pvst/pvst+

In Ethernet switched environments where multiple Virtual LANs exist, spanning tree can be deployed per Virtual LAN. Cisco's name for this is per VLAN spanning tree (PVST and PVST+, which is the default protocol used by Cisco switches). Both PVST and PVST+ protocols are Cisco proprietary protocols and they cannot be used on 3rd party switches, although Force10 Networks and Extreme Networks support PVST+, Extreme Networks does so with two limitations (lack of support on ports where the VLAN is untagged/native and also on the VLAN with ID 1). PVST works only with ISL (Cisco's proprietary protocol for VLAN encapsulation) due to its embedded Spanning tree ID. Due to high penetration of the IEEE 802.1Q VLAN trunking standard and PVST's dependence on ISL, Cisco defined a different PVST+ standard for 802.1Q encapsulation. PVST+ can tunnel across a MSTP Region.


PVST works only on ISL trunks. That is because an ISL trunk natively
supports multiple spanning trees per vlan. A ISL header has a bit
dedicated to indicate that the packet is a BPDU packet or not, so it is
very easy to seperate different BPDUs of different VLANs:

BPDU Flag VLAN TAG
BPDU VLAN 10 1 10
Normal packet VLAN 10 0 10
BPDU VLAN 15 1 15
Normal packet VLAN 15 0 15
etc.....

PVST+ is a modification of PVST which allows per vlan spanning trees
over standard 802.1q links.
802.1q does NOT natively support multiple spanning tree instances, only
one instance. BPDU packets on a 802.1q link are not tagged and are
transported on the native vlan. So only one spanning tree could be
supported.

Also, Cisco could not change the packet header of an 802.1q packet,
since it was a standard. So how did they manage to transport different
spanning trees over a standard 802.1q trunk ???

A standard BPDU packet is sent to the mac address: 01-80-C2-00-00-00,
untagged.

in PVST+, the BPDUs of the native vlan are transported like the
standard, untagged. the BPDUs of the other vlans are transported TAGGED
to the Cisco shared spanning tree mac address: 01-00-0C-CC-CC-CD

The other end - also a Cisco - understands this mac address and finds
the BPDUs of the other vlans. If the other end is NOT a Cisco, the mac address is flooded across the native vlan. This allows Cisco switches to maintain a per-vlan spanning tree across non-cisco switches.


----------
Cisco switches run different types of STP protocol, depending on whether the connected port is access, ISL trunk or 802.1q trunk. Natively, a Cisco switch runs a separate STP instance for each configured and active VLAN (this is called Per-VLAN Spanning Tree or PVST) and standard IEEE compliant switches run just one instance of STP protocol shared by all VLANs.

Access Ports
Cisco switches run classic version of IEEE STP protocol on the access ports. The IEEE STP BPDUs are sent to IEEE reserved multicast MAC address “0180.C200.0000” using IEEE 802.2 LLC SAP encapsulation with both SSAP and DSAP fields equal to “0×42”. Note that you can plug any standard IEEE compliant switch into a Cisco switch access port and they will interoperate perfectly, joining the respective access VLAN STP instance with the IEEE STP instance (MST).

ISL Trunks
Across ISL trunks, Cisco switches run PVST (Per-VLAN Spanning Tree). (Note that PVST feature is limited to ISL trunks only). The same IEEE STP BPDUs are sent for each VLAN, encapsulated in additional ISL header (which also carries the VLAN number). Since PVST BPDUs have the same format as IEEE BPDUs (that is IEEE 802.2 LLC SAP) they can be matched using the same SSAP/DSAP values of “0×42” for the purpose of Layer 2 filtering. The group of Cisco switches connected using ISL trunks only is called PVST region.

802.1q Trunks
Across 802.1q trunks, Cisco switches run PVST+ (Per VLAN Spanning Tree Plus). The goal of PVST+ is to interoperate with standard IEEE STP (MST) and allow transparent tunneling of PVST instance BPDUs across MST region (to potentially connect to other Cisco switches across the MST region).




interoperability
a group of Cisco switches connected using ISL trunks only is called PVST region.
a group of Cisco switches connected using 802.1q trunks as PVST+ region.

