Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Spanning Tree Protocol Overview

How Spanning Tree Protocols Work

Ethernet networks are susceptible to broadcast storms if loops are introduced. However, an Ethernet network needs to include loops because they provide redundant paths in case of a link failure. Spanning-tree protocols address both of these issues because they provide link redundancy while simultaneously preventing undesirable loops.

Juniper Networks devices provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and VLAN Spanning Tree Protocol (VSTP). RSTP is the default spanning-tree protocol for preventing loops on Ethernet networks.

This topic describes:

Benefits of Using Spanning Tree Protocols

Spanning Tree protocols have the following benefits:

  • Provide link redundancy while simultaneously preventing undesirable loops

  • Prevent Broadcast Storms

  • Connects to devices that are not STP-capable, such as PCs, servers, routers, or hubs that are not connected to other switches, by using edge ports

Spanning Tree Protocols Help Prevent Broadcast Storms

Spanning-tree protocols intelligently avoid loops in a network by creating a tree topology (spanning tree) of the entire bridged network with only one available path between the tree root and a leaf. All other paths are forced into a standby state. The tree root is a switch within the network elected by the STA (spanning-tree algorithm) to use when computing the best path between bridges throughout the network and the root bridge. Frames travel through the network to their destination–a leaf such as an end-user PC–along branches. A tree branch is a network segment, or link, between bridges. Switches that forward frames through an STP spanning tree are called designated bridges.

Note:

If you are using Junos OS for EX Series and QFX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style, you can force the original IEEE 802.1D Spanning Tree Protocol (STP) version to run in place of RSTP or VSTP by setting force-version.

Understanding Bridge Priority for Election of Root Bridge and Designated Bridge

Use the bridge priority to control which bridge is elected as the root bridge and also to control which bridge is elected the root bridge when the initial root bridge fails.

The root bridge for each spanning-tree protocol instance is determined by the bridge ID. The bridge ID consists of a configurable bridge priority and the MAC address of the bridge. The bridge with the lowest bridge ID is elected as the root bridge. If the bridge priorities are equal or if the bridge priority is not configured, the bridge with the lowest MAC address is elected the root bridge.

The bridge priority can also be used to determine which bridge becomes the designated bridge for a LAN segment. If two bridges have the same path cost to the root bridge, the bridge with the lowest bridge ID becomes the designated bridge.

The bridge priority can be set only in increments of 4096.

Port Roles Determine Participation in the Spanning Tree

Each port has both a role and a state. A port’s role determines how it participates in the spanning tree. The five port roles used in RSTP are:

  • Root port—The port closest to the root bridge (has the lowest path cost from a bridge). This is the only port that receives frames from and forwards frames to the root bridge.

  • Designated port—The port that forwards traffic away from the root bridge toward a leaf. A designated bridge has one designated port for every link connection it serves. A root bridge forwards frames from all of its ports, which serve as designated ports.

  • Alternate port—A port that provides an alternate path toward the root bridge if the root port fails and is placed in the discarding state. This port is not part of the active spanning tree, but if the root port fails, the alternate port immediately takes over.

  • Backup port—A port that provides a backup path toward the leaves of the spanning tree if a designated port fails and is placed in the discarding state. A backup port can exist only where two or more bridge ports connect to the same LAN for which the bridge serves as the designated bridge. A backup port for a designated port immediately takes over if the port fails.

  • Disabled port—The port is not part of the active spanning tree.

Port States Determine How a Port Processes a Frame

Each port has both a state and a role. A port’s state determines how it processes a frame. RSTP places each port of a designated bridge in one of three states:

  • Discarding—The port discards all BPDUs. A port in this state discards all frames it receives and does not learn MAC addresses.

  • Learning—The port prepares to forward traffic by examining received frames for location information in order to build its MAC address table.

  • Forwarding—The port filters and forwards frames. A port in the forwarding state is part of the active spanning tree.

Edge Ports Connect to Devices That Cannot Be Part of a Spanning Tree

Spanning Tree also defines the concept of an edge port, which is a designated port that connects to devices that are not STP-capable, such as PCs, servers, routers, or hubs that are not connected to other switches. Because edge ports connect directly to end stations, they cannot create network loops and can transition to the forwarding state immediately. You can manually configure edge ports, and a switch can also detect edge ports by noting the absence of communication from the end stations.

