Spanning Tree Protocol (STP) Concepts and Operations

Module overview

  • Topic: Spanning Tree Protocol (STP) Concepts
  • Purpose: Explain how STP enables redundancy in a Layer 2 network and prevent loops
  • Key ideas:
    • Redundancy in Layer 2 requires physical alternate paths, but these can cause loops if not controlled
    • STP creates a loop-free topology by logically blocking certain ports while preserving physical redundancy
    • STP recalculates and unblocks paths when failures occur
  • Related topics covered in the module:
    • STP operations in simple networks
    • Evolution to Rapid PVST+/RSTP and MSTP
    • PVST concepts, per-VLAN instances, and practical features (PortFast, BPDU guard, etc.)
    • Timers, port states, and tie-breaking rules
    • Layer 3 vs Layer 2 design considerations and convergence goals

Purpose of STP

  • Redundancy in Layer 2 switched networks
    • Why: eliminate single points of failure and prevent disruption to users
    • Physical redundancy adds paths, but too many paths can create Layer 2 loops (physical and logical)
  • Ethernet LANs require a loop-free topology with a single path between any two devices
  • Without STP, a loop can cause frames to circulate endlessly, until a link disrupts the loop
  • STP blocks redundant physical loops to prevent looping of frames while maintaining alternate paths for failover
  • Layer 2 loops can lead to:
    • MAC address table instability
    • Burst of broadcast/multicast/unknown unicast frames
    • High CPU utilization on switches and end devices
  • Ethernet has no TTL-like mechanism at Layer 2 to stop looping frames; STP fills this role

STP: What it does

  • STP is a loop-prevention network protocol that enables redundancy while creating a loop-free Layer 2 topology
  • STP logically blocks physical loops, preventing frames from circling indefinitely
  • STP can recalibrate and reopen previously blocked ports when a link or device fails

STP: Recalculation on changes

  • STP recalculates topology when failures occur or when topology changes (e.g., new switch or inter-switch link added)
  • Recalculation leads to opening previously blocked ports if they are needed for redundancy
  • Recalculation is triggered by BPDU exchange and topology changes
  • Path redundancy improves availability but can cause Layer 2 loops if STP is not enabled
  • Without STP, loops cause MAC address table instability, link saturation, high CPU usage, and network outages
  • Layer 2 Ethernet lacks a built-in loop-detection mechanism similar to IPv4/IPv6 TTL or Hop Limit
  • STP provides loop prevention specifically for Layer 2 Ethernet

Layer 2 Loops and Broadcast Storms

  • Without STP, Layer 2 loops allow broadcast/multicast/unknown unicast frames to loop endlessly
  • MAC address tables can constantly update due to looping frames, causing forwarding problems
  • Unknown unicast frames are forwarded to all ports when destination MAC is unknown
  • To prevent these issues in redundant networks, spanning tree must be enabled (default on Cisco switches)

STP: The Spanning Tree Algorithm (STA) – high-level

  • STA creates a loop-free topology by selecting a single root bridge and computing a least-cost path from all switches to the root
  • It uses strategically placed blocking-state ports to prevent loops, while allowing traffic to traverse alternative paths when needed
  • Recalculation after failures enables fast recovery and continued redundancy

The Spanning Tree Algorithm (STA) – Key decisions

  • Root Bridge election: A single root bridge serves as the reference for path calculations
  • Root Ports: Each non-root switch selects one root port—the port closest to the root bridge by total path cost
  • Designated Ports: On each network segment, the port with the best path to the root becomes the designated port
  • Alternate (Blocked) Ports: Ports not selected as root or designated ports are placed in alternate (blocked) state to prevent loops
  • BPDUs: Switches exchange Bridge Protocol Data Units to share topology information and elect root/port roles
  • BID (Bridge ID): Each BPDU includes a BID identifying the sender and root information
  • BID composition (priority, extended system ID, MAC): The lowest BID governs role decisions
  • Roles and topology are recomputed when topology changes occur

BPDUs and BID details

  • BPDU contents include:
    • Bridge ID (BID) of the sender
    • Root ID (Root BID) for the current spanning tree instance
    • Path cost to root (when advertised by the sender)
    • Port ID of the sending port
  • BID components (as described in the module):
    • Bridge Priority (default 32768, range 0–61440 in steps of 4096; lower is better)
    • Extended System ID (used for VLAN tagging in PVST/RSTP context)
    • MAC address of the sending switch
  • The lowest BID wins the root bridge election when priorities and extended IDs are equal
  • If all switches share the same priority, the switch with the lowest MAC address becomes the root bridge

Bridge ID and priority/tie-breaking (details)

  • Default bridge priority: 32768
  • Priority range and increments: 0 to 61440 in increments of 4096
  • Extended System ID: VLAN-specific value added to the bridge priority to create VLAN-aware decisions
  • In cases where priorities are equal, the switch with the lowest MAC address yields the lower BID
  • For PVST, the Extended System ID helps identify VLAN context in the BID

STP: Root Bridge election (in detail)

  • All switches participate in the root bridge election after booting
  • Switches send BPDUs every 2 seconds with their BID and the Root ID
  • The switch with the lowest BID becomes the root bridge; others learn and converge to a single root
  • If topology changes, STP recalculates to determine a new root if necessary

