- networking
- l1
- topic-pack
- stp --- Portal | Level: L1: Foundations | Topics: STP / Spanning Tree | Domain: Networking
STP (Spanning Tree Protocol) - Primer¶
Why This Matters¶
Redundant Layer 2 links create loops. Loops cause broadcast storms that can take down an entire network in seconds — switches flood frames endlessly, MAC tables thrash, and CPU spikes to 100%. STP prevents this by logically disabling redundant paths while keeping them available for failover. Every ops engineer working with physical switches or troubleshooting network outages needs to understand STP.
Name origin: STP was invented by Radia Perlman at Digital Equipment Corporation in 1985 and standardized as IEEE 802.1D. She famously wrote the "Algorhyme" poem: "I think that I shall never see / A graph more lovely than a tree." The algorithm converts any network graph with cycles into a loop-free spanning tree.
Fun fact: Despite being over 35 years old, STP is still running on most enterprise network switches today. Modern variants (RSTP, MSTP) have dramatically improved convergence time, but the core idea remains the same.
The Loop Problem¶
Who made it: Radia Perlman is often called "the Mother of the Internet" for her STP work. She invented the algorithm in a single afternoon after being given the problem by her manager at DEC. Her 1985 paper "An Algorithm for Distributed Computation of a Spanning Tree in an Extended LAN" became IEEE 802.1D. She later noted that she considered the protocol an "ugly hack" — she preferred Layer 3 routing, but the industry wanted transparent bridging.
Ethernet has no TTL at Layer 2. A broadcast frame entering a loop circulates forever, multiplying at each pass. Within seconds: - Switch CPU saturates processing floods - MAC address tables overflow and thrash - All hosts on the VLAN become unreachable - The entire broadcast domain is down
How STP Works¶
1. Root Bridge Election¶
All switches exchange BPDUs (Bridge Protocol Data Units). The switch with the lowest Bridge ID becomes the root bridge.
Bridge ID = Priority (default 32768) + MAC address
Remember: The default STP priority is 32768 (0x8000). Priorities must be set in multiples of 4096. To make a switch root, set priority to 4096 (or use
spanning-tree vlan 1 root primary, which automatically sets priority 4096 lower than the current root). Mnemonic: "32K default, 4K increments, lower wins."
# Lower priority = more likely to be root
# Set a switch as root:
Switch(config)# spanning-tree vlan 1 priority 4096
2. Path Cost Calculation¶
Each switch calculates the cost to reach the root bridge:
| Link Speed | STP Cost (802.1D) | RSTP Cost |
|---|---|---|
| 10 Mbps | 100 | 2,000,000 |
| 100 Mbps | 19 | 200,000 |
| 1 Gbps | 4 | 20,000 |
| 10 Gbps | 2 | 2,000 |
3. Port Role Assignment¶
| Role | Description |
|---|---|
| Root Port | Best path to root bridge (one per non-root switch) |
| Designated Port | Best path from a segment to root (forwards traffic) |
| Blocked/Alternate | Redundant path, disabled to prevent loops |
4. Port States (Classic STP - 802.1D)¶
| State | Duration | Forwards Data? | Learns MACs? |
|---|---|---|---|
| Blocking | — | No | No |
| Listening | 15 sec | No | No |
| Learning | 15 sec | No | Yes |
| Forwarding | — | Yes | Yes |
| Disabled | — | No | No |
Total convergence time: 30-50 seconds. This is why classic STP is considered slow.
Remember: Classic STP timing: 15 + 15 = 30 seconds minimum (Listening + Learning). Add the MaxAge timer (20 seconds) for indirect failures and you get up to 50 seconds. Mnemonic: "STP is stuck for 30" — if you see a host unable to communicate for exactly 30 seconds after connecting, it is almost certainly STP convergence on a non-PortFast port.