The edge ports themselves do send BPDUs to the spanning tree. If you have a good understanding of the implications on your network and want to modify RSTP on the edge port interface.

BPDUs Maintain the Spanning-Tree

Spanning-tree protocols use frames called bridge protocol data units (BPDUs) to create and maintain the spanning tree. A BPDU frame is a message sent from one switch to another to communicate information about itself, such as its bridge ID, root path costs, and port MAC addresses. The initial exchange of BPDUs between switches determines the root bridge. Simultaneously, BPDUs are used to communicate the cost of each link between branch devices, which is based upon port speed or user configuration. RSTP uses this path cost to determine the ideal route for data frames to travel from one leaf to another leaf and then blocks all other routes. If an edge port receives a BPDU, it automatically transitions to a regular RSTP port.

When the network is in a steady state, the spanning tree converges when the spanning-tree algorithm (STA) identifies both the root and designated bridges and all ports are in either a forwarding or blocking state. To maintain the tree, the root bridge continues to send BPDUs at a hello time interval (default 2 seconds). These BPDUs continue to communicate the current tree topology. When a port receives a hello BPDU, it compares the information to that already stored for the receiving port. One of three actions takes place when a switch receives a BPDU:

  • If the BPDU data matches the existing entry in the MAC address table, the port resets a timer called max age to zero and then forwards a new BPDU with the current active topology information to the next port in the spanning tree.

  • If the topology in the BPDU has been changed, the information is updated in the MAC address table, max age is again set to zero, and a new BPDU is forwarded with the current active topology information to the next port in the spanning tree.

  • When a port does not receive a BPDU for three hello times, it reacts one of two ways. If the port is the root port, a complete rework of the spanning tree occurs—see When an RSTP Root Bridge Fails. If the bridge is any non-root bridge, RSTP detects that the connected device cannot send BPDUs and converts that port to an edge port.

When a Root Bridge Fails

When a link to the root port goes down, a flag called a topology change notification (TCN) is added to the BPDU. When this BPDU reaches the next port in the VLAN, the MAC address table is flushed and the BPDU is sent to the next bridge. Eventually, all ports in the VLAN have flushed their MAC address tables. Then, RSTP configures a new root port.After a root port or a designated port fails, the alternate or backup port takes over after an exchange of BPDUs called the proposal-agreement handshake. RSTP propagates this handshake over point-to-point links, which are dedicated links between two network nodes, or switches, that connect one port to another. If a local port becomes a new root or designated port, it negotiates a rapid transition with the receiving port on the nearest neighboring switch by using the proposal-agreement handshake to ensure a loop-free topology.

Devices Must Relearn MAC Addresses After a Link Failure

Because a link failure causes all associated ports to flush their MAC address table, the network might be slower as it floods to relearn the MAC addresses. There is a way to speed up this relearning process. During TCN propagation, the Layer 2 forwarding table of switches is flushed, resulting in a flood of data packets. The Address Resolution Protocol (ARP) feature causes the switch to proactively send ARP requests for IP addresses in the ARP cache (present because of Layer 3 VLAN interface). With ARP on STP enabled, as the reply comes through, the switches builds up the Layer 2 forwarding table, thus limiting the flooding later. Enabling ARP on STP is most useful to prevent excessive flooding in large Layer 2 networks using RVIs.

Note:

The ARP feature is not available on Junos OS for EX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style.

See Also

Choosing a Spanning Tree Protocol

When selecting a spanning-tree protocol, consider two basic questions:

  • What STP features do I need?

  • What switch or router will be used?

Comparison of Spanning Tree Features

Table 1 describes differences between spanning-tree protocols STP, RSTP, MSTP and VSTP.

Table 1: Selecting a Spanning-Tree Protocol
Protocol Advantages Disadvantages

RSTP

  • Rapid Spanning Tree Protocol is the default switch configuration and is recommended for most network configurations because it converges more quickly than STP after a failure.

  • Voice and video work better with RSTP than they do with STP.

  • RSTP is backward compatible with STP; therefore, switches do not all have to run RSTP.

  • RSTP supports more ports than MSTP or VSTP.

