I. Information on
NetInfo
II. Information on
AppleTalk and spanning tree
I. Spanning tree and NetInfo
Due to the time that may elapse between the network becoming active in Mac OS X and NetInfo becoming active, it is possible that spanning tree may block NetInfo requests when attempting to bind to a parent NetInfo server. Enabling "port fast" on the switch, or its equivalent, resolves this issue.
II. AppleTalk and spanning tree
Symptoms
The observed symptoms vary depending on several environmental factors. Differences in network topology, as well as differences in AppleTalk related values stored in system preference files can change the symptoms. Depending on your environment you may see one or more of the following symptoms.
Environment One
- AppleTalk routing is enabled on the network to which the computer is connected.
- The network number stored in the system preferences is not within the AppleTalk reserved start up range.
- The network number stored in the system preferences doesn't match the current network number assigned to the cable.
This would be a typical situation when moving a computer from one AppleTalk network to another.
The symptoms you would observe are:
1. Soon after the Finder loads an alert box with this message appears:
"Access to your AppleTalk network has been interrupted. To re-establish your connection, open and close the AppleTalk control panel."
2. Upon opening the AppleTalk control panel an alert box with this message appears:
"Your network number is no longer valid. It will be updated when the control panel is closed."
As requested, open and close the AppleTalk control panel to update the saved the configuration information. By doing this you store the correct network number (for this network) into the AppleTalk preferences file and into PRAM.
3. A few seconds later an alert box with this message appears again:
"Access to your AppleTalk network has been interrupted. To re-establish your connection, open and close the AppleTalk control panel"
Open the Chooser, no zones are displayed in the zone list. If you select a service (for example, AppleShare Servers) you may see devices that are physically located on the same network, but devices located on other networks are not visible. The reason for this behavior is that by attempting to update the information (node, net, zone, and so forth) associated with the interface (by opening and closing the AppleTalk control panel) the Ethernet driver was reloaded. Reloading the Ethernet driver causes the link signal to drop thus causing the Spanning Tree Protocol to restart the convergence process.
Environment Two
- AppleTalk routing is enabled on the network to which the computer is connected.
- The network number stored in the system preferences is within the AppleTalk reserved start up range.
- The network number stored in the system preferences doesn't match the current network number assigned to the cable.
This would be a typical situation when installing a new computer or after resetting a computer's PRAM.
The symptoms you would observe are:
1. Soon after the Finder loads an alert box with this message appears:
"Your AppleTalk network has become available. To use the network, open the AppleTalk control panel, then close it."
2. Upon opening the AppleTalk control panel an alert box with this message appears:
"Your network number is no longer valid. It will be updated when the control panel is closed."
As requested, open and close the AppleTalk control panel to update the saved the configuration information. By doing this you store the correct network number (for this network) into the AppleTalk preferences file and into PRAM.
3. A few seconds later an alert box with this message appears again:
"Your AppleTalk network has become available. To use the network, open the AppleTalk control panel, then close it. "
Open the Chooser, no zones are displayed in the zone list. If you select a service (for example AppleShare Servers) you may see devices that are physically located on the same network, but devices located on other networks are not visible. The reason for this behavior is that by attempting to update the information (node, net, zone, and so forth) associated with the interface (by opening and closing the AppleTalk control panel) the Ethernet driver was reloaded. Reloading the Ethernet driver causes the link signal to drop thus causing the Spanning Tree Protocol to restart the convergence process.
Environment Three
- AppleTalk routing is enabled on the network to which the computer is connected.
- The network number stored in the system preferences matches the current network number assigned to the cable.
This would be a typical situation when the Spanning Tree Protocol is first enabled on an existing network.
The symptoms you would observe are:
1. Soon after the Finder loads an alert box with this message appears:
"Your AppleTalk network is now available."
After receiving this message opening the Chooser results in what appears to be fully enabled AppleTalk services. You can browse the network and use its services. Unfortunately you may have the same node ID as another computer connected to the network and some communications may fail as a result.
Environment Four
- AppleTalk routing is not enabled on the network to which the computer is connected (a non-routed environment).
If your Macintosh is connected to a non-routed network the following symptoms appear:
1. In this environment the Mac OS displays no alerts. From the perspective of the computer everything is fine. All phases of the startup process completed successfully with no apparent difficulties. Unfortunately, there may still be difficulties.
2. One of the processes that occur during the startup process (if you have AppleTalk turned on) is that the computer attempts to acquire a unique AppleTalk node ID. Unfortunately, with Spanning Tree enabled the switch may drop critical packets necessary for the Macintosh to discover if the node ID it has selected is in use by another system. If multiple computers acquire the same AppleTalk node ID you can expect to see difficulties related to both performance and loss of services.
