STP Principle

Foreword

⚫ Local area networks (LAN) usually consist of multiple switches interconnected, and in order to avoid
broadcast storms, it is necessary to ensure that there is no path loop in the network.
⚫ STP protocol can form all links into a tree without loop, and can provide redundant backup to improve
network reliability.
⚫ This course introduces the background of Spanning Tree Protocol, its working principle, extended
technical features, and how to use Spanning Tree Protocol in real networks.

Innovation • Simplicity • Experience

 Objective

⚫ After taking this course, you will be able to :

➢ Describe how the Spanning Tree Protocol works

➢ Master the properties of the Spanning Tree Protocol

➢ Master the advanced features of the Spanning Tree Protocol

Innovation • Simplicity • Experience

 Topology

Distribution switch

Access switch
(PoE)

Terminal

PC1 PC2
VLAN 10 VLAN 10

Innovation • Simplicity • Experience

 Contents

1. The Spanning Tree Protocol Overview

2. STP principle and configuration

3. Advanced features of STP technology

Innovation • Simplicity • Experience

 Loop phenomena and hazards

⚫ The phenomenon of loops

➢ Switch port indicator flashes rapidly at the same frequency
➢ Switch MAC address table oscillation
➢ The switch is running out of resources and the login operation is exceptional

⚫ The Hazards of Loops

➢ Link blocking: broadcast messages are constantly flooding in the Layer 2 network, and all links are flooded with a
big number of broadcast messages
➢ Host system response is slow: the host network interface card receives a big number of broadcast messages, and
the operating system calls for lots of CPU process resources to identify these broadcast messages
➢ Layer 2 switches are slow to manage: a big number of broadcast messages require CPU processing, wasting a lot
of CPU resources and failing to respond to normal requests
➢ Impact on the CPU of the gateway device: ARP request messages to the gateway IP address are continuously
sent to the gateway device through the replication and forwarding of the loop, and the CPU pressure of the
gateway device keeps increasing or even collapses

Innovation • Simplicity • Experience

 LOOP effect

⚫ Within a VLAN, unknown unicast packets are flooded to all ports except the receiving port
⚫ The switch is based on the working principle: learning records, table lookup and forwarding

SW2 MAC address table SW2 SW3 SW3 MAC address table
VLAN MAC Port G0/2 G0/2 VLAN MAC Port

G0/1 G0/1

SW1

G0/1 G0/2 SW1 MAC address table

VLAN MAC Port
G0/3 G0/4

VLAN10:PC1 VLAN10:PC2

Data needs to be transferred between PC1 and PC2

Innovation • Simplicity • Experience

 LOOP effect

⚫ 1. SW1 learns PC1_MAC, checks the MAC address table, there is no entry matching the destination MAC, and
performs flooding forwarding
⚫ 2. SW2 and SW3 receive the data frame, learn the source MAC, and perform flood forwarding

SW2 MAC address table SW2 SW3 SW3 MAC address table
VLAN MAC Port G0/2 G0/2 VLAN MAC Port
10 PC1_MAC G0/1 10 PC1_MAC G0/1
3 3
G0/1 G0/1

SW1
SMAC:PC1_MAC 2 2 SMAC:PC1_MAC
DMAC:PC2_MAC DMAC:PC2_MAC SW1 MAC address table
G0/1 G0/2
SMAC:PC1_MAC VLAN MAC Port
DMAC:PC2_MAC G0/3 G0/4
10 PC1_MAC G0/3

1
VLAN10:PC1 VLAN10:PC2

Data needs to be transferred between PC1 and PC2

Innovation • Simplicity • Experience
 LOOP effect

⚫ 3. SW2 and SW3 receive the same frame from each other, learn the source MAC, and update PC1_MAC with the interface
⚫ 4. SW1 learns and floods in sequence according to the same frame received from G0/1 and G0/2 (the MAC address table is unstable)
⚫ 5. SW2 and SW3 will receive the same frame again, and the same cycle...

