Spanning Tree Protocol (STP) is a control plane mechanism for Ethernet. It is used to create a Layer 2 topology (a tree) by placing the root switch on top of the tree.
Since classical Ethernet works based on data plane learning and Ethernet frames don’t have TTL for loop prevention, loops are prevented by the STP blocking the links.
As you can see from the below figure, some links are blocked by the spanning tree. If Spanning Tree wouldn’t block those links, loop would occur in the below topology.
Spanning Tree blocks some links to mitigate switching loops
Loop has to be mitigated by blocking some links with the Spanning Tree but blocking links does not allow all available links to be used, nor does it provide multipathing.
In this post I am going to share some best practices which you should consider in Spanning Tree design.Some of the technologies may not be available in your network thus you may not follow the best practice. Thats is okay !
Network design doesn’t mean using always the best practices. Using best practices with the available hardware, software, technology and human who manage the network.
There might be other best or good practices, if you want to add anything please share in the comment box below.
Spanning Tree Best Practices:
- Use RSTP or RPVST+ for fast convergence for direct and indirect failures.
- Use MST for scaling. If you have large-scale VLAN deployment and CPU usages is a concern, take advantage of grouping VLANs to MST instance.
- Take advantage of VLAN load-balancing, so you can utilize available uplink capacity.
- Flow based load balancing cannot be supported by Spanning Tree unless Etherchannel or Multichassis Ethercannel is used.
- VLAN load-balancing can be cumbersome, but it has the advantage of using all uplinks.
- Spanning tree avoids switching loops by blocking some links in the topology. If the requirement is to use all the available links, link can be grouped into a bundle.
- LACP and the Cisco preparatory protocol PAGP are used to aggregate multiple physical links into a logical bundle.
- LACP is a standard mechanism which can be used only between two switches or between multiple switches.
- If LACP is used between multiple switches, solution is called Multi Chassis link aggregation or multichassis etherchannel.
- System ID which is generated by the System Priority and MAC address of the switches need to be same on two switches if there will be a Multichasis Ether channel.
- For ease of troubleshooting, you can use one distribution switch as primary root switch for odd VLANs and use the other distribution as the primary root switch for even VLANs. This gives better predictability.
- Always enable STP on the access-facing ports to protect the network from intentional or unintentional attacks.
- Port-security is used as a STP loop avoidance mechanism at the edge of Layer 2 campus Ethernet networks.
- Spanning Tree and the First Hop redundancy protocols should follow each other, it is called STP FHRP synchronization. Otherwise black holing and/or suboptimal forwarding occurs.