Hotel case study - Spanning Tree

Explanation

Spanning Tree is an often ignored component of local area networks as it self configures to form a functional network. However, a "functional network" may not be an optimal network. Spanning Tree results in a single viable path through a switched Ethernet network. Optimising layer 2 (STP) involves trying to align common traffic paths with the structure of the Spanning Tree. Keep in mind that if you have a network where the flows are network where there are frequent flows between different pairs of devices you may always have a less than optimal traffic flow. Don't get too hung up on this, STP is an old protocol with limitations. We do the best we can with what we have.

To optimise Spanning Tree, you must look at the expected flows in the network. Think about what flows occur in a hotel. Where do guests do? What do staff do. I would suggest that virtually all guest activity involves the Internet. Perhaps some traffic is internal to the hotel; this could include billing, room service applications or streaming media for in-house movies. In terms of flow, all of this traffic heads out of the VLAN to somewhere else. Inbound guest traffic will originate from outside the VLAN (Internet / data centre). What this means is that the guest devices are almost exclusively sending and receiving traffic from there gateway. There is little host to host communication amongst guests. In fact, from a security perspective, we would prefer no direct interaction between guest devices.

So for our guests we see that flows are centred on the default-gateway. In the three layer hierarchy the default gateway resides at the distribution layer. Given that the Spanning Tree Protocol generates a tree that is optimally connected to a root-bridge, it makes sense that the root bridge for a VLAN is the same device as the default-gateway for that VLAN.

In the scenario your attention is drawn to it in these requirements although it is left up to the reader to interpret them in a meaningful way.

https://csn.murdoch.edu.au/mediawiki/index.php/Hotel_case_study_using_EVE_-_Overview

Routing Requirements

You must provide intervlan routing, such that all devices can ping one another.

    Configure intervlan routing on all DL switches.
        Users on level one should make use of DL1 as their default gateway.
        Users on level two should make use of DL2 as their default gateway.
        Use HSRP with the active router for each guest floor being on a different router.

Optimisation

Wherever possible, within the limitations of EVE, you should:

    Maximise the redundancy of links and devices through configuration. 
    Note however that the topology cannot be altered from that provided. You are also not permitted to add any additional routers or switches to the topology.
    Ensure sensible and efficient traffic paths. In particular, you should pay attention to the STP topology and the allocation of gateway addresses.
    Ensure full use of the available bandwidth, link and router capacity through the use of redundant
    links and devices. Note that the use of the load-balancing features of some routing protocols is outside the scope of this assignment.

If you look at the routing requirements and the location of the gateways, we can see how to proceed. We know from the above that the Level-1-Guest VLAN uses DL1 as the default gateway. Therefore DL1 should be the root-bridge for the Level-1-Guest VLAN.

Similarly DL2 should be the root-bridge for the Level-2-Guest VLAN.

The case study isn't very prescriptive as to which device (DL1 or DL2) should be your staff gateway. But which ever device you choose should be the STP root-bridge for the staff VLAN.

Further optimisation (MST is covered in ICT535 PG Students only, ICT291 students can assume that MST is not used in 2020)

802.1d STP is slow. The configuration of rapid spanning tree (MST activates this) would make sense in this application. Given that there are only two devices (DL switches) in each LAN that need to be the root bridge, there are only two required STP topologies. However, there may be many VLANS (guest floors). Creating two instances of MST (One for each DL) and mapping the VLANs to these will minimise the BPDU traffic and CPU load on the switches. I would encourage you to go down this path.

What you need to do

• Create two instances of MST and call them 1 & 2.
• Map VLAN 101 (Guest level 1) to MST instance 1.
• Map VLAN 102 (Guest level 2) to MST instance 2.
• Map VLAN 10 (staff) to the MST instance of your staff gateway.
• Set DL1 as the primary root for MST instance 1.
• Set DL2 as the primary root for MST instance 2.

Where to configure this Remember LANs (VLAN) reside in the access layer and the distribution layer.

• All your access layer devices and distribution devices need to have MST instances created and the appropriate VLAN mappings made.
• On your DL switches, execute the appropriate spanning-tree vlan xxx root primary command.

How you will know it is configured correctly The following commands will provide information as to your STP configuration. You are mainly looking to see that DL1 is the root for MST instance 1 and DL2 is the root for MST instance 2. You also need to verify that you have the correct VLAN to MST mapping.

show spanning-tree 
show spanning-tree mst configuration 
show spanning-tree root 

What questions might you see on the practical exam?

• Which switch is the root for VLAN xx? (May or may not use MST)
• Which VLANs are associated with MST instance X?
• Make device X the root for VLAN xx? (May or may not use MST)
• You may be told that the traffic flow is suboptimal and be expected to identify that STP is the issue and recommend a solution. (Often making a different switch the root bridge for a particular VLAN).
• You may be told that a particular switch switch has failed and asked about the resulting spanning-tree. For example: If DL1 hails, which switch will be the root for VLAN x?