SW2 MAC address table SW2 SW3 SW3 MAC address table
VLAN MAC Port G0/2 G0/2 VLAN MAC Port
10 PC1_MAC G0/1 10 PC1_MAC G0/1
10 PC1_MAC G0/2 Broadcast storm in the network, 10 PC1_MAC G0/2
G0/1 4 Repeated data frame flooding 4 G0/1
10 PC1_MAC G0/1 10 PC1_MAC G0/1

SMAC:PC1_MAC
5 SW1 5
SMAC:PC1_MAC
DMAC:PC2_MAC DMAC:PC2_MAC SW1 MAC address table
G0/1 G0/2
VLAN MAC Port
G0/3 G0/4
10 PC1_MAC G0/3
5 5
10 PC1_MAC G0/1
10 PC1_MAC G0/2

VLAN10:PC1 VLAN10:PC2

Data needs to be transferred between PC1 and PC2

Innovation • Simplicity • Experience
 Layer 2 Loop Solution

⚫ Deploying Spanning Tree Protocol on switches, logically blocking loop interfaces

⚫ In the event of a physical failure, redundant links can resume normal forwarding

Distribution Switch Distribution Switch

Deploy Spanning
Tree Protocol

Access Switch

Innovation • Simplicity • Experience

 STP Overview

⚫ What kind of protocol is STP?

➢ Prune a switched network with loops into a loop-free tree topology by blocking redundant links
➢ When an active link is disconnected, the topology is re-pruned by activating the blocked redundant links to restore
network connectivity.

2. Active link
disconnect
SW1 SW2

3. Activate the 1. Block redundant

blocked link links

Innovation • Simplicity • Experience

 Spanning Tree Overview

⚫ Classification of Spanning Tree Protocols

➢ The classification of spanning tree protocols, in order of generation time, is STP, RSTP, MSTP

⚫ IEEE standards followed by the Spanning Tree Protocol

➢ The IEEE standards followed by the three spanning trees are: STP-IEEE 802.3D, RSTP-IEEE 802.3W, MSTP-
IEEE 802.3S

Innovation • Simplicity • Experience

 Contents

1. Spanning Tree Protocol Overview

2. STP principle and configuration

3. Advanced features of STP technology

Innovation • Simplicity • Experience

 STP working principle

⚫ STP is based on the SPA (shortest path algorithm) algorithm, which goes through four steps in building a loop-free tree
structure through SPA:
➢ Election of the root bridge (Root), which is the root node of the entire loop-free tree structure;
➢ Election of the root port (RP), which is the port closest to the root bridge;
➢ Election of the designated port (DP), the designated port is the interface for the device to issue BPDUs, there must be one and only
one designated port on each link;
➢ Block all remaining ports

⚫ The raw data needed to implement the SPA algorithm is done by exchanging BPDU (bridge protocol data unit)
messages between switches.
BPDU
SW2 SW3

BPDU BPDU

SW1

Innovation • Simplicity • Experience

 BPDU message

⚫ BPDU,Bridge Protocol Data Unit

Innovation • Simplicity • Experience

 BPDU message

⚫ The length of each field in the message and its content are as follows:

Protocol Identifier Version Message Type Flag Root ID Root Path Cost

Bridge ID Port ID Message Age Max Age Hello Time Forward Delay

➢ Protocol Identifier: 2 bytes, always 0;

➢ Version: 1 byte, 0 for STP, 2 for RSTP, 3 for MSTP;
➢ Message Type: 1 byte, 0x00 for C-BPDU, responsible for establishing and maintaining STP topology, 0x80 for
TCN-BPDU, conveying topology changes;
➢ Flags: 1 byte, the lowest bit = TC (Topology Change) flag, the most significant bit = TCA (Topology Change
Acknowledgement) flag;
➢ Root ID: 8 bytes, indicating the RID of the current root bridge (i.e. "Root ID"), consisting of a 2-byte bridge priority
and a 6-byte MAC address;
➢ Root Path Cost: 4 bytes, indicating the cumulative overhead of the port sending the BPDU message to the root
bridge (1G interface cost value is 4, 10G interface cost value is 2);
Innovation • Simplicity • Experience
 BPDU message

⚫ The length of each field in the message and its content are as follows:

