VTP Protocol - In-Depth Analysis
The previous article introduced the VTP protocol, we examined how it can be used within a network, to help manage VLANs and ease the administrative overhead, providing a stress-free VLAN environment by automatically updating all the network switches with the latest VLAN information.
This article extends on the above by delving into the VTP protocol itself and analysing it's structure and format in order to gain a better understanding and enhance those troubleshooting skills.
The VTP Protocol Structure
We've mentioned that the VTP protocol runs only over trunk links interconnecting switches in the network. Whether you're using ISL or IEEE 802.1q as your encapsulation protocol, it really doesn't matter as the VTP structure in both cases remains the same.
Following are the fields which consist the VTP protocol:
- VTP Protocol Version (1 or 2)
- VTP Message Type (See Below)
- Management Domain Length
- Management Domain Name
What we need to note here is that because there are a variety of VTP Message Types, the VTP Header changes depending on these messages, but the fields we just mentioned above are always included.
To be more specific, here are the different messages currently supported by the VTP protocol:
- Summary Advertisements
- Subset Advertisement
- Advertisement Requests
- VTP Join Messages
It is obvious that all switches use these different messages to request information or advertise the VLANs they are aware of. These messages are extremely important to understand as they are the foundations of the VTP protocol.
We'll take each message and analyse them individually, explaining their purpose and usage, but before we proceed, let's take a quick visual look at the messages and their types to help make all the above clearer:
First up is the Summary Advertisements.
VTP Protocol - Summary Advertisement Message
The Summary Advertisement message is issued by all VTP Domain Servers in 5 minute intervals, or every 300 seconds. These advertisements inform nearby Catalyst switches with a variety of information, including the VTP Domain name, configuration revision number, timestamp, MD5 encryption hash code, and the number of subset advertisements to follow.
The configuration version number is a value each switch stores to help it identify new changes made in the VTP domain, similar to how DNS keeps track of changes to its resource records via the DNS serial number. Each time the VTP Server configuration is changed, the configuration revision number will automatically increment by one.
When a switch receives a summary advertisement message, it will first compare the VTP domain name (Mgmt Domain Name field) with its own.
If the Domain Name is found to be different, it will discard the message and forward it out its trunk links. However, in the likely case that the domain name is found to be the same, it will then check the configuration revision number (Config Revision No.) and if found to be the same or lower than it's own, it will ignore the advertisement. If however it is found to be greater, an advertisement request is sent out.
The Updater Identity field contains the IP Address of the switch that last incremented the Configuration Revision Number, while the Update Timestamp field gives the time the last update took place.
Message Digest 5 (MD5) carries the VTP password, if MD5 is configured and used to authenticate the validation of a VTP update. Further more, VTP takes the VTP domain name into account when calculating the VTP MD5 hash. MD5 hash is different each time a vtp update message is transmitted even though domain name and password (it is null by default) are same. This is because the configuration revision number is used to calculate the MD5 hash and as it is different after creating the vlan, therefore the MD5 will also be different.
Lastly, summary advertisements are usually followed by Subset Advertisements, this is indicated by the Followers field and is the next message we'll be closely examining.
VTP Protocol - Subset Advertisement
As mentioned in the previous message, when VLAN changes are made on the Catalyst VTP Server, it will then issue a Summary Advertisement, followed by a Subset Advertisement. Depending on how many VLANs are configured in the domain, there might be more than one Subset Advertisement sent to ensure all VLAN information is updated on the VTP Clients.
Comparing the fields of this message with the previous one, you'll notice most of them are identical, except for the Sequence No. and VLAN Info. Field.
The Code field for a Subset Advertisement of this type is set to 0x02 while the Sequence No. field contains the sequence of the packet in the stream of packets following a summary advertisement. The sequence starts with 1 and increments based on the number of packets in the stream.
Apart from these fields, we also have the VLAN Info Field, which happens to be the most important as it contains all the VLAN information the switches are waiting for.
The VLAN Info Field will be presented in segments. Complexity and importance requires us to break it up further and analyse the subfields it contains:
Each VLAN Info Field contains all the information required for one VLAN. This means that if our network is powered with 10 VLANs and a Subset Advertisement is triggered, the VTP Server will send a total of 10 Subset Advertisements since each VLAN Info Field contains data for one VLAN.
The most important subfields in the VLAN Info Field are the VLAN Name Length, ISL VLAN ID, MTU Size and VLAN Name. These subfields contain critical information about the VLAN advertised in the particular Subset Advertisement frame. Some might be suprised to see settings such as MTU's to be configurable in VLAN's, and this confirms that each VLAN is treated as a separate network, where even different MTU sizes are possible amongst your network's VLANS.
Advertisement Requests
Turning a Cisco switch off will result loosing all its VTP information stored in its memory (RAM). When the switch is next turned on, all its database information is reset and therefore requires to be updated with the latest version available from the VTP Server(s).
A switch will also send an Advertisement Request when it hears a VTP summary advertisement with a higher revision number than what it currently has. Another scenario where a request would be issued is when the VTP domain membership has changed, even though this is quite uncommon since the VTP domain name is rarely, if ever, changed after its initial configuration.
So what happens when an Advertisement Request is sent on the network?
As you would already be aware from the message types covered, the VTP Server will respond with Summary Advertisement, followed by as many Subset Advertisements required to inform the VTP Clients about the configured VLANs.
The diagram below shows the structure of an Advertisement Request sent by a VTP Client switch:
Most fields as you can see, are similar to the previous messages we've seen, except two: The Reserved and Starting Advertisement To Request. The Reserved is exactly what it implies - reserved and not used in the Advertisement Request messages, while the Starting Advertisement To Request is the actual request sent by the VTP Client.
VTP Join Messages
VTP Join Messages are similar to the Advertisement Request messages but with a different Message Type field value and a few more parameters. As indicated by the message name, a VTP Join Message is sent by the VTP Client, and directed to the VTP Server, when it first joins a VTP domain.
Other VTP Options - VTP Password
The VTP Password is a necessary feature to ensure the security and integrity of VTP messages. With the password feature, you are able to secure your VTP Domain since only switches configured with the correct password are able to properly decrypt the VTP messages advertised in the management VLAN.
By default the VTP Password option is not turned on and therefore most management VLANs are set to use non-secure advertisements. Once enabled on the VTP Domain Server(s), all switches participating in the domain must be manually configured with the same password, otherwise it will fail to decrypt all incoming VTP messages.
Summary
This page analysed the structure of each message the VTP protocol currently supports to maintain the network's switches in synchronisation with the VTP domain server(s):
- Summary Advertisements
- Subset Advertisement
- Advertisement Requests
- VTP Join Messages
We're sure you would agree that VLAN's are in fact a whole study case alone, but surely at the same time it's quite exciting as new concepts and methods of ensuring stability, speed and reliability are revealed.
This completes our in-depth discussion on the VTP Protocol messages. Next up is VTP Prunning, a much needed service that ensures our network backbone is not constantly flooded with unnecessary traffic. We are sure you'll enjoy the page, along with the awesome diagrams we have prepared.
Your IP address:
18.119.105.59
Wi-Fi Key Generator
Follow Firewall.cx
Cisco Password Crack
Decrypt Cisco Type-7 Passwords on the fly!