0
        time-rxlimit : 0
        Vlan stats:     Tx      Rx
                        221     0


        Data for interface: te0/4
        Eld-instance no. (enabled for VLANs): 3
        Priority: 30    If_status: 1
        Shutdown-vlan: 0        Vlag-master-id: 0       Age-left:    0 mins
        Port-type : 3   pvid_frame_type: 2      Brcd-agg-type: 0
        Eld stats:      Tx      Rx
                        771     0
        Enabled for Vlan-id: 1
        Send-untagged: 0
        time-rxlimit : 0
        Vlan stats:     Tx      Rx
                        257     0

        Enabled for Vlan-id: 10
        Send-untagged: 0
        time-rxlimit : 0
        Vlan stats:     Tx      Rx
                        257     0

        Enabled for Vlan-id: 30
        Send-untagged: 0
        time-rxlimit : 0
        Vlan stats:     Tx      Rx
                        257     0

To introduce a loop in the test topology interfaces Te1/0/4 on LEFT and RIGHT are connected to each other. When STP is enabled on that link, it will still help to break the loop by disabling either that path or the one learned across MIDDLE fabric, as seen below with Te 1/0/4 on RIGHT in Discarding state for VLAN10:
 
LEFT:
 Interface     Role  Sts  Cost       Prio  Link-type        Edge
 ---------------------------------------------------------------------
 Te 1/0/1      DES   FWD  2000       128   P2P               No
 Te 1/0/4      DES   FWD  2000       128   P2P               No

RIGHT:
 Te 1/0/3      RTPT  FWD  2000       128   P2P               No
 Te 1/0/4      ALT   DSC  2000       128   P2P               No
 Te 1/0/5      DES   FWD  2000       128   P2P               No

Enabling `bpdu-drop` on edge ports of MIDDLE, prior to enabling the extra link LEFT and RIGHT, breaks STP and allows a loop to form.
 
MIDDLE(config)# int te 1/0/1
MIDDLE(conf-if-te-1/0/1)# bpdu-drop
%% Warning: Enabling bpdu-drop can cause bridging loops. Use with caution.

MIDDLE(conf-if-te-1/0/1)# int te 1/0/4
MIDDLE(conf-if-te-1/0/4)# bpdu-drop
%% Warning: Enabling bpdu-drop can cause bridging loops. Use with caution.

Now both LEFT and RIGHT see itself as the root of STP, and, when the link between them is enabled, they will form STP domain together and put Te1/0/4 into forwarding state on both sides. Once that happens MIDDLE will detect the loop and disable its own interface Te1/0/4  (which has higher priority as compared to Te1/0/1) connected to RIGHT Te 1/0/3
MIDDLE(conf-if-te-1/0/4)#
2017/07/09-08:56:58, [ELD-1001], 23096, SW/0 | Active | DCE, INFO, MIDDLE,  Interface te0/4 is shut down by edge loop detection (ELD) for loop in VLAN 1.
2017/07/09-08:56:58, [NSM-1002], 23097, SW/0 | Active | DCE, INFO, MIDDLE,  Interface TenGigabitEthernet 1/0/4 is protocol down.
2017/07/09-08:56:58, [NSM-1003], 23098, SW/0 | Active | DCE, INFO, MIDDLE,  Interface TenGigabitEthernet 1/0/4 is link down.


RIGHT#
2017/07/09-08:58:22, [NSM-1001], 43985, SW/0 | Active | DCE, INFO, RIGHT,  Interface TenGigabitEthernet 1/0/4 is online.
2017/07/09-08:58:23, [ONMD-1007], 43986, SW/0 | Active | DCE, INFO, RIGHT, Received First LLDP PDU on TenGigabitEthernet 1/0/4 from MAC address mac address 50eb.1ae5.1b96 after LLDP RX enabled or timeout.
2017/07/09-08:58:24, [MSTP-2002], 43987, SW/0 | Active | DCE, INFO, RIGHT,  RPVST root changed. My Bridge ID: VLAN:10:32778:01e0.5200.704b  Old Root: 32778:01e0.5200.704b  New Root: 4106:01e0.5200.d466.
2017/07/09-08:58:24, [MSTP-2002], 43988, SW/0 | Active | DCE, INFO, RIGHT,  RPVST root changed. My Bridge ID: VLAN:1:32769:01e0.5200.704b  Old Root: 32769:01e0.5200.704b  New Root: 4097:01e0.5200.d466.
2017/07/09-08:58:29, [NSM-1002], 43989, SW/0 | Active | DCE, INFO, RIGHT,  Interface TenGigabitEthernet 1/0/3 is protocol down.
2017/07/09-08:58:29, [NSM-1003], 43990, SW/0 | Active | DCE, INFO, RIGHT,  Interface TenGigabitEthernet 1/0/3 is link down.