Protocol Identifier Version Message Type Flag Root ID Root Path Cost

Bridge ID Port ID Message Age Max Age Hello Time Forward Delay

➢ Bridge ID: 8 bytes, indicating the BID of the sender of the BPDU message, which is composed of 2 bytes of bridge priority and 6
bytes of MAC address;
➢ Port ID: 2 bytes, the first byte is the priority of the port, default 128, the second byte is the port number to send. In fact, the last 4
bits of the port priority and the 8 bits of the port number together constitute the port ID, which is allocated by the system and cannot
be modified;
➢ Message Age: 2 bytes, indicating the survival time of the BPDU message, the maximum time for the port to keep the BPDU;
➢ Max Age: 2 bytes, indicating the maximum survival time of the BPDU message, that is, the aging time, default 20 seconds;
➢ Hello Time: 2 bytes, indicating the time interval between sending two adjacent BPDUs, the device maintains its position by
continuously sending BPDUs, Hello time is the interval time of sending, default 2 seconds;
➢ Forward Delay: 2 bytes, indicating the duration of the control listening and learning state, indicating the time the switch maintains in
the listening and learning state before sending packets after the topology change, default 15 seconds.

Innovation • Simplicity • Experience

 Convergence process of STP - Election of root bridge

Election of Root Other Ports

Election of RP Election of DP
Bridge Block
⚫ In a switched broadcast domain, a switch is elected as the root bridge. The election process is as follows:
➢ Compare the Bridge IDs of the BPDU you receive and the BPDU you send. The smaller Bridge ID becomes the
root bridge:
 For the comparison of Bridge ID, 1.priority, lower priority is better;
 2. MAC address, smaller is better.

SW2 SW3
Bridge ID: 0.0000-0000-0002 Bridge ID: 4096.0000-0000-0003

ROOT

SW1
Bridge ID: 32768.0000-0000-0001
Innovation • Simplicity • Experience
 Convergence process of STP - Election of RP

Election of Root Other Ports

Election of RP Election of DP
Bridge Block
⚫ All non-root bridge switches in the broadcast domain select the root port (RP). The RP is the port that is closest to
the root bridge on the non-root bridge switch. Election process:
➢ 1. Cost, the smallest cost value of the interface becomes the RP;
➢ 2. Bridge ID value, the smallest Bridge ID value becomes the RP. For comparison of Bridge ID. 1.Bridge priority; 2.MAC address.
The smaller is the better;
➢ 3. Port ID, the smallest Port ID value becomes the RP. For comparison of Port ID. 1.Port priority; 2.Port number. The smaller is the
better.
Cost=30 RP
Root SW2 SW3 Bridge ID: 4096.0000-0000-0003
Bridge ID: 0.0000-0000-0002

Cost=10 Cost=20

RP

Bridge ID: 32768.0000-0000-0001 SW1

Innovation • Simplicity • Experience
 Convergence process of STP - Election of DP

Election of Root Other Ports

Election of RP Election of DP
Bridge Block
⚫ Election of the designated port (DP) on all links is achieved by comparing the fields in the BPDUs sent by the two
ports on the same link. The election process:
➢ 1. Cost, the smaller Cost value becomes the DP;
➢ 2. Bridge ID, the smaller Bridge ID value becomes the DP;
➢ 3. Port IDs, the smaller Port ID value becomes the DP.

DP Cost=30 RP
Root SW2 SW3 Bridge ID: 4096.0000-0000-0003
Bridge ID: 0.0000-0000-0002
DP

Cost=10 Cost=20

RP DP

Bridge ID: 32768.0000-0000-0001 SW1

Innovation • Simplicity • Experience

 Convergence process of STP - Remaining Ports Block

Election of Root Other Ports

Election of RP Election of DP
Bridge Block

⚫ All ports other than RP and DP are blocked, to be AP(Alternate Port).

DP Cost=30 RP
Root SW2 SW3 Bridge ID: 4096.0000-0000-0003
Bridge ID: 0.0000-0000-0002
DP AP

Cost=10 Cost=20

RP DP

Bridge ID: 32768.0000-0000-0001 SW1

Innovation • Simplicity • Experience

 Port status

⚫ The four states that would appear in the interface during the completion of STP spanning tree
convergence are Disable, Blocking, Listening, Learning and Forwarding:
➢ Blocking state: listening to BPDUs, but not forwarding BPDUs, discarding all received data frames, not learning
mac addresses and not generating any MAC address table entries;
➢ Listening state: lasts 15s, accepts and sends BPDUs, does not forward user data, does not generate MAC
address table entries for the port, completes STP convergence in this state, the switch can decide the root bridge
in this state, and can select the root port, the designated port and the non-designated port;
➢ Learning state: lasts 15s, accepts and sends BPDUs, does not forward user data, completes MAC address table
entries for some ports, with the aim of reducing the massive broadcast packet flooding that occurs when users
start forwarding data;
➢ Forwarding state: accept and send BPDUs, forward user data.

