- Most network engineers design LANs with redundant links between switches in order to provide higher availability as switch hardware and cable problems might occur.
- Broadcast frames could loop forever in networks with redundant links – broadcast storm.
Switching or bridging loops might caused by broadcast of ARP requests for locating an unknown or shutdown device, as switches were designed to forward unknown unicast frames.
- Another problem is multiple frame copies, which could occur when a frame arrives from different segments at the same time, which could also lead to MAC address table thrashing.
- Spanning Tree Protocol (STP) was introduced to solve these problems by placing switch ports in either forwarding or blocking state in forming a single active path called the spanning tree.
The purpose of STP is to maintain a loop-free network topology in networks with redundant links. STP is enabled by default in Cisco Catalyst switches.
- Switch ports in forwarding state can receive and forward frames.
Switch ports in blocking state cannot receive and forward frames (but can still receive BPDUs).
Note: If a blocking state port can receive frames, it will process and forward broadcast frames!
Figure 5-1: Network Setup for Spanning Tree Protocol
- Figure 5-1A shows a network after the STP convergence – SW3’s Fa0/2 port is in blocking state.
When PC1 sends a broadcast frame, SW1 will forward the broadcast frame to both SW2 and
SW3. SW2 can forward the frame to SW3 as its Fa0/2 port is in forwarding state; whereas SW3
cannot forward the frame to SW2 as its Fa0/2 port is in blocking state.
- When the link between SW1 and SW3 fails (Figure 5-1B), SW3 will react as it no longer receiving any BPDU via its root port (Fa0/1). After the STP convergence, SW3 Fa0/2 will be changed to forwarding state, which allows SW3 to exchange frames with other switches.
- The drawback of STP is it would cause some frames to traverse a longer and less-efficient path.
Ex: If PC3 wants to send a frame to PC2, the frame will be traversed from SW3 SW1 SW2.
PC1
PC2
PC3 SW1
SW2
SW3 Fa0/1
Fa0/1
Fa0/1
Fa0/2
Fa0/2 Fa0/2 PC1
PC2
PC3 SW1
SW2
SW3 Fa0/1
Fa0/1
Fa0/1
Fa0/2
Fa0/2 Fa0/2
Blocking Forwarding
Figure 5-1A Figure 5-1B
- Below describes the STP convergence process:
i) Elect the root bridge. There is only one root bridge per network. All root bridge’s ports (which are also designated ports) are placed in forwarding state.
ii) Selects the root port on all non-root bridges. Root port is the port that is closest to the root bridge, which means it is the port that receiving the lowest-cost BPDU from the root.
Every non-root bridge must have a root port. All root ports are placed in forwarding state.
Note: It is not always the shortest path but the fastest path to reach the root bridge.
iii) Selects the designated port from the designated bridge for each LAN segment.
Designated bridge is the cost bridge on each segment that forwards the lowest-cost BPDUs into the segment. If the lowest-costs are the same, the port of the lower BID bridge will be selected as the designated port. If there is a tie in the BID, the port with the lowest port ID will be used as the final tiebreaker (this happens when a switch connects back to itself with a cross cable). All designated ports are placed in forwarding state.
iv) All other ports – non-designated ports, are placed in blocking state.
- STP root bridge election process started with each bridge claiming itself as the root bridge by sending out multicast frames called Bridge Protocol Data Units (BPDUs), which are used to exchange STP information between bridges. A BPDU contains the following important values:
The Bridge IDs of the Root Bridge and the Transmitting Bridge
BID is an 8-byte field that is composed of the bridge priority value (0-65535, 2 bytes) and the bridge MAC address (6 bytes). The root bridge is the bridge with the lowest bridge ID. A bridge can become the root bridge by lowering the priority value (eventually the BID), which is normally being practiced in large switched networks.
The cost to reach the root from this bridge (Root Path Cost)
This value is set to 0 at the beginning of STP root bridge election process since all bridges claim to be the root. The lower the cost, the better chance to become a designated port. The range is 0-65535. Port ID The port ID of the originating switch port of the BPDU frame.
- The bridge with the lowest priority becomes the root. 32768 is the default bridge priority value.
If there is a tie occurred on priority, the bridge with the lowest MAC address becomes the root.
Figure 5-2: Root Bridge Election
- Figure 5-2 shows the STP root bridge election process. Each switch sends out BPDUs to claim itself as the root. Assume that SW2 receives the BPDU from SW1 faster than SW3, SW2 agrees
Figure 5-3: Electing the Designated Port
- SW2’s Fa0/2 port will be selected as the designated port for the segment between SW2 and
SW3 even both switches forward the same cost BPDUs into the segment, because SW2 has the lower BID (same priority but lower MAC address) than SW3. Below lists the state of all switch ports after the STP convergence:
Port State Why is it in Forwarding state
SW1, Fa0/1 Forwarding Root bridge’s interface.
