Spanning Tree - Oh Woe Is Me

I am amazed by the number of networks that I encounter that do not have optimal spanning tree configurations. I first read Radia Perlman’s book “Interconnections” back in 1994. I am amazed that 15 years later we are still dealing with spanning tree protocol (STP) issues in networks.

The critical device in a spanning tree is the root bridge. This is the bridge that is root of the entire loop-free tree that spans all bridges of a LAN topology. As you may already know, the spanning tree default root bridge priority is 32768 (1/2 the maximum size of a 16-bit unsigned integer). If all the switches have the same root bridge priority then the tie breaker is the MAC address. The switch with the lower MAC address will be elected as the root bridge. The error that many network administrators make is that they fail to set the root bridge and thus the decision is more-or-less left to chance. The problem arises when the switch with the lowest MAC address is a small stackable switch in a remote wiring closet. All the traffic traversing that LAN will then traverse that low-horsepower switch causing performance issues. To prevent this issue, the best practice is to define the core switch that is going to be the root bridge by assigning that switch a lower root bridge priority for that VLAN. This can be accomplished with the “spanning-tree vlan [vlan_id] root primary” command.

There are several ways to check this on Cisco switches. The commands “show spanning-tree” and “show spanning-tree summary” give good data. However, the “show spanning-tree root” command clearlyy illustrates if you have an issue. Below is a sample output of this command that shows that this core switch is root for most VLANs except for VLAN110 which was accidentally left as the default priority and another switch connected to interface GigabitEthernet 1/8 is the path towards the root.

6509A#show spanning-tree root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port ---------------- -------------------- ------ ----- --- --- ---------------- VLAN0001 49152 0015.a7b9.6a01 0 2 20 15 VLAN0010 0 0015.a7b9.6a0a 0 2 20 15 VLAN0050 0 0015.a7b9.6a32 0 2 20 15 VLAN0060 0 0015.a7b9.6a3c 0 2 20 15 VLAN0110 32878 0019.9437.d800 3004 2 20 15 Gi1/8 VLAN0120 0 0015.a7b9.6a78 0 2 20 15 VLAN0200 0 0015.a7b9.6ac8 0 2 20 15

There have been many optimizations to the original 802.1D spanning tree protocol over the years. These optimizations include MISTP, MST (802.1s), RSTP (802.1w), Rapid-PVST+, PortFast, , BPDU Guard, UplinkFast, BackboneFast, EtherChannel Guard, Root Guard, and Loop Guard. These techniques speed up the spanning-tree protocol and help prevent what ports may send and receive configuration Bridge Protocol Data Units (BPDUs). By restricting what devices can send BPDUs we can control rogue devices that may be added to the network and then claim to be the root bridge and take over the topology.

Because many network administrators still do not fully comprehend how spanning tree works, vendors try to create solutions to help minimize STP issues. To help avoid misconfigurations of the STP some vendors are looking for ways to eliminate spanning tree altogether. Certainly there are advantages to using a Layer-3 routing protocol in your core compared to traditional 802.1D spanning tree with its 15 seconds of listening, 15 seconds of learning, and its 20 seconds maxage timeout.

Cisco has a solution to help eliminate the issues with using STP in a high-speed core switching environment. One of the selling features of Cisco Virtual Switching System (VSS) is that it helps eliminate the need for spanning tree in the core. That is because the two core 6500s operate as if they are a single switch with a single switch configuration. VSS performs sub-200 millisecond Layer-2 failover and recovery through inter-chassis stateful failover. However, all the other switches in the LAN that connect to the core may still use spanning tree. Therefore, if all switches in the topology still may have the default root bridge priority there could still be STP issues. Because VSS doesn’t completely eliminate STP the VSS core virtual switch should still be configured as the root of the spanning tree.

Other benefits of Cisco VSS include increased performance, load sharing between chassis to increase efficiency by using Multi-chassis EtherChannel (MEC), and reduction of dependency on HSRP/GLBP/VRRP. It is pretty awesome to have 1.4Tbps of switching performance in the core of any network.

The bottom line is that if you haven’t looked at how your spanning tree is configured and currently “converged” you should check it today. You should try to define the root bridge to be the core of the LAN and use the optimizations to spanning tree that help prevent rogue devices from becoming part of the spanning tree. Please don’t just wholesale disable spanning tree because it can save you from catastrophic big-packet-spiral-of-death outages. You should also consider when the last time you performed or had a consultant perform an assessment of your spanning tree configuration? If it has been years or maybe never then you should check how spanning tree is operating in the core of your switched LANs.


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10