Innovation • Simplicity • Experience

 Port Status

Role Status Receive BPDU Send BPDU Learn MAC address Forward Data
Blocked Port Blocking √ ╳ ╳ ╳
/ Listening √ √ ╳ ╳
/ Learning √ √ √ ╳
RP/DP Forwarding √ √ √ √

Innovation • Simplicity • Experience

 STP Real Cases

ROOT
⚫ Topology diagram description:
➢ The MAC addresses of the 6 switches are 1111.1111.1111-6666.6666.6666 DP RP
➢ SW1, bridge priority 4096, all interface priority and Cost values are default values
DP DP
➢ SW2, bridge priority 8192, all interface priority and Cost values are default values
DP DP DP
➢ SW3, bridge priority default value, all interface priority and Cost as default DP

➢ SW4, bridge priority default value, all interface priority and Cost as default
➢ SW5, bridge priority default value, 0/2 port priority 16, the rest as default
➢ SW6, bridge priority default value, all interface priority and Cost as default
RP
⚫ Based on the above information, please analyze the root bridge in this
RP RP
topology diagram, all root ports, designated ports, and Block ports DP
⚫ Based on the results, please analyze what other problems exist in this DP
DP DP
network?

RP

Innovation • Simplicity • Experience

 STP Real Cases

STP can't fix such loops!

Must use RLDP(Rapid Link Detection Protocol)！

Innovation • Simplicity • Experience

 TCN-BPDU Detailed Explanation

⚫ The IEEE 802.1D protocol specifies that TCN-BPDUs (hereafter referred to as TC messages) are
generated under two criteria:
➢ A port on the bridge is transitioned to the Forwarding state and the bridge contains at least one designated port;
➢ A port on the bridge changes from the Forwarding state or Learning state to the Blocking state;

⚫ If one of the above two criteria is met, the network topology has changed and the bridge will need to use
TC messages to inform the root bridge of the topology change.
⚫ In daily maintenance, TC messages are usually generated in the following situations:
➢ A device or link failure that triggers an STP recalculation and generates TC message;
➢ STP configuration parameter changes, triggering STP recalculation and generating TC messages;
➢ A port connected to a terminal that is STP-enabled but not configured as a edge port, which generates TC
messages when the link state of the port changes as a result of a reboot;
➢ Attack TC messages from customer equipments may also travel to the Layer 2 network they accessed.

Innovation • Simplicity • Experience

 TCN-BPDU Interaction Example

⚫ The bridge senses the topology change and generates TCN-BPDUs, which are sent
from the root port to notify the root bridge;
Root
⚫ If the upstream bridge is not the root bridge, the upstream bridge sends the TCA
position of 1 in the next configuration BPDU to be sent as an acknowledgement of
the TCN to the downstream bridge;
⚫ The upstream bridge sends TCN-BPDUs from the root port to inform the root bridge;
SW1
⚫ Repeat steps 2 and 3 until the root bridge receives the TCN-BPDU;
SW4
⚫ After the root bridge receives the TCN-BPDU, it will 1.sends the TCA position of 1 in
the next configuration BPDU as an acknowledgement to the TCN. 2.At the same
time, the root bridge will modify its MAC address table aging time from 300 seconds SW2 SW5
to Forward Delay, 15 seconds, 3.and at the same time, the root bridge will also issue
a configuration BPDU with TCN position 1, which is used to notifying all bridges in
the network that the network topology has changed.
⚫ The root bridge will send the configuration BPDU with TCN set to 1 during the Max SW3 TCN-BPDU
Age + Forward Delay time( 20s+15s) afterwards, and when the bridge receives the
C-BPDU for TCA placement
configuration BPDU, it will shorten its MAC address aging time from 300s to Forward
C-BPDU for TCN placement
Delay that is 15 seconds.

