On networks that contain redundant paths between Layer 2 devices, a
common problem is bridging loops. Bridging loops occur because Layer 2 devices do not create boundaries for broadcasts or packet floods. Consequently, Layer 2 devices can use redundant paths to forward the same frames to each other continuously, eventually causing the network to fail.
To solve this problem, the BIG-IP®
system supports a set of industry-standard, Layer 2 protocols known as spanning tree protocols. Spanning tree protocols
block redundant paths on a network, thus preventing bridging loops. If a blocked, redundant path is needed later because another path has failed, the spanning tree protocols clear the path again for traffic. The spanning tree protocols that the BIG-IP system supports are Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP).
Central to the way that spanning tree protocols operate is the use of bridge
protocol data units (BPDUs). When you enable spanning tree protocols on Layer 2 devices on a network, the devices send BPDUs
to each other, for the purpose of learning the redundant paths and updating their L2 forwarding tables accordingly, electing a root bridge, building a spanning tree, and notifying each other about changes in interface status.
To configure and manage spanning tree protocols, log in to the BIG-IP
Configuration utility, and on the Main tab, expand Network
, and click Spanning Tree.
The BIG-IP system supports three different spanning tree protocols: STP,
RSTP, and MSTP. Table 21.1
lists the protocols and their IEEE specifications. Following the table is a brief summary of each protocol.
is the original spanning tree protocol, designed to block redundant paths as a way to prevent bridging loops. The STP algorithm creates one, and only one, spanning tree for the entire network. A spanning tree
is a logical tree-like depiction of the bridges on a network and the paths that connect them.
Because STP is unable to recognize VLANs and usually exhibits poor
performance overall, STP is not the preferred spanning tree protocol to use in VLAN-rich environments. However, all participating interfaces in the spanning tree must use the same spanning tree protocol at any given time. Thus, when you have legacy bridges in your environment that are running STP, interfaces on the BIG-IP system must have the ability to automatically degrade to STP. For more information on protocol degradation, see Using spanning tree with legacy bridges
Because STP has no knowledge of VLANs, you can have only one spanning
tree instance on the BIG-IP system when using STP. For more information on spanning tree instances, see Management of spanning tree instances
is an enhancement to STP, and was designed specifically to improve spanning tree performance. Like STP, RSTP can create only one spanning tree (instance 0
), and therefore cannot take VLANs into account when managing redundant paths. However, RSTPs performance improvements generally make it preferable to STP in non-VLAN environments.
In the case where legacy RSTP bridges are on the network, BIG-IP system
interfaces running MSTP can degrade to RSTP, just as they can degrade to STP. For more information on protocol degradation, see Using spanning tree with legacy bridges
is an enhancement to RSTP and is the preferred spanning tree protocol for the BIG-IP system. MSTP is specifically designed to understand VLANs and VLAN tagging (specified in IEEE 802.1q). Unlike STP and RSTP, which allow only one spanning tree instance per system, MSTP allows multiple spanning tree instances. Each instance corresponds to a spanning tree, and can control one or more VLANs that you specify when you create the instance. Thus, for any BIG-IP system interface that you assigned to multiple VLANs, MSTP can block a path on one VLAN, while still keeping a path in another VLAN open for traffic. Neither STP nor RSTP has this capability.
A unique feature of MSTP is the concept of spanning tree regions. A spanning tree region
is a logical set of bridges on the network that share the same values for certain MSTP configuration settings. These configuration settings are: The MSTP configuration name, the MSTP configuration number, the instance numbers, and the VLAN members of each instance. When the values of these settings are identical on two or more bridges, the spanning tree algorithm considers these bridges to constitute an MSTP region. An MSTP region
indicates to the spanning tree algorithm that it can use MSTP for all bridges in that region, and thus take VLANs into account when blocking and unblocking redundant paths.
You do not explicitly create a region. The spanning tree algorithm
automatically groups bridges into regions, based on the values you assign to the MSTP configuration name, revision number, instance numbers, and instance members.
MSTP can only operate on bridges that are within a region. However, if the
BIG-IP system connects to a bridge in a different MSTP region or outside of an MSTP region, the system still participates in spanning tree. In this case, the system is part of the spanning tree instance 0
, also known as the Common and Internal Spanning Tree (CIST).