  • On MX and ACX routers, you can configure RSTP, MSTP, and VSTP instance interfaces as edge ports.

Tip:

Use the set rstp interface configuration statement to indicate which logical interfaces participate in RSTP. See

.

Tip:

If RSTP has been forced to run as the original STP version, you can revert back to RSTP by Reverting to RSTP or VSTP from Forced IEEE 802.1D STP.

STP

  • Spanning Tree Protocol works with 802.1D 1998 bridges.

  • RSTP is backward compatible with STP; therefore, you can run RSTP on some switches and STP on others with 802.1D 1998 bridges.

  • STP and RSTP are limited to a single instance on any physical interface. Use the set stp interface statement to configure interfaces participating in the RSTP instance.

  • STP is slower than RSTP.

  • STP is not recommended for multiple VLAN networks because it is not VLAN-—as a result, all VLANs within a LAN share the same spanning-tree. This limits the number of forwarding paths for data traffic. Use MSTP instead.

  • Although STP provides basic loop prevention functionality, it does not provide fast network convergence when there are topology changes. The STP process to determine network state transitions is slower than the RSTP process because it is timer-based. RSTP converges faster because it uses a handshake mechanism based on point-to-point links instead of the timer-based process used by STP.

  • Edge ports are not supported when the original IEEE 802.1D STP is configured. If you specify edge at the [edit protocols stp] hierarchy level, the software ignores the option.

Tip:

Use the set stp interface statement to configure interfaces to participate in the STP instance. See Configuring STP on EX Series Switches (CLI Procedure).

MSTP

  • Multiple Spanning Tree Protocol works with most VLANs.

  • MSTP supports multiple instances on a single physical interface.

  • On MX and ACX routers, you can configure RSTP, MSTP, and VSTP instance interfaces as edge ports.

  • Some protocols require compatibility not provided by MSTP. In this case, use VSTP.

  • MSTP supports a limited number of ports. An MSTP region supports up to 64 MSTIs with each instance supporting from 1 through 4094 VLANs

  • MSTP uses more CPU than RSTP and does not converge as fast as RSTP.
Tip:

Use the set mstp interface configuration statement to indicate which logical interfaces participate in MSTP. See Configuring MSTP on Switches.

VSTP

  • VSTP works with VLANs that require device compatibility. Enable VSTP on all VLANs that could receive VSTP bridge protocol data units (BPDUs).

  • VSTP and RSTP are the only spanning-tree protocols that can be configured concurrently on a switch.

  • For VSTP, interfaces can be configured at the global level or at the VLAN level. Interfaces configured at the global VSTP level will be enabled for all the configured VLANs. If an interface is configured at both the global and VLAN levels, the configuration at the VLAN level overrides the global configuration.

  • On MX and ACX routers, you can configure RSTP, MSTP, and VSTP instance interfaces as edge ports.

  • With VSTP, there can be only one STP instance per VLAN, where MSTP lets you combine multiple VLANs in one instance.

  • VSTP supports a limited number of ports compared to RSTP.

  • You can configure VSTP for a maximum of 509 VLANs. However, having a large number of VSTP and RSTP instances can cause continuous changes in the topology. As a performance workaround, reduce the number of VSTP instances to fewer than 190.

  • Using the same VLAN for RSTP and VSTP is not supported. For example, if you are configuring a VLAN under VSTP, configuring RSTP with an interface that contains the same VLAN is not supported.

  • If you configure VSTP and RSTP at the same time and the switch has more than 253 VLANs, VSTP is configured only for the first 253 VLANs. For the remaining VLANs, only RSTP is configured.

  • When you configure VSTP with the set protocol vstp vlan vlan-id interface interface-name command, the VLAN named default is excluded. You must manually configure a VLAN with the name default to run VSTP.
Tip:

When using VSTP, we recommend that you enable VSTP on all VLANs that can receive VSTP bridge protocol data units (BPDUs).

Tip:

When you configure VSTP with the set protocol vstp vlan all command, VLAN ID 1 is not set; it is excluded so that the configuration is compatible with Cisco PVST+. If you want VLAN ID 1 to be included in the VSTP configuration on your switch, you must set it separately with the set protocol vstp vlan 1 command. For more information, see Knowledge Base articles KB15138 and KB18291 at https://kb.juniper.net/InfoCenter/index

Tip:

The maximum number of VLANs supported by VSTP on a switch depends upon whether you are using Junos OS for EX Series and QFX Series switches with support for the Enhanced Layer 2 Software (ELS) configuration style or Junos OS that does not support ELS.

