Ethernet: redundancy

This occurs when there is more than one Layer 2 path between two or more endpoints. To populate MAC tables, a typical switch broadcasts the first time it attempts to reach a new MAC address. When multiple paths exist, the broadcast is sent along all paths except the originating one. The other endpoint issues a similar broadcast, and the frame is continuously rebroadcasted, causing a switching loop. Since Layer 2 frames lack a TTL (Time to Live), they can remain in the network indefinitely, and often the resolution involves powering down the affected switches.

Nokia, as well as the broader industry, has implemented two main solutions to address this issue:

1. Spanning Tree Protocol (STP)
2. Aggregating multiple links to form a single logical link is also known as Link Aggregation Group (LAG).

In the SROS, STP and priorities are configured inside of a service and not in the base router. 

This occurs when there is more than one Layer 2 path between two or more endpoints. To populate MAC tables, a typical switch broadcasts the first time it attempts to reach a new MAC address. When multiple paths exist, the broadcast is sent along all paths except the originating one. The other endpoint issues a similar broadcast, and the frame is continuously rebroadcasted, causing a switching loop. Since Layer 2 frames lack a TTL (Time to Live), they can remain in the network indefinitely, and often the resolution involves powering down the affected switches.

Nokia, as well as the broader industry, has implemented two main solutions to address this issue:

1. Spanning Tree Protocol (STP)
2. Aggregating multiple links to form a single logical link is also known as Link Aggregation Group (LAG).

This protocol detects and prevents loops in Layer 2 traffic. It accomplishes this by designating one of the participating switches as the root bridge, or root switch, which acts as the master. The other switches assume the roles of backups and subordinates. It also sends some ports into an inactive state to block unnecessary paths, thereby preventing loops.

The root bridge can be selected by the participating bridges or manually configured by the Network Administrator. The selection process is as follows:

1. All switches exchange BPDU (Bridge Protocol Data Unit), which includes the Bridge ID, Sender's Bridge ID, cost to the root bridge if known, and timer values. The bridge with the lowest Bridge ID is chosen as the root. 
2. The Bridge ID is uniquely created by combining the device's Priority value and the switch's MAC address. for instance , if you had a bridge priority of 50 and a mac address of 0012.78A1.2234 the bridge ID becomes 50.0012.78A1.2234. Thus lower priority number wins
3. In the event of a tie in Priority values, the bridge with the lowest MAC address wins. 
4. To manually set a root bridge, the priority of some switches is set to the lowest to ensure their selection.

There is a severe attack that exploits STP, or more accurately, poorly configured STP. This attack abuses the root selection process by assuming a lower Bridge ID number and taking over as the root bridge, thus becoming the control center for Layer 2 traffic. To protect against this, it is crucial to configure BPDU guard when using STP. It is also advisable to manually select your root bridge rather than leaving it to the switches by default. Additionally, a DDoS (Distributed Denial of Service) attack can be initiated when a rogue switch floods the network with BPDUs.

STP selects the path with the lower cost and blocks the ones with higher costs. The lower bandwidths are the costliest. Cost assignment is typically automatic. Below is the cost mapping:

     10g 2   1g 4   622mb 6   155mb 14   100mb 19   45mb 39   16mb 62   10mb 100   4mb 250

In Spanning Tree Protocol (STP) selection or calculations, the following rules are considered:

- The lowest bridge ID is always preferred.

- All ports on the root bridge are designated ports.

- Often, all ports opposite the root bridge's ports are designated ports.

- Depending on the network architecture, at least one or more ports may enter a blocking state.

- Each network segment has one designated port.

- Root ports cannot be designated ports.

- Each participating switch has one root port.

The tie-breaking order is as follows:

- The lowest bridge ID prevails.

- The lowest root path cost takes precedence.

- The lowest MAC address is decisive.

- The lowest port ID is the final determinant.

We have already discussed the root bridge and path selection. 

1. Once a root bridge is selected, all its ports enter a forwarding state and become designated ports.
2. Root ports are forwarding ports on all non root bridge. this is chosen by calculating the cost to the root bridges designated port. 
3. the other non root ports will go to either forwarding or blocking mode.