A key concept about spanning tree protocols on the BIG-IP system is the
concept of protocol degradation. Protocol degradation
occurs when the spanning tree mode on the BIG-IP system is set to MSTP or RSTP, but the system detects legacy bridges (that is, bridges running an older protocol type) on the network. In this case, the BIG-IP system automatically degrades the spanning tree protocol that is running on each applicable interface to match the protocol running on the legacy device.
For example, suppose you set the BIG-IP system to run in MSTP mode.
Later, if a bridge running STP is added to the network, the BIG-IP system will detect the legacy device and automatically degrade the protocol running on the BIG-IP system interfaces from MSTP to STP. The mode is still set to MSTP, but the interfaces actually run STP.
If the legacy device is later removed from the network, you can choose, for
each BIG-IP system interface, to manually reset the spanning tree protocol back to MSTP.
The basic principle of protocol degradation is that each BIG-IP system
interface in a spanning tree runs the oldest protocol that the system detects on the Layer 2 devices of the network. Thus, if a legacy bridge running STP is added to the network, BIG-IP system interfaces running MSTP or RSTP degrade to STP. Similarly, if a legacy bridge is running RSTP (and no bridges are running STP), interfaces running MSTP degrade to RSTP.
Note that when a bridge running MSTP must degrade to RSTP, the spanning
tree algorithm automatically puts the degraded bridge into a separate MSTP region.
Regardless of which spanning tree protocol you choose to use, the BIG-IP®
Configuration utility offers a complete set of default configuration settings. Except for choosing a preferred spanning tree protocol to use, there are very few configuration settings that you need to modify to use the spanning tree feature effectively.
When you configure spanning tree on a BIG-IP system, you must first
decide which protocol, or mode, you want to enable. Because MSTP recognizes VLANs, using MSTP is preferable for the BIG-IP system. However, all bridges in a network environment that want to use spanning tree must run the same spanning tree protocol. If a legacy bridge running RSTP or STP is added to the network, the BIG-IP system must switch to that same protocol.
Fortunately, you do not need to continually reconfigure the BIG-IP system
spanning tree mode whenever a legacy bridge is added to the network. Instead, a BIG-IP system interface can detect the addition of a legacy bridge and automatically fall back to either RSTP or STP mode. If the legacy bridge is later removed from the network, you can use the Configuration utility to manually reset the interface back to running MSTP. For more information on legacy bridges, see Using spanning tree with legacy bridges
Once you have enabled a spanning tree mode, you can configure a set of
global options. These options are the same options that are defined in the IEEE standards for the spanning tree protocols. While you can use the default settings in most cases, a few settings require user input. For more information, see Global spanning tree properties
There are several properties you can configure on the BIG-IP system that
affect the behavior of all spanning tree protocols. These global properties apply to all spanning instances and all network interfaces. In most cases, you can use the default values for these properties.
option specifies the particular spanning tree protocol that you want to use on the BIG-IP system. The default value is Pass Through
. The possible values are:
| || |Disabled
Specifies that when the BIG-IP system receives spanning tree frames (BPDUs), it discards the frames.
| || |Pass Through
Specifies that when the BIG-IP system receives spanning tree frames (BPDUs), it forwards them to all other interfaces. This is the default setting. When you use Pass Through
mode, the BIG-IP system is transparent to spanning tree BPDUs. When set to Pass Through
mode, the BIG-IP system is not part of any spanning tree. Note that Pass Through
mode is not part of the IEEE spanning tree protocol specifications.
| || |STP
Specifies that the BIG-IP system handles spanning tree frames (BPDUs) in accordance with the STP protocol. This mode allows for legacy systems on the network. For more information on STP, see Introduction to spanning tree protocols
When you set the mode to MSTP or RSTP, and a legacy bridge running STP
is subsequently added to the spanning tree, the applicable BIG-IP system interface automatically changes to running STP. However, you can manually reset an interface to resume operation in RSTP or MSTP mode if the legacy bridge is later removed from the spanning tree.
When you change the value of the Hello Time
option, you change the time interval, in seconds, that the BIG-IP system transmits spanning tree information (through BPDUs) to adjacent bridges in the network. The default value for this option is 2
When you change the value of the Maximum Age
option, you change the amount of time, in seconds, that spanning tree information received from other bridges is considered valid. The default value is 20
, and the valid range is 6 to 40.
Note that when running RSTP, you must maintain the following
relationships between the Maximum Age
and the Hello Time
and Forward Delay
Primarily used for STP, the Forward Delay
option specifies the amount of time, in seconds, that the system blocks an interface from forwarding network traffic when the spanning tree algorithm reconfigures a spanning tree. The default value is 15
, and the valid range is 4 to 30.
