STP: Spanning Tree Protocol 8012.1D
Spanning Tree Protocol (STP) is the tool used to prevent layer 2 switching loops on a network. STP is needed to prevent loops in layer 2 because frames do not have a Time To Live (TTL) header option. It works by placing switch ports into a forwarding or blocking state and notifying other switches of network changes. There are many different flavors of spanning tree but today we will only be discussing how it functions and some ways to optimize it. Let’s take a deep dive so we can understand exactly how STP works.
How does STP work?
- STP uses messages called Bridge Protocol Data Units (BPDU) to stabilize the network and create a loop free topology. BPDUs are the ID of a switch on a network. They contain information on various timers as well as the identifer called the Bridge ID. The bridge ID is the priority number (0-65,535) + the MAC Address of a switch. STP enabled switches send each other BPDU’s to figure out the root switch on a network. Once the root switch is found each switch will designate ports into root and designated ports. Any port that is not a root or designated port will be placed into a blocking state.
Root Switch Election
- Every switch on the network will send out BPDU hello packets that declare themself the root switch. If a BPDU is received on a segment with a lower bridge ID than its own, the switch will view that as the superior BPDU and no longer declare itself as root bridge. The switch will stop sending it’s own BPDU hello packets and only forward the superior BPDU throughout the network. Eventually all switches in the network except the switch with the lowest bridge ID stop sending hellos. That one switch is the winner of the election is declared the root switch.
Determining the Root Port
- After the Root Switch is elected it should be the only switch sending out BPDU hello packets. Other non-root switches will receive the BPDU, add the cost of the interface it was recieved on to the BPDU cost and forward that BPDU out of it’s other ports. That port which the BPDU was received on is declared the root port. The superior BPDU is also saved with the switch in order to keep track if there are any topology changes. The non-root switch at this point is forwarding the superior BPDU out of its designated ports (not the root port).
Determining Designated Ports
- The designated port is the non root port on the segment that is sending out the best BPDU hello packets. Designated ports are the only ports that forward BPDU hellos. There can be only one switch forwarding BPDUS on a segment. All other ports on a switch has been determined as root port or placed in the blocking state.
PortFast / Edge Ports
- PortFast/Edge is typically configured on ports where single hosts would connect to. PortFast allows for the port to transition immediately into the forwarding state. These port do not generate topology change events and can send BPDU’s but is not expected to receieve them back.
BPDU Guard
- BPDU Guard is typically configured on the edge ports. This STP feature disables a port immediately if a BPDU is receieved. For example, if a rouge switch was plugged into an edge port that shouldnt be expected, BPDU guard can prevent any mischevious problems from occuring
Root Guard
- Root Guard will ignore any receieved superior BPDU’s to prevent the port from becoming a root port. If a superior BPDU is receieved the switch poots the port into a root-inconsistent blocking state. This will stop the port from forwarding and receiving any data frames. Once the superior BPDU’s stop the port will return to it’s normal state. Root Guard allows the original root port to remain intact by disallowing a designated port to become the new root port.