The Spanning Tree Protocol

Redundancy in a network is important to increase reliability. However, it does come with disadvantages such as broadcast storms. These disadvantages are offset by this Spanning Tree Protocol (STP) because it prevents so-called loops that arise due to the required redundancy in a network.

In this article we explain what broadcast storms are and how exactly the spanning tree protocol prevents them.

Table of Contents

What are broadcast storms?

The term "broadcast storm" describes a problem in networks where a large number of broadcast messages overwhelms network traffic and overwhelms network resources. The most common cause of this is redundant cabling with two or more uplinks between two switches. In such a case, broadcasts and multicasts are forwarded to all ports except the port from which the traffic came. This creates a loop (switch loop) and the switches forward the broadcasts of the respective other switch. 

Broadcast frames are output by the switch on all ports. The frames are duplicated and created via redundant connections Endless loops (endless loop/ network loop/ switching loop), which load the network so heavily that normal operation no longer works.

If network redundancies cause problems, why not just avoid them?

The benefit of redundant connections is the Avoiding a single point of failureRedundant connections are set up in local networks to increase fault tolerance in the network and create backup options. In this way, the reliability of a network can be guaranteed.

In order to be able to use the advantages of redundancies in networks without accepting the disadvantages, the spanning tree protocol is used. In the following sections, we'll take a closer look at how this works.

How Does Spanning Tree Protocol Prevent Broadcast Storms?

The Spanning Tree Protocol, or STP for short, was standardized in 1990 in the IEEE standard 802.1.DIt works on layer 2 of the OSI layer model (data link layer) and prevents so-called loops that occur due to the required redundancy in a network. The STP also prevents other problems caused by redundancies, such as address table inconsistencies and frame duplication. To achieve this, the STP uses so-called Bridge Priority Data Units (BPDU) for the exchange of information in a network.

At BPDU These are packets that switches exchange with each other in order to use the transmitted information to establish a reliable network topology and hierarchy. The transmission paths in local networks are kept clear despite redundancy and meshed structure. A BPDU contains information about switch ports such as port ID, port priority and MAC addresses, which are relevant later for determining the root bridge.

BPDU TCN Topology Change Notification

BPDU TC topology change

BPDU Conf/Hello

Spanning Tree Protocol versions

Before we get into the function of the STP, it is worth mentioning its versions that have been developed over the years.

This is a list of all versions of the spanning tree protocol:

  • Plain STP (IEEE 802.1D)
  • Rapid STP (IEEE802.1W)
  • Via VLAN STP (Cisco proprietary)
  • Rapid Per VLAN (PVST+)
  • Multiple STP (IEEE 802.15)

How does the Spanning Tree Protocol work?

Selection of the root bridge

A so-called root bridge can be selected using the STP algorithm. As already mentioned, the spanning tree protocol dates back to the early 90s. At that time, switches were not that common. Instead, they worked with so-called bridges. The root bridge is selected via the so-called bridge ID, which contains the following information:

  • Priority (4 bits)
  • Extended System ID (12 bit) -> VLAN ID
  • MAC address (48 bits)

The switch with the highest/best priority (lowest value) is made the root bridge. However, it is quite possible that several switches have the same priority. According to the spanning tree protocol, the following then applies: Whoever can show the "lowest" value of the MAC address wins the comparison. Determining the root bridge ensures that sent frames only take one route: via the root bridge.

port roles

Certain properties must be assigned to the respective ports in order to be able to filter whether the traffic should be blocked or allowed. The following switch port designations are distinguished:

root port

This port describes the shortest route to the root bridge. Each switch (except for the root bridge) assigns this role to exactly one port. This is a forwarding port. It forwards data packets.

designated port

These ports are all "non-root ports" that forward network traffic. So if the connection ends on a root port, what is known as a “designated port” can be found at the other end. The root bridge only has designated ports. This is also a forwarding port.

Alternate port/backup port

These ports are in blocking or discarding mode. They arise when two Designated Ports are connected to each other. In these connections, one side becomes the alternate and the other remains a designated port.

Disabled port

These ports are disabled on the switch and do not forward network traffic.

Do you want to get started as a penetration tester?
Qualify for your dream job with our practice-oriented intensive course!
To the Junior Penetration Tester certificate course

Status of the ports in the spanning tree protocol

With the spanning tree protocol, the algorithm is run through until the root bridge can be determined and the ports have been configured accordingly. As long as no traffic flows. The ports go through different states during the spanning tree protocol until they have their final role:

feature

802.1D STP

802.1w RSTP

Administrative off

Disabled

Disabled

Disabled by STP

BPDU are accepted

Blocking

discarding

No "payload traffic"

Listening

discarding

No “usable data traffic”

MAC table is filled

Learning

Learning

normal function

Forwarding

Forwarding

How does the Spanning Tree Protocol algorithm work?

Port Speeds and Priorities (Costs)

The algorithm is defined according to IEEE 802.1D and specifies the following port speeds:

Speed 802.1D-1998 (STP) Cost 802.1D-2004 (RSTP) Cost
10 Mbit / s 100 2.000.000
100 Mbit / s 19 200.000
1 Gbit / s 4 20,000
10 Gbit / s 2 2,000
100 Gbits N/A 200
The priorities (cost) are specified without a unit.

Identification of the root bridge

In order to initially recognize in a network which switch is assuming the role of the root bridge, all switches exchange so-called "Bridge Protocol Data Unit" frames (BPDU) with one another in accordance with the Spanning Tree Protocol. This BPDU contains the bridge ID and the root ID. The root ID (consisting of 6 bits) is initially always the same as the bridge ID. As explained in the section above, the bridge ID consists of the priority and the MAC address.

In the course of the spanning tree protocol, the switches compare the received bridge IDs with one another. If these are smaller, the switch updates the received frame's root ID with its own. The switch ports will also be adjusted. This creates new root ports, designated ports and blocked ports.

The priority can vary between 0 and 61440. The most common default is 32768. Valid priority values ​​are 0 or multiples of 4096. The lower the number, the more likely the switch is selected as the root bridge.

The priority consists of the costs (Cost) (unitless) and the VLAN ID (12 bits). So 2^12 = 4096 VLANs are possible.

With the spanning tree protocol, the algorithm is run through until the root bridge can be determined and the ports have been configured accordingly. No data will flow until then.

 

Spanning Tree Protocol
Run through attack scenarios under realistic conditions?
You can do it legally in our holistic hacking lab!
To the Junior Penetration Tester course

Do you have any questions or additions? bring it on!
Write a comment and we will reply as soon as possible!

Your email address will not be published. Required fields are marked with *.

Newsletter form (#7)

Become a Cyber ​​Security Insider

Get early access and exclusive content!


By signing up, you agree to receive occasional marketing emails from us.
OTHER CONTRIBUTIONS

Table of Contents

PSN_KU_Cover
NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices


By signing up, you agree to receive occasional marketing emails from us.