• As LANs increase, more and more switches are used to implement interconnection

between hosts. As shown in the figure, the access switch is connected to the upstream
device through a single link. If the uplink fails, the host connected to the access switch
is disconnected from the network. Another problem is the single point of failure
(SPOF). That is, if the switch breaks down, the host connected to the access switch is
also disconnected.

• To solve this problem, switches use redundant links to implement backup. Although
redundant links improve network reliability, loops may occur. Loops cause many
problems, such as communication quality deterioration and communication service
interruption.
• In practice, redundant links may cause loops, and some loops may be caused by
human errors.
• Issue 1: Broadcast storm

▫ According to the forwarding principle of switches, if a switch receives a broadcast

frame or a unicast frame with an unknown destination MAC address from an
interface, the switch forwards the frame to all other interfaces except the source
interface. If a loop exists on the switching network, the frame is forwarded
infinitely. In this case, a broadcast storm occurs and repeated data frames are
flooded on the network.

▫ In this example, SW3 receives a broadcast frame and floods it. SW1 and SW2 also
forward the frame to all interfaces except the interface that receives the frame.
As a result, the frame is forwarded to SW3 again. This process continues, causing
a broadcast storm. The switch performance deteriorates rapidly and services are
interrupted.

• Issue 2: MAC address flapping

▫ A switch generates a MAC address table based on source addresses of received

data frames and receive interfaces.

▫ In this example, SW1 learns and floods the broadcast frame after receiving it
from GE0/0/1, forming the mapping between the MAC address 5489-98EE-788A
and GE0/0/1. SW2 learns and floods the received broadcast frame. SW1 receives
the broadcast frame with the source MAC address 5489-98EE-788A from GE0/0/2
and learns the MAC address again. Then, the MAC address 5489-98EE-788A is
switched between GE0/0/1 and GE0/0/2 repeatedly, causing MAC address
flapping.
• On an Ethernet network, loops on a Layer 2 network may cause broadcast storms,
MAC address flapping, and duplicate data frames. STP is used to prevent loops on a
switching network.

• STP constructs a tree to eliminate loops on the switching network.

• The STP algorithm is used to detect loops on the network, block redundant links, and
prune the loop network into a loop-free tree network. In this way, proliferation and
infinite loops of data frames are avoided on the loop network.
• As shown in the preceding figure, switches run STP and exchange STP BPDUs to
monitor the network topology. Normally, a port on SW3 is blocked to prevent the loop.
When the link between SW1 and SW3 is faulty, the blocked port is unblocked and
enters the forwarding state.
• Common loops are classified into Layer 2 and Layer 3 loops.

• Layer 2 loops are caused by Layer 2 redundancy or incorrect cable connections. You
can use a specific protocol or mechanism to prevent Layer 2 loops.

• Layer 3 loops are mainly caused by routing loops. Dynamic routing protocols can be
used to prevent loops and the TTL field in the IP packet header can be used to prevent
packets from being forwarded infinitely.
• STP is used on Layer 2 networks of campus networks to implement link backup and
eliminate loops.
• In STP, each switch has a bridge ID (BID), which consists of a 16-bit bridge priority and
a 48-bit MAC address. On an STP network, the bridge priority is configurable and
ranges from 0 to 65535. The default bridge priority is 32768. The bridge priority can be
changed but must be a multiple of 4096. The device with the highest priority (a
smaller value indicates a higher priority) is selected as the root bridge. If the priorities
are the same, devices compare MAC addresses. A smaller MAC address indicates a
higher priority.

• As shown in the figure, the root bridge needs to be selected on the network. The three
switches first compare bridge priorities. The bridge priorities of the three switches are
4096. Then the three switches compare MAC addresses. The switch with the smallest
MAC address is selected as the root bridge.
• The root bridge functions as the root of a tree network.

• It is the logical center, but not necessarily the physical center, of the network. The root
bridge changes dynamically with the network topology.

• After network convergence is completed, the root bridge generates and sends
configuration BPDUs to other devices at specific intervals. Other devices process and
forward the configuration BPDUs to notify downstream devices of topology changes,
ensuring that the network topology is stable.
• Each port on a switch has a cost in STP. By default, a higher port bandwidth indicates a
smaller port cost.

