Notes

The Need for Spanning-Tree

There is no loop prevention built into layer-2. This means that certain traffic will loop around the network indefinitely until all resources are consumed or devices are rebooted.

Spanning-Tree prevents this from happening by finding redundant links (links that create loops), and blocking traffic on one of them. It can bring the link back online if necessary (such as the failure of another link).

BPDUs and the Root Bridge

Switches share spanning-tree information using BPDUs (Bridge Protocol Data Units). The forward them to each other to learn about links to other switches.

Switches (or bridges in spanning-tree terminology) are identified with a switch ID. This is created by combining the bridge priority and the switch’s MAC address.

The priority ranges from 0 to 61,440. It increments by 4096, so only values evenly divisible by 4096 are valid. We can manually select the priority on each switch if we want to.

The bridge ID is used when selecting a root bridge. There is only one root bridge per spanning-tree domain. The switch with the lowest priority value becomes the root bridge. The MAC is used as a tie-breaker if needed.

The spanning-tree topology is built around the root bridge. In the original spanning-tree, only the root bridge sends BPDUs, and the rest of the switches forward them on.

If another switch claims to be root, it will start sending BPDUs. If it has a better priority, it will take over the root role, causing the spanning-tree topology to change. If it doesn’t have a better priority, it will see a superior BPDU from the real root bridge, and relinquish its claim.

Root Ports and Port Cost

The spanning-tree process builds a topology of the network, focusing on the best path to the root bridge.

Each switch (other than the root) has one single port identified as the root port. This identifies this link as the best path to the root bridge.

Each interface has a path cost. This is usually based around the interface speed, or we can set it manually. Usually, the higher the interface speed, the lower the interface cost. The path to the root bridge with the lowest cost is considered the best path.

Cisco switches can calculate the cost with the long or short method. Short was the original, but isn’t so good anymore, as interface speeds have increased since it was developed. The long method is better for modern networks.

Loops and Blocking

Inferior BPDUs represent an alternate path to the root bridge. There could be many different alternate paths, depending on how the network is cabled. If there is an alternate path, there is a loop in the network.

Spanning-tree will set this port to blocking. This means regular traffic is blocked from traveling over the alternate path. BPDUs are still allowed. This logically removes the loop in the network.

Interfaces that point away from the root bridge, but aren’t blocked, are called designated ports. The root bridge only has designated ports.

Port States and Timing

Before a port can come online, it goes through various states; Blocking, listening, learning, and Forwarding. Newer versions of spanning-tree change this up a bit.

In the blocking state, no data passes other than BPDUs. This lasts for 20 seconds.

In the listening state, the port is given a type (root, or designated), and waits 15 seconds to confirm the topology is stable.

In the learning state, the switch looks at traffic (but doesn’t forward it) to build the MAC address table. This takes 15 seconds.

Finally the port moves to forwarding, where it can forward regular traffic.

Topology Changes

BPDUs from the root bridge have a MaxAge timer. This helps a switch detect failures in the topology. This timer is 10x the ‘hello’ interval by default (a total of 20s), so if no BPDUs are received in 20 seconds, a switch will know there is a failure somewhere.

If this happens the switches will need to rebuild their view of the spanning-tree topology, and possibly elect a new root bridge (depending on what has failed). This may include selecting new root ports, and blocking different links.

When changes happen, switches send out TCN BPDUs to proactively inform the rest of the network about a known change. This speeds up the process where possible. This is common in cases where a switch hasn’t failed, but a link has been removed or added.

Command Summary

Command	Mode	Description
show spanning-tree	Privileged Exec	Show general spanning-tree information
spanning-tree vlan <id> priority <value>	Global Config	Set the Bridge priority for a VLAN
spanning-tree pathcost method [short\|long]	Global Config	Set the interface cost mechanism