How a Spanning Tree Works

Abstract

The way a switch learns Ethernet (MAC) addresses is by inspecting the Ethernet frame and recording the source MAC address in a dynamic table. The switch will also associate a learned MAC address with a port. It can then make intelligent forwarding decisions based on the destination MAC address. This white paper illustrates the process. This white paper focuses on Tree Protocol (STP), IEEE Standard 802.11, and addresses the functions of an Ethernet LAN switch.

Sample

Introduction

This paper focuses on Spanning Tree Protocol (STP), IEEE Standard 802.1D. But first, it's important to understand the functions of an Ethernet LAN switch:

Address learning
Address filtering
Forwarding of frames
Loop avoidance

Ethernet Header

First, the Ethernet LAN header contains information about the source MAC address and the destination MAC address.

Preamble 101010...11

Destination MAC ADD

Source MAC Add

Type/Length

Data

FCS

Ethernet Header

When host A sends a frame to host B on the same LAN, the switch learns the MAC address and port number, then stores it in the MAC-Address-Table (sometimes called the Content Addressable Memory (CAM) Table in larger switches).

Before any activity, the MAC-Address-Table is empty. Once Host A sends data to Host B, the MAC-Address-Table gets populated with Host A's MAC address. Because the switch does not know which port the destination MAC address is associated with, it floods the frame out all of the ports except the one it arrived on (in this case Port E1).

When Host B replies to Host A, the switch first learns the MAC address associated with Host B and the port to which it is attached. At this point, the switch will only forward the frame out of Port E1 because the MACaddress- table has already been populated with Host A's MAC and its associated port.

Eventually, all host MAC addresses will be learned in the same way, and the MAC-Address-Table will be populated.

Besides showing how a switch forwards frames, the preceding illustrates two other important switching concepts. One, if a switch does not have the destination MAC address in its table, or if the destination address is a broadcast (all ones in the destination MAC), the switch will flood the frame out all ports except the port it came in on. Second (and a partial follow-up on one), the default behavior for a switch is to flood.

Loops

Loop avoidance is another function of the switch. How do loops occur and how can they be prevented? One way for loops to occur is when a broadcast occurs on the LAN. Any dynamic discovery protocol may generate a broadcast Ethernet frame, for example, DHCP (Dynamic Host Configuration Protocol) DNS (Domain Name Service), or an ARP (Address Resolution Protocol). (ARP was discussed in a previous white paper, Router Vulnerabilities.) The switch will forward the broadcast frame out of all ports except the port that it came in on. If there is redundancy in the network, there will be a loop and, consequently, a broadcast storm, which is the endless forwarding of the same frame.

In the following example, Host A is ARPing for the MAC address of B. Because the switches have redundant links, the broadcast will continue to get propagated until the network can no longer function due to high bandwidth utilization of the links and high processor utilization on the hosts.

The solution for this problem is Spanning Tree Protocol (STP). STP is on by default on all Cisco switches. STP chooses a point of reference called the Root Bridge. By default the bridge with the lowest Bridge ID is chosen as the Root. The Bridge ID is a 64-bit field made up of the priority (the default is 32768) and the MAC address. If the default priority has not been changed, the Root will be chosen based on the lowest MAC address. The Root Bridge then sends Bridge Protocol Data Units (BPDUs) out all of its designated (forwarding) ports. If a bridge is not the Root (called a Non-Root Bridge), it will receive regular BPDU on the port that is closest to the Root, called the Root Port.