• Huawei switches support multiple STP path cost calculation standards to provide better
compatibility in scenarios where devices from multiple vendors are deployed. By
default, Huawei switches use IEEE 802.1t to calculate the path cost.
• There may be multiple paths from a non-root bridge to the root bridge. Each path has
a total cost, which is the sum of all port costs on this path. A non-root bridge
compares the costs of multiple paths to select the shortest path to the root bridge. The
path cost of the shortest path is called the root path cost (RPC), and a loop-free tree
network is generated. The RPC of the root bridge is 0.
• Each port on an STP-enabled switch has a port ID, which consists of the port priority
and port number. The value of the port priority ranges from 0 to 240, with an
increment of 16. That is, the value must be an integer multiple of 16. By default, the
port priority is 128. The PID is used to determine the port role.
• Switches exchange BPDUs where information and parameters are encapsulated to
calculate spanning trees.

• BPDUs are classified into configuration BPDUs and TCN BPDUs.

• A configuration BPDU contains parameters such as the BID, path cost, and PID. STP
selects the root bridge by transmitting configuration BPDUs between switches and
determines the role and status of each switch port. Each bridge proactively sends
configuration BPDUs during initialization. After the network topology becomes stable,
only the root bridge proactively sends configuration BPDUs. Other bridges send
configuration BPDUs only after receiving configuration BPDUs from upstream devices.

• A TCN BPDU is sent by a downstream switch to an upstream switch when the

downstream switch detects a topology change.
• STP operations:

1. Selects a root bridge.

2. Each non-root switch elects a root port.

3. Select a designated port for each network segment.

4. Blocks non-root and non-designated ports.

• STP defines three port roles: designated port, root port, and alternate port.

• A designated port is used by a switch to forward configuration BPDUs to the connected

network segment. Each network segment has only one designated port. In most cases,
each port of the root bridge is a designated port.

• The root port is the port on the non-root bridge that has the optimal path to the root
bridge. A switch running STP can have only one root port, but the root bridge does not
have any root port.

• If a port is neither a designated port nor a root port, the port is an alternate port. The
alternate port is blocked.
• When a switch starts, it considers itself as the root bridge and sends configuration
BPDUs to each other for STP calculation.
• What is a root bridge?
▫ The root bridge is the root node of an STP tree.
▫ To generate an STP tree, first determine a root bridge.
▫ It is the logical center, but not necessarily the physical center, of the network.
▫ When the network topology changes, the root bridge may also change. (The role
of the root bridge can be preempted.)
• Election process:
1. When an STP-enabled switch is started, it considers itself as the root bridge and
declares itself as the root bridge in the BPDUs sent to other switches. In this case,
the BID in the BPDU is the BID of each device.
2. When a switch receives a BPDU from another device on the network, it
compares the BID in the BPDU with its own BID.
3. Switches exchange BPDUs continuously and compare BIDs. The switch with the
smallest BID is selected as the root bridge, and other switches are non-root
bridges.
4. As shown in the figure, the priorities of SW1, SW2, and SW3 are compared first.
If the priorities of SW1, SW2, and SW3 are the same, MAC addresses are
compared. The BID of SW1 is the smallest, so SW1 is the root bridge, and SW2
and SW3 are non-root bridges.
• Note:
▫ The role of the root bridge can be preempted. When a switch with a smaller BID
joins the network, the network performs STP calculation again to select a new
root bridge.
• What is a root port?

▫ A non-root bridge may have multiple ports connected to a network. To ensure

that a working path from a non-root bridge to a root bridge is optimal and
unique, the root port needs to be determined among ports of the non-root
bridge. The root port is used for packet exchange between the non-root bridge
and the root bridge.

▫ After the root bridge is elected, the root bridge still continuously sends BPDUs,
and the non-root bridge continuously receives BPDUs from the root bridge.
Therefore, the root port closest to the root bridge is selected on all non-root
bridges. After network convergence, the root port continuously receives BPDUs
from the root bridge.

▫ That is, the root port ensures the unique and optimal working path between the
non-root bridge and the root bridge.

• Note: A non-root bridge can have only one root port.

• What is a designated port?
▫ The working path between each link and the root bridge must be unique and
optimal. When a link has two or more paths to the root bridge (the link is
connected to different switches, or the link is connected to different ports of a
switch), the switch (may be more than one) connected to the link must
determine a unique designated port.
▫ Therefore, a designated port is selected for each link to send BPDUs along the
link.
• Note: Generally, the root bridge has only designated ports.
• Election process:
1. The designated port is also determined by comparing RPCs. The port with the
smallest RPC is selected as the designated port. If the RPCs are the same, the
BID and PID are compared.
2. First, RPCs are compared.A smaller value indicates a higher priority of electing
the designated port, so the switch selects the port with the smallest RPC as the
designated port.
3. If the RPCs are the same, BIDs of switches at both ends of the link are compared.
A smaller BID indicates a higher priority of electing the designated port, so the
switch selects the port with the smallest BID as the designated port.
4. If the BIDs are the same, PIDs of switches at both ends of the link are compared.
A smaller PID indicates a higher priority of electing the designated port, so the
switch selects the port with the smallest PID as the designated port.
• What is a non-designated port (alternate port)?

