The Spanning Tree Protocol (STP) is a protocol that prevents loops in a Layer 2 network topology. STP is designed to allow a redundant physical network topology to be established while preventing the formation of loops that can cause network outages or congestion.
In a network with multiple paths active between switches, STP calculates the most efficient path and blocks the redundant paths (ports). This ensures that only one active path exists between two network devices, preventing network loops and ensuring network stability.
If the active path fails or becomes congested, STP will dynamically reconfigure the network topology by selecting a new active path. This allows the network to recover from physical or logical issues without manual intervention.
STP operations are possible by exchanging special messages called Bridge Protocol Data Units (BPDUs). They are sent by switches every two seconds by default and contain crucial information required for the STP process. Several steps are involved in the STP process calculations:
- Electing a root bridge
- Electing a root port for each non-root switch
- Electing a designated port for each segment
- Port transitioning to either forwarding or blocking state
Electing a Root Bridge
STP works by creating a tree-like topology, where one switch is designated as the root of the tree called “root bridge,” and all other switches (non-root) in the network are positioned in such a way that they have only one path to the root bridge, while redundant paths are blocked by STP.
When a switch boots up, it assumes it is the root bridge. However, if multiple switches are already running STP, a process is initiated to determine which switch should be the root bridge.
The root bridge election process is based on each switch's bridge ID (BID). As you can see from the image above, the BID is a combination of the switch's bridge priority and MAC address. The switch with the lowest BID (highest priority) becomes the root bridge.
The bridge priority is 32768 by default and can be between 0 and 65535. Since it is a configurable value, you can change it when you want to influence the root bridge selection. The lower bridge priority value is better. The MAC address of the switch is unique and cannot be changed.
If two switches have the same BID, the switch with the lowest MAC address is elected as the root bridge. The root bridge maintains the spanning tree topology and ensures no loops are in the network.
Important: The role of the root bridge should have a switch located in the middle of the network instead of at the edge. This assures optimum communication paths within the network.
All other switches in the network use STP to determine the best path to the root bridge, which is used to forward traffic in the network. This process results in a loop-free network topology that provides redundancy and ensures a path is always available for traffic to reach the root bridge.
In the image above, switch SW1 is elected as a root bridge since they all have the same priority value, but it is the owner of the lowest MAC address.
Electing a Root Port for Each Non-Root Switch
A root port is a port on a non-root switch that provides the shortest (best) path to the root bridge. It is responsible for forwarding all traffic toward the root bridge. If the root port fails, the switch will use its alternate or backup port to forward traffic toward the root bridge, ensuring the network remains loop-free.
Once the root bridge is elected, each non-root switch in the network determines the best path to reach the root bridge by computing the lowest cost path based on the accumulated cost of each link in the path. The port that connects a non-root switch to the segment with the lowest cost path to the root bridge is designated as the root port.
Important: These path costs are based on the assumption that faster links are more desirable and should have a lower path cost. However, it's important to note that these path costs can be manually configured to different values if necessary.
The default STP path costs for different link speeds are:
- 10 Mbps: 100
- 100 Mbps: 19
- 1 Gbps: 4
- 10 Gbps: 2
- 40 Gbps: 1
If there are multiple ports with the same path cost, the switch will select the port with the lowest neighbor bridge ID as its root port. This breaks ties and ensures that only one port is designated as the root port.
In the image above, both uplinks on switches SW2 and SW3 have the best cost value (4 is better than 19) and are elected as root ports.
Electing a Designated Port for Each Segment
A designated port (DP) is elected for each segment in the network and is responsible for forwarding data on that segment toward the root bridge. The DP is elected based on the path cost to the root bridge, where a lower path cost is better. The bridge ID is used as a tie-breaker if multiple ports have the same path cost.
Once the DP is elected for each segment, it forwards frames received from non-root bridge ports to the root bridge, ensuring that only one active path exists between any two devices in the network. The STP process will elect a new DP for the segment if the DP port fails. This ensures that data can still be forwarded between the segment and the rest of the network.
On the root bridge, all ports are designated ports since they are closest to the root bridge (to itself). In the image above, both ports on the root bridge (SW1) are elected as designated ports. SW2's port (SW2 and SW3 segment) is elected a designated port due to a lower MAC address than the one on SW3.
Port Transitioning to Either Forwarding or Blocking State
After the designated ports have been elected, any redundant links that would cause a loop in the network are put into a blocking state. This process ensures that there is only one active path between any two switches in the network, preventing any loops from occurring.
When everything is finished, the root and designated ports transition to the forwarding state, allowing sending and receiving data traffic. The other ports, also called non-designated ports, stay in the blocking state (blocked ports).
When in a blocking state, the ports are logically disabled by STP but listen for network changes. As a result, when an active port (root or designated) fails, the blocked port activates and provides uninterrupted network communications.
From the image above, SW3's port, which belongs to the segment connecting to SW2, gets blocked. The only active links are between SW1 and SW2, and SW1 and SW3. When SW2 needs to communicate with SW3, the data traffic goes through SW1 (the root bridge). Even though this path is not optimal, switches can exchange traffic, and no loops exist in the network.