Sunday, 28 May 2017

Differences between PVST and PVST+

Behind the simple “plus” in PVST+ lurk quite subtle details that can make the difference between the two concepts very fuzzy, so the goal of this post is to give you a very brief explanation and I hope enough simple to grasp about PVST and PVST+ and their relationship with the standard IEEE 802.1q:
IEEE 802.1q standard
PVST (Per VLAN Spanning Tree) Cisco proprietary
PVST+ Cisco proprietary
BPDU transported over native VLAN untagged (cannot differentiate between different VLANs), therefore support natively only one single instance of STP for all VLAN, MST (Mono Spanning Tree).
(-) Not interoperable and less flexible approach.
(+) Improve the limitation of 802.1d STP (created before VLAN) by supporting one separate instance for each VLAN, using ISL trunk only.
(-) Still not interoperable with IEEE 802.1q that supports only one STP instance.
(+) Modification of PVST: allow PVST over standard IEEE 802.1q:
1) – PVST+ native VLAN BPDUs are transported (merged) in IEEE native VLAN (CST) untagged using IEEE STP MAC 0180.0CCC.CCCD 01-80-C2-00-00-00
2)– In addition to that, PVST+ native VLAN is send a second time tunneled over IEEE 802.1q using special multicast MAC 0100.0CCC.CCCD (Shared spanning Tree, SSTP):
  1. Untagged, if PVST+ native VLAN=VLAN 1. (figure1)
  2. Tagged (coded with TLV, containing VLAN ID), if native VLAN other than VLAN 1. (figure2)
This is used exclusively for consistency check. Besides, the error “PVID-inconsistency” is generated if PVST+ BPDU is received on a VLAN different from the one it was generated from.
3)– non-native VLAN BPDUs always tunneled over IEEE 802.1q using special multicast MAC 0100.0CCC.CCCD (Shared spanning Tree, SSTP), tagged (coded with TLV, containing VLAN ID)
– Make sure the native VLAN in PVST+ regions, communicating together through IEEE 802.1q, is the same.
– Whatever the complexity of the IEEE 802.1q network, only costs at the borders with PVST+ regions counts for PVST+-IEEE 802.1q native VLAN (VLAN 1 by default) cooperate with PVST, PVST+ and MSTI (802.1s).
– PVST (ISL) instances are mapped one-to-one with PVST+ (802.1q) instances.
Figure 1: PVST+ native VLAN is VLAN 1
Figure 2: PVST+ native VLAN is different from VLAN 1
Here is what to retain :
802.1q (standard) supports only one single instance of STP
  • native VLAN (Common Spanning Tree)  – (let’s say channel 1)
  • one STP instance – (let’s say channel 2)
PVST (Cisco proprietary)
  • Support one STP instance per each VLAN
  • uses ISL trunk only.
  • Doesn’t support 802.1q
PVST+ (Cisco proprietary) Enhance PVST capabilities by allowing to transport PVST over 802.q :
  • native VLAN over “Common Spanning Tree” (over channel 1)
  • Each per-VLAN STP is encapsulated using a special Multicast MAC and transported (over channel 2)

No comments:

PAN-OS Supported ciphers

Following is a list of supported ciphers for PAN-OS 7.1 and later: SSLv3 Ciphers Supported (No change from PAN-OS 7.0) Non-FIPS mod...