▫ After the root port and designated port are determined, all the remaining non-
root ports and non-designated ports on the switch are called alternate ports.

• Blocking alternate ports

▫ STP logically blocks the alternate ports. That is, the ports cannot forward the
frames (user data frames) generated and sent by terminal computers.

▫ Once the alternate port is logically blocked, the STP tree (loop-free topology) is
generated.

• Note:

▫ The blocked port can receive and process BPDUs.

▫ The root port and designated port can receive and send BPDUs and forward user
data frames.
• The figure shows the STP port state transition. The STP-enabled device has the
following five port states:

• Forwarding: A port can forward user traffic and BPDUs. Only the root port or
designated port can enter the Forwarding state.

• Learning: When a port is in Learning state, a device creates MAC address entries based
on user traffic received on the port but does not forward user traffic through the port.
The Learning state is added to prevent temporary loops.

• Listening: A port in Listening state can forward BPDUs, but cannot forward user traffic.

• Blocking: A port in Blocking state can only receive and process BPDUs, but cannot
forward BPDUs or user traffic. The alternate port is in Blocking state.

• Disabled: A port in Disabled state does not forward BPDUs or user traffic.
• Root bridge fault:

▫ On a stable STP network, a non-root bridge periodically receives BPDUs from the
root bridge.

▫ If the root bridge fails, the downstream switch stops sending BPDUs. As a result,
the downstream switch cannot receive BPDUs from the root bridge.

▫ If the downstream switch does not receive BPDUs, the Max Age timer (the
default value is 20s) expires. As a result, the record about the received BPDUs
becomes invalid. In this case, the non-root bridges send configuration BPDUs to
each other to elect a new root bridge.

• Port state:

▫ The alternate port of SW3 enters the Listening state from the Blocking state after
20s and then enters the Learning state. Finally, the port enters the Forwarding
state to forward user traffic.

• Convergence time:

▫ It takes about 50s to recover from a root bridge failure, which is equal to the
value of the Max Age timer plus twice the value of the Forward Delay timer.
• Direct link fault:

▫ When two switches are connected through two links, one is the active link and
the other is the standby link.

▫ When the network is stable, SW2 detects that the link of the root port is faulty,
and the alternate port enters the Forwarding state.

• Port state:

▫ The alternate port transitions from the Blocking state to the Listening, Learning,
Forwarding states in sequence.

• Convergence speed:

▫ If a direct link fails, the alternate port restores to the Forwarding state after 30s.
• Indirect link fault:
▫ On a stable STP network, a non-root bridge periodically receives BPDUs from the
root bridge.
▫ If the link between SW1 and SW2 is faulty (not a physical fault), SW2 cannot
receive BPDUs from SW1. The Max Age timer (the default value is 20s) expires.
As a result, the record about the received BPDUs becomes invalid.
▫ In this case, the non-root bridge SW2 considers that the root bridge fails and
considers itself as the root bridge. Then SW2 sends its own configuration BPDU to
SW3 to notify SW3 that it is the new root bridge.
▫ During this period, the alternate port of SW3 does not receive any BPDU that
contains the root bridge ID. After the Max Age timer expires, the port enters the
Listening state and starts to forward the BPDU that contains the root bridge ID
from the upstream device to SW2.
▫ After the Max Age timer expires, SW2 and SW3 receive BPDUs from each other
almost at the same time and perform STP recalculation. SW2 finds that the BPDU
sent by SW3 is superior, so it does not declare itself as the root bridge and re-
determines the port role.
• Port state:
▫ The alternate port of SW3 enters the Listening state from the Blocking state after
20s and then enters the Learning state. Finally, the port enters the Forwarding
state to forward user traffic.
• Convergence time:
▫ It takes about 50s to recover from an indirect link failure, which is equal to the
value of the Max Age timer plus twice the value of the Forward Delay timer.
• On a switching network, a switch forwards data frames based on the MAC address
table. By default, the aging time of MAC address entries is 300 seconds. If the spanning
tree topology changes, the forwarding path of the switch also changes. In this case, the
entries that are not aged in a timely manner in the MAC address table may cause data
forwarding errors. Therefore, the switch needs to update the MAC address entries in a
timely manner after the topology changes.

