How do Spanning Tree Protocols work?

The Spanning Tree Protocol prevents broadcast storms and network dis­rup­tions. However, the long downtime caused by the re­struc­tur­ing of the eponymous spanning tree makes the method vul­ner­a­ble to attacks.

What is a Spanning Tree Protocol?

The Spanning Tree Protocol (STP for short) is a method used in ethernet networks, that prevents the formation of duplicate frames. STP was invented by US network engineer and software developer Radia Perlman and defined as standard 802.1D by the Institute of Elec­tri­cal and Elec­tron­ics Engineers (IEEE) in 1990. By checking the network for redundant paths and switching them off, the Spanning Tree Protocol prevents two or more parallel frames from being created which would otherwise lead to looping. The procedure forms a tree with the physical network without multiple con­nec­tions between the source and des­ti­na­tion.

Why is the Spanning Tree Protocol important?

The problem the Spanning Tree Protocol addresses occurs when there are multiple con­cur­rent data paths between two network switches. When data packets can be routed via multiple frames, the entire system could misbehave. One possible con­se­quence that results from two or more si­mul­ta­ne­ous paths between two points is the broadcast storm. In this case, all broadcast or multicast traffic in a network is trans­mit­ted and ac­cu­mu­lat­ed si­mul­ta­ne­ous­ly, which can lead to a snowball effect and, in the worst case, paralyze the entire com­mu­ni­ca­tion. With the help of a spanning tree protocol, this is prevented and the network remains intact.

The tree tech­nol­o­gy of STP

To avoid duplicate frames, the Spanning Tree Protocol es­tab­lish­es a spanning tree. Here, the con­nec­tion between two points within the network only takes place via a single path. In addition, the best possible con­nec­tion is found using this method. However, if a frame fails or is affected by a fault, the spanning tree is re­or­ga­nized as quickly as possible by the STP protocol and a new con­nec­tion path is opened. This reduces delays and the con­nec­tion between the in­di­vid­ual switches remains intact.

How does the Spanning Tree Protocol work?

With the Spanning Tree Protocol, com­mu­ni­ca­tion between two switches or bridges within a network happens via Bridge Protocol Data Units (BPDU). These are exchanged at short intervals and sent as multicast frames to MAC address 01-80-C2-00-00-10. Every two seconds, such a trans­mis­sion is made to the nearest and lowest bridge. This means that the Spanning Tree Protocol not only obtains an overview of all available paths, but also de­ter­mines the fastest con­nec­tion. Data rate and distances between two points are decisive here. Once the best path has been de­ter­mined, the remaining ports are de­ac­ti­vat­ed until further notice.

If a Bridge Protocol Data Unit fails to appear, the target switch in­ter­prets this as a link failure and initiates a re­ori­en­ta­tion of the tree topology. For com­pli­cat­ed arrange­ments, the re­cal­cu­la­tion may take 30 seconds or more. Once the spanning tree is re-raised, trans­mis­sion can happen via a pre­vi­ous­ly disabled spare con­nec­tion. This ensures the fastest possible data trans­mis­sion despite a failure.

The Rapid Spanning Tree Protocol

Re­cal­cu­la­tion and longer downtimes un­for­tu­nate­ly open up the network to attacks. If an incorrect frame isn’t blocked by the system, the triggered re­or­ga­ni­za­tion could disable the network for 30 seconds or longer. For this reason, the Rapid Spanning Tree Protocol (IEEE 802.1w) was developed in 2003. It’s backward com­pat­i­ble and ensures that the current structure of the network is main­tained until the failed link has been replaced. Only then is the tree re­struc­tured. This changeover takes just about a second.

Port states in the Spanning Tree Protocol

The Spanning Tree Protocol dis­tin­guish­es between a total of five port states. This prevents the formation of a loop and also ensures that no in­for­ma­tion about the tree topology is lost. The in­di­vid­ual states are as follows:

• For­ward­ing: Ports listed as for­ward­ing can forward frames, learn addresses, and receive, process, and transmit Bridge Protocol Data Units.
• Blocking: Ports set to blocking discard frames and don’t learn addresses, but receive and process Bridge Protocol Data Units.
• Listening: Listening ports discard frames, don’t learn addresses, but receive, process, and transmit Bridge Protocol Data Units.
• Learning: Ports discard frames but learn addresses and receive, process, and transmit Bridge Protocol Data Units.
• Disabled: Ports set to disabled discard frames, don’t learn addresses, and cannot receive or process Bridge Protocol Data Units.

If the Spanning Tree Protocol is enabled, each port passes through the Blocking, Listening, Learning and For­ward­ing states in sequence.

The Root Bridge in the Spanning Tree Protocol

The first step in the Spanning Tree Protocol is to select a root bridge that acts as the starting point for the spanning tree. The in­di­vid­ual paths are then expanded by the algorithm ac­ti­vat­ing or de­ac­ti­vat­ing ports. Settings can only be modified and timers read­just­ed via the root bridge.

• Hello Timer: The timer defines the time period between two Bridge Protocol Data Units, usually two seconds.
• Forward Delay: The second timer de­ter­mines the time in the Listening and Learning states, which is 30 seconds.
• Maximum Age: The third timer is called Maximum Age and specifies how long a port keeps con­fig­u­ra­tion in­for­ma­tion. The value is 20 seconds by default.

Pros and cons of Spanning Tree Protocols

The main advantage of the Spanning Tree Protocol is that con­ges­tion or in­ter­fer­ence are avoided within a network. Loops are excluded and parallel routes are avoided. Iden­ti­fy­ing the shortest con­nec­tion is also an advantage for the network. A dis­ad­van­tage of the Spanning Tree Protocol is the lengthy con­ver­gence time, which plays into the hands of attackers. However, the in­tro­duc­tion of the Rapid Spanning Tree Protocol and the Multiple Spanning Tree Protocol, in which several in­de­pen­dent spanning trees can be created within a LAN, minimizes these downtimes. This protects the network from possible attacks.