Innovation • Simplicity • Experience

 STP reconvergence

Non-direct Connection Failure

Direct Connection Failure
Root Root

DP DP DP DP

RP RP
DP
RP

SW1
⚫ The blocked port will switch from the Block state to the
Listening and Learning states, and finally enter the
forwarding state
⚫ Direct link failure, reconvergence requires Forwarding
Delay*2=30s
SW1 SW2
⚫ SW1 upstream line is exceptional and sends a BPDU with Root ID
of its own bridge ID to SW2, which is received by the blocking port
of SW2 and found to be no better than the BPDU cached by its own
port, and therefore ignored;
⚫ After Max Age, the port switches to the Listening and Learning
states in turn, and finally enters the forwarding state
⚫ Non-direct connection failure, need Max Age+Forwarding
Delay*2=50s

Innovation • Simplicity • Experience

 STP basic configuration

⚫ The switch starts the spanning tree protocol and configures the root bridge priority command to elect the
root bridge.
Ruijie(config)#spanning-tree
Ruijie(config)#spanning-tree mode stp
Ruijie(config)#spanning-tree priority ?
<0-61440> Bridge priority in increments of 4096 (default value: 32768)

⚫ Why can the root bridge priority only be an integer multiple of 4096?
➢ Bridge ID: 8 bytes, is composed of 2 bytes of bridge priority and 6 bytes of MAC address, while in the 2 bytes (16
bits) priority field, the last 12 bits are used to identify the MAC address, only the first 4 bits are modified by
12
configuration, 2 =4096.

⚫ Modify the port cost value and port priority to determine the port role.
Ruijie(config-if-GigabitEthernet 0/36)#spanning-tree cost ?
<1-200000000> Port path cost
Ruijie(config-if-GigabitEthernet 0/36)#spanning-tree port-priority ?
<0-240> Port priority in increments of 16 (default value: 128)

⚫ View the spanning tree topology and protocol configuration parameters.

Ruijie#show spanning-tree summary

Innovation • Simplicity • Experience

 STP configuration examples

Core
SW1 SW2
SW1(config)#spanning-tree SW2(config)#spanning-tree
SW1(config)#spanning-tree mode stp SW2(config)#spanning-tree mode stp
SW1(config)#spanning-tree priority 0 SW2(config)#spanning-tree priority 4096

SW3(config)#spanning-tree
SW3 SW3(config)#spanning-tree mode stp

Access

Innovation • Simplicity • Experience

 STP configuration view

⚫ View the spanning tree topology and protocol configuration parameters.

Ruijie#show spanning-tree summary
Spanning tree enabled protocol stp
Root ID Priority 0
Address 00d0. f822. 3344
this bridge is root
Hello Time 4 sec Forward Delay 18 sec Max Age 25 sec

Bridge ID Priority 0
Address 00d0. f822. 3344
Hello Time 4 sec Forward Delay 18 sec Max Age 25 sec
Interface Role Sts Cost Prio OperEdge Type
---------------- ---- --- ---------- -------- -------- ----------------
Gi0/2 Desg FWD 20000 128 False P2p
Gi0/1 Desg FWD 20000 128 False P2p

Innovation • Simplicity • Experience

 Contents

1. Spanning Tree Protocol Overview

2. STP principle and configuration

3. Advanced features of STP technology

Innovation • Simplicity • Experience

 STP Advanced Features - Port Fast

⚫ If a port of the switch is connected to a user terminal, then the port needs to go through 2 Forwarding
Delays before it can enter the forwarding state (Listening and Learning, 30 seconds in total) under the
regular configuration, which is obviously unreasonable;
⚫ The interface accessing the user terminal can be configured as Port Fast, so that the interface can skip
the 30 seconds waiting time and enter directly to the forwarding state;
⚫ If a port with Port Fast set also receives a BPDU, the port will enter the forwarding state after 2
Forwarding Delays;
⚫ Configuration commands:
Ruijie(config)#interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#spanning-tree portfast

port fast

Innovation • Simplicity • Experience

 STP Advanced Features - BPDU Guard

⚫ BPDU Guard is that once a port that should not receive BPDUs (such as portfast port) receives a BPDU message,
then the function will immediately shut down the port and set the port state to error-disabled state, in this mode, the
interface can send BPDUs；
⚫ Two configuration modes of BPDU Guard
➢ Global Mode Enabling: When this feature is enabled in global mode, it will come into effect on all interfaces with portfast configured.
If Port Fast is turned on for an interface and the interface receives a BPDU, the port will enter the Error-disabled state, indicating
that a network device may have been added to the network by an illegal user, causing the network topology to change.