This option has no effect on the BIG-IP system when running in RSTP or
MSTP mode, as long as all bridges in the spanning tree use the RSTP or MSTP protocol. However, if the addition of legacy STP bridges causes neighboring bridges to fall back to running the STP protocol, then the spanning tree algorithm uses the Forward Delay
option when reconfiguring the spanning tree.
When you change the value of the Transmit Hold Count
option, you change the maximum number of spanning tree frames (BPDUs) that the system can transmit on a port within the Hello Time
interval. This setting ensures that the spanning tree frames do not overload the network, even in unstable network conditions. The default value is 6
, and the valid range is 1 to 10.
If you are running MSTP, you can configure three additional global
properties: An MSTP configuration name, an MSTP configuration revision, and a maximum hop number.
Applicable to MSTP only, the MSTP Configuration Name
setting represents a global name that you assign to all bridges in a spanning tree region. A spanning tree region
is a group of bridges with identical MSTP configuration names and MSTP configuration revision levels, as well as identical assignment of VLANs to spanning tree instances.
All bridges in the same region must have this same configuration name. The
name must contain from 1 to 32 characters. This option only appears on the screen when you set the Mode
property to MSTP
Applicable to MSTP only, the MSTP Configuration Revision
setting represents a global revision number that you assign to all bridges in a spanning tree region. All bridges in the same region must have this same configuration revision number. The default value is 0
. You can type any value between 0 and 65535. This option only appears on the screen when you set the Mode
property to MSTP
Applicable to MSTP only, this global property specifies the maximum
number of hops that a spanning tree frame (BPDU) can traverse before it is discarded. The default value is 20
. You can specify a value between 1 and 255. This option only appears on the screen when you set the Mode
property to MSTP
By default, the spanning tree protocol STP is enabled on all of the interfaces
of the BIG-IP system. The default spanning tree configuration includes a single spanning tree instance, named 0
. A spanning tree instance
is a discrete spanning tree for a network. While STP and RSTP allow only one spanning tree instance (instance 0
), MSTP allows you to create multiple spanning tree instances, to manage redundant paths for specific VLANs on the network.
When running MSTP, instances that you create have instance members. An instance member
is a VLAN that you assign to an instance when you create that instance. You can assign as many or as few members to an instance as you deem necessary. By default, all VLANs on the BIG-IP system are members of instance 0
If you create an instance and attempt to add a VLAN that is already a
member of another instance, the BIG-IP system deletes the VLAN from the existing instance and adds the VLAN to the new instance.
You can view a list of existing spanning tree instances using the
Configuration utility. For STP and RSTP, the only instance in the list is instance 0
. For MSTP, the list shows instance 0
, plus any other instances that you have explicitly created. For information on creating a spanning tree instance, see Interfaces for spanning tree
The STP and RSTP protocols allow only one spanning tree instance,
, which the BIG-IP system creates automatically when you enable spanning tree. When running STP or RSTP, you can modify the properties of instance 0
, but you cannot create additional instances. For information on modifying the properties of an instance, see Viewing and modifying a spanning tree instance
When you are running MSTP, however, the MSTP algorithm can explicitly
create instances. The reason that you can create instances is that MSTP recognizes VLANs. By creating an instance and assigning one or more VLANs to it, you can control bridge loops and redundant paths within those VLANs.
For example, suppose you have two interfaces. One interface is assigned to
, while the other interface is assigned to VLANs A
. If you are using the STP or RSTP protocol, both of which disregard VLANs, the protocol might block traffic for both VLANs, as shown in Figure 21.1
By contrast, the MSTP protocol can make blocking decisions on a
per-VLAN basis. In our example, on the interface that carries traffic for two VLANs, you can block traffic for VLAN A
, but leave a path open for VLAN B
traffic. This is shown in Figure 21.2
Because all BPDUs exchanged within a region always reference instance 0
, instance 0
is active on all interfaces. This, in turn, can cause blocking problems. To avoid this, make sure that each VLAN on a BIG-IP system is a member of an instance that you explicitly create, rather than a member of instance 0
only. For example, suppose you create the following:
| || |Instance 1
with VLAN A
as a member, where VLAN A
is associated with interface 1.2
| || |Instance 2
with VLAN B
as a member, where VLAN B
is associated with interface 1.4
In this case, neither interface will be blocked, because the BPDUs sent from
each interface reference a unique instance (either instance 1
or instance 2
When you configure the Instance ID
setting, you specify a numeric value for the instance, in the range of 1
. The reason that instance names must be numeric is to handle the requirement that all cooperating bridges agree on the assignment of VLANs to instance IDs. Using numeric values instead of names makes this requirement easier to manage.
