Lab 27: DLSw TCP, LLC2, Promiscuous, Dynamic, and Backup Peer Configuration-Part II

Transparent Bridging

Transparent bridging is used to transport nonroutable protocols across Ethernet networks. Transparent bridges first were developed by DEC in the early 1980s. DEC submitted the work to the IEEE, which incorporated it into the IEEE 802.1 standard.

The basic function of a bridge is to forward data across the network. The bridge accepts frames , briefly examines them, and then makes a forwarding decision based on the information in that frame. The bridge accomplishes this by building a bridge or station table. Figure 13-1 illustrates the bridge table in a bridged network.

Bridges operate at the first two layers of the OSI model. Recall from Chapter 2, "LAN Protocols: Configuring Catalyst Ethernet and Token Ring Switches," that the data link layer, Layer 2, is subdivided into two layers , the MAC and LLC. Bridges primarily operate at the MAC layer, working with source and destination MAC addresses.

Transparent Bridging Operation

Basically, a bridge operates in the following manner:

1. When a transparent bridge initializes, it starts listening promiscuously to frames on the network.

2. As frames are received on an interface, the source MAC address, along with the interface/port on which it was received, are recorded in a station cache or bridge table. The bridge table keeps track of all MAC addresses that the bridge is aware of and what port they reside on.

3. As subsequent frames are received, the bridge examines the frame for destination MAC addresses. The bridge then compares the address to the addresses in the bridge table or station cache and makes one of the following decisions:

   - If the MAC address resides on the network/interface where it was received, the bridge will not forward it and, subsequently, drops the frame.

   - If the MAC address is found in the bridge table, the bridge forwards the frame only onto the interface/port specified in the table.

   - If the bridge has no record of the MAC address, it floods the frame out all ports except the port that received the frame.

4. The bridge ages each entry in the station cache and deletes it after a period of time, known as the MAX Age timer. The MAX Age timer flushes entries from the bridge table when no traffic is received with a source MAC address matching the MAC address stored in the bridge table.

Spanning Tree Review

Because bridges use the process of flooding frames from segment to segment, they need a way to control loops . Three types of loop-prevention mechanisms are available on Cisco routers:

• IEEE 802.1d Spanning-Tree Protocol (STP). This is the same protocol discussed in detail in Chapter 2.

• A digital protocol upon which this IEEE standard is based.

• An IBM form of STP used mainly for legacy transparent bridging on a Token Ring.

All forms of STP are similar, so we will focus on the primary one in use and the one used as the default for Cisco switches802.1d.

The following information is reprinted from Chapter 2 that STP transitions through the phases illustrated by Figure 13-2 and explained in the sections that follow.

Disabled State

This state appears when a bridge having problems processes Bridged Protocol Data Units (BPDUs), when a trunk is improperly configured, or when the port is administratively down.

Listening State

When a bridge port initializes, or in the absence of BPDUs for a certain amount of time, STP transitions to the listening state. When STP is in this state, the port is actually "blocking," and no user data is sent on the link. STP follows a four-step process for convergence:

1. Elect one root bridge Upon initialization, the bridge begins sending BPDUs on all bridged interfaces. A root bridge is chosen based on the bridge with the lowest bridge ID (BID). Recall that the BID is a combination of a priority and MAC address. In the event of a tie, the bridge with the lowest MAC address is chosen as root. All ports of the root bridge are put in forwarding state.

2. Elect one root port for every nonroot bridge When a single root bridge has been elected, STP elects a single root port on each bridge/switch that is not root. The root port is the bridge's/switch's best path to the root bridge. After a root port is elected, it is put into the forwarding state. To determine what port should be a root port, STP prioritizes based on criteria in the following order:

   - Lowest root BID

   - Lowest path cost to root bridge; the cumulative cost of the all paths to root

   - Lowest sender BID

   - Lowest port ID

   When a bridge receives a BPDU, it stores it in a bridge table for that port. As new BPDUs are received on that port, they are compared to existing BPDUs. Using the four-step process listed previously, BPDUs that are more attractive or that have lower costs, are kept, and the other ones are discarded. The primary variable that influences the root port election is the cost to the root bridge. The cost to the root bridge is the cumulative path cost of all links to root bridge.

3. Elect one designated port/designated bridge for every segment For every segment, STP elects one port that will send and receive all information from that segment to the root bridge. A root port can be thought of as the port that forwards information to the root, whereas the designated port can be thought of as the port that sends traffic away from the root. This rule applies mostly to shared-media bridges, or routers. Designated ports on switched trunk lines do not follow this rule.