RIGHT# sh spann vlan 10 br
 Te 1/0/3      DIS   DSC  20000000   128   P2P               No
 Te 1/0/4      RTPT  FWD  2000       128   P2P               No
 Te 1/0/5      DES   FWD  2000       128   P2P               No

Interface counters for ELD will now be non-zero value for `rcvd` column and Te1/0/4 will show up as shut down by ELD:
MIDDLE# show edge-loop-detection int te 1/0/1

Number of eld instances: 3
Enabled on VLANs:       1,10,20
Priority:               20
Protocol status:        UP
Auto enable in:         Never

Packet Statistics:
vlan            sent            rcvd
1               1257            1
10              1257            1
20              1257            0


MIDDLE# show edge-loop-detection int te 1/0/4

Number of eld instances: 3
Enabled on VLANs:       1,10,30
Priority:               30
Protocol status:        DOWN (due to eld on vlan 1)
Auto enable in:         Never

Packet Statistics:
vlan            sent            rcvd
1               1039            1
10              1039            1
30              1039            0

MIDDLE# sh int te 1/0/4
TenGigabitEthernet 1/0/4 is up, line protocol is down (ELD disabled link)
...

The port has to be brought up manually, by doing `shutdown` / `no shutdown` on the interface, unless a global `shutdown-time` option is configured under `protocol edge-loop-detection`

Some more global settings can be also configured under `protocol edge-loop-detection`:

hello-interval controls the frequency of packets being sent on each Port+VLAN. Configuring that to faster that the default one second can have a negative impact on CPU, especially when many ELD instances are configured
pdu-rx-limit specifies the number of looped back packets detected before a port is shutdown and defaults to "1". If several domains run ELD independently, it may be required to use different RX limits, so multiple ports are not shut down in the topology, which could lead to connectivity loss.  
mac-refresh can be used to flush MAC tables, for port or globally, after a loop has been detected


MAC Move Detection

MAC move detection can also be used as a loop protection option. While MAC moves will happen in case of a loop, there are other potential triggers for that, such as:
  • a pair of HA devices (firewalls, load balancers, etc) going into split-brain and active/active mode
  • mis-configured LACP links
  • a pair of devices having duplicated MAC addresses on the same Layer2 domain
  • instability and flaps in connected STP domains or interfaces
  • transient micro loops
so those cases should be taken into consideration when enabling MAC move detection, though all of them eventually have an undesirable effects. Normal use cases, such as VM moves, should not trigger MAC move detection, because they are unrealistic within detection threshold/window interval.

MAC move detection is enabled globally:
MIDDLE(config)# mac-address-table mac-move detect

MIDDLE# show mac-address-table mac-move
Mac Move detect: Enable
Threshold: 20
Action: Shutdown
Auto recovery: Disable
Auto recovery time: 0

Additionally some extra options can be configured for tuning:
action specifies whether to shut the port down or log a message only. When shutting down an interface, the one where MAC was originally seen will be left in UP state
limit sets the number of times a MAC move happens within 10 seconds, before an action is taken
auto-recovery allows to re-enable the interface automatically after a specified amount of time

In the following example, instead of using BPDU drop in the MIDDLE, STP is shut down on Te1/0/4 interfaces connecting RIGHT to LEFT. During a loop MAC moves are likely to be very fast and it will normally take less than a second to shut down an interface. In the outputs below Te 1/0/3 on RIGHT (towards MIDDLE) goes down during the same second the first packet is received on Te 1/0/4 (from LEFT) and, as a result STP domain segments.
RIGHT#
2017/07/09-15:05:48, [NSM-1001], 44143, SW/0 | Active | DCE, INFO, RIGHT,  Interface TenGigabitEthernet 1/0/4 is online.
2017/07/09-15:05:49, [ONMD-1007], 44144, SW/0 | Active | DCE, INFO, RIGHT, Received First LLDP PDU on TenGigabitEthernet 1/0/4 from MAC address mac address 50eb.1ae5.1b96 after LLDP RX enabled or timeout.
2017/07/09-15:05:49, [NSM-1002], 44145, SW/0 | Active | DCE, INFO, RIGHT,  Interface TenGigabitEthernet 1/0/3 is protocol down.
2017/07/09-15:05:49, [NSM-1003], 44146, SW/0 | Active | DCE, INFO, RIGHT,  Interface TenGigabitEthernet 1/0/3 is link down.
2017/07/09-15:05:50, [MSTP-2002], 44147, SW/0 | Active | DCE, INFO, RIGHT,  RPVST root changed. My Bridge ID: VLAN:1:32769:01e0.5200.704b  Old Root: 4097:01e0.5200.d466  New Root: 32769:01e0.5200.704b.
2017/07/09-15:05:50, [MSTP-2002], 44148, SW/0 | Active | DCE, INFO, RIGHT,  RPVST root changed. My Bridge ID: VLAN:10:32778:01e0.5200.704b  Old Root: 4106:01e0.5200.d466  New Root: 32778:01e0.5200.704b.