You can use Juniper Networks switches with VSTP and Cisco switches with PVST+ and Rapid-PVST+ in the same network. Cisco supports a proprietary Per-VLAN Spanning Tree (PVST) protocol, which maintains a separate spanning tree instance per each VLAN. One Spanning Tree per VLAN allows fine grain load balancing but requires more BPDU CPU processing as the number of VLANs increases. PVST runs on Cisco proprietary ISL trunks which is not supported by Juniper. Juniper switches only inter-operate with PVST+ and Rapid-PVST+.

Tip:

Spanning-tree protocols all generate their own BPDUs. User bridge applications running on a PC can also generate BPDUs. If these BPDUs are picked up by STP applications running on the switch, they can trigger STP miscalculations, and those miscalculations can lead to network outages. See Configuring BPDU Protection on Spanning Tree Interfaces.

Note:

If you are configuring an interface for any spanning tree protocol (STP, MSTP, RSTP, and VSTP), the interface all, vlan all, and vlan-group options are not available when you configure an interface with the flexible-vlan-tagging family option.

Switch and Router Spanning Tree Support and Limitations

Not all switches and routers support the exact same features and configurations. Known differences are listed in Table 2.

Table 2: Spanning Tree Hardware Considerations

Router or Switch

Considerations

MX Series Routers

Only MX Series routers can use the virtual-switch routing instance type to isolate a LAN segment with its spanning-tree instance and to separate its VLAN ID space. See Configuring a Virtual Switch Routing Instance on MX Series Routers

Tracing and global tracing are available on ACX and MX routers with the global traceoptions statement—see Understanding Spanning-Tree Protocol Trace Options.

Beginning with Release 14.1R1, these STP log enhancements are supported on MX Series routers:

  • Logging of information in the internal ring buffer about events like Spanning Tree (such as STP, MSTP, RSTP, or VSTP) interface role or state change without having to configure STP traceoptions.

  • Capturing information as to what triggered the spanning-tree role or state change.

On MX and ACX routers, you can configure RSTP, MSTP, and VSTP instance interfaces as edge ports for faster convergence than the original STP version. Edge ports transition directly to the forwarding state, and so the protocol does not need to wait for BPDUs to be received on edge ports.

On an MX Series router running RSTP or MSTP in a provider network, you can enable provider bridge participation in the RSTP or MSTP instance—see Understanding Provider Bridge Participation in RSTP or MSTP Instances.

Tip:

For 802.1ad provider bridge networks (stacked VLANs) on MX Series and M Series routers, single-tagged access ports and double-tagged trunk ports can co-exist in a single spanning tree context. In this mode, the VLAN Spanning Tree Protocol (VSTP) can send and receive untagged Rapid Spanning Tree Protocol (RSTP) bridge protocol data units (BPDUs) on Gigabit Ethernet (ge), 10 -Gigabit Ethernet (xe), and aggregated Ethernet (ae) interfaces. The untagged RSTP BPDUs interoperate with tagged VSTP BPDUs sent over the double-tagged trunk ports. Double-tagging can be useful for Internet service providers, allowing them to use VLANs internally while mixing traffic from clients that are already VLAN-tagged.

ACX Series Routers

On MX and ACX routers, you can configure RSTP, MSTP, and VSTP instance interfaces as edge ports for faster convergence than the original STP version. Edge ports transition directly to the forwarding state, and so the protocol does not need to wait for BPDUs to be received on edge ports.

Tracing and global tracing are available on ACX and MX routers with the global traceoptions statement—see Understanding Spanning-Tree Protocol Trace Options.

QFX Series Switches

See Configuring STP.

If your network includes IEEE 802.1D 1998 bridges, remove RSTP and explicitly configure STP—see Forcing RSTP or VSTP to Run as IEEE 802.1D STP (CLI Procedure). When you explicitly configure STP, the QFX Series products use the IEEE 802.1D 2004 specification, force version 0. This configuration runs a version of RSTP that is compatible with the classic, basic STP. If you use virtual LANs (VLANs), you can enable VSTP on your network.

