Spanning Tree Protocol Operation

Whenever there is redundancy in the network, there are chances of formation of loops. When loops are at layer 3, TTL value in the packet header saves the packet from looping endlessly. Similarly, to avoid loops at layer 2, Spanning Tree Protocol (STP) comes into play. STP exchanges BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge interfaces. This algorithm guarantees that there is only one active path between two network devices. A layer 2 network with redundancy without STP can cause following issues:

  • Broadcast Storm
  • Unstable mac-address table in a switch
  • Duplicate frames arriving at host

STP Operation

Election of Root Bridge

With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in the network. All other decisions in the network, such as which port to block and which port to put in forwarding mode, are made from the perspective of this root bridge. Each VLAN must have its own root bridge because each VLAN is a separate broadcast domain. The roots for the different VLANs can all reside in a single switch or in various switches.
Below are the attributes for election of a root bridge
• Prefer the switch with lower priority. (Default is 32768 + sys-id-ext)
• Prefer the switch with lower mac-address
We can influence the root bridge election process by changing the priority of the switch using the command
switch(config)# spanning-tree vlan x priority 4096
Bridge priority must be in increments of 4096.

Consider the example in which there are three bridges, A, B and C connected with each others

Basic Datacenter Design with Redundancy

The very basic thing that an organization expects while designing its network is maximum uptime, and this maximum uptime can only be achieved when there is redundancy in the network. So in this article, we'll design a network for a company hosted in a datacenter with redundant devices and links.
NOTE: The configuration of devices in this article does not include configuration for securing the control-plane of core or aggregation routers.

Full Network topology:
Topology of Part of Datacenter

Stacked Switches

A stackable switch is a network switch that is fully functional operating standalone but which can also be set up to operate together with one or more other network switches, with this group of switches showing the characteristics of a single switch but having the port capacity of the sum of the combined switches. Following are some of the benefits of stacked switches.

1. Simplified Network Management

Multiple physical switches in a stack appear as a single logical switch. This eases management overhead because there are fewer devices in the network to manage. A single IP address is used to manage the logical switch. All manageable entities (for example, Ethernet interfaces and VLANs) on all physical switches can be configured and managed from the logical switch. The logical switch will appear as a single entity in the network. In a Layer 2 network, the logical switch will appear as a single spanning-tree entity.

Creating MPLS Layer 3 VPN

When used with MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network. One service provider network can support several different IP VPNs. Each of these appears to its users as a private network, separate from all other networks. Within a VPN, each site can send IP packets to any other site in the same VPN.
Each VPN is associated with one or more VPN routing and forwarding instances (VRFs). A VRF consists of an IP routing table, a derived Cisco express forwarding (CEF) table, and a set of interfaces that use this forwarding table.
The router maintains a separate routing and CEF table for each VRF. This prevents information being sent outside the VPN and allows the same subnet to be used in several VPNs without causing duplicate IP address problems.
In this document, we'll be configuring basic MPLS Layer 3 VPN for two customers, each having two physical sites at different location.

Network Topology:

Creating MPLS Layer 3 VPN
MPLS Layer 3 VPN

Traffic Flow Decisions in MPLS Network

In this article, we will study how forwarding decisions are made in a MPLS Network. You can check out the configuration of the network at Creating Layer 3 MPLS VPN.

Network Topology:

Fortigate Backup VPN

You can configure a route-based VPN that acts as a backup facility to another VPN. It is used only while your main VPN is out of service. This is desirable when the redundant VPN uses a more expensive facility.
You can configure a backup IPsec interface only in the CLI. The backup feature works only on interfaces with static addresses that have dead peer detection enabled. The monitor option creates a backup VPN for the specified phase 1 configuration. Redundant tunnels do not support Tunnel Mode or Manual Keys. You must use Interface Mode.

Contents for Datacenter Studies

This article is still being updated.....

In this article, we have tried to include various contents that are required for you CCIE Datacenter studies.

Get the updated syllabus for your Certification from here.

UCS platform emulator

Titanium Image for Nexus emulation
Titanuim Image 6.1.1.rar    -- You can find this with google search.

Cisco ASA Active/Active Failover Configuration

Active/Active failover is only available to security appliances in multiple context mode. In an Active/Active failover configuration, both security appliances can pass network traffic.

In Active/Active failover, you divide the security contexts on the security appliance into failover groups. A failover group is simply a logical group of one or more security contexts. You can create a maximum of two failover groups on the security appliance. The admin context is always a member of failover group 1. Any unassigned security contexts are also members of failover group 1 by default.
We have already seen the configuration for Active/Standby failover in the previous article. This article focuses on how to configure an Active/Active Failover configuration on ASA Security Appliance.

Network Diagram 
(Physical Topology)
Active/Active Failover Physical Network Diagram

Cisco IOS Archiving for Configuration Backup

Configuration backup is an important part of network administration. When there are multiple nodes (routers/switches) in a network, some kind of automation is needed to take regular backups. Apart from third party applications like rancid (free) and Kiwi CatTools (free/paid), you can use Cisco's IOS archiving feature for regular configuration backups. In this article, we'll configure a Cisco router to send configuration backup to a FTP server.

First we need to configure the FTP parameters, so that router can authenticate to FTP server.
Router1(config)# ip ftp username ftpuser
Router1(config)# ip ftp password ftppass

Virtual Firewalls (Contexts)


You have worked as a network engineer for many companies, but now you have started your own collocated datacenter. At the starting, due to budget constraints, you want to be smart and decided to share a single physical firewall (Cisco ASA) between two customers i.e. Customer-A and Customer-B.


  • Both customers should feel that they have a separate Firewall for them.
  • None of the Customers should be able to manage others firewall policies.
  • Customer-A has opted for Silver plan, so allocate the resources accordingly.
  • Customer-B has opted for Gold plan, so allocate the resources as per plan.

Physical Topology
Virtual Firewalls' Physical Topology