PVSTP+

Submitted by rayc on Mon, 10/25/2021 - 09:12

PVSTP+ is an improved version of the Cisco proprietary Spanning Tree protocol PVST that runs an instance of STP per VLAN. The main difference between PVST and PVST+ is that PVST+ provides support for compatibility with other STP versions and operates over 802.1Q trunks as well as ISL Trunks. Running an STP instance per VLAN gives you the ability to not only fine tune the STP tree based on where VLANs are in use, but also load balance VLANs across multiple Root Bridges. The fundamentals of PVST/PVST+ are the same as 802.1D (here's a link to the previous article about 802.1D). The main difference, as the name suggests, is that PVST/PVST+ creates a spanning tree instance for each VLAN configured on the switch. This means that there is a Root Bridge and Root/Designated port selection for each VLAN. To look at PVST+ we will use below topology. In the below Topology, each Switch has 4 VLAN's configured. VLAN 1, 10, 20 and 30 (Remember that VLAN1 is the default VLAN and can't be removed) and each port connecting to each switch is configured as a trunk port allowing all VLANs. 

PVST Topology

When all switches are powered on, they all assume they are the Root bridge and send out Configuration BPDUs advertising as such and begin the Root Switch selection process. The Root Bridge is selected based on the lowest Bridge ID, which consists of a 2 byte priority (32768 +VLAN by default) and the 6 byte MAC address of the system. In our topology the MAC addresses for SW1, SW2, and SW3 are 40a6.e88c.0480, 0062.ec57.8580 and 2c4f.52e6.aa80 respectively. Given this information and using default priority values, we can determine that the Root Bridge will be SW2 with the lowest MAC of 0062.ec57.8580. We can verify this by using the command show spanning-tree on any of the switches in our topology. Below is the output from SW1 for VLAN 10 for brevity.

show spanning-tree vlan 10 output

From this output we can confirm that SW2 is the Root bridge with a priority of 32778 and the MAC address of 0062.ec57.8580. Notice that the Bridge priority of both switches is not 32768. This is how PVST/PVST+ works for each VLAN, the Bridge priority is altered to include the VLAN number so that the Bridge priority becomes 32768 + <VLAN ID>. In our case, 32768 + 10 makes 32778. VLAN 1 priority would be 32768 + 1 making it 32769 and so on. In the above output we see that the port G1/0/2 is the Root port as it has the lowest cost to the root bridge (in this case it is directly connected on a Gigabit Ethernet link with a default cost of 4) and we can see that the link between SW1 and SW3 is in a BLK state. If you recall the STP port states this means that no traffic can be sent or received over that link. Now in this topology I have a router connected to port 48 on SW1 which is why it's showing as an Edge port as P2P Edge port type. Looking at this topology and the show spanning tree output, it is easy to see why the default STP Root Bridge selection is not be ideal. Traffic wanting to reach SW1 or the Router from SW3 would have to traverse SW2 instead of using the direct path through SW1. This is why it is best practice to manually set the STP Root bridge by changing the bridge priority for the required VLANs. In our scenario I want SW1 to be the root for all VLANs as the default gateway to reach external networks or other VLAN's is through the router. In order to change the STP Root use the global configuration command spanning-tree vlan <id-range> priority <number>. There are other ways to set the Root bridge which I will go through in another post. To verify that SW1 is now the root, use the command show spanning-tree [vlan <id>].

spanning tree priority 0

We can now see that the Root bridge is SW1. In you wanted to change the priority for all VLANs including non-configured VLANs, you can specify a range of 1-4094. For the sake of this article being about PVST/PVST+ I won't delve into fine tuning STP as that will be part of another post. Let's take a look at the entire STP topology and which ports are forwarding and which are blocking by using the command show spanning-tree.

Output of  show spanning-tree from SW1

show span SW1

Output of show spanning-tree from SW2

sh span SW2

output of show spanning-tree for SW3

sh span SW3

Here we can see that SW1 is the root bridge for all VLANs and the STP topology has reached a stable state. A stable state means that there are no ports in any transitional states. Looking at SW2 and SW3, we can see that SW2 won the designated port election most likely due to the lowest system ID and has it's port to SW3 as a Designated port while SW3 is in the Blocking state. 

As I mentioned early, one of the differences between PVST and PVST+ is that PVST+ has some backward compatibility features to support mixing STP types within your network. Using our previous 3 switch topology, let's change SW3 to run MST and see how the topology settles and the port states and types. One thing I would like to mention is that once I changed SW3 to MST, convergence took 50 seconds before I could connect to the switch again. This is standard for STP which is why RSTP and MST have made improvements for faster convergence. In saying that convergence between MST types still uses default 802.1D STP timers. 

----------------------- show spanning-tree after mst config --------------------------------