4. All remaining ports will become nondesignated ports and are put in blocking mode.

Learning State

Ports that remain designated or root ports for a period of 15 seconds, the default forward delay, enter the learning state. In the learning state, the bridge waits another 15 seconds while it builds its bridge table.

Forwarding and Blocking States

When the bridge reaches this phase, ports that do not serve a special purpose, such a root port or a designated port, are called nondesignated ports. All designated ports are put in forwarding state, while all nondesignated ports are put in a blocking state. In the blocking state, a bridge does not send any configuration BPDUs, but it still listens to them. A blocking port also does not forward any user data.

STP Timers

STP has three basic timers that regulate and age BPDUs:

• Hello timer The default hello timer is 2 seconds. This is the amount of time between configuration BPDUs sent by the root bridge.

• Forward delay This timer is the default 15 seconds that the router/bridge waits while building its bridging table. The listening and learning stages each use this single 15-second timer.

• MAX Age This timer indicates how long a BPDU is stored before it is flushed. If this timer expires before the interface receives a new BPDU, the interface transitions to the listening state. An expired MAX Age parameter usually is caused by a link failure. The default value is 20 seconds.

STP uses the hello timer to space BPDUs and has a keepalive mechanism. The hello timer always should prevent the MAX age value from being hit. When the MAX Age timer expires, it usually indicates a link failure. When this happens, the bridge re-enters the listening state. It takes approximately 50 seconds for STP to recover from a link failure; 20 seconds for the BPDU to age out, the MAX Age; 15 seconds for listening; and 15 seconds for the learning state.

Configuring Transparent Bridging

Configuring transparent bridging is a simple three-step process:

Step 1. Assign a bridge group number and define the Spanning-Tree Protocol. This is accomplished with this global command:

 Router(config)#  bridge-group  [  1-255  ]  protocol  [  ieee   ibm   dec  ] 

Step 2. Assign each network interface that is to be bridged to a bridge group by using the following interface command:

 Router(config-if)#  bridge-group  [  1-255  ] 

If the interface is a Frame Relay multipoint interface, a frame-relay map statement will be needed to map the bridge to a DLCI. The frame-relay map interface command is as follows:

 Router(config-if)#  frame-relay map bridge  [  DLCI Number_16-1007  ]  broadcast  

If the interface is a DDR interfaces, such as an ISDN interface, a dialer-map statement will be needed to transport the bridged traffic across the DDR link.

 Router(config-if)#  dialer map bridge  [  name  {  remote_host_name  }]  broadcast   dialer_string  

Step 3. (Optional) Configure root for the Spanning Tree. Select which bridge or interface will serve as root. As mentioned previously, there are a couple of ways to influence root. The best and most direct way is to set the STP priority. STP priority can be set on the interface or global level, depending on how you want to influence root selection. The lower the priority, the more likely the bridge will become root. Use the following commands to influence STP root selection:

To set the bridge priority, use the following global command:

 Router(config)#  bridge-group  [  1-255  ]  priority  [  0-65535  ] 

To set the bridge port priority, use the following interface command:

 Router(config-if)#  bridge-group  [  1-255  ]  priority  [  1-255  ] 

To set the bridge path cost, use the following interface command:

 Router(config-if)#  bridge-group  [  1-255  ]  path-cost  [  0-65535  ] 

The first step in setting up transparent bridging is to define a Spanning-Tree Protocol and assign it a bridge group number. You can choose either the IEEE 802.1D Spanning-Tree Protocol or the Digital or IBM versions. The IEEE 802.1D Spanning-Tree Protocol is the preferred way of running the bridge. Use the Digital Spanning-Tree Protocol or the IBM version only for backward compatibility.

The next step is to assign each network interface to a bridge group. A bridge group is defined by Cisco as follows:

An internal organization of network interfaces on a router. Bridge groups within the same router function as distinct bridges; that is, bridged traffic and bridge protocol data units (BPDUs) cannot be exchanged between different bridge groups on a router. Furthermore, bridge groups cannot be used to multiplex or demultiplex different streams of bridged traffic on a LAN. An interface can be a member of only one bridge group.

If you are configuring bridging over a Frame Relay multipoint network or DDR network, an additional map statement will be needed to carry the bridged traffic over the network.

A couple of reasons exist for placing the interface into a bridge group:

• To bridge all nonroutable traffic among the network interfaces making up the bridge group.

