| Table of Contents |
|---|
Summary
...
...
The purpose of spanning tree protocol is to provide the ability to create loop-free Layer 2 topologies while having redundant links. While connecting multiple bridges or just cross-connecting bridge ports, it's possible to create network loops that can severely impact the stability of the network. Spanning tree protocol aims to resolve this problem by introducing the concept of the root bridge, all bridges in the same Layer 2 domain will exchange information about the shortest path to the root bridge. Afterward, each bridge will negotiate which ports to use to reach the root bridge. This information exchange is done with the help of Bridge Protocol Data Units (BPDUs). STP will disable certain ports for each bridge in order to avoid loops, while still ensuring that all bridges can communicate with each other. For an in-depth description of protocol please refer to IEEE 802.1Q1D.
As a best practice, it is always recommended to manually set up each bridge's priority, port priority, and port path cost to ensure proper Layer2 functionality at all times. Leaving STP related values to defaults are acceptable for a network that consists of 1 to 2 bridges running with (R/M)STP enabled, but it is highly recommended to manually set these values for larger networks. Since STP elects a root bridge and root ports by checking STP related values from bridges over the network, then leaving STP settings to automatic may elect an undesired root bridge and root ports and in case of a hardware failure can result in an inaccessible network.
| Info |
|---|
RouterOS bridge does not work with PVST and its variants. The PVST BPDUs (with a MAC destination 01:00:0C:CC:CC:CD) are treated by RouterOS bridges as typical multicast packets. In simpler terms, they undergo RouterOS bridge/switch forwarding logic and may get tagged or untagged. |
Monitoring
...
You can check the STP status of a bridge by using the /interface bridge monitor command, for example:
| Code Block | ||
|---|---|---|
| ||
/interface bridge monitor bridgebridge1 state: enabled current-mac-address: 64B8:D169:54F4:D930:2719:E6FE root-bridge: yesno root-bridge-id: 0x30000x1000.64B8:D169:54F4:D930:2719:E6FD root-path-cost: 04000 root-port: nonesfp-sfpplus2 port-count: 52 designated-port-count: 1 fast-forward: 5yes |
Note that the root bridge doesn't have any root ports, only designated ports.
...
| Code Block | ||
|---|---|---|
| ||
/interface bridge port monitor 2 [find interface=sfp-sfpplus2] interface: ether3sfp-sfpplus2 status: in-bridge port-number: 31 role: root-port edge-port: no edge-port-discovery: yes point-to-point-port: yes external-fdb: no sending-rstp: yes learning: yes forwarding: yes path-cost: 2000 root-path-cost: 104000 designated-bridge: 0x30000x8000.64DC:D12C:546E:D99E:2711:E61C designated-cost: 02000 designated-port-number: 4 hw-offload-group: switch12 |
Note Note that root-bridge-id consists of the bridge priority and the bridge's MAC address, for non-root bridges the root bridge will be shown as designated-bridge. One port can have one role in an STP enabled network, below is a list of possible port roles:
...
| Note |
|---|
When using bridges that are set to use 802.1Q as EtherType, they will send out BPDUs to 01:80:C2:00:00:00, which are used by MSTP, RSTP, and STP. When using 802.1ad as bridge VLAN protocol, the BPDUs are not compatible with 802.1Q bridges and they are sent to 01:80:C2:00:00:08. (R/M)STP will not function properly if there are different bridge VLAN protocols across the Layer2 network. |
STP and RSTP
...
STP and Rapid STP are used widely across many networks, but almost all networks have switched over using only RSTP since of its benefits. STP is a very old protocol and has a convergence time (the time needed to fully learn network topology changes and to continue properly forwarding traffic) of up to 50 seconds. RSTP has a lot of smaller convergence time, a few seconds or even a few milliseconds. It is recommended to use RSTP instead of STP since it is a lot faster and is also backward compatible with STP. One of the reasons why RSTP is faster is because of reduced possible port states, below is a list of possible STP port states:
...
When creating a bridge or adding a port to the bridge the following are the default values that are assigned by RouterOS:
- Default bridge priority: 32768 / 0x8000
- Default bridge port path cost: 10
- Default bridge port priority: 0x80
- BPDU message age increment: 1
- HelloTime: 2
- Default max message age: 20
by RouterOS:
- Default bridge priority: 32768 / 0x8000
- Default bridge port path cost: based on interface speed
- Default bridge port priority: 0x80
- BPDU message age increment: 1
- HelloTime: 2
- Default max message age: 20
The bridge interface setting port-cost-mode changes the port path-cost and internal-path-cost mode for bridged ports, utilizing automatic values based on interface speed. This setting does not impact bridged ports with manually configured path-cost or internal-path-cost properties. Below are examples illustrating the path-costs corresponding to specific data rates (with proportionate calculations for intermediate rates):
| Data rate | Long | Short |
|---|---|---|
| 10 Mbps | 2,000,000 | 100 |
| 100 Mbps | 200,000 | 19 |
| 1 Gbps | 20,000 | 4 |
| 10 Gbps | 2,000 | 2 |
| 25 Gbps | 800 | 1 |
| 40 Gbps | 500 | 1 |
| 50 Gbps | 400 | 1 |
| 100 Gbps | 200 | 1 |
For bonded interfaces, the highest path-cost among all bonded member ports is applied, this value remains unaffected by the total link speed of the bonding. For virtual interfaces (such as VLAN, EoIP, VXLAN), as well as wifi, wireless, and 60GHz interfaces, a path-cost of 20,000 is assigned for long mode, and 10 for short mode. For dynamically bridged interfaces (e.g. wifi, wireless, PPP, VPLS), the path-cost defaults to 20,000 for long mode and 10 for short mode. However, this can be manually overridden by the service that dynamically adds interfaces to bridge, for instance, by using the CAPsMAN datapath.bridge-cost setting. RouterOS versions prior to 7.13 RouterOS does not change port path cost based on the link speed, for 10M, 100M, 1000M, and 10000M link speeds the default path cost value when a port is added to a bridge are was always 10.