The STP support provided for the QFX Series includes:

  • IEEE 802.1d

  • 802.1w RSTP

  • 802.1s MSTP

Use Rapid Spanning Tree Protocol (RSTP) on the network side of the QFX Series to provide quicker convergence time than the base Spanning Tree Protocol (STP) does. RSTP identifies certain links as point to point. When a point-to-point link fails, the alternate link can transition to the forwarding state, which speeds up convergence.

An interface can be configured for either root protection or loop protection, but not for both.

On EX Series (except EX9200) and QFX Series switches running Junos OS that supports ELS—VSTP can support up to 510 VLANs.

If your EX Series or QFX Series switch interoperates with a Cisco device running Rapid per VLAN Spanning Tree (Rapid PVST+), we recommend that you enable both VSTP and RSTP on the EX Series or QFX Series interface.

EX Series Switches

  • There are two versions of EX Series switches. Be sure to use the correct commands for each version. Some EX switches run the Juniper Networks Junos operating system (Junos OS) that supports the Enhanced Layer 2 Software (ELS) configuration (for example, EX4300, EX2300, EX3400 and EX4600 support ELS) and some do not support the ELS configuration.

  • EX Series switches configured to use STP actually run RSTP force version 0, which is compatible with STP. If you are using Junos OS for EX Series switches with support for ELS, you can force the original IEEE 802.1D Spanning Tree Protocol (STP) version to run in place of RSTP or VSTP. See Forcing RSTP or VSTP to Run as IEEE 802.1D STP (CLI Procedure).

  • On EX Series (except EX9200) and QFX Series switches running Junos OS that supports ELS—VSTP can support up to 510 VLANs. However, on EX9200 switches, VSTP can support only up to 253 VLANs.

  • The EX Series switches EX4300, EX4600 and the QFX platforms QFX5100, QFX3500, QFX3600 support 510 Vlans on VSTP.

  • On EX9200 switches—VSTP can support up to 4000 VLANs.

  • On an EX Series switch running Junos OS that does not support ELS—VSTP can support up to 253 VLANs.

  • EX4300 switches can be configured for STP only by enabling RSTP and forcing it to act as STP. Select the Force STP check box from the RSTP configuration page.

  • An interface can be configured for either root protection or loop protection, but not for both.

  • If your EX Series or QFX Series switch interoperates with a Cisco device running Rapid per VLAN Spanning Tree (Rapid PVST+), we recommend that you enable both VSTP and RSTP on the EX Series or QFX Series interface.

  • The ARP feature is not available for EX Series switches supporting the Enhanced Layer 2 Software (ELS) configuration style.
Tip:

EX Series switches can have a maximum of 253 VLANs on VSTP. Therefore, to have as many spanning-tree protocol VLANs as possible, use both VSTP and RSTP. RSTP will then be applied to VLANs that exceed the limit for VSTP. Because RSTP is enabled by default, you just need to additionally enable VSTP.

QFabric

Although there is no need to run STP in a QFabric system, you can connect a QFabric system to another Layer 2 device and use STP. STP traffic can only be processed on network Node groups. Other Node groups, such redundant server Node groups and server Node groups, discard the STP bridge protocol data units (BPDUs) traffic and disable the interface automatically. Server Node groups only process host-facing protocols, whereas Network Node groups process all supported protocols.

SRX Series Firewalls

  • Provide Layer 2 loop prevention through STP, RSTP, or MSTP only. VSTP is not supported on the SRX platform.

  • There are two versions of SRX Series Firewalls. Be sure to use the correct commands for each version. Some SRX Series Firewalls run the Juniper Networks Junos operating system (Junos OS) that supports the Enhanced Layer 2 Software (ELS) configuration and some do not support the ELS configuration.

  • Starting in Junos OS Release 15.1X49-D70, the Spanning Tree Protocol (STP) is supported on SRX300, SRX320, SRX340, SRX345, SRX550M, and SRX1500 devices. Spanning Tree Protocol (STP) is not supported from Junos Os Release 15.1X49-D40 to Junos OS Release 15.1X49-D60.

  • An interface can be configured for either root protection or loop protection, but not for both.