RIGHT# sh spann vlan 10 br
VLAN 10

 Spanning-tree Mode: Rapid Per-VLAN Spanning Tree Protocol

      Root ID      Priority 32778
                   Address 01e0.5200.704b
                   Hello Time 2, Max Age 20, Forward Delay 15

      Bridge ID    Priority 32778
                   Address 01e0.5200.704b
                   Hello Time 2, Max Age 20, Forward Delay 15, Tx-HoldCount 6
                   Migrate Time 3 sec

 Interface     Role  Sts  Cost       Prio  Link-type        Edge
 ---------------------------------------------------------------------
 Te 1/0/3      DIS   DSC  20000000   128   P2P               No
 Te 1/0/5      DES   FWD  2000       128   P2P               No

When MAC move detection is triggered, the following messages are logged:
MIDDLE(config)#
2017/07/09-15:04:18, [L2SS-1024], 23103, SW/0 | Active | DCE, INFO, MIDDLE, Repeated mac move detected for Mac 0005.3348.0b4a Vlan 10, interface Te 1/0/4 shut down.
2017/07/09-15:04:18, [NSM-1020], 23104, SW/0 | Active | DCE, INFO, MIDDLE,  Interface TenGigabitEthernet 1/0/4 is administratively down.
2017/07/09-15:04:18, [NSM-1003], 23105, SW/0 | Active | DCE, INFO, MIDDLE,  Interface TenGigabitEthernet 1/0/4 is link down.

MIDDLE# sh int te 1/0/4
TenGigabitEthernet 1/0/4 is admin down, line protocol is down (Repeated Mac-move detection)
...

Not that even though the detection process is VLAN specific, the shutdown action is on interface level. If automatic recovery is not configured, interface can be re-enabled by doing `no shutdown` from interface configuration mode.

Comparison of Loop Protection Options

The table below summarizes various features and design considerations for all the options discussed:
 
|                           |        MSTP        |           RPVST           |     Edge Loop Detection     |   MAC Move Detection    |
| ------------------------- | ------------------ | ------------------------- | --------------------------- | ----------------------- |
| Scalability               | High               | Average                   | Average                     | High                    |
| Control packets           | 0.5pps, untagged   | Same as MSTP + 1 per VLAN | 1pps per VLAN, configurable | None                    |
| Loop Protection Time      | Proactive          | Proactive                 | Reactive, around 1s         | Reactive, normally < 1s |
| Loop Protection Scope     | Full               | VLAN                      | VLAN                        | Full                    |
| Blocking Scope            | Interface          | VLAN                      | Interface                   | Interface               |
| Control over blocked port | Yes, STP cost/prio | Yes, STP cost/prio        | Yes, port priority          | No, block new port      |
| Re-enable blocked port    | Yes, BPDU based    | Yes, BPDU based           | Configurable                | Configurable            |
| VLAN traffic engineering  | Yes, per instance  | Yes, per VLAN             | No                          | No                      |
| Conf/Oper Complexity      | Average            | Average                   | Low                         | Low                     |
| Interoperability          | IEEE Standard      | Widely supported          | Not required                | Not required            |

Additional factors may need to be taken into account on case by case basis, such as protocols already running in the network or training required.

