STP Link Manipulation

Submitted by rayc on Mon, 10/25/2021 - 09:15

By default STP works straight out of the box. You buy a switch and plug it in and boom STP works. Well, 802.1D (PVST if using Cisco Switches) works by default. While PVST is great, it's slow so we would configure it for PVRSTP or MST. Again, these work straight away and by default will choose which ports are forwarding and which are blocking. But what if we want to manually choose one link over another? To do this, we first need to understand what we want to change and how the port election process works. 

Root Port selection

The root port selection process will choose the best port for the Root Port based on the following:

  • Lowest root path cost
  • Lowest system priority of the advertising switch
  • The interface associated with the lowest system MAC of the advertising switch
  • Lowest port priority of the advertising switch
  • lowest port number of the advertising switch

 

Forwarding/Blocking Designated Port Selection

A Switch will choose which Designated Port is forwarding and which is blocking based on the following:

  • Interface must be a DP and not an RP
  • Switch with the lowest Root Port cost forwards and the other blocks.
  • Remote Switch with the lowest system priority forwards traffic
  • Switch with the lowest System MAC address forwards. 

 

We will once again use the 3 Switch topology that I love to use for these examples.

STP Link Manipulation topology

In this example all switches are running PVRSTP with SW1 as the root with a configured priority value of 0 for VLAN's 1-30. With default values and Default port costs etc, SW1 is the root, and the ports are as follows:

SW1:

  • G1/0/2 - Designated port and is Forwarding
  • G1/0/3 - Designated port and is Forwarding

SW1 sh span vl 10 port information

SW2:

  • G1/0/1 - Root port and is Forwarding
  • G1/0/3 - Designated Port and is Forwarding
  • G1/0/4 - Designated Port and is Forwarding

SW2 sh span vl 10 port information

SW3

  • G1/0/1 - Root port and is Forwarding
  • G1/0/2 - Alternate port and is Blocking
  • G1/0/3 - Alternate port and is Blocking

SW3 sh span vl 10 port information

Root Path Manipulation

Let's take a look at manipulating the Root Path selection first. We know by looking at the selection process that the first criteria is the shortest path cost to the root bridge. Both SW2 and SW3 have chosen their G1/0/1 interfaces with a default path cost of 4. To calculate the path cost, when a switch receives a BPDU from an upstream switch, the cost of the ingress interface is added to the root path cost before forwarding the BPDU. Below is a packet capture of the BPDU showing the root path cost. 

RSTP BPDU packet capture of headers

In order to change the RP on SW3 to prefer the path through SW2 out the G1/0/2 interface, there are two options. One is to alter the port cost on the ingress interface receiving the BPDU from SW1 so that the cost is higher than through SW2 and the other is to lower the cost on the ingress interface on SW3 so that the cost is less than the direct path cost out the G1/0/1 interface. To modify the port cost use the interface command spanning-tree cost <value>. For this example because G1/0/1 on SW3 has a direct path cost of 4, I will set the G1/0/1 interface on SW2 to 1 and the G1/0/3 interface on SW3 to have a path cost of 2 giving it a total path cost of 3. 

SW2 G1/0/1 span cost 1

SW3 G1/0/3 interface spanning-tree cost 3

Now let's take a look at the sh span vlan 10 output on SW3 and confirm that the Root port is now out the G1/0/3 interface with a cost of 2.

SW3 sh span vl 10 cost of 2

Notice that the cost of the Root port is 2 and not 3. This is because when viewing the Root Port cost in the show spanning-tree command the value is that of the interface, not the total path cost. To Show this, I will reset the cost of the G1/0/1 port on SW2 back to the default of 4.

SW2 interface G1/0/1 no span cost 1

And now take a look at the output of the sh span vlan 10 command on SW3 to verify that the Root Port is now G1/0/1 again.

SW3 sh span vl 10 post SW2 cost reset

As you can see, the cost in the show command is just that Switches ingress interface cost not the total cost of the path to the Root switch. In order to calculate the root path cost, you will need to know the cost from all upstream switches and add them together. 

In the below packet capture you can see the changes that were made to the path cost from SW2 and where SW3 started advertising it's path cost as 3 in the TCN BPDU.

Packet Capture of TCN BPDUs after path cost change

In saying that, you can find the root path cost by using the command show spanning-tree [vlan <id>] root cost. To show this I connected a fourth switch to SW3 in the above topology on port G1/0/4. The output of the command show spanning-tree root cost on SW4 shows a cost of 8 which is the G0/1 interface of SW4 + the G1/0/1 interface cost from SW3 while the output of show spanning-tree vlan 10 still shows a cost of 4.

SW4 sh span root cost

STP Port Priority

You can alter a switch ports STP port priority to influence path selection when you have redundant links connected to the same switch. Altering the port priority influences which port will be used as an alternate path to the Root for the downstream switch. For example in our 3 switch topology above, we have redundant links connected between SW2 and SW3. Currently, if SW2 experiences a direct link failure on its G1/0/1 interface the RP will fail over to G1/0/3. If you recall the STP RP selection criteria, after path cost, system priority, lowest system MAC and the lowest port priority is the lowest interface number and given that we have 2 switches connected using redundant links, the path cost, system priory, system MAC and default port priority are all going to be identical leaving the lowest port as the RP selection. This is shown in the output of the below show spanning-tree vlan 10 command on SW2.

SW2 show spanning-tree vlan 10 with default port cost

Now if instead we wanted SW2 to prefer the path over G1/0/4, we could manually set the port priority of port on the upstream switch using the interface configuration subcommand spanning-tree port-priority <num> where the number is a multiple of 16. In this case, we will change the port priority of the G1/0/3 interface on SW3.

SW3 spanning-tree port-priority 16 command

We can then verify that G1/0/4 is now the RP by again looking at the show spanning-tree vlan 10 command on SW2.

SW2 show spanning-tree vlan 10