Spanning Tree BPDUs
Before we get into Spanning Tree Protocol’s root bridge election process, it is important to understand that STP starts with the exchange of STP Bridge Protocol Data Units (or BPDUs).
BPDUs are sent every two seconds by Spanning Tree enabled switches using the multicast address 01-80-C2-00-00-00. BPDUs come in two types:
- Topology Change Notification (TCN)
Topology Change Notification BPDUs are sent when a change occurs in the network. Configuration BPDUs are used to calculate STP path selection. Only the root bridge originates Configuration BPDUs while all other non-root bridges forward them throughout the switched network.
Spanning Tree Bridge ID
One of the main roles of Spanning Tree BPDUs is to carry out the Root Bridge election process. Electing the Root Bridge is the first order of business when it comes to Spanning Tree Protocol since all cost and forwarding decisions are made based on which switch is elected. The Root Bridge also determines what the STP timers will be for the entire network.
Each switch participating in Spanning Tree is assigned a Bridge ID Priority value, or BID. This BID is what determines who is elected as the Root Bridge.
The BID is made up of two parts – a 2-byte priority value and a 6-byte MAC address. For example, a Cisco switch with the default priority of 32,768 and a MAC address of 0025.b463.1d80 will have a complete BID of 32768:0025.b463.1d80.
The default Spanning Tree priority value on Cisco switches is 32,768. When it comes to the STP Root Bridge election, the switch with the lowest BID wins. Since the priority value is placed first in the ID, a lower priority will always win regardless of what MAC address follows. Taking it one step further, if the BID Priority value is left unchanged on all switches, then the switch with the lowest MAC address will always win the election and become root.
Determining Forwarding Ports
From a high-level, STP uses just three steps to decide which ports settle into a forwarding or blocking state.
|Elect root switch||Switch with the lowest Bridge ID (2-byte priority + MAC) is elected as Root.|
|Determine Root Port on each non-root switch||Each non-root switch decides which one port will become the Root Port. The Root Port is the port that receives the superior BPDU among all the ports.|
|Determine designated port for each segment||The designated port is the switch port that forwards the superior BPDU from the Root Bridge across the segment to neighbor switches.|
Root Bridge Election Process
It can be helpful to run through the Root Bridge election process using a simple example to illustrate how the switches communicate their BID information.
We will use a three-switch network to demonstrate the process. All three switches are using the default priority of 32,768. If all of the switches were to be powered on at the same time, each switch begins by assuming it is the Root Bridge and begins sending BPDUs with its BID to its neighbors. All interfaces enter the Spanning Tree listening state, anticipating BPDUs from neighboring switches.
SW1 will receive BPDUs from SW2 and S3 with their BIDs included in the message. SW1 then compares its own BID (32768: 0026.0b8e.a500) to SW2’s (32768:0025.b463.1d80) and SW3’s (32768: 0026.0b8e.8800). Since the starting priority value is the same across all three switches, the MAC portion of the BIDs is then examined. SW2’s MAC address is lower than SW1’s, so SW1 will recognize SW2 as the new Root Bridge and update its STP information accordingly.
SW2 receives BPDUs from SW1 and SW3 containing their BIDs. SW2 sees that it has the lowest BID and will continue sending BPDUs announcing itself as the Root Bridge.
SW3 behaves the same way. It receives BPDUs from SW1 and SW2 containing their BIDs. SW2’s BID is lower than SW3’s, so SW3 will recognize SW2 as the new Root Bridge and update its STP information accordingly.
At this point the STP Root Bridge election process has ended and all three switches recognize SW2 as root. Spanning Tree is a preemptive protocol however, so if the priorities change (for better or worse) on any of the switches, the STP election process will elect a new Root Bridge based on the updated BIDs. Similarly, if a new switch is added to the network and has a lower BID than the current root, it will be elected to the Root Bridge role. By default, STP BPDUs are sent every 2 seconds, so the new election process can happen quickly.
Why Assigning A Root Bridge Is Important
If a Bridge ID Priority value is not configured, the switch with the lowest MAC address in the network will become the Root Bridge. In most cases this is not ideal for a number of reasons. First, the Root Bridge will be responsible for sending the Configuration BPDUs and retransmitting change information throughout the network. This adds resource overhead and as a general recommendation should be performed by larger switches usually located in network core.
The second, and more important reason a priority value should be manually configured to determine the Root Bridge is related to traffic forwarding. If a small access switch is a closet happens to have the lowest MAC address and is elected as root, all forwarding paths in the network must pass through it. This could lead to suboptimal forwarding where frames do not transit the centralized core switches, but instead must travel all the way to the remote access switch using slower links before continuing on to their destination.