Note: TCP/IP based services are not affected.
Solution
Disable Spanning Tree
Spanning Tree can usually be selectively disabled on the switch ports to which Macintosh computers using dynamic address allocation are connected. In general, there is no benefit to having Spanning Tree enabled for a port to which there is a single workstation attached. To create a loop in such an environment, the user would need to have access to an Ethernet hub with two uplink ports, or two cross-over cables, as well as access to two switch ports.
Enable Fast Convergence
Several switch manufacturers have extended the Spanning Tree Protocol to allow the convergence time to be reduced. One of the enhancements usually available is the ability to safely and quickly move the port from the blocked state (listening and learning) to the forwarding state. For example, if the bridge detects a single device attached to a port it can quickly assume that no other bridges are attached to that port and move the port to the forwarding state almost immediately. Check the manufacturer's documentation for specific information on how to configure this option for your switch. For example, Cisco has an option called "portfast" that can be enabled on most of their switches. For additional information on this feature, see:
http://www.cisco.com/warp/public/473/12.html
Tune the Forward Delay Timer
The Forward Delay timer can be tuned down to the minimum value. This value can usually be tuned down to a few seconds, which would give the switch enough time to move to the forwarding state before the address allocation packets were sent by the computer. If you choose to use this solution you must set these timers in the root bridge. The root bridge is the bridge that transmits these timer settings to all other designated bridges. Although you can set these timers on any bridge only the root bridge can effect the overall environment.
Spanning Tree Background
With the rapid deployment of layer 2 switches the use of the Spanning Tree Protocol has become common. Spanning Tree was originally developed for use with Ethernet bridges but has also been used in switches, since they themselves are layer 2 bridging devices. The Spanning Tree Protocol is an IEEE standard adopted in 1990 (IEEE 802.1D). Spanning Tree is a protocol designed to allow network designers to use layer 2 devices to create a loop free meshed topology. Loops in a layer 2 network can create packet storms, crippling a network and destroying network performance.
Basic Bridge Operation
The basic function of a bridge is to forward a packet from a source port to a destination port. The process involved in moving that packet involves multiple steps. Upon receiving a packet the bridge first looks in its address mapping table to determine if it has a known destination port for the packet. The bridge automatically builds the addressing mapping table by parsing the source address of packets it receives. It uses this address mapping table to determine where to forward packets. If the destination address is known, the bridge forwards that packet only to its destination port. If the destination address is not known, the bridge floods that packet over all the segments with the exception of the receiving one. This process works fine as long as there are no redundant paths in the network.
Without Spanning Tree the given the topology examples described below would create serious issues.
Example one
Redundant paths created when switches are connected together using more than one connection point.
[computer one]
|
----------------
| |------------------|
[p1] [p2] [p3]
[switch one] [switch two]
[p3] [p1] [p2]
|------------------| |
---------------
|
[computer two] |
In the above example computer one and computer two have two possible paths to each other.
For example, the paths computer one can use to get to computer two are:
- switch one/p1 -> switch one/p2 -> switch two/p3 -> switch two/p2.
- switch one/p1 -> switch one/p3 -> switch two/p1 -> switch two/p2.
Without Spanning Tree the packets are transmitted to both switch one, and also to switch two, causing a loop.
For example, if computer one sends to computer two, but neither switch has computer two in its address table, the follow series of events occur.
- Computer one transmits a packet destined for computer two.
- Given the redundant paths both switch one and switch two see the packet from computer one.
- Switch one populates its address tables indicating that computer one is resident on port p1 of itself.
- Switch one forwards the packet to both ports p2 and p3.
- Switch two populates its address tables indicating that computer one is resident on port p3 and p1 of itself.
- Switch two forwards the packet received on port p3 to both ports p1 and p2.
- The packet (now in the second bridge hop) is forwarded back to the originating switch via p1.
- Switch one now populates its address tables indicating that computer one is resident on port p3 as well as on port p1.
- Switch one forwards the packet to both ports p1 and p2.
- The packet (now in the third bridge hop) is forwarded back to switch two via port p2.
As you can see a loop has formed that would continue forever.
Example two
Redundant paths created when switches are connected together using hubs to create paths.
[computer one]
| lan one
----------[hub]------------
| |
[p1] [p1]
[switch one] [switch two]
[p2] [p2]
| |
-----------[hub]-----------
| lan two
[computer two] |
Given this environment if computer one sends to system two, but neither switch has system two in its address table the follow series of events occur.
- Computer one transmits a packet destined for computer two.
- Given the redundant paths both switch one and switch two see the packet from computer one.
- Switch one populates its address tables indicating that computer one is resident on port p1 of itself.
- Switch two populates its address tables indicating that computer one is resident on port p1 of itself.