• To participate in a common Spanning-Tree Algorithm by receiving and transmitting BPDUs on the LANs that are in the same bridge group. A separate spanning process runs for each configured bridge group. Each bridge group participates in a separate Spanning Tree.

In Figure 13-3, interfaces e0 and e1 are in bridge group 1. These interfaces will forward bridged traffic to another. Interface e3 is not part of the bridge group and will not receive traffic from the bridge group.

Transparent Bridging Model

Figure 13-4 presents a practical example of transparent bridging. In this model, the workstations are MS Windows 9 x running NetBEUI, a nonroutable protocol. For the workstations to communicate, transparent bridging must be enabled across the Frame Relay network and on the Ethernet interfaces of the routers shuttle_5 and shuttle_6.

To enable transparent bridging on the enterprise router, follow the three-step process. Begin by assigning a bridge group and STP to the bridging domain. This is accomplished with the global router command bridge group 1 protocol ieee. In this model, you will be using 802.1d as the Spanning-Tree Protocol. The second step involves assigning interfaces to bridge groups. This is done with the interface command bridge-group 1. On the enterprise router, this command must be entered on the E0 interface, s0.1 and s0.2 Frame Relay interfaces. Because S0.1 is a Frame Relay multipoint, it also needs to have a frame-relay map bridge statement, mapping a specific DLCI to the bridge. Finally, the third step involves setting a root bridge. In this model, we have chosen the enterprise router to be the root for STP. To force root selection, we elected to use the global router command bridge-group 1 priority 100, setting the bridge priority of the enterprise router/bridge to be 100. Example 13-1 lists the configuration of the enterprise router.

Example 13-1 Transparent Bridge Configuration on the enterprise Router

  hostname enterprise   !   <<<text omitted>>>   !   interface Ethernet2   ip address 172.16.10.1 255.255.255.0   no ip directed-broadcast   media-type 10BaseT    bridge-group 1   Assign E2 to bridge 1   !   <<<text omitted>>>   !   interface Serial0   no ip address   no ip directed-broadcast   encapsulation frame-relay   no ip mroute-cache   logging event subif-link-status   logging event dlci-status-change   frame-relay lmi-type cisco   !   interface Serial0.1 multipoint   ip address 172.16.1.1 255.255.255.0   no ip directed-broadcast    frame-relay map bridge 130 broadcast   Map statement needed for bridging   frame-relay map ip 172.16.1.6 130 broadcast    bridge-group 1   Assign S0.1 to bridge 1   !   interface Serial0.2 point-to-point   ip address 172.16.2.1 255.255.255.0   no ip directed-broadcast   frame-relay interface-dlci 102    bridge-group 1   Assign S0.2 to bridge 1   !   <<<text omitted>>>   !    bridge 1 protocol ieee   Define bridge 1 with 802.1d as the STP    bridge 1 priority 100   Set Bridge Priority to 100, forcing ROOT   !  

The configurations of the shuttle_5 and shuttle_6 routers resemble the enterprise router's configuration. Example 13-2 lists the bridging portions of the shuttle_5 and shuttle_6 routers, respectively. Note that the Frame Relay map statements are needed only on Frame Relay multipoint networks.

Example 13-2 Transparent Bridge Configuration on the shuttle_5 and shuttle_6 Routers

  hostname shuttle_5   !   interface Ethernet0   ip address 172.16.5.5 255.255.255.0    bridge-group 1   Assign E0 to bridge 1   !   interface Serial0   ip address 172.16.2.5 255.255.255.0   encapsulation frame-relay   frame-relay interface-dlci 121   frame-relay lmi-type cisco    bridge-group 1   Assign S0 to bridge 1   !   <<<text omitted>>>   !    bridge 1 protocol ieee   Define bridge 1 with 802.1d as the STP  ! _____________________________________________________________________  hostname shuttle_6   !!   interface Ethernet0   ip address 172.16.6.6 255.255.255.0   no ip directed-broadcast    bridge-group 1   Assign E0 to bridge 1  !   interface Serial0   Remember this is a multi-point!   ip address 172.16.1.6 255.255.255.0   no ip directed-broadcast   encapsulation frame-relay   no ip mroute-cache   no fair-queue    frame-relay map bridge 131 broadcast   Map bridge 1 to DLCI 131   frame-relay map ip 172.16.1.1 131 broadcast    bridge-group 1   Assign S0 to bridge 1   !   <<<text omitted>>>   !    bridge 1 protocol ieee   Define bridge 1 with 802.1d as the STP  