Simply put, MAC address is not the deciding factor you want deciding how frames are forwarded in a network. Best practice is to create one Root Bridge and another standby (or secondary) Root Bridge. The Root Bridge will have the lowest priority and act as the primary and the standby will have a slightly higher priority and act as a secondary. While only one will be elected to the root role at a time, the purpose of a standby Root Bridge is to act as a backup. If the primary were to fail, having a secondary that takes over will maintain deterministic frame forwarding from the core of the network.
Modern iterations of Spanning Tree Protocol like PVSTP and RPVST create a separate STP instance per VLAN on the switch. The more VLANs you have configured, the more Spanning Trees the switch will calculate and maintain. While this adds additional resource overhead to switches, it also enables a simple form of STP load balancing which is commonly used among two core switches. The first core switch will be configured with the lowest priority for half of the network’s VLANs and the second switch will be configured with the lowest priority for other half. This enables more even traffic distribution among the core switches when multiple VLANs are used throughout the network. For example, if 20 VLANs are used, each core switch could be configured as root for 10 VLANs.
Spanning Tree Root Bridge Configuration
In the last section we discussed why it is a good idea to manually define which switch in a network will be elected as the Root Bridge for one or more VLANs. Newer Spanning Tree standards like PVST+ and RPVST+ run a separate STP instance per VLAN, so the priority value is specific to each particular VLAN.
Before we get begin changing priority values, let’s look at what VLANs are running on our switches.
We can use the show spanning-tree vlan command to display the Root Bridge for VLANs 50 and 51. The output below shows that the Root ID (Root Bridge ID) is 0025.b463.1d80. Notice that this is the MAC address for SW2 – meaning that SW1 has identified SW2 as the Root Bridge for VLAN 50’s STP instance.
The output of the show spanning-tree vlan 51 command below also identifies SW2 as root for VLAN 51. Since no Spanning Tree priority values have been configured, all VLAN STP instances will elect the same switch to the Root Bridge role (based on lowest MAC address).
Spanning-Tree VLAN Root Primary Command
In this example we will use the spanning-tree vlan root command on SW1 to establish it as root for VLAN 50.
We can see that SW2 is now the Root Bridge based on “This bridge is the root” in the output. Also, notice that the Root ID Address matches the local Bridge ID Address.The spanning-tree vlan root primary command is actually just a macro that lowers the local switch’s priority value relative to the other switches in the network. Officially, it acts as follows:
- If the current Root Bridge’s priority value is greater than 24,576, the switch changes its priority value to 24576 to assume the root role.
- If the current Root Bridge’s priority value is less than 24,576, the switch sets its priority value to 4,096 less than the current root to assume the root role.
Spanning-Tree VLAN Root secondary Command
Now that we have establishes SW1 as the Root Bridge for VLAN 50, let’s set the priority on SW2 so that we’re sure it is elected as root if SW1 were to fail. This can be easily accomplished with the spanning-tree vlan root secondary command. Much like the primary option, using the secondary statement will run a macro to configure the local switch with a priority of 28,672.
Both of the spanning-tree vlan root primary and spanning-tree vlan root secondary commands are macros that make a one-time change to the Spanning Tree priority value on the local switch. If a new switch is added to the network with a lower priority it will assume the root role. While the root primary and secondary commands are helpful when establishing STP root placement in new environments, they do no guarantee root or secondary root status in established networks where the priority values on other devices are unknown. The spanning-tree vlan priority command should be used instead for more control.
Spanning-Tree VLAN Priority Command
In the previous section, we used the spanning-tree vlan root primary command to configure SW1 with the Root Bridge role for VLAN 50. An alternative method to change the local STP priority is with the spanning-tree vlan priority command. This allows an administrator to manually configure the switch’s Spanning Tree priority value directly with the value specified.
In this example, we will use the command to make SW3 the Root Bridge for VLAN 51.
The “Root ID Priority 32819 output above tells us that the Root Bridge for VLAN 51 has a total priority value of 32,819 (default priority of 32,768 + VLAN ID of 51). The “Root ID Address 0025.b463.1d80 output tells us that SW2 is the Root Bridge for VLAN 51.
For SW3 to be elected root for VLAN 51, we need to change its STP priority for the VLAN to be less than 32,768. One caveat is that the priority values that can be assigned must be done in increments of 4,096. This is related to the extended system ID formatting used in VLAN-specific STP implementations. In this example, we will configure SW3 with a priority value of 16,384.
Spanning Tree Root Bridge Verification
To verify the Spanning Tree Root Bridge for one or more VLANs, several show commands are helpful.
Show Spanning-tree VLAN
The show spanning-tree vlan that we have been using so far provides local, root, address, and priority values for each VLAN’s STP instance. This is a very useful command when trying to determine if the local switch is root.
If you see “This bridge is the root” in the output, the local switch is root. If not, check the Root Address listed with the MAC address of the other switches in the network for a match.
Show Spanning-tree Root
For a more concise summary of the Root Bridge for each VLAN, use the show spanning-tree root command.