How do Spanning Tree Protocols work?

The Spanning Tree Protocol prevents broadcast storms and network disruptions. However, the long downtime caused by the restructuring of the eponymous spanning tree makes the method vulnerable to attacks.

What is a Spanning Tree Protocol?

The Spanning Tree Protocol (STP for short) is a method used in ethernet networks, that prevents the formation of duplicate frames. STP was invented by US network engineer and software developer Radia Perlman and defined as standard 802.1D by the Institute of Electrical and Electronics Engineers (IEEE) in 1990. By checking the network for redundant paths and switching them off, the Spanning Tree Protocol prevents two or more parallel frames from being created which would otherwise lead to looping. The procedure forms a tree with the physical network without multiple connections between the source and destination.

Why is the Spanning Tree Protocol important?

The problem the Spanning Tree Protocol addresses occurs when there are multiple concurrent data paths between two network switches. When data packets can be routed via multiple frames, the entire system could misbehave. One possible consequence that results from two or more simultaneous paths between two points is the broadcast storm. In this case, all broadcast or multicast traffic in a network is transmitted and accumulated simultaneously, which can lead to a snowball effect and, in the worst case, paralyze the entire communication. With the help of a spanning tree protocol, this is prevented and the network remains intact.

The tree technology of STP

To avoid duplicate frames, the Spanning Tree Protocol establishes a spanning tree. Here, the connection between two points within the network only takes place via a single path. In addition, the best possible connection is found using this method. However, if a frame fails or is affected by a fault, the spanning tree is reorganized as quickly as possible by the STP protocol and a new connection path is opened. This reduces delays and the connection between the individual switches remains intact.

How does the Spanning Tree Protocol work?

With the Spanning Tree Protocol, communication between two switches or bridges within a network happens via Bridge Protocol Data Units (BPDU). These are exchanged at short intervals and sent as multicast frames to MAC address 01-80-C2-00-00-10. Every two seconds, such a transmission is made to the nearest and lowest bridge. This means that the Spanning Tree Protocol not only obtains an overview of all available paths, but also determines the fastest connection. Data rate and distances between two points are decisive here. Once the best path has been determined, the remaining ports are deactivated until further notice.

If a Bridge Protocol Data Unit fails to appear, the target switch interprets this as a link failure and initiates a reorientation of the tree topology. For complicated arrangements, the recalculation may take 30 seconds or more. Once the spanning tree is re-raised, transmission can happen via a previously disabled spare connection. This ensures the fastest possible data transmission despite a failure.

The Rapid Spanning Tree Protocol

Recalculation and longer downtimes unfortunately open up the network to attacks. If an incorrect frame isn’t blocked by the system, the triggered reorganization could disable the network for 30 seconds or longer. For this reason, the Rapid Spanning Tree Protocol (IEEE 802.1w) was developed in 2003. It’s backward compatible and ensures that the current structure of the network is maintained until the failed link has been replaced. Only then is the tree restructured. This changeover takes just about a second.

Port states in the Spanning Tree Protocol

The Spanning Tree Protocol distinguishes between a total of five port states. This prevents the formation of a loop and also ensures that no information about the tree topology is lost. The individual states are as follows:

  • Forwarding: Ports listed as forwarding can forward frames, learn addresses, and receive, process, and transmit Bridge Protocol Data Units.
  • Blocking: Ports set to blocking discard frames and don’t learn addresses, but receive and process Bridge Protocol Data Units.
  • Listening: Listening ports discard frames, don’t learn addresses, but receive, process, and transmit Bridge Protocol Data Units.
  • Learning: Ports discard frames but learn addresses and receive, process, and transmit Bridge Protocol Data Units.
  • Disabled: Ports set to disabled discard frames, don’t learn addresses, and cannot receive or process Bridge Protocol Data Units.

If the Spanning Tree Protocol is enabled, each port passes through the Blocking, Listening, Learning and Forwarding states in sequence.

The Root Bridge in the Spanning Tree Protocol

The first step in the Spanning Tree Protocol is to select a root bridge that acts as the starting point for the spanning tree. The individual paths are then expanded by the algorithm activating or deactivating ports. Settings can only be modified and timers readjusted via the root bridge.

  • Hello Timer: The timer defines the time period between two Bridge Protocol Data Units, usually two seconds.
  • Forward Delay: The second timer determines the time in the Listening and Learning states, which is 30 seconds.
  • Maximum Age: The third timer is called Maximum Age and specifies how long a port keeps configuration information. The value is 20 seconds by default.

Pros and cons of Spanning Tree Protocols

The main advantage of the Spanning Tree Protocol is that congestion or interference are avoided within a network. Loops are excluded and parallel routes are avoided. Identifying the shortest connection is also an advantage for the network. A disadvantage of the Spanning Tree Protocol is the lengthy convergence time, which plays into the hands of attackers. However, the introduction of the Rapid Spanning Tree Protocol and the Multiple Spanning Tree Protocol, in which several independent spanning trees can be created within a LAN, minimizes these downtimes. This protects the network from possible attacks.


Find out more about types of networks and protocol standards in our Digital Guide:

We use cookies on our website to provide you with the best possible user experience. By continuing to use our website or services, you agree to their use. More Information.