 










 
Additional notes

Appendix A. xSTP Frames for Different Native VLAN and Tagging Settings


xSTP frames are normally transmitted to two different destination MAC addresses:
  • Spanning-tree-(for-bridges)_00 01:80:c2:00:00:00  (untagged IEEE standard)
  • PVST+ 01:00:0c:cc:cc:cd  (may be both untagged on native VLAN and tagged; dst MAC may vary in vendor specific implementations)
Note that VLAN ID is also encoded in bridge-id, e.g. 800a for 10 or 801e for 30

Port Settings for Test Cases
Case 1. Native 1, tag native
switchport mode trunk
 switchport trunk tag native-vlan
 switchport trunk allowed vlan add 10,30

 Switchport mode         : trunk
 Acceptable frame types  : vlan-tagged only
 Native Vlan             : 1
 Active Vlans            : 1,10,30
Case 2. Native 10, tag native
switchport mode trunk
 switchport trunk allowed vlan add 10,30
 switchport trunk tag native-vlan
 switchport trunk native-vlan 10

 Switchport mode         : trunk
 Acceptable frame types  : vlan-tagged only
 Native Vlan             : 10
 Active Vlans            : 10,30
Case 3. Native 1, no tag native
switchport mode trunk
 switchport trunk allowed vlan add 10,30
 no switchport trunk tag native-vlan
 spanning-tree bpdu-mac 0100.0ccc.cccd

 Switchport mode         : trunk
 Acceptable frame types  : vlan-tagged only
 Native Vlan             : 1
 Active Vlans            : 1,10,30
Case 4. Native 10, no tag native
switchport mode trunk
 switchport trunk allowed vlan add 10,30
 no switchport trunk tag native-vlan
 switchport trunk native-vlan 10

 Switchport mode         : trunk
 Acceptable frame types  : vlan-tagged only
 Native Vlan             : 10
 Active Vlans            : 10,30


STP BDPU Frames

Case 1. Native 1, tag native
1 untagged BPDU to STP dst mac
10:26:08.509334 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1d, Config, Flags [none],
        bridge-id 8000.01:e0:52:00:70:4b.8002, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000
Case 2. Native 10, tag native
1 untagged BPDU to STP dst mac
10:29:02.967108 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1d, Config, Flags [none],
        bridge-id 8000.01:e0:52:00:70:4b.8002, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000
Case 3. Native 1, no tag native
1 untagged BPDU to STP dst mac
10:32:07.451191 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1d, Config, Flags [none],
        bridge-id 8000.01:e0:52:00:70:4b.8002, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000
Case 4. Native 10, no tag native
1 untagged BPDU to STP dst mac
10:39:18.582473 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1d, Config, Flags [none],
        bridge-id 8000.01:e0:52:00:70:4b.8002, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000

PVST BPDU Frames

Case 1. Native 1, tag native
2 untagged BPDUs to STP and PVST dst mac
2x1 tagged BPDU on VLANs 10 and 30 to PVST dst mac
10:51:48.045696 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 801e.01:e0:52:00:70:4b.8002, length 42
        message-age 1.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:01:87, root-pathcost 2000

10:51:48.800924 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 10, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 800a.01:e0:52:00:70:4b.8002, length 42
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 100a.01:e0:52:00:d4:66, root-pathcost 4000

10:51:48.800928 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1d, Config, Flags [none],
        bridge-id 8001.01:e0:52:00:70:4b.8002, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000

10:51:48.800930 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 8001.01:e0:52:00:70:4b.8002, length 42
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000
Case 2. Native 10, tag native
1 untagged BPDUs to PVST dst mac for VLAN10
1 tagged BPDU on VLAN30 to PVST dst mac
11:18:25.482165 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 800a.01:e0:52:00:70:4b.8002, length 42
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 100a.01:e0:52:00:d4:66, root-pathcost 4000

11:18:26.736205 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 801e.01:e0:52:00:70:4b.8002, length 42
        message-age 1.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:01:87, root-pathcost 2000
Case 3. Native 1, no tag native
2 untagged BPDUs to STP and PVST dst mac
2x1 tagged BPDU on VLANs 10 and 30 to PVST dst mac
11:22:29.064411 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1d, Config, Flags [Topology change],
        bridge-id 8001.01:e0:52:00:70:4b.8002, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000

11:22:29.066414 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [Topology change],
        bridge-id 8001.01:e0:52:00:70:4b.8002, length 42
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000

11:22:29.260730 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 10, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 800a.01:e0:52:00:70:4b.8002, length 42
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 100a.01:e0:52:00:d4:66, root-pathcost 4000

11:22:29.372913 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 801e.01:e0:52:00:70:4b.8002, length 42
        message-age 1.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:01:87, root-pathcost 2000