- Switch one forwards the packet to port p2.
- Switch two forwards the packet to port p2.
- Switch two populates its address tables indicating that computer one is resident on port p3 and p1 of itself.
- Switch one receives the packet from switch two on port p2.
- Switch one updates its address tables to indicate that computer one is resident on port p2 as well as port p1 of itself.
- Switch one forwards the packet to port p1 (remember it doesn't know where computer two is resident).
As you can see a loop has formed that would continue forever.
Basic Spanning Tree Operation
The purpose of Spanning Tree is to avoid and eliminate loops in the network by negotiating a loop free path. In the above examples, this means that one of the ports would need to be "disabled", or put into such a mode where it is not forwarding packets, but is still aware of the topology of the network.
The basic algorithm built-in to the protocol effectively disables the redundant links within the network. In order to determine which links to disable the switches exchange special messages, called bridge protocol data unit (BPDU) frames, that allow them to calculate a Spanning Tree and hence the active topology.
Although the Spanning Tree Algorithm is able to maintain a loop-free tree despite network changes, recalculation of the Spanning Tree is a relatively time consuming process. Standard Spanning Tree values for the maximum age of BPDUs (which is the length of time that BPDU information is kept) is typically 20 seconds. The forwarding delay time, which is the length of time that ports are to remain in each of the listening and learning states, is 15 seconds. As a result, recalculation of the Spanning Tree following a network change takes approximately 50 seconds: 20 seconds for BPDU information to time out, 15 seconds in the listening state and another 15 seconds in the learning state.
As BPDU information is updated and/or timed-out, the Spanning Tree is recalculated and ports may transition from the blocked state to the forwarding state and vice versa. Rather than transition directly from the blocked state to the forwarding state, ports transition through two intermediate states: a listening state and a learning state. The bridge remains in each state for a preset period of time, called the forwarding delay. In the listening state, a port waits for information indicating that it should return to the blocked state. If, by the end of the forwarding delay time, no such information is received, the port transitions to the learning state. In the learning state, a port still blocks the receiving and forwarding of frames, but received frames are examined and the corresponding location information is stored. At the end of a second forwarding delay time, the port transitions from the learning state to the forwarding state, thereby allowing frames to be forwarded and received at the port.
It is very important to note that packet delivery is often delayed or fails completely as ports transition between states. That is, ports in the listening and learning states do not forward or receive frames. To the network users, these delays are perceived as service interruptions, which may present significant difficulties. In addition, certain applications, protocols (for example, AppleTalk address allocation and network discovery), or processes may time-out and shutdown during the reconfiguration process, resulting in even greater disruption to the network. Another disadvantage relates to subsequent message distribution. Following the reconfiguration process, messages are flooded across the network until the "new" destination ports are learned. Such flooding of messages can consume substantial communications and processor resources.
Tuning Spanning Tree Parameters
Changing Spanning Tree parameters, while resulting in fast convergence, may have unexpected and possibly detrimental results. Tuning Max Age down to the minimum value can result in BPDUs being discarded too early. During normal operation, the root bridge periodically transmits configuration BPDUs every hello time (usually every two seconds). These BPDUs are, in turn, propagated to bridges downstream from the root. If BPDU frames are inadvertently dropped, using a low value for Max Age may cause the bridge to trash its current configuration and recompute the Spanning Tree.
Tuning Forward Delay down to the minimum value (typically four seconds) means that when transitioning from blocking to forwarding a port spends four seconds in the listening state and four seconds in learning state. This means that there is only an eight-second window in the listening and learning states in which a BPDU indicating a loop must be received and processed. Setting this value too low may not account for the fact that BPDUs may be inadvertently dropped and can result in a loop and possibly a broadcast storm.
The information below provides descriptions of common Spanning Tree tunable parameters.
Common Spanning Tree Optimization Parameters
| Parameter | Purpose |
| Max Age | Maximum time a BPDU received on a port is considered valid. |
| Forward Delay | Amount of time spent in Listening and Learning states. The total delay prior to forwarding, therefore, is FWDDELAY * 2. |
| Hello Time | Interval of time when the root bridge generates BPDU frames. |
| Bridge Priority | The settable portion of the Bridge ID. The bridge with the lowest Bridge ID is selected as the root. |
| Port Priority | Settable portion of the Port ID. Determines, between two equal cost paths, which one is selected to be in forwarding mode, putting the other link in blocking. |
Questions and Answers
Question: Why does this only affect later Macintosh computers?
Answer: Later computers start up faster causing the packets used for AppleTalk address assignment to be sent while the port is still in the blocked state.
Question: Is Apple planning to change the way AppleTalk addresses are allocated to fix the problem?
Answer: Apple has no plans to change the algorithms used for AppleTalk address assignment.