The age of a BPDU is determined by how many bridges have the BPDU passed times the message age since RouterOS uses 1 as the message age increment, then the BPDU packet can pass as many bridges as specified in the max-message-age parameter. By default this value is set to 20, this means that after the 20th bridge the BPDU packet will be discarded and the next bridge will become a root bridge, note that if max-message-age=20on is set, then it is hard to predict which ports will be the designated port on the 21st bridge and may result in traffic not being able to be forwarded properly.
...
SW3: ether2, has root path cost of 0 + 2510=2510. On the ether4 path cost will be 10+5+25+0=40
...
| Property | Description |
|---|---|
| priority (integer: 0..65535 decimal format or 0x0000-0xffff hex format; Default: 32768 / 0x8000) | /interface bridge msti, MST Instance priority, used to elect a regional root inside a MSTP region. |
| internal-path-cost (integer: 1..4294967295200000000; Default: 10) | /interface bridge port, path cost to the regional root for unknown VLAN IDs (MSTI0), used on a root port inside a MSTP region. |
| priority (integer: 0..240; Default: 128) | /interface bridge port mst-override, MST port priority for a defined MST Instance, used on a bridge port on the regional root bridge. |
| internal-path-cost (integer: 1..200000000; Default: 10) | /interface bridge port mst-override, MST port path cost for a defined MST Instance, used on a non-root bridge port inside a MSTP region. |
...
| Property | Description |
|---|---|
| priority (integer: 0..65535 decimal format or 0x0000-0xffff hex format; Default: 32768 / 0x8000) | /interface bridge, CIST bridge priority, used to elect a CIST root bridge. |
| priority (integer: 0..240; Default: 128) | /interface bridge port, CIST port priority, used on a CIST root bridge to elect CIST root ports. |
| path-cost (integer: 1..4294967295200000000; Default: 10) | /interface bridge port, CIST port path cost, used on a CIST non-root bridge port to elect CIST root ports. |
...
| Property | Description |
|---|---|
| disabled (yes | no; Default: no) | Whether entry is disabled. |
| internal-path-cost (integer: 1..200000000; Default: 10) | Path cost for an MST instance's VLAN mapping, used on VLANs that are facing towards the root bridge to manipulate path selection, lower path cost is preferred. |
| identifier (integer: 1..31; Default: ) | MST instance identifier. |
| priority (integer: 0..240; Default: 128) | The priority an MST instance's VLAN, used on VLANs that are facing away from the root bridge to manipulate path selection, lower priority is preferred. |
| interface (name; Default: ) | Name of the port on which use configured MST instance's VLAN mappings and defined path cost and priority. |
...
| Code Block | ||
|---|---|---|
| ||
/interface bridge monitor bridge
state: enabled
current-mac-address: 6C:3B:6B:7B:F0:AA
root-bridge: no
root-bridge-id: 0x1000.64:D1:54:24:23:72
regional-root-bridge-id: 0x4000.6C:3B:6B:7B:F0:AA
root-path-cost: 10
root-port: ether4
port-count: 5
designated-port-count: 3
mst-config-digest: 74edbeefdbf82cf63a70cf60e43a56f3 |
...
In MSTP it is possible to monitor the MST Instance, this is useful to determine the current regional root bridge for a certain MST Instance and VLAN group, below you can find an example to monitor an MST Instance:
| Code Block | ||
|---|---|---|
| ||
/interface bridge msti monitor 1
state: enabled
identifier: 2
current-mac-address: 6C:3B:6B:7B:F0:AA
root-bridge: no
root-bridge-id: 0.00:00:00:00:00:00
regional-root-bridge-id: 0x1002.6C:3B:6B:7B:F9:08
root-path-cost: 0
root-port: ether2
port-count: 5
designated-port-count: 1 |
...
It is also possible to monitor a certain MST Override entry, this is useful to determine the port role for a certain MST Instance when configuring root ports and alternate/backup ports in an MSTP region, below you can find an example to monitor an MST Override entry:
...
| Code Block | ||
|---|---|---|
| ||
/interface bridge set bridge priority=0x1000 protocol-mode=mstp vlan-filtering=yes |
When MSTP regions have been configured, you can check if they are properly configured by forwarding traffic, for example, send tagged traffic from the first device to the third device and change the VLAN ID for the tagged traffic to observe different paths based on VLAN ID. When this is working as expected, then you can continue to configure CIST related parameters to elect a CIST root bridge and CIST root ports. For consistency we will choose the first device in the first region to be the CIST root bridge and to ensure the consistency in case of failure we can set a higher priority to all other bridges.
...