PVST+ region may connect to a PVST region using an ISL trunk and connect to MST region using a 802.1q trunk. The STP instances in PVST and PVST+ regions maps directly to each other, so no special interoperability solution is required. However, on MST side only one STP instance exists, contrary to many STP instances of PVST+ region. The first question is: if we want to interoperate with MST, which PVST VLAN’s STP instance should be joined with MST? Cisco chooses VLAN 1 for this purpose. The joined together instances of Cisco VLAN 1 STP and MST are called “Common Spanning Tree” or CST (naturally, CST spans PVST, PVST+ and MST regions).

Case 1: Cisco switch connects to MST switch across a 802.1q trunk with default native VLAN (VLAN 1)

MST (standard IEEE switch) side sends IEEE STP BPDUs to IEEE multicast MAC address. Those BPDUs are consumed and processed by VLAN 1 STP instance on Cisco switch (PVST+ region).

PVST+ side (Cisco switch) sends IEEE STP BPDUs corresponding to local VLAN 1 STP to IEEE MAC address as untagged frames across the link. At the same time, special new SSTP (shared spanning tree, synonym to PVST+) BPDUs are being sent to SSTP multicast MAC address “0100.0ccc.cccd” also untagged. Those SSTP BPDUs are encapsulated using IEEE 802.2 LLC SNAP header (SSAP=DSAP=”0xAA” and SNAP PID=”0×010B”). The BPDUs contain the same information as the parallel IEEE STP BPDUs for VLAN 1, but have some additional fields, notably special TLV with the source VLAN number. Note that IEEE switches do not interpret the SSTP BPDUs, but simply them flood through the respective VLAN topology, in case there are other Cisco switches connected to MST cloud.

As for non-native VLANs (VLANs 2-4095) Cisco switch sends only SSTP BPDUs, tagged with respective VLAN number and destined to the SSTP MAC address. (Please remember that all SSTP BPDUs carry a VLAN number they belong to). The respective VLAN STP instances are “transparently expanded” across the MST region, considering it as a “virtual hub”. (Note that this may have some traffic engineering implications, since to non-CST VLANs the cost of traversing MSTP region equals to the cost of the link used to connect to the first MSTP switch).

Now the question is, why would Cisco switch send the same VLAN1 BPDU twice – towards IEEE and SSTP multicast MAC addresses? Isn’t it supposed for the Cisco switch to join its VLAN 1 STP instance with the MST? The reason for sending additional SSTP BPDUs across VLAN 1 is purely informational, to perform consistency checking. The idea is to inform all other potential Cisco switches attached to MST cloud about our native VLAN. The receiving switch will only use IEEE BPDUs for VLAN 1 (CST) computations and will ignore SSTP BPDUs sent on VLAN 1.

Lastly, for the purpose of layer 2 filtering, remember that you can match SSTP BPDUs using an ethertype value “0×010B”.This works with multilayer switches even though SSTP BPDUs are SNAP encapsulated, and the actual field is not “ethertype” but rather a SNAP Protocol ID.

Case 2: Cisco switch connects to MST switch across a 802.1q trunk with non-default native VLAN (e.g VLAN 100).

MST (standard switch) side sends IEEE STP BPDUs to IEEE multicast MAC address and those BPDUs are processed by VLAN 1 (CST) STP instance in the Cisco switch.

PVST+ side (Cisco switch) sends untagged IEEE STP BPDUs corresponding to VLAN 1 (CST) STP to IEEE MAC address across the link. This is done for the purpose of joining the local VLAN 1 instance and the MSTP instance into CST. At the same time, VLAN 1 BPDUs are replicated to SSTP multicast address, tagged with VLAN 1 number (to inform other Cisco switches that VLAN 1 is non-native on our switch). Finally, BPDUs of the native VLAN instance (VLAN 100 in our case) are sent untagged using SSTP encapsulation and destination address. Of course, native VLAN100 BPDUs, (even though they are untagged) carry VLAN number inside a special TLV SSTP header.

As in Case 1 for the remaining non-native VLANs (VLANs 2-4095) Cisco switch sends SSTP BPDU only, tagged with respective VLAN tag and destined to the SSTP MAC address. The other Cisco switches connected to the MSTP cloud receive the SSTP BPDUs and process the using the respective VLAN STP instances.