What I learned about MSTP 802.1s
STP was invented by Radia Perlman and in 1990 802.1D STP was standardized by the IEEE. In 2004 it was supplemented by 802.1w rSTP (rapid STP). In 1998 802.1s MSTP was defined. This was 18 years ago at the time I’m writing this, and we haven’t gone very far from here yet.
However there are new technologies on the horizon; 802.1aq – shortest path bridging, Cisco FabricPath, Juniper Qfabric and TRILL (Radia Perlman is a contributor here too!)
Benefits of MSTP versus other options
The original IEEE STP has a single instance for all VLANs. This means that no L2 traffic engineering is possible.
pvSTP – Cisco proprietary Per-VLAN STP allows L2 traffic engineering. It uses a unique STP instance for each VLAN which while it is helpful does introduces scaling issues
MST permits multiple STP instances, and each instance can control groups of VLANs. This allows L2 traffic engineering without the scaling issues of pvSTP.
Disadvantages of MSTP
Probably the most significant drawback is that it is more complex than STP or rSTP – or at least it CAN be more complex as it certainly doesn’t have to be.
With MSTP all switches in a Region must have the same VLAN to instance mapping. If you add a VLAN to an instance, it must be added to all switches in the Region.
If a switch does not have the same VLAN to instance mapping it will leave the Region. This isn’t necessarily awful, but it means that your careful traffic engineering will probably not be working the way you planned – which may be really really bad depending on your network.
Structure of MSTP
MSTP has four structural parts.
- MST Region – defines what switches participate in this MSTP
- Region Boundary – this is the edge between two MSTP Regions or between a MSTP region and another STP based network
- CIST (Common and Internal Spanning Tree) – Used for interacting with other STP based networks
- MSTI (Multiple Spanning Tree Instance) – rSTP instances that only exist within a MSTP Region
This defines the switches that participate in MSTP. Within a region you may have multiple instances, which are just rSTP.
The switches at the edge of the Region mark the boundary of the Region, and as you’ll see later they run CIST for compatibility when facing other networks.
Each switch in the Region must agree on these parameters:
- Region name (32 bytes)
- Revision number (2 bytes)
- A table that associates each VLAN to a particular MST Instance
This is the logical edge of a Region, and is where MSTP presents CIST to any neighbouring networks. CIST can be a simple single STP or simulated pvSTP.
CIST (Common and Internal Spanning Tree)
This is a virtual STP presented to networks external to MSTP. The idea is to allow MSTP to coexist alongside other networks that may be running STP, rSTP, pvSTP or even other MSTP Regions that (for whatever reason) aren’t integrated with this one.
MSTP assumes a simple STP neighbouring network and presents the same, but if a pvSTP network is detected a Cisco switch may simulate pvSTP at the Region boundary.
To the neighbouring network the entire MSTP Region appears as a single switch, which has some interesting effects for L2 traffic engineering.
MSTI (Multiple Spanning Tree Instance)
Within an MSTP Region are simple rSTP instances it is these MSTI that allows an administrator to group VLANs. Two or more instances may be engineered in such a way as to make use of multiple uplink interfaces, and each MSTI retains all the features of rSTP.
Even if you have a thousand VLANs you can put them all into a single MSTI and avoid the resource constraints of some switches.
A simple MSTP only configuration
Recommended Configuration for Interoperating other STP networks
- Root Bridge is within the MSTP Region
- Predefine VLAN Mapping for all VLANs – even those that don’t exist yet
- Use VTPv3 if your VLAN to instance mapping is expected to change a lot. This can handle the configuration propagation as you move things around, which is important because any discrepancy of the VLAN to instance mapping will cause that switch to leave the Region
MSTP Root Switch
spanning-tree mode mst spanning-tree mst configuration name VIRL revision 19 instance 1 vlan 2-1999 instance 2 vlan 2000-4094 spanning-tree mst 0 priority 24576 spanning-tree mst 1-2 priority 4096
MSTP Member Switch
spanning-tree mode mst spanning-tree mst configuration name VIRL revision 19 instance 1 vlan 2-1999 instance 2 vlan 2000-4094
Alternative Configuration for Interoperating with pvSTP
This is not the recommended configuration, but with some careful effort it can be made to work.
- Root Bridge is within the pvSTP network
- A MSTP switch remains the root bridge for the ISTs within the Region (but this is not shared outside the Region)
- Only one of the Region boundary ports can be active (all others are blocked).
- If the Region is running PVSTP simulation, VLAN 1 must have a lower priority than VLANs 2-4094. If not then MST0 sets the port as Designated and not root – causing inconsistency.
PVSTP Root Switch
spanning-tree mode rapid-pvst spanning-tree vlan 1 priority 8192 spanning-tree vlan 2-4094 priority 4096
MSTP Root Switch
spanning-tree mode mst spanning-tree mst configuration name VIRL revision 19 instance 1 vlan 2-1999 instance 2 vlan 2000-4094 spanning-tree mst 1-2 priority 24576
Do I need to configure MSTP at all?
What happens if I just turn MSTP on for all switches and not join the domains? It will still work; each switch will manage its own single switch MSTP Region as every interconnection between one switch and another will be CIST (single spanning tree) which will elect its own root bridge.
That will work but doesn’t deliver the L2 traffic engineering advantages of MSTP. It might make sense if you’re just trying to get loads of VLANs activated and pvSTP is hitting the hardware limits of your switches.
Common Misconfiguration Avoidance
- Do not keep VLANs in Instance 0 as it is used to control the CIST (instance facing STP networks outside this Region). VLANs are here by default but it can cause confusing behaviour if you use this so it is recommended to specify an instance >= 1.
- VLAN 1 has to be in Instance 0 so don’t use VLAN 1 for network traffic.
- Do not manually prune the trunk VLAN map – that is don’t use “switchport trunk allowed vlan remove 100-999” for your traffic engineering. If you do this in the wrong place you could get a situation where MSTP selects one path but you’ve broken it by removing the VLANs manually. It is recommended to use the MSTP topology to control L2 traffic engineering, and not use manual trunk pruning. Another way to look at this is that switchport trunk maps must match the instance mapping.
- Set the root bridge and secondary root bridge
- Configure edge ports where applicable
- If you’re interconnecting at L2 to a network you don’t control use BPDU filter
- spanning-tree pathcost method long
- Keep data VLANs out of Instance 0
- VLAN 1 has to be in Instance 0 so don’t use VLAN 1 for network traffic
- Some vendors will permit mapping reserved VLANs, and others will not
- A mis-match will split the network into two regions