In this post I will talk about a networking mechanism used to provide a loop-free network, the Spanning Tree Protocol (STP). I will show you the main elements that make up this protocol, their role and functionality. STP is used to maintain all the time at least one path active between two end points. Because there is the possibility that loops can occur, STP automatically deactivates one path if there are multiple paths for the same destination point. With a redundant design, there is always an alternative path if the main link becomes inactive. Remember from a previous post that the hierarchical network model uses multiple switches and links between one point to another. Even if a core switch fails, there is another one ready to forward packets outside the network.
STP sends frames between devices called BPDU (bridge protocol data unit) frames that contain information about the state of the network. By intentionally blocking paths between devices, STP ensures all the time that there are no network loops. The physical path will still exist and will be used as an alternative path if the main one fails. STP uses the Spanning Tree Algorithm to determine what paths should be deactivated. STA chooses the so called root bridge after BPDU frames are exchanged between devices. When BPDU frames are exchanged, STA selects the root bridge by looking at the lowest bridge ID (BID). Each BPDU frames contains the BID which is a combination between the MAC address, a priority value and extended system ID. At first, all switches act like root bridges and they exchange BPDU frames between each other. By comparing the BIDs from BPDU frames received, switches determine who’s the best root bridge switch. As an Administrator, you can influence the root bridge selection by changing the switch priority. By default the switch priority is 32768 but you can assign a priority between 1 and 65536 (it must be a value that is an increment of 4096). To change the switch priority, enter the global configuration mode and type spanning-tree vlan [id] priority [number]. For example, you can set the priority by typing spanning-tree vlan 1 priority 8192. If you try to assign a different value that is not an increment of 4096, you will receive a warning saying that “% Bridge Priority must be in increments of 4096.
% Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440”
Here is an example of this output:
After the root bridge was chosen, STA will determine the best path to reach the root bridge for all switches in the network. The overall cost from one point to another is the cost of a path. After calculating the costs, STA will set all switch ports that participate in the STP algorithm to the appropriate mode, as follows:
designated ports – ports that will forward network traffic
non designated ports – ports that will be set in the blocking state. These ports will not forward traffic and they will be used if the main path fails. These ports are set in this state to prevent routing loops.
root ports – the ports that are the closest to the root bridge
Another way you can influence how ports are configured by the STP algorithm is by changing the port’s priority. This is a value that is by default set to 128 but can be changed to a value between 0 and 240. To change a port’s priority, use the spanning-tree port-priority [number] command from the interface configuration mode.
I’ve told you previously that STP will choose best paths by comparing the overall cost from one point to another. This means that STP will sum all the costs from all paths that a packet must travel through, to reach it’s destination. The default cost is determined by the path’s bandwidth. For example, a path with the speed of 1 Gb/s will have a cost of 4, one with 100 Mb/s will have the cost of 19 and so on. The path with the lowest cost is desired. You can let STP chose paths by checking the link’s cost or you can configure manually a cost for a certain path. To configure the cost of a path, simply enter the interface configuration mode and type spanning-tree cost [number], for example, spanning-tree cost 10. To verify your spanning tree configuration type show spanning-tree.
Switch ports that participate in the spanning-tree algorithm must transition to several states before they are able to fully integrate in the STP process. By changing the ports state, STA ensures that there are no loops occurring in the network. There are five states that a port can transition to:
Disable – the port will not participate in the spanning-tree process and it will not forward data.
Blocking – the port will not forward frames received but it will process BPDU frames to determine other switches states.
Listening – the port will participate in the STP algorithm, it will receive and forward BPDU frames.
Learning – the port will receive and forward BPDU frames and it will also add entries to the MAC address table
Forwarding – the port is fully participating in the STP process, it will forward/receive frames and BPDU frames.
There are some timers created to manage how long a port will stay in a certain state. The hello time is the interval between BPDU frames (the time it must pass before another BPDU frame is sent), by default it is 2 seconds but this can be easily changed to a value between 1 and 10 seconds. The forward delay time is the time that a port will require to reach the learning state. By default, the forward delay time is set to 15 seconds , but it can be changed to a value between 4 and 30. Usually, you will not have to change these timers because they have been configured to a network diameter of 7 which is usually enough for most network implementations. If you really want to change the spanning tree network diameter, use the command spanning-tree vlan [number] root primary/secondary diameter [number], for example spanning-tree vlan 10 root primary diameter 9.
Portfast ports will transition from the blocking state to the forwarding state immediately after a switch is powered on. Portfast ports can be configured on access ports because these ports are used to connect end devices such as computers/printers and do no participate in the STP convergence process. Also, it is recommended that you set these ports in the BPDU guard mode. A port in the BPDU guard mode will not forward BPDU packets to end devices because there is no need to. To enable the Portfast and the BPDU guard features, use the following commands: