The Spanning Tree Protocol prevents broadcast storms and other communication disruptions in a network. However, the relatively long downtime that results from reorganizing the network makes the process vulnerable to attack.
What is Spanning Tree Protocol?
Spanning Tree Protocol (STP) is a process used in Ethernet networks to prevent duplicate frames from forming. STP was invented by Radia Perlman, an American network technician and software developer, and defined in 1990 by the Institute of Electrical and Electronics Engineers (IEEE) as the 802.1D standard. By checking the network for redundant paths and disabling them, the Spanning Tree Protocol prevents the creation of duplicate or multiple parallel frames as this would cause loops, for example. The method extends the physical network into a tree structure that does not require multiple connections between source and destination.
Why is Spanning Tree Protocol important?
The problem that the Spanning Tree Protocol addresses occurs when multiple simultaneous data paths are created between two switches in a network. If there are multiple frames through which data packets can be routed, this may result in a malfunction of the entire system. One of the possible consequences of the existence of at least two simultaneous paths between two points is what is called a diffusion storm (broadcast storm in English). In this case, all broadcast or multicast traffic is transmitted and accumulated simultaneously in a network, which can lead to a snowball effect and, in the worst case, paralyze the entire communication. The use of a Spanning Tree Protocol makes it possible to avoid this phenomenon and to preserve the integrity of the network.
The tree topology of STP
In order to ensure that there are no duplicate frames, the Spanning Tree Protocol establishes a spanning tree (spanning tree in English). In this tree, the connection between two points of the network is only made by a single path. This method also makes it possible to find the best possible connection. However, if a frame should fail or be affected by a disturbance, the connection is reorganized as quickly as possible by the Spanning Tree Protocol and a new path is opened. Thus, the delays are minimal and the connection between the different switches is maintained.
How does the Spanning Tree Protocol work?
With the Spanning Tree Protocol, communication between two switches or bridges within a network takes place via Bridge Protocol Data Units (BPDUs). These are exchanged at very short intervals and sent as multicast frames to the MAC address 01-80-C2-00-00-10. Such a transmission takes place towards the nearest and lowest bridge every two seconds. So the Spanning Tree Protocol not only gets an overview of all available paths, but can also determine the fastest connection. For this, the data rate and the distance between two points play a decisive role. Once the best path is determined, other ports are disabled until further notice.
If, in the case of the Spanning Tree Protocol, an expected Bridge Protocol Data Unit is missing, the target switch interprets this as a connection failure and initiates a reorientation of the network topology. In case of complicated provisions, the recalculation may take 30 seconds or more. If the network has been redeployed, the transmission can be made via a previously disabled replacement connection. Thus, despite a breakdown, the fastest possible data transmission is guaranteed.
The Rapid Spanning Tree Protocol
This new calculation and the resulting longer downtime are unfortunately a gateway for attacks on the network. If an erroneous frame is introduced and is not blocked by the system, it can trigger a reorganization that would take the network out of service for 30 seconds or more. For this reason, the Rapid Spanning Tree Protocol (IEEE 802.1w) was developed in 2003. It is backward compatible and ensures that the current network structure is maintained until the faulty section is replaced. . Only then is the tree structure restructured. This reorganization only takes about a second.
Port States in the Spanning Tree Protocol
The Spanning Tree Protocol has five port states in total. This prevents a loop from forming and ensures that no network topology information is lost. The different states are as follows:
- Forwarding : ports listed as forwarding can transmit frames, learn addresses and receive, process and transmit Bridge Protocol Data Units.
- Blocking : ports listed as blocking discard frames and do not learn addresses, but receive and process Bridge Protocol Data Units.
- listening : Listening ports discard frames, do not learn addresses, but receive, process, and transmit bridge protocol data units.
- Learning : Learning ports discard frames, but learn addresses and receive, process, and transmit bridge protocol data units.
- Disabled : ports set to disabled discard frames, do not learn addresses, and cannot receive or process Bridge Protocol Data Units.
When the Spanning Tree Protocol is activated, each port successively goes through the Blocking, Listening, Learning and Forwarding states.
The Root Bridge in Spanning Tree Protocol
The first step in the Spanning Tree Protocol is to choose a root bridge that will serve as the starting point for the network. The different paths are then expanded from there, with the algorithm enabling or disabling ports. Only the root bridge allows you to modify the parameters and readjust the following timers.
- Hello : this timer defines the delay between two Bridge Protocol Data Units, generally two seconds.
- Forward-Delay : The second timer sets the time in the Listening and Learning states, which is 30 seconds in total.
- Maximum Age : The third timer indicates how long a port retains configuration information. This value is 20 seconds by default.
Advantages and Disadvantages of Spanning Tree Protocol
The great advantage of the Spanning Tree Protocol is that it allowsavoid overloads or disturbances within a network. Loops are excluded and parallel paths are thus avoided. Identifying the shortest connection is also a benefit to the network. The disadvantage of the Spanning Tree Protocol is its relatively long convergence time, which favors attacks. The introduction of the Rapid Spanning Tree Protocol and its evolution, the Multiple Spanning Tree Protocol, which allows the creation of several independent frames within a local network, however, makes it possible to minimize these downtimes. This protects the network against possible attacks.
Learn about other types of networks and protocol standards in our Digital Guide:
