There's a bridge storm comin'

802.1D, this is the classic spanning-tree protocol and NOT as my good colleague suggested the model number for the Enterprise in Star Trek 'Next Generation' which we all know was the NCC 1701D.

We all like failover, fallback and redundancy in our networks. Resilience to failure of any one (or more) components in the network is always a good thing. In the switching world we use spanning tree to offer us the ability to create a dynamic loop free layer 2 bridge topology. How does it do this? Well by using specific frames on the network called BPDU's (Bridge Protocol Data Units) the spanning-tree protocol dynamically 'blocks' one of the links in the redundant loop.

Here is the basic topology

Here we have a physical loop for traffic moving from Switch A to Switch B to Switch C or Switch A to Switch C to Switch B...you get the idea. The point is that traffic flow like that can easily and very quickly get out of hand and cause what is common miss-quoted as a spanning-tree loop but which is in fact a bridging or switching loop.

In a bridging loop example, Switch C receives a request from a node connected to one of it's ports (Client PC). The destination for the request is to an unknown host (Web Server) connected to Switch A. Now Switch A (who doesn't know Web Server is connected to Switch A) broadcasts the frame out of all ports (remember, this is the default behaviour of a switch for an unknown destination mac address). The layer 2 mac request is picked up by the host connected to Switch A who politely passes that information back to Switch C ("Hey I'm Web Server and here is my MAC address so populate your mac table!"). Now crucially Switch_B forwards the initial lookup sent from Client PC out of all of it's ports (remember it also doesn't have a layer 2 mapping for the frame). The MAC request gets to Switch_A from Switch_B and Switch A forwards the frame to Client PC and that's all fine. Now also recall that Switch A is going to flood the frame out of all ports except the one it received from. This means that the frame from Switch B is sent out toward Switch C! So you can see how a switch could get confused about which way to send traffic and this is for a unicast lookup. Now if we think about broadcast traffic where the frame is always sent to all ports this loop design is going to cause some headaches. Indeed I've seen this sort of thing bring down pretty big switches very very easily and they are difficult to find  except for asking who just did something ;-)

So spanning-tree is pretty essential for workable layer 2 resilience. In the diagram you can see an etherchannel there though...and thats a loop isn't it? Two links between switches...feels a bit 'loopy' to me. Well you know etherchannel in IOS and LAG in JunOS are a great way of adding resilience between switches as well as capacity and the good news is that to spanning tree they look like one link.

Thanks for reading and the colleague who suggested 802.1D was the model number for the Enterprise wishes you all a good night.