SW1, Fa0/2 Forwarding Root bridge’s interface.
SW2, Fa0/1 Forwarding Root port.
SW2, Fa0/2 Forwarding Designated port for the segment between SW2 and SW3.
SW3, Fa0/1 Forwarding Root port.
SW3, Fa0/2 Blocking –
- Below list the default IEEE STP port costs:
Speed Port Cost
Other bridges will change the Root Path Cost in the received BPDUs to the accumulated cost of the particular bridge to the root and propagate the BPDUs out their designated ports.
Ex: A root bridge will send out BPDUs with Root Path Cost of 0. A non-root bridge that connects to the root bridge via Fast Ethernet will send out BPDUs with Root Path Cost of 19.
- A bridge assumes the path to the root is active by constantly receiving BPDUs from the root. A non-root bridge will declare itself as the root bridge if it does not receive the BPDUs from the root for the MaxAge period, which could be caused by the spanning-tree bpdufilter enable
interface subcommand that configures an interface to not send and receive (ignore) BPDUs.
- A BPDU also defines the following timers:
Hello Time The time a root bridge should wait before sending out periodical BPDUs.
The default interval is 2 seconds.
MaxAge The time a bridge should wait before trying to change the STP topology after it fails to receive the BPDUs from the root. The default interval is 20 seconds.
Forward Delay
The time a bridge should spend for the listening and learning states when an interface needs to be changed from blocking to forwarding state. The default interval for both states is 15 seconds.
SW1
- Refer back to Figure 5-1B, assume the Metro Ethernet WAN link between SW1 and SW3
experiencing problems and frames (including BPDUs) are unable to traverse across the link even the interface and line protocol are active, SW3 will react after it fails to receive the BPDUs from
SW1 for the MaxAge period. SW2 does not react since it still can receive the BPDUs from SW1. - SW3 will declare itself as the root bridge and start generating BPDUs after its MaxAge expires.
However, it will receive a better BPDU (SW1 root bridge BPDUs) from SW2. SW3’s Fa0/2 will become the root port and transitioned from blocking to forwarding state (after the listening and learning states). SW3 will send out a TCN BPDU out Fa0/2 when Fa0/2 is transitioned to forwarding state in order to inform the root bridge regarding the spanning tree topology change.
- A switch port cannot be immediately transitioned from blocking state to forwarding state, as broadcast storms (due to switching loop) could occur if other switches were also converging.
STP uses the following 2 intermediate (or transition) states to prevent switching loop problems:
Listening Listens for BPDUs to make sure that no loops will occur once the port is transitioned to forwarding state. Build another active topology and change the root port if necessary if found a better path to the root bridge. A port in listening state only listens for BPDUs and is not used to populate the MAC address table.
Learning Learns the new location of MAC addresses and builds the bridging table. Does not forward frames yet.
Note: Blocking and Forwarding are known as stable states.
- By using default timers, a port takes up to 50 seconds to transition from blocking to forwarding state [20 seconds MaxAge + 15 seconds Listening + 15 seconds Learning forward delays]. It is not recommended to modify the default STP timer intervals.
- Below summarizes the STP port states:
State Forwards Data Frames?
Leans MACs from
Received Frames? Transitory / Stable
Blocking No No Stable
Listening No No Transitory
Learning No Yes Transitory
Forwarding Yes Yes Stable
- EtherChannel provides a way to prevent the need of STP convergence when a port or cable fails (fault-tolerant). STP can combine 2 to 8 parallel Ethernet links between 2 switches into an EtherChannel which is treated as a single logical link. EtherChannel allows a switch to forward traffic over all the trunk links (load balancing) which provides more bandwidth. No STP convergence will occur as long as at least one of the links in the EtherChannel group is still up.
In normal operation, STP blocks all links except one when there are multiple parallel links between 2 switches; whereas with EtherChannel, STP allows all the parallel links up and working at the same time, all trunks will be either in forwarding or blocking state.
- PortFast causes a switch port to enter the forwarding state immediately as soon as the port is physically up, without the waiting of 50 seconds (MaxAge + 2 forward delays). PortFast should only be enabled on access ports that do not expect to receive STP BPDUs.
- Enabling PortFast on a port connected to another switch can create spanning tree loops. The Cisco BPDU Guard feature (enable with the spanning-tree portfast bpduguard default
global configuration command) allows a port to be automatically disabled if a BPDU is received