Case 4. Native 10, no tag native
1 untagged BPDUs to PVST dst mac for VLAN10
1 tagged BPDU on VLAN30 to PVST dst mac
11:28:30.320065 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 801e.01:e0:52:00:70:4b.8002, length 42
        message-age 1.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:01:87, root-pathcost 2000

11:28:30.756775 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1d, Config, Flags [none],
        bridge-id 800a.01:e0:52:00:70:4b.8002, length 42
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 100a.01:e0:52:00:d4:66, root-pathcost 4000

RSTP BPDU Frames

Case 1. Native 1, tag native
1 untagged BPDU to STP dst mac
11:42:46.993562 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8000.01:e0:52:00:70:4b.8001, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000, port-role Designated
Case 2. Native 10, tag native
1 untagged BPDU to STP dst mac
11:46:35.593407 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8000.01:e0:52:00:70:4b.8001, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000, port-role Designated
Case 3. Native 1, no tag native
1 untagged BPDU to STP dst mac
11:48:39.919637 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8000.01:e0:52:00:70:4b.8001, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000, port-role Designated
Case 4. Native 10, no tag native
1 untagged BPDU to STP dst mac
11:50:22.187994 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8000.01:e0:52:00:70:4b.8001, length 43
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 1001.01:e0:52:00:d4:66, root-pathcost 4000, port-role Designated

RPVST BPDU Frames

Case 1. Native 1, tag native
2 untagged BPDUs to STP and PVST dst mac
2x1 tagged BPDU on VLANs 10 and 30 to PVST dst mac
05:50:01.480698 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8001.01:e0:52:00:70:4b.8001, length 43
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 8001.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

05:50:01.480705 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8001.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 8001.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

05:50:01.480706 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 10, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 800a.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 800a.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

05:50:01.480709 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 801e.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated
Case 2. Native 10, tag native
1 untagged BPDUs to PVST dst mac for VLAN10
1 tagged BPDU on VLAN30 to PVST dst mac
05:43:13.607157 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 800a.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 800a.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

05:43:13.609159 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 801e.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated
Case 3. Native 1, no tag native
Same as case 1 when native is tagged
2 untagged BPDUs to STP and PVST dst mac
2x1 tagged BPDU on VLANs 10 and 30 to PVST dst mac
06:00:32.941894 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 60: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8001.01:e0:52:00:70:4b.8001, length 43
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 8001.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

06:00:32.943896 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 8001.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 8001.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

06:00:32.943899 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 10, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 800a.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 800a.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

06:00:32.943901 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 801e.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated
Case 4. Native 10, no tag native
Same as case 2
1 untagged BPDUs to PVST dst mac for VLAN10
1 tagged BPDU on VLAN30 to PVST dst mac
06:05:29.111689 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 800a.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 800a.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated

06:05:29.111692 50:eb:1a:f6:0a:4b > 01:00:0c:cc:cc:cd, ethertype 802.1Q (0x8100), length 68: vlan 30, p 0, LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco (0x00000c),
        pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn, Forward],
        bridge-id 801e.01:e0:52:00:70:4b.8001, length 42
        message-age 0.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        root-id 801e.01:e0:52:00:70:4b, root-pathcost 0, port-role Designated


