Spanning Tree Protocol (STP)

Well, in an enterprise network, to have the uptime of 99.999% we must have redundant devices and redundant links between those redundant devices.

But when there are redundant links between two switches and all are up, and when an ARP broadcast is sent to get the MAC address then eventually it will end up creating a loop. This loop has multiple names -

• Bridging loop
• Switching loop
• L2 loop

How shall we identify that there is a loop in the network?

1. Broadcast storm (flickering LEDs)
2. MAC database instability
3. Multiple frame copies
4. Performance degradation

The solution here is spanning tree protocol (STP)

If there are more than one paths between two switches, then all the redundant paths will be blocked by STP and only one single path will be up. The difference between blocked link and down link is that blocked link is still considered as up and is in mode to receive a frame, it will drop the frame after receiving it. Block does not mean the link is down.

How the process of blocking initiates?

Root bridge selection -

By default, every port of every switch sends BPDU (Bridge Protocol Data Unit) packets in every 2 seconds. During this exchange of BPDUs root bridge selection is done. So if one switch is selected as root bridge then remaining all other switches are considered as non-root bridge.

Now, all non-root bridge switches will try to listen to the BPDU of root bridge and will make sure on which port it arrives. If any non-root bridge switch receives BPDUs on more than one port then it is understandable that there are multiple paths in between. And as we know if there are more than one path then L2 loop occurs, so the non-root bridge will block the redundant path and will keep only single path as active in order to avoid the loop.

Now, which switch will become the root bridge?

Switch with lowest priority becomes the root bridge, every switch has a default priority of 32768. If we want to make switch a root bridge, we will simply reduce the priority.

If the priorities of the switches are equal then the root bridge selection is done on the basis of MAC addresses of the switch.

Switch with lowest bridge ID becomes the root bridge. (Bridge ID = Priority + MAC address)

The ports of the switches will be blocked on the basis of bandwidth and cost calculation. Higher the bandwidth, lower the cost, better the path. Port with lower cost will be up and others will be blocked. If cost is equal then the blocking will be done on the basis of sender ID (Bridge ID). And even if the sender ID is same (same switch) then the blocking is done on the basis of port ID. (In switching, lower is more preferable. While in routing, higher is more preferable).

Where in cisco switches, STP runs on PVST (Per Vlan Spanning Tree). It means spanning tree calculation is done on every VLAN particularly. For every VLAN there is a root bridge selection.

Root bridge configuration -

switch (config) # spanning-tree vlan1 root primary        

This will minus the default priority by 8192 until switch becomes root bridge. (dynamic)

switch (config) # spanning-tree vlan1 root secondary        

This will minus the default priority by 4096 if primary goes down. (dynamic)

switch (config) # spanning-tree vlan1 priority 0        

This will make the priority 0 of the switch if done by admin. (static)

Increments are done in multiple of 4096, entries are statically made like 0, 4096, 8192, etc.

Port states -

• Root port is the best path towards root bridge and root port is always in forwarding state.
• Non-designated port is in a blocking mode as it is not the best path to reach root bridge.
• Designated port - forwarding state
• Non-designated port - blocking state

When the port is not the best path and yet is in forwarding state then that port is considered as designated port. Every port of root bridge is in forwarding state and is designated port.

Link behavior -

When the link comes up, it does not directly goes into forwarding state, it takes about 50 seconds. From which first 20 seconds are of blocking state, in this state port listens BPDUs of the root bridge. After this, port goes into listening state in which path cost calculation and designation is done. And for next 15 seconds, the process of MAC table flushing and relearning is done. Only physical convergence will not be enough, MAC table will also need to be flushed and relearned in order to make packet flow. And then port will go in forwarding state. Port color amber (learning state), port color green (forwarding state).

Spanning tree recalculation -

When the primary link goes down, when and how it will be replaced by secondary / blocked link?

1. Direct link failure (30 seconds)
2. Indirect link failure (50 seconds) Max age time (20 seconds) BPDU : wait

Directly failed link will take up to 30 seconds, while indirectly failed link will work on the basis of max age timer (20 seconds) + 30 seconds of listening / learning state.

Setting permanent MAC address -

switch (config) # mac-address-table permanent {MAC address types module / port}         

This will set the MAC permanently.

Setting restricted static MAC -

switch (config) # mac-address-table restricted static {MAC address types module / port source. int. list}        

Port security on a switch -

1. Enable port security
2. Set MAC address limit
3. Specify allowable MAC addresses

switch (config-if) # switchport port-security (max value) violation {protect / restrict / shut down}        

Enables the port security and specifies the maximum number of MAC addresses that can be supported by this port.

switch (config-if) # switchport port-security mac-address {MAC address}        

Specifies which MAC addresses will be allowed on this port (optional).

So! This was the brief information about spanning tree protocol (STP), where it helps us and how it works. See you in the next article!