Networking Notebook

Richard Pateau

STP Root Bridge and Port Roles

Today, we are going to talk about the root bridge and port roles in STP. STP is a protocol that provides a loop free topology so that networks can have redundant links without it causing a broadcast storm. In order for STP to provide redundancy while preventing layer 2 loops, switches and ports need to be assigned a role on what to do based on STP metrics. 


The first thing that needs to be done for STP to be fully functional is that a switch needs to take on the role of becoming the root bridge. The root bridge is the logical center of the STP topology and is the reference point to where all calculations will be made. The root bridge is vital to an STP topology because on non-root switches, root and designated ports are chosen based on the shortest path to the root bridge. In an STP topology only one root bridge can be elected, and all the other switches will be non-root switches. A switch is selected as the root bridge if it has the lowest bridge ID. A bridge ID consists of 64 bits (8 bytes), with 16 bits for the priority value (which can be a configurable number, and 48 bits for the MAC address. For Cisco’s version pvst+, it is still 8 bytes but 4 bits for priority value, 12 bits extended system ID, and 48 bits for the MAC address. Extended System ID is a field in the bridge ID that identifies which VLAN the Bridge ID belongs to. Since pvst+ allows different STP instances per VLAN, in order to differentiate VLANs, extended system ID was created to identify the VLAN. This leads to unique Bridge IDs for one switch even though it has the same MAC address and it operates the same as a regular Bridge ID when determining the root bridge. If the bridge IDs for 2 or more switches in a topology are the same, then the MAC address will serve as the tie-breaker. Since MAC addresses are hexadecimals, numbers take precedence of letters so if a MAC address is for switch 1 000f.00AB.0000 or switch 2 000f.009B.0000. Switch 2 will become the root bridge.

All switches in the topology will then come to agreement on who to be the root bridge. Switches are able to collectively know which switch the root bridge is by exchanging BPDUs (Bridge Protocol Data Unit). BPDUs are sent every couple seconds in order to not only configure the root bridge and port states and roles but to also maintain a topology. If anything changes in a topology these BPDUs will notify all other switches of the change so the logical topology can be recalculated. As soon as the switches have been enabled with STP and are connected to other switches, each switch will start sending BPDUs immediately. Initial BPDUs are meant to compare the Bridge IDs, and collectively come to agreement on who should be the Root Bridge. 

Once the root bridge has been decided every switch must choose the port roles of all active switches. By default, all the ports on the root bridge are designated ports which are always forwarding. From there non-root switches will select a root port. The root port is a forwarding port and is responsible for forwarding data traffic towards the root bridge. The root port will be the port on a non-root switch that has the lowest path cost to the root bridge. If there is a tie for the root port, then the tie-breaker is the neighbors Bridge ID. The port whose neighbor has the lowest bridge ID becomes the root port. And if that is a tie as well, the final tie breaker is the neighbor with the lowest port ID. 

       Root Port Election

  1. Lowest cumulative path cost to root bridge
  2. Lowest neighbor Bridge ID
  3. Lowest neighbor Port ID 

There must be one root port for every non-root switch. Once that root port is selected, a designated port must be selected. The responsibility of the designated port is to forward traffic to and from the segment (the link between the ports on the end of each switch) that the port is on. The designated port is a forwarding port and forwards traffic away from the root bridge. During this election, one port on the segment will be designated, and one will become a blocking port. Every segment (the link between the ports on the end of each switch) in this topology will have this election, and after this election every port should have a role. The designated port on a specific segment on the non-root switch that has the lowest path cost to the root bridge. If that ends up being a tie, then the port that belongs to the switch with the lowest Bridge ID wins. Once the designated port is chosen, the opposite end will be in a blocking mode and won’t be forwarding any traffic at all.

       Designated Port Election

  1. Lowest cumulative path cost to root bridge
  2. Lowest bridge ID 

From here the loop-free topology has been established, and the only thing besides forwarding and blocking the switchports are doing is sending and listening for BPDUs. BPDUs starting out were to figure out the root bridge but once the topology has been established it will contain: 

  1. Root Bridge ID
  2. Sender Bridge ID
  3. Sender Port ID
  4. Root Path costs
  5. Timers (Hello, Max Age, Forward delay)

Leave a Reply

Your email address will not be published. Required fields are marked *