MSTP BPDU Frames

Case 1. Native 1, tag native
1 untagged BPDU to STP dst mac
12:06:37.135953 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 172: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1s, Rapid STP, CIST Flags [Learn, Forward], length 155
        port-role Designated, CIST root-id 1001.01:e0:52:00:d4:66, CIST ext-pathcost 4000
        CIST regional-root-id 8000.01:e0:52:00:70:4b, CIST port-id 8001,
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        v3len 117, MCID Name 2, rev 0,
                digest a0d3a2b1dae3afe0fea4d99d4c1975ac, CIST int-root-pathcost 2147484128,
        CIST bridge-id 5200.70:4b:00:00:00:00, CIST remaining-hops 20
        MSTI 444, Flags [none], port-role Unknown
                MSTI regional-root-id 01bc.80:01:01:e0:52:00, pathcost 1883963392
                MSTI bridge-prio 0, port-prio 0, hops 128
        MSTI 480, Flags [Topology change], port-role Unknown
                MSTI regional-root-id 01e0.52:00:70:4b:80:01, pathcost 335545276
                MSTI bridge-prio 8, port-prio 0, hops 1
        MSTI 512, Flags [Forward, Agreement, Topology change ACK], port-role Unknown
                MSTI regional-root-id 5200.70:4b:00:00:00:00, pathcost 2147680736
                MSTI bridge-prio 5, port-prio 0, hops 112
Case 2. Native 10, tag native
1 untagged BPDU to STP dst mac
12:10:46.257195 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 172: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1s, Rapid STP, CIST Flags [Learn, Forward], length 155
        port-role Designated, CIST root-id 1001.01:e0:52:00:d4:66, CIST ext-pathcost 4000
        CIST regional-root-id 8000.01:e0:52:00:70:4b, CIST port-id 8001,
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        v3len 117, MCID Name 2, rev 0,
                digest a0d3a2b1dae3afe0fea4d99d4c1975ac, CIST int-root-pathcost 2147484128,
        CIST bridge-id 5200.70:4b:00:00:00:00, CIST remaining-hops 20
        MSTI 444, Flags [none], port-role Unknown
                MSTI regional-root-id 01bc.80:01:01:e0:52:00, pathcost 1883963392
                MSTI bridge-prio 0, port-prio 0, hops 128
        MSTI 480, Flags [Topology change], port-role Unknown
                MSTI regional-root-id 01e0.52:00:70:4b:80:01, pathcost 335545276
                MSTI bridge-prio 8, port-prio 0, hops 1
        MSTI 512, Flags [Forward, Agreement, Topology change ACK], port-role Unknown
                MSTI regional-root-id 5200.70:4b:00:00:00:00, pathcost 2147680736
                MSTI bridge-prio 5, port-prio 0, hops 112
Case 3. Native 1, no tag native
1 untagged BPDU to STP dst mac
12:14:29.762767 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 172: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1s, Rapid STP, CIST Flags [Learn, Forward], length 155
        port-role Designated, CIST root-id 1001.01:e0:52:00:d4:66, CIST ext-pathcost 4000
        CIST regional-root-id 8000.01:e0:52:00:70:4b, CIST port-id 8001,
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        v3len 117, MCID Name 2, rev 0,
                digest a0d3a2b1dae3afe0fea4d99d4c1975ac, CIST int-root-pathcost 2147484128,
        CIST bridge-id 5200.70:4b:00:00:00:00, CIST remaining-hops 20
        MSTI 444, Flags [none], port-role Unknown
                MSTI regional-root-id 01bc.80:01:01:e0:52:00, pathcost 1883963392
                MSTI bridge-prio 0, port-prio 0, hops 128
        MSTI 480, Flags [Topology change], port-role Unknown
                MSTI regional-root-id 01e0.52:00:70:4b:80:01, pathcost 335545276
                MSTI bridge-prio 8, port-prio 0, hops 1
        MSTI 512, Flags [Forward, Agreement, Topology change ACK], port-role Unknown
                MSTI regional-root-id 5200.70:4b:00:00:00:00, pathcost 2147680736
                MSTI bridge-prio 5, port-prio 0, hops 112
Case 4. Native 10, no tag native
1 untagged BPDU to STP dst mac
12:16:06.159584 50:eb:1a:f6:0a:4b > 01:80:c2:00:00:00, 802.3, length 172: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03:
        STP 802.1s, Rapid STP, CIST Flags [Learn, Forward], length 155
        port-role Designated, CIST root-id 1001.01:e0:52:00:d4:66, CIST ext-pathcost 4000
        CIST regional-root-id 8000.01:e0:52:00:70:4b, CIST port-id 8001,
        message-age 2.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
        v3len 117, MCID Name 2, rev 0,
                digest a0d3a2b1dae3afe0fea4d99d4c1975ac, CIST int-root-pathcost 2147484128,
        CIST bridge-id 5200.70:4b:00:00:00:00, CIST remaining-hops 20
        MSTI 444, Flags [none], port-role Unknown
                MSTI regional-root-id 01bc.80:01:01:e0:52:00, pathcost 1883963392
                MSTI bridge-prio 0, port-prio 0, hops 128
        MSTI 480, Flags [Topology change], port-role Unknown
                MSTI regional-root-id 01e0.52:00:70:4b:80:01, pathcost 335545276
                MSTI bridge-prio 8, port-prio 0, hops 1
        MSTI 512, Flags [Forward, Agreement, Topology change ACK], port-role Unknown
                MSTI regional-root-id 5200.70:4b:00:00:00:00, pathcost 2147680736
                MSTI bridge-prio 5, port-prio 0, hops 112





















 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255