How to Prevent Loops with STP: Spanning Tree Protocol
Topology changes happen all the time, especially in large networks with many network segments and multiple links between these segments. High availability is something both desirable and necessary. It is beneficial to have multiple links between switches in a network. In case one of the links fails, the other one takes over providing service redundancy.
But, as in real life, “nothing good comes without a price.” Therefore, redundant links may cause frame loops within the network if there is no mechanism to detect these loops. One could ask: What are a few repeated frames within a segment? The answer is that they do not harm the network, but remember broadcast frames occur all the time in switched networks. These frames in bridging loops keep circulating forever. They are exponentially procreating, leading both network bandwidth and resources into starvation.
By the time you notice the problem, it’s too late, your infrastructure is falling down.
Prevent Loops with the Spanning Tree Protocol
IEEE standardized a solution (IEEE 802.1D) to prevent bridging loops in data networks and provide loop-free topologies. This standardized solution is called Spanning Tree Protocol (STP). In this Spanning Tree Protocol tutorial, I will present in simplest terms the operation of STP and indicate how this protocol prevents the creation of bridging loops.
What is Spanning Tree Protocol
As the name implies, STP, spans all switches in a network or subnet. All switches generate and process data messages called Bridge Protocol Data Units (BPDUs). The basic idea behind the exchange of BPDUs is for switches to identify redundant paths and by using the Spanning Tree algorithm, to ensure that there is no loop path in the network.
The STP algorithm is responsible for identifying active redundant links in the network and blocking one of these links, thus preventing possible network loops. The operation of STP is as follows:
- STP enabled switches exchange BPDU messages between them to agree upon the “root bridge;” the process is called Root Bridge Election.
- Once the root bridge is elected, every switch has to determine which of its ports will communicate with the root bridge. Therefore Root Port Election takes place on every network switch.
- Finally, Designated Port Election takes place in order to have only one active path towards every network segment.
Root Bridge Election
Spanning tree enabled switches need to have a common view of the whole network topology. In order to achieve this goal, they communicate between each other using standardized data messages called BPDUs, which are being transmitted using the standardized multicast layer 2 address 01-80-c2-00-00-00. These BPDUs contain various fields.
For the election of the Root Bridge (bridge is equivalent to Switch), the one that will be the initial point of reference, switches manipulate and analyze the Root Bridge ID and Sender Bridge ID fields. Both of these fields consist of a six byte MAC address header and a two byte Bridge Priority header. The switch with the smallest Bridge Priority is automatically elected as the Root Bridge. If Bridge Priority is the same on all switches then the switch with the smaller MAC address is elected as the Root Bridge.
By default all catalyst switches have the same Bridge Priority value (32,768). Let us say that we have three switches as shown in the figure below. All have the same Bridge Priority of 32,768. All switches start by sending BPDUs with a Root Bridge ID and Sender Bridge ID equal of their own. After a few message exchanges, the root election process converges and the Switch with the lower MAC (00-00-00-01-01-01) becomes the Root Bridge.
Learn more about the process of Root Bridge Election in this video from CCIE Chris Bryant: Video: The Root Bridge Election.
Root Port Election
Now that the Root Bridge is elected, every non-root switch has to select a root port, i.e. a port that has the best path towards the Root Bridge. The election of the Root port is determined by the four byte Root path Cost field within each BPDU. Here’s how whole concept is comprised:
- Every switch port has its own path cost based on the port’s bandwidth (equal to 1000Mbps divided by the port bandwidth in Mbps as specified in the original IEEE 802.1D standard).
- The higher the bandwidth, the lower the path cost across the specific port.
- The Path Cost is added to the received Root Path Cost for each BPDU received. Root switch has Root Path Cost of zero (0) for all its ports.
- The port with the lowest resulting Root Path Cost on every non-root switch is finally elected as the Root Port.
Here’s a schematic representation to help clarify this concept.
Learn more about the process of Root Port Election in this video from CCIE Chris Bryant: Video: Root Ports and Designated Ports.
Designated Port Election
The final step of the Spanning Tree Protocol’s computational process is the election of one Designated Port on each network segment. The election of the Designated Port is also based on the Root Path Cost. In case the two or more ports have the same Root Path Cost, the switch with the lower Sender Bridge ID wins and its corresponding port is selected as the segment’s Designated Port.
Any port which is not a Root Port or a Designated Port moves into the Blocking State where it cannot receive nor transmit frames, ensuring that the network is loop-free. Keep in mind that all ports of the Root Bridge are considered Designated Ports and can not be blocked. In our sample network design, the election of the Designated Port on every segment is shown below.
Learn more about the process of Designated Port Election in this video from CCIE Chris Bryant: Video: Root Ports and Designated Ports.
Traditional Spanning Tree Protocol, by implementation, takes about fifty (50) seconds to adapt and converge to topology changes. In simple words, whenever a topology change occurs in the network (e.g. a link goes down-up), no frame forwarding takes place for about fifty seconds until STP convergences. This is a lot of time of inactivity especially in large networks where topology changes may happen relatively often.
Therefore, great caution needs to be taken where to activate STP. As a rule of thumb STP should be disabled on access ports. To do that you should set all access ports as portfast (meaning that these ports should be put immediately back in forwarding state and avoid the 50 seconds of blackout) and also enable bpdufilter on those ports so that they do not participate in STP.
The necessary commands on interface configuration level, that you need in order to achieve this are:
- Spanning-tree portfast
- Spanning-tree bpdufilter enable
Spanning Tree Protocol Resources
Now that you’ve seen the overview of how you can prevent loops with the Spanning Tree Protocol, continue your learning with these STP Resources:
- Cisco Switching and Spanning Tree Protocol (STP) Basics
- Video: So What Happens if I Turn STP Off?
- title=”STP in Action – STP Examples”>Video: STP in Action – STP Examples
- Video: STP Interface States
- Video: Rapid Spanning Tree Protocol (RSTP)