STP: Root Path Cost (Internal Root Path Cost)

  • After the root bridge is elected, STP computes the best paths to the root from all destinations in the domain
  • Internal root path cost = sum of individual port costs along the path from a switch to the root
  • A switch adds the ingress port cost when it receives a BPDU to determine its own internal root path cost
  • Port costs depend on link speed (IEEE 802.1D-1998 standard, as default for STP and RSTP by Cisco)
  • Default port costs by speed (IEEE 802.1D-1998; STP) vs (IEEE 802.1w-2004; RSTP)
    • 10 Gbps: STP cost = 2; RSTP cost = 2
    • 1 Gbps: STP cost = 4; RSTP cost = 20,000
    • 100 Mbps: STP cost = 19; RSTP cost = 200,000
    • 10 Mbps: STP cost = 100; RSTP cost = 2,000,000
  • Administrators can configure port costs to manually influence spanning-tree paths
  • Example in notes: comparing two paths to root where path 1 cost = 19 and path 2 cost = 38; the lower-cost path becomes preferred

STP Operations: Root Ports, Designated Ports, and Alternate Ports

  • Step 1: Elect the Root Bridge (as above)
  • Step 2: Elect Root Ports
    • Each non-root switch selects one root port—the port with the lowest internal root path cost to the root bridge
    • Paths with lower costs are preferred; others are blocked
    • Example: S2 to S1 via path 1 cost 19 vs path 2 cost 38 → path 1 chosen; corresponding port becomes root port
  • Step 3: Elect Designated Ports
    • On every network segment between two switches, one designated port exists—the port on the segment that has the best path to the root
    • If a port is a root port, the other end on that segment is the designated port
    • All ports connected to end devices are designated ports
    • On segments where neither side is root, the switch with the least-cost path to the root provides the designated port
  • Step 4: Elect Alternate (Blocked) Ports
    • Ports not chosen as root or designated ports go to alternate (or backup) state
    • Alternate ports are in discarding/blocked state to prevent loops
  • Equal-cost paths to root: tie-breakers used
    • Lowest Sender BID
    • Lowest Sender Port Priority
    • Lowest Sender Port ID

Equal-cost path tie-breakers (example explanations)

  • Lowest Sender BID: When there are two equal-cost paths via different switches, the tie is broken by the sender’s BID values
  • Lowest Sender Port Priority: If the sender switch has equal BID values, the port priority on the sender side is used as the tie-breaker
  • Lowest Sender Port ID: If still tied, the port with the lowest port ID on the sender side breaks the tie

STP Timers and Port States

  • Three essential STP timers (convergence):
    • Hello Timer: interval between BPDUs; default 2 seconds; range 1–10 seconds
    • Forward Delay Timer: time spent in listening/learning states; default 15 seconds; range 4–30 seconds
    • Max Age Timer: maximum time before topology changes are attempted; default 20 seconds; range 6–40 seconds
  • Timers can be configured on the root bridge and affect the entire STP domain
  • Port states (STP) and their behaviors (simplified):
    • Blocking: does not forward frames; no data frames forwarded
    • Listening: prepares to learn MACs; does not forward data
    • Learning: builds MAC address table; does not forward data yet for unknown destinations
    • Forwarding: forwards data frames and updates MAC table
    • Disabled: port is administratively disabled; no BPDU exchange or data frames
  • STP convergence relies on BPDU exchange to learn the topology and update port roles/states

PVST and Per-VLAN Spanning Tree (PVST+)

  • PVST versions run a separate STP instance per VLAN
  • There is a root bridge elected for each spanning-tree instance (per VLAN)
  • If all ports are in VLAN 1, there is only one spanning-tree instance
  • PVST+ (Cisco enhancement) supports features such as PortFast, UplinkFast, BackboneFast, BPDU guard, BPDU filter, root guard, and loop guard
  • Cisco IOS 15.0+ switches run PVST+ by default

Evolution of STP: Key variants and concepts

  • STP (IEEE 802.1D-1998): Original spanning-tree implementation; called CST (Common Spanning Tree) for a single instance across VLANs
  • PVST+ (Cisco enhancement): Separate STP instance per VLAN; added features like PortFast, UplinkFast, BackboneFast, etc.
  • IEEE 802.1D-2004 (RSTP): Updated standard; Rapid Spanning Tree Protocol (RSTP) with faster convergence; backward compatible with STP
  • RSTP (IEEE 802.1w): Faster convergence; can respond to topology changes more quickly; discarding state replaces blocking/listening states
  • PVST+ Rapid PVST+: Cisco enhancement of RSTP with per-VLAN instances
  • MSTP (IEEE 802.1s): Maps multiple VLANs into a smaller set of spanning-tree instances; allows multiple MST instances
  • MST (Cisco implementation): Up to 16 MST instances; groups VLANs into common RSTP instances; supports PortFast, BPDU guard, filter, etc.
  • Summary: STP family has evolved from CST/STP to PVST+, RSTP, PVST+ Rapid, and MSTP to support larger, multi-VLAN, and faster-converging networks

