Day 20 Spanning Tree Protocol (Part1))

1. Network redundancy is essential for modern enterprise networks. Networks must operate 24/7/365, and even brief downtime can cause significant business impact. Network engineers must implement redundancy at every possible point to ensure infrastructure resilience.

2. Layer 2 loops are catastrophic without a prevention mechanism. Unlike the IP header which contains a TTL field to prevent infinite loops at Layer 3, the Ethernet header has no such mechanism. Without STP, broadcast frames will loop indefinitely through redundant switch connections.

3. Spanning Tree Protocol prevents Layer 2 loops by strategically blocking redundant ports. STP creates a loop-free logical topology by placing certain ports in a blocking state while keeping others in a forwarding state. Blocked ports serve as backups that can transition to forwarding if active links fail.

4. STP elects a root bridge as the central reference point for the entire network. All other switches calculate their best path to reach the root bridge, and port roles are assigned based on these calculations.

5. Cisco switches use PVST (Per-VLAN Spanning Tree), which runs a separate STP instance for each VLAN. This allows different VLANs to have different root bridges and different ports forwarding/blocking, optimizing traffic flow.

• Classic STP is IEEE 802.1D (industry standard)

• STP runs by default on switches from ALL vendors

• Switches send Hello BPDUs every 2 seconds (default timer)

• Only switches participate in STP (not routers, PCs, or other devices)

• The root bridge is the switch with the lowest Bridge ID

• All ports on the root bridge are designated ports (forwarding)

• Each non-root switch has exactly ONE root port

• Every collision domain has exactly ONE designated port

• Root ports and designated ports are in forwarding state

• Non-designated ports are in blocking state

STP Port Costs (IEEE Standard)

• Default Bridge Priority: 32768

• Default Bridge Priority in VLAN 1: 32769 (32768 + 1)

• Minimum unit of change: 4096

• Valid priority values: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440

Timers

• Hello Timer: 2 seconds (default)

Standards

• Classic STP: IEEE 802.1D

1. Forgetting that the LOWEST Bridge ID wins - Not the highest! Lower priority = more likely to be root bridge.

2. Confusing which port ID is used in tiebreakers - The NEIGHBOR switch's port ID breaks the tie, not the local switch's port ID.

3. Forgetting to add VLAN ID to bridge priority - In PVST, the actual priority = configured priority + VLAN ID.

4. Miscounting root cost - Only count OUTGOING interface costs, not receiving interface costs.

5. Forgetting that ports across from root ports must be designated - Never block a root port's neighbor.

6. Not recognizing that all root bridge ports are designated - The root bridge never has root ports or non-designated ports.

7. Confusing blocking vs. forwarding behavior - Blocking ports still send/receive BPDUs; they only block regular traffic.

8. Forgetting that each collision domain needs exactly one designated port - Even if both switches have the same root cost, one must be designated.

9. Wrong order of tiebreakers - Root cost → Neighbor Bridge ID → Neighbor Port ID (for root port selection).

STP Port Cost Memory Trick

"1-1-4-2" pattern (reading the costs): 100, 19, 4, 2

• Or remember: As speed increases by 10x, cost roughly divides by 5

Bridge Priority Memory Trick

• 32768 = 2^15 (the 16th bit set to 1)

• 4096 = 2^12 (minimum increment, 13th bit)

• Think: "32K default, 4K increments"

Root Bridge Selection Order

"Priority, then MAC" - Lower wins both times

Root Port Selection Order (Tiebreakers)

"Cost → Bridge → Port" or "CBP"

1. Lowest root Cost

2. Lowest neighbor Bridge ID

3. Lowest neighbor Port ID

Designated Port Selection Order

"Cost → Bridge"

1. Lowest root cost

2. Lowest bridge ID

Port States Memory

• Root Port = Best path TO root (Forwarding)

• Designated Port = Best path FROM root on segment (Forwarding)

• Non-Designated = Blocked to prevent loops (Blocking)

Remember the Hierarchy

Root Bridge (1 per network)

└── Designated Ports (all ports on root bridge)

Non-Root Switches

└── Root Port (1 per switch) → points toward root

└── Designated Ports → on winning end of each link

└── Non-Designated Ports → blocked, losing end of link

SW1

/ \

SW2---SW3

1. PC sends ARP broadcast to SW1

2. SW1 floods to SW2 and SW3

3. SW2 floods to SW3, SW3 floods to SW2

4. Both flood back to SW1

5. Process repeats infinitely → Broadcast Storm

SW1: Priority 32769, MAC AAA

SW2: Priority 32769, MAC BBB

SW3: Priority 32769, MAC CCC

Winner: SW1 (same priority, lowest MAC: AAA < BBB < CCC)

SW1 (Root) ----G0/0---- SW2

----G0/1----

Both paths have same cost (4). SW2 must choose root port.

• G0/0 connects to SW1's G0/0 (Port ID: 128.1)

• G0/1 connects to SW1's G0/1 (Port ID: 128.2)

Winner: SW2's G0/0 (connects to lower neighbor port ID)

IEEE 802.1D

2 seconds

100

19

4

2

32768

32769 (32768 + VLAN ID of 1)

4096

Bridge Priority (4 bits) + Extended System ID/VLAN ID (12 bits) + MAC Address (48 bits)

The switch with the lowest Bridge ID (lowest priority wins; if tied, lowest MAC address wins)

Designated ports in a forwarding state

Exactly one (1)

Bridge Protocol Data Unit - STP messages switches use to advertise themselves and learn about other switches

The total cost of outgoing interfaces along the path to the root bridge

Root port, Designated port, Non-designated port

Root ports and Designated ports

Non-designated ports

Only BPDUs and some other specific traffic (not regular data traffic)

1) Lowest root cost, 2) Lowest neighbor bridge ID, 3) Lowest neighbor port ID

1) Lowest root cost, 2) Lowest bridge ID

The NEIGHBOR switch's port ID (not the local switch's)

Network congestion caused by broadcast frames looping infinitely through a Layer 2 network without STP

When a switch continuously updates its MAC address table because frames with the same source MAC arrive on different interfaces

The Ethernet header has no TTL (Time to Live) field like the IP header does

Per-VLAN Spanning Tree - Cisco's STP implementation that runs a separate STP instance for each VLAN

To give each switch a different Bridge ID in each VLAN for PVST operation

It assumes it is the root bridge until it receives a superior BPDU (from a switch with a lower bridge ID)

Only the root bridge generates BPDUs; other switches forward them

Designated port (must be designated to not block the path to root)

0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440

128

Port Priority + Port Number

No, only switches send BPDUs and participate in STP

The port is connected to a non-switch device (PC, router, etc.) and is safe to go into forwarding mode

SW1 (same priority, but AAA is the lowest MAC address)

Add up the costs of all outgoing interfaces along the path to the root bridge (don't count receiving interfaces)

Prevents Layer 2 loops in networks with redundant paths while still allowing those paths to serve as backups

Because the bridge priority field is 16 bits, and the most significant bit is set to 1 by default (2^15 = 32768)