The bridge in the spanning tree with the lowest relative priority becomes the
root bridge. A root bridge
represents the root of a spanning tree, and is responsible for managing loop resolution on the network. F5 Networks®
recommends that you configure this setting so that the BIG-IP system never becomes the root bridge. For this reason, the default value for the Bridge Priority
setting is 61440
, the highest value that you can select. Note that a bridge priority must be in increments of 4096.
If you are running MSTP, you can add members to a spanning tree instance.
An instance member
is a VLAN. You add members to an instance by associating one or more VLANs with the instance. The interfaces or trunks associated with each VLAN automatically become part of the spanning tree corresponding to that instance.
For two or more bridges to operate in the same spanning tree, all of those
bridges must be in the same region, and therefore must have the same instance numbers, instance members, and VLAN tags.
For example, if a bridge has instance 1
, with two VLAN members whose tags are 1000
, then any other bridges that you want to operate in that spanning tree must also have instance 1
with two VLAN members whose tags are 1000
. For more information on MSTP regions, see The MSTP protocol
A particular VLAN cannot be associated with more than one spanning tree
instance. For example, if you have two instances named 0
, you can only associate VLAN external
with one of those instances, not both. Therefore, before creating an instance, verify that each VLAN you intend to associate with the instance is not a member of another instance.
Tip: If no VLANs appear in the Available
box when creating an instance, it is likely that all VLANs on the BIG-IP system are members of other instances. You can verify this by viewing the members of other instances.
Using the Configuration utility, you can view and modify properties of any
instance, including instance 0
. If you are running MSTP, you can modify the Bridge Priority
properties. If you are running RSTP or STP, you can modify only the Bridge Priority
property. In no case can you modify the instance ID.
If you are running MSTP, you might have explicitly created some spanning
tree instances. If so, you can delete any spanning tree instance except instance 0
You can also remove VLAN members from an instance. When you remove
a VLAN from an instance, the VLAN automatically becomes a member of instance 0
. (By default, instance 0
includes any VLAN that is not a member of another instance.)
Some of the configuration tasks you perform when managing a spanning
tree protocol pertain to BIG-IP system interfaces. The interface-related tasks you perform are:
When you check the box for the STP
setting, you are specifying that the interface can become part of a spanning tree. Once the interface becomes part of the spanning tree, the spanning tree protocol takes control of all learning and frame forwarding on that interface.
If you disable this setting, the spanning tree protocol treats the interface as
non-existent, and does not send BPDUs to that interface. Also, the interface, and not the spanning tree protocol, controls all learning and frame forwarding for that interface.
Note that you can also enable or disable spanning tree for a trunk. If
spanning tree is enabled on the reference link of a trunk (that is, the lowest-numbered interface of the trunk), then spanning tree is automatically enabled on that trunk. To disable spanning tree for a trunk, simply disable spanning tree on the reference link.
| || |auto
When you set the STP link type to auto
, the BIG-IP system determines the spanning tree link type, which is based on the Active Duplex
| || |p2p
When you set the STP link type to p2p
, the BIG-IP system uses the optimizations for point-to-point spanning tree links. Point-to-point links connect two spanning tree bridges only. For example, a point-to-point link might connect a 10 Gigabit link to another bridge. For point-to-point links, the Active Duplex
property interface should be set to full
Note that p2p
is the only valid STP link type for a trunk.
| || |shared
When you set the STP link type to shared
, the BIG-IP system uses the optimizations for shared spanning tree links. Shared links connect two or more spanning tree bridges. For example, a shared link might be a 10 Megabit hub. Note that for shared links, the Active Duplex
interface property should be set to half
When you enable the STP Edge Port
setting, you are explicitly designating the interface as an edge port. An edge port
is an interface that connects to an end station rather than to another spanning tree bridge. The default setting is disabled (not checked).
If you would rather have the system automatically designate the interface as
an edge port, you can enable the STP Edge Port Detection
setting instead, described in the following section.
If you enable (check) the STP Edge Port
setting and the interface subsequently receives STP, RSTP, or MSTP frames (BPDUs), the system disables the setting automatically, because only non-edge interfaces receive BPDUs.