RSTP concepts (IEEE 802.1w) and Port Roles

  • RSTP maintains three primary port roles in practice: Root, Designated, and Alternate/Backup (two blocking-role equivalents in RSTP)
  • RSTP reduces port states to three: discarding, learning, forwarding
  • The blocking role in STP is effectively represented as either alternate or backup in RSTP
  • Root and designated ports remain conceptually the same as in STP
  • The port state discarding in RSTP corresponds to a combination of traditional STP blocking/listening states

PortFast and BPDU Guard (STP enhancements)

  • PortFast
    • When enabled on an access port, it transitions from blocking to forwarding immediately to avoid the 30-second delay from listening/learning stages
    • Intended for access ports connected to end-user devices (e.g., DHCP clients) to speed up connectivity
    • Should be used only on access ports; enabling PortFast on inter-switch ports risks creating a loop
  • BPDU Guard
    • When PortFast is enabled, BPDU guard protects against potential loops by placing the port in an error-disabled state if a BPDU is received on a PortFast-enabled port
    • Requires manual recovery to re-enable the interface

STP Design Considerations: Layer 3 as an alternative

  • Some networks move to Layer 3 routing for better redundancy and predictable convergence
  • Layer 3 design can provide multiple paths without blocking ports at Layer 2, enabling faster convergence
  • In some environments, Layer 3 is used between access and distribution/core layers, while keeping Layer 2 at the access layer

STP: Per-VLAN, PVST+, and rapid variants – quick recap

  • PVST/ PVST+ creates VLAN-specific root bridges and topology instances
  • RSTP improves convergence speed; PVST+ Rapid applies RSTP per VLAN for fast convergence
  • MSTP groups VLANs into MST instances to reduce the number of spanning-tree calculations
  • Core STP concepts (root bridge, root ports, designated ports, alternate/backup ports, BPDUs, BID) apply across variants with some terminology nuances per standard

Practical examples and takeaways from the module

  • Example: When there are two equal-cost paths to the root, tie-breakers apply in this order: lowest sender BID, lowest sender port priority, lowest sender port ID
  • Summary of the four-step STA process:
    • Elect the root bridge
    • Elect the root ports
    • Elect designated ports
    • Elect alternate (blocked) ports
  • Timers orchestrate convergence: Hello, Forward Delay, and Max Age govern BPDU exchange and port state transitions
  • PVST+ and RSTP provide additional features (PortFast, BPDU guard, etc.) to improve end-user experience and network safety

Key formulas and values (LaTeX)

  • Internal root path cost for a path:
    ext{Internal Root Path Cost} = igg( ext{Cost of Port}1 igg) + igg( ext{Cost of Port}2 igg) + \, \cdots
  • Port costs by speed (IEEE 802.1D-1998; STP):
    ext{PortCost}(speed) = egin{cases} 2, & ext{for } 10\ ext{Gbps} \ 4, & ext{for } 1\ ext{Gbps} \ 19, & ext{for } 100\ ext{Mbps} \ 100, & ext{for } 10\ ext{Mbps} \ ext{(STP cost values)} \ ext{Note: RSTP costs differ as shown in the table.} \
    ext{RSTP PortCost}(speed) = egin{cases} 2, & 10\ ext{Gbps} \ 20{,}000, & 1\ ext{Gbps} \ 200{,}000, & 100\ ext{Mbps} \ 2{,}000{,}000, & 10\ ext{Mbps} \
    ext{(RSTP costs)} \
    ext{Default bridge priority} = 32768 \ ext{Bridge Priority range} = 0 ext{ to } 61440 ext{ (increments of 4096)} \ ext{Extended System ID} = VLAN ID concatenated with the priority to form BID\
    ext{BID} = ( ext{Bridge Priority}, ext{Extended System ID}, ext{MAC})

ight.
egin{cases}
ext{lowest BID wins root election} \
ext{MAC address tie-breaker when priorities are equal} \
ext{Sample root path cost comparison: path1 = 19, path2 = 38}

ight.

Connections to prior principles and real-world relevance

  • STP establishes a reliable, loop-free infrastructure while preserving redundancy for resilience
  • The evolution from STP to PVST+, RSTP, PVST+ Rapid, and MSTP reflects real-world needs: faster convergence, VLAN-awareness, and scalable multi-VLAN environments
  • Layer 3 routing can complement STP by providing alternate, faster convergence paths, especially in large data-center or campus networks

Quick reference checklist

  • Know the four STA steps and the role of BPDUs and BID in decision-making
  • Remember default STP timers: Hello = 2s, Forward Delay = 15s, Max Age = 20s
  • Understand port roles and states in STP and the equivalent in RSTP
  • Be able to explain how internal root path cost is calculated and used to select root ports
  • Distinguish PVST+ (per-VLAN) from NPVST, RSTP, and MSTP concepts
  • Recognize use cases for PortFast and BPDU Guard and their cautions
  • Remember equal-cost path tie-breakers: Lowest BID, then port priority, then port ID
  • Acknowledge design trade-offs between Layer 2 STP-based redundancy and Layer 3 routing approaches for scalability and convergence