• In this example, the MAC address entry on SW2 defines that packets can reach Host A
through GE0/0/1 and reach Host B through GE0/0/3. The root port of SW3 is faulty,
causing the spanning tree topology to re-converge. After the spanning tree topology
re-converges, Host B cannot receive frames sent by Host A. This is because the aging
time of MAC address entries is 300s. After a frame sent from Host A to Host B reaches
SW2, SW2 forwards the frame through GE0/0/3.
• When the network topology changes, the root bridge sends TCN BPDUs to notify other
devices of the topology change. The root bridge generates TCs to instruct other
switches to age existing MAC address entries.

• The process of topology change and MAC address entry update is as follows:

1. After SW3 detects the network topology change, it continuously sends TCN
BPDUs to SWB.

2. After SW2 receives the TCN BPDUs from SW3, it sets the TCA bit in the Flags
field of the BPDUs to 1 and sends the BPDUs to SW3, instructing SW3 to stop
sending TCN BPDUs.

3. SW2 forwards the TCN BPDUs to the root bridge.

4. SW1 sets the TC bit in the Flags field of the configuration BPDU to 1 and sends
the configuration BPDU to instruct the downstream device to change the aging
time of MAC address entries from 300s to the value of the Forward Delay timer
(15s by default).

5. The incorrect MAC address entries on SW2 are automatically deleted after 15s at
most. Then, SW2 starts to learn MAC address entries again and forwards packets
based on the learned MAC address entries.
• The IEEE 802.1w standard released in 2001 defines RSTP. RSTP is an improvement on
STP and implements fast network topology convergence.

• RSTP is evolved from STP and has the same working mechanism as STP. When the
topology of a switching network changes, RSTP can use the Proposal/Agreement
mechanism to quickly restore network connectivity.

• RSTP removes three port states, defines two new port roles, and distinguishes port
attributes based on port states and roles. In addition, RSTP provides enhanced features
and protection measures to ensure network stability and fast convergence.

• RSTP is backward compatible with STP, which is not recommended because STP slow
convergence is exposed.

• Improvements made in RSTP:

▫ RSTP processes configuration BPDUs differently from STP.

▪ When the topology becomes stable, the mode of sending configuration

BPDUs is optimized.

▪ RSTP uses a shorter timeout interval of BPDUs.

▪ RSTP optimizes the method of processing inferior BPDUs.

▫ RSTP changes the configuration BPDU format and uses the Flags field to describe
port roles.

▫ RSTP topology change processing: Compared with STP, RSTP is optimized to

accelerate the response to topology changes.
• From the perspective of configuration BPDU transmission:

▫ An alternate port is blocked after learning a configuration BPDU sent from

another network bridge.

▫ A backup port is blocked after learning a configuration BPDU sent from itself.

• From the perspective of user traffic:

▫ An alternate port acts as a backup of the root port and provides an alternate
path from the designated bridge to the root bridge.

▫ A backup port backs up a designated port and provides a backup path from the
root bridge to the related network segment.
• In STP, it takes 15 seconds for the port of a switch connected to a user terminal to
transition from Disabled to Forwarding. During this period, the user terminal cannot
access the Internet. If the network changes frequently, the Internet access status of the
user terminal is unstable.

• An edge port is directly connected to a user terminal and is not connected to any
switching device. An edge port does not receive or process configuration BPDUs and
does not participate in RSTP calculation. It can transition from Disabled to Forwarding
without any delay. An edge port becomes a common STP port once it receives a
configuration BPDU. The spanning tree needs to be recalculated, which leads to
network flapping.
• RSTP deletes two port states defined in STP, reducing the number of port states to
three.

1. A port in Discarding state does not forward user traffic or learn MAC addresses.

2. A port in Learning state does not forward user traffic but learns MAC addresses.

3. A port in Forwarding state forwards user traffic and learns MAC addresses.
• VBST brings in the following benefits:

▫ Eliminates loops.

▫ Implements link multiplexing and load balancing, and therefore improves link use
efficiency.

▫ Reduces configuration and maintenance costs.

• If a great number of VLANs exist on a network, spanning tree computation for each
VPN consumes a huge number of switch processor resources.
• Intelligent Stack (iStack) enables multiple iStack-capable switches to function as a
logical device.

• Before an iStack system is set up, each switch is an independent entity and has its own
IP address and MAC address. You need to manage the switches separately. After an
iStack system is set up, switches in the iStack system form a logical entity and can be
managed and maintained using a single IP address. iStack technology improves
forwarding performance and network reliability, and simplifies network management.
• As shown in the figure, SW3 is connected to FW1 and FW2 through dual uplinks. In this
way, Switch3 has two uplinks to the uplink device. Smart Link can be configured on
SW3. In normal situations, the link on Port2 functions as a backup link. If the link on
Port1 fails, Smart Link automatically switches data traffic to the link on Port2 to ensure
service continuity.