Ruijie(config)#spanning-tree portfast bpduguard default

➢ Interface Mode Enabling: Turn on BPDU Guard for a single interface (independent of whether portfast is configured for that port). In
this case if the port receives a BPDU, it will enter the Error-disabled state

Ruijie(config)#interface gigabitEthernet 0/1

Ruijie(config-if-GigabitEthernet 0/1)#spanning-tree bpduguard enable

⚫ How to recover from Error-disabled

➢ Interface mode, shutdown then no shutdown
➢ Global mode, errdisable recovery interval 300s

Innovation • Simplicity • Experience

 STP Advanced Features - BPDU Filter

⚫ BPDU Filter can filter out BPDUs received or sent on the interface;
⚫ Two configuration modes of BPDU Filter
➢ Global Mode Enabling: Turn on the global BPDU Filter function, in this state, the interface with Port Fast enabled
will neither receive BPDUs nor send BPDUs. And if the portfast port receives BPDUs, then the portfast attribute will
be disabled, and the BPDU Filter will also be disabled automatically.
Ruijie(config)#spanning-tree portfast bpdufilter default

➢ Interface Mode Enabling: Enable BPDU Filter for a single interface in interface mode (independent of whether
Port Fast is turned on for that port). In this case the interface neither receives BPDUs nor sends BPDUs, which is
equivalent to turning off the STP function of the interface, and the interface directly enters the forwarding state.
Ruijie(config)#interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#spanning-tree bpdufilter enable

Innovation • Simplicity • Experience

 STP Advanced Features-Tc-protection

⚫ TC-BPDU message refers to the BPDU message carrying the TC flag, the switch receives this type of message
indicates that the network topology has changed and will perform the MAC address table deletion operation. For Layer
3 switches, it also triggers a re-pass operation of the fast forwarding module and changes the port state of the ARP
table entry.
⚫ In order to avoid the above operation being frequently done when the switch is maliciously attacked by forged TC-
BPDU messages, which will overload the CPU of the device and affect the stability of the network, you can use the
TC-protection function for protection:
➢ When the corresponding function is turned on, only one deletion operation will be performed within a certain period of time (usually
4 seconds) after receiving TC-BPDU messages, while monitoring whether TC-BPDU messages are received within that period of
time.
➢ If a TC-BPDU message is received within this time period, the device will perform another delete operation after the timeout. This
avoids frequent deletion of MAC address table entries and ARP table entries and protects the device CPU resources.

Ruijie(config)#spanning-tree tc-protection

Innovation • Simplicity • Experience

 Practice Questions

1. Which of the following descriptions of the STP interface state is incorrect? （ ）

A. Blocked interfaces do not listen and do not send BPDUs
B. Interfaces in the Learning state learn MAC addresses, but do not forward data
C. The interface in Listening state will keep listening for BPDUs
D. If the blocked interface does not receive BPDUs within a certain period of time, it will automatically
switch to Listening state

Innovation • Simplicity • Experience

 Summary

⚫ Spanning Tree Protocol role: Eliminate possible path loops in the network by blocking redundant links;
activate redundant backup links to restore network connectivity when paths fail.
⚫ STP technology principle and configuration: election of root bridge; election of RP; election of DP;
blocking other ports.
⚫ STP advanced technical features: Port Fast；BPDU Guard；BPDU Filter；Tc-protection

Innovation • Simplicity • Experience

 Ruijie Technical Support Portal:
https://www.ruijienetworks.com/support

Online Technical Support (Rita):

Ruijie Online https://www.ruijienetworks.com/rita

Service Channel Community:

https://community.ruijienetworks.com

Facebook (Ruijie Tech Support):

https://www.facebook.com/ruijietac

YouTube (Ruijie Technical Support):

https://www.youtube.com/c/RuijieTechnicalSupport
THANKS