Spanning tree loop guard & Bridge assurance

When loop guard enabled, a blocked port on the switch that has been receiving BPDU message suddenly stops receiving BPDU, this port will be put in loop-inconsistent state.

When loop guard is not enabled, the blocked port on the switch that has been receiving and sending BPDU message suddenly stops receiving BPDU, the port will think it is safe to move the status from blocking to listening, learning, and forwarding. In the following case this will bring L2 network loop:

  • That one direction of fiber link is broken, the the other direction of the fiber link is still in operation.

Below is the relationship between port status and BPDU sending/receiving:

Port states:

  • Blocking: State where the switch port can receive BPDU, but can not forwarding user traffic or BPDUs.
  • Listening: State where the switch port can send & receive BPDU, but can not forwarding user traffic.
  • Learning: State where the switch port can learn MAC address, send and receive BPDU, but not forwarding user traffic.
  • Forwarding: State where the switch port can learn MAC address, send and receive BPDU, and forwarding user traffic.

Ports

  • Blocked – Doesn’t send BPDU’s, but is receiving them.
  • Designated – Send BPDU’s and Receives BPDU’s.
  • Root – Doesn’t send BPDU’s, but is receiving them. (Root port can send TCN (topology change) BPDU up to the upper switch.)

There are a few scenarios where LoopGuard would not be effective at detecting loops and/or unidirectional links.
– can only be enabled on root & alternate ports. it CANNOT run on ‘designated ports’.
– ineffective at detecting a port that has been unidirectional since link-up.

Bridge Assurance is enabled by default and can only be disabled globally. Also, Bridge Assurance is enabled only on spanning tree network ports that are point-to-point links. Finally, both ends of the link must have Bridge Assurance enabled. If the device on one side of the link has Bridge Assurance enabled and the device on the other side either does not support Bridge Assurance or does not have this feature enabled, the connecting port is blocked.

With Bridge Assurance enabled, BPDUs are sent out on all operational network ports, including alternate and backup ports, for each hello time period. If the port does not receive a BPDU for a specified period, the port moves into an inconsistent state (blocking). and is not used in the root port calculation. Once that port receives a BPDU, it resumes the normal spanning tree transitions.

Bridge assurance works only under MST and PVST+

 

Advertisements