Verifying Transparent Bridging, the "Big show" for Transparent Bridging and STP

Cisco offers some useful commands that aid in verifying the operation of the bridging environment. I can't recommend using any of the debug commands for transparent bridging. The ones available are cryptic or offer little valuable informationfor example:

 11:23:34: ST: Serial0.1 0000000000800000605CF35DA400000000800000605CF35DA4800600 00140002000F00 

Instead of trying to break down the bit stream that debug spantree tree provides, use other commands that prove to be more useful and easier to understand. The big show commands are as follows:

  show bridge  [  bridge_number  ]  show spanning-tree  [  bridge_number]  

show bridge Command

The show bridge command shows the current state of the bridge, the MAC addresses it has learned, and whether it is forwarding on specific interfaces. Age and transmit and receive counts are also listed. If the bridge number is appended to the command, it lists the known bridge ports and the STP state they are in: learning, listening, forwarding, or blocking. Example 13-3 demonstrates the versions of the show bridge command on the shuttle_5 router from the previous model. For a more detailed explanation of the STP states, see Chapter 2.

Example 13-3 show bridge Command Output on the shuttle_5 Router

 shuttle_5#  show bridge  Total of 300 station blocks, 296 free Codes: P - permanent, S - self Bridge Group 1:     Address       Action   Interface       Age   RX count   TX count 0000.8139.6c45   forward   Ethernet0        0         248          0 0000.863c.3b41   forward   Serial0          0         126        107 00e0.b055.5789   forward   Serial0          0         506          0 00a0.cc74.54a4   forward   Ethernet0        0         449        157 shuttle_5#  show bridge group  Bridge Group 1 is running the IEEE compatible Spanning Tree protocol    Port 2 (Ethernet0) of bridge group 1 is forwarding    Port 6 (Serial0 Frame Relay) of bridge group 1 is forwarding 

show spanning-tree Command

The show spanning-tree command for bridges provides nearly identical information as the show spanning-tree command found on the Catalyst switches. The relevant information that this command provides is the current root of the Spanning Tree, the cost to root, its priority, as well as detailed STP timer information. For more specific information on the fields listed and their meaning, review the section, "Chapter 2. Example 13-4 lists the output of the show spanning-tree command on the enterprise router from the previous model. Note that this bridge is root and has a priority of 100, just as configured in the model.

Example 13-4 show spanning-tree Command on the enterprise Router

 enterprise#  show spanning-tree  Bridge group 1 is executing the IEEE compatible Spanning Tree protocol  Bridge Identifier has priority 100, address 00e0.1e58.e798  Configured hello time 2, max age 20, forward delay 15  We are the root of the spanning tree  Topology change flag not set, detected flag not set   Times:  hold 1, topology change 35, notification 2           hello 2, max age 20, forward delay 15   Timers: hello 0, topology change 0, notification 0   bridge aging time 300 Port 8 (Ethernet2) of Bridge group 1 is forwarding    Port path cost 100, Port priority 128    Designated root has priority 100, address 00e0.1e58.e798    Designated bridge has priority 100, address 00e0.1e58.e798    Designated port is 8, path cost 0    Timers: message age 0, forward delay 0, hold 0    BPDU: sent 876, received 0 Port 13 (Serial0.1 Frame Relay) of Bridge group 1 is forwarding    Port path cost 647, Port priority 128    Designated root has priority 100, address 00e0.1e58.e798    Designated bridge has priority 100, address 00e0.1e58.e798    Designated port is 13, path cost 0    Timers: message age 0, forward delay 0, hold 0    BPDU: sent 632, received 2 Port 14 (Serial0.2 Frame Relay) of Bridge group 1 is forwarding    Port path cost 647, Port priority 128    Designated root has priority 100, address 00e0.1e58.e798    Designated bridge has priority 100, address 00e0.1e58.e798    Designated port is 14, path cost 0    Timers: message age 0, forward delay 0, hold 0    BPDU: sent 347, received 0 enterprise# 

Verifying Transparent Bridging with Windows 9 x or 2000

Windows 9 x or 2000 with Microsoft networking enabledor, more specifically , NetBEUI enabledprovides a great test application for all bridged and DLSw networks. To test any bridging type environments, use two Windows workstations with Microsoft networking and NetBEUI enabled. If you also enable Microsoft file and print sharing, you will be able to test file transfers across the bridged or DLSw network. Using the network browser or the Find Computer application in Windows, you can force broadcast data across the network. For more information on configuring Windows networking, see Chapter 1, "The Key Components for Modeling an Internetwork," or consult the Microsoft documentation.