RSTP (Rapid Spanning Tree - 802.1w)¶
RSTP reduces convergence to 1-3 seconds with:
- Edge ports: Ports connected to hosts skip to forwarding immediately (like PortFast)
- Proposal/agreement: Switches negotiate directly instead of waiting timers
- Alternate/Backup ports: Pre-computed failover paths
RSTP port states are simplified:
| State | Equivalent Classic States |
|---|---|
| Discarding | Blocking + Listening |
| Learning | Learning |
| Forwarding | Forwarding |
Common STP Features¶
PortFast¶
Skip STP convergence on access ports (host-facing). Never enable on switch-to-switch links.
Gotcha: Enabling PortFast on a switch-to-switch link creates a temporary loop during the convergence window. The link immediately starts forwarding before STP can block redundant paths. This is why PortFast must always be paired with BPDU Guard — if a BPDU arrives on a PortFast port, something is wrong (a switch was plugged in, not a host), and BPDU Guard shuts the port down.
BPDU Guard¶
Shuts down a PortFast port if it receives a BPDU (someone plugged in a rogue switch).
Root Guard¶
Prevents a port from becoming root port (protects root bridge placement).
Troubleshooting Broadcast Storms¶
Symptoms¶
- Network-wide outage, all hosts unreachable
- Switch CPU at 100%
- Massive broadcast traffic visible on monitoring
- MAC table flapping (same MAC seen on multiple ports)
Diagnostic Steps¶
Debug clue: If your network goes down and
show interfaces countersshows broadcast counters climbing exponentially, you have a Layer 2 loop. The fastest fix: start unplugging recently added cables (especially to patch panels or conference rooms) until the storm stops. Then investigate STP configuration on the offending ports.
# Check STP status
Switch# show spanning-tree
Switch# show spanning-tree vlan 1
# Look for topology changes
Switch# show spanning-tree detail | include change
# Check for root bridge changes
Switch# show spanning-tree root
# Monitor interface counters for broadcast floods
Switch# show interfaces counters | include Broadcast
Linux Bridge STP¶
Linux bridges have STP built in:
# Check STP status on a Linux bridge
bridge link show
cat /sys/class/net/br0/bridge/stp_state # 0=disabled, 1=enabled
# Enable STP
ip link set br0 type bridge stp_state 1
# Check port states
brctl showstp br0 # legacy
bridge -d link show dev br0
MSTP (Multiple Spanning Tree - 802.1s)¶
MSTP groups VLANs into instances, each with its own spanning tree. This allows different traffic paths per VLAN group, improving bandwidth utilization compared to a single spanning tree for all VLANs.
Under the hood: STP BPDUs are sent as Layer 2 multicast frames to the well-known MAC address
01:80:C2:00:00:00. They are not routable and never cross VLAN boundaries (unless you run PVST, which sends BPDUs on each VLAN). BPDUs contain the Bridge ID, root path cost, and port priority — enough for every switch to independently compute the same loop-free tree.STP vs RSTP vs MSTP: STP (802.1D) is the original — 30-50 second convergence. RSTP (802.1w) converges in 1-3 seconds using a proposal/agreement mechanism instead of timers. MSTP (802.1s) maps multiple VLANs to a few spanning tree instances, allowing different forwarding topologies per VLAN group. In modern networks, there is no reason to run classic STP.
Best Practices¶
- Deterministic root: Always configure root bridge priority explicitly
- PortFast on access ports: Reduces host connectivity time from 30s to instant
- BPDU Guard everywhere: Protect against rogue switches
- Monitor topology changes: Frequent TC events indicate instability
- Use RSTP minimum: Classic STP's 30-50s convergence is unacceptable for modern networks
- Document your topology: Know which links are blocked and why
Quick Reference¶
| Task | Command/Check |
|---|---|
| Show STP status | show spanning-tree |
| Set root priority | spanning-tree vlan 1 priority 4096 |
| Enable PortFast | spanning-tree portfast |
| Enable BPDU Guard | spanning-tree bpduguard enable |
| Linux bridge STP | ip link set br0 type bridge stp_state 1 |
| Check Linux STP | brctl showstp br0 |
Wiki Navigation¶
Related Content¶
- Cisco Fundamentals for DevOps (Topic Pack, L1) — STP / Spanning Tree
- STP Flashcards (CLI) (flashcard_deck, L1) — STP / Spanning Tree