When you enable the STP Edge Port Detection
setting, the system determines whether the interface is an edge port, and if so, automatically designates the interface as an edge port. The system determines edge port status by monitoring the interface and verifying that it does not receive any incoming STP, RSTP, or MSTP frames (BPDUs).
If the system determines that the interface is not an edge port, but you
enabled the STP Edge Port
setting to explicitly designate the interface as an edge port, the system removes the edge port designation from the interface. No interface that receives BPDUs from a bridge can have edge port status, despite the values of the STP Edge Port
and STP Edge Port Detection
As described in Global spanning tree properties
, the spanning tree algorithm automatically detects the presence of legacy STP bridges on the network, and falls back to STP mode when communicating with those bridges. Because legacy STP bridges do not send spanning tree BPDUs periodically in all circumstances, the BIG-IP system cannot detect when a legacy STP bridge has been removed from the network. Therefore, it is necessary to manually notify the BIG-IP system that the algorithm can switch to the RSTP or MSTP protocol again, whenever a legacy bridge has been removed.
If you are using MSTP, the interface IDs that appear in the list are the
interfaces assigned to the VLANs that you specified when you created the instance. If you are using STP or RSTP, the interface IDs in the list are those that the BIG-IP system automatically assigned to instance 0
Once you have used the previous procedure to view the list of interfaces
associated with a particular spanning tree instance, you can view the properties associated with that interface. Some of these properties are those that you configured using the Interfaces screen.
The Port Role
property of a per-instance interface specifies the interfaces role in the spanning tree instance. You cannot specify a value for this property; the BIG-IP system automatically assigns a role to the interface.
| || |Disabled
The interface has no active role in the spanning tree instance.
| || |Root
The interface provides a path to a root bridge.
| || |Alternate
The interface provides an alternate path to a root bridge, if the root interface is unavailable.
| || |Designated
The interface provides a path away from the root bridge.
| || |Backup
The interface provides an alternate path away from the root bridge, if an interface with a port role of Designated
is unavailable. The Backup
role assignment is rare.
The Port State
property of an interface specifies the way that the interface processes normal data packets. You cannot specify a value for this property; the BIG-IP system automatically assigns a state to the interface.
| || |Blocking
The interface disregards any incoming frames, and does not send any outgoing frames.
| || |Learning
The interface is determining information about MAC addresses, and is not yet forwarding frames.
Each interface has an associated priority within a spanning tree instance.
The relative values of the interface priorities affect which interfaces the system chooses to carry network traffic. Using the Interface Priority
setting, you can select the interface's priority in relation to the other interfaces that are members of the spanning tree instance.
Typically, the system is more likely to select interfaces with lower numeric
values to carry network traffic. A priority value that you assign to an interface can be in the range of 0
, in increments of 16. Thus, the value you assign to an interface can be 0
, and so on, up to 240
Each interface has an associated path cost within a spanning tree instance.
The path cost
represents the relative cost of sending network traffic through that interface. When calculating the spanning tree, the spanning tree algorithm attempts to minimize the total path cost between each point of the tree and the root bridge. By manipulating the path costs of different interfaces, you can steer traffic toward paths that are either faster, more reliable, more economical, or have all of these qualities.
The value of a path cost can be in the range of 1
, unless you have legacy STP bridges. In that case, because some legacy implementations support a range of only 1
, you should use this more restricted range when setting path costs on interfaces.
For example, an interface that has a maximum speed of 1000 Mb/s (1 Gb/s),
but is currently running at a speed of 10 Mb/s, has a default path cost of 20,000
| || |External Path Cost
The External Path Cost
setting is used to calculate the cost of sending spanning tree traffic through the interface to reach an adjacent spanning tree region. The spanning tree algorithm tries to minimize the total path cost between each point of the tree and the root bridge. The external path cost applies only to those interfaces (and trunks) that are members of instance 0
| || |Internal Path Cost
The Internal Path Cost
setting allows you to specify the relative cost of sending spanning tree traffic through the interface to adjacent bridges within a spanning tree region. Note that the internal path cost applies only to bridges that support the MSTP mode. The internal path cost applies to those interfaces (and trunks) that are members of any instance, including instance 0
To summarize, STP and RSTP use external path costs only, and the costs
apply to instance 0
interfaces only. MSTP uses both external and internal path costs, and the internal costs apply to interfaces in all spanning tree instances, including instance 0