BPDU & Root Guard

A switch utilizes a cache of MAC addresses linked to each port to efficiently forward traffic. Still, when this cache is updated (like during topology changes in STP), it may need to "flood" unicast frames to all ports if it doesn't know the correct destination port, potentially impacting network performance; to mitigate this, configure access ports (connecting directly to host devices) with features like "PortFast" on Cisco switches to exclude them from topology change notifications, minimizing unnecessary flooding of unicast traffic.

 Key points:

 MAC address cache:

A switch stores MAC addresses associated with each port to quickly direct traffic.

 Flooding:

When a switch doesn't know the correct port for a destination MAC address, it sends the frame to all ports, even a unicast frame.

STP and topology changes:

Frequent changes in network topology, especially with Rapid Spanning Tree Protocol (RSTP), can cause the switch to update its MAC address cache frequently, leading to more flooding.

How to minimize flooding on access ports:

PortFast:

Configure "PortFast" on access ports on Cisco switches to prevent them from participating in topology change notifications, reducing unnecessary flooding.

 Edgeport (other vendors):

Similar functionality on non-Cisco switches is often referred to as "edgeport."

 STP commands to further control flooding:

 BPDU Guard:

If a port configured with PortFast receives a Bridge Protocol Data Unit (BPDU), which is expected on switch-to-switch links, it disables the port to prevent misconfiguration.

 BPDU Filter:

It drops all BPDUs on a port and is valid for links between separate switching domains.

Root Guard:

Prevents a switch connected to a specific port from becoming the root bridge in the Spanning Tree network, ensuring that only designated "core" switches can be the root.

Spanning Tree Port States

 Port States - Spanning Tree

When all network bridges have all their ports either in a "blocking" (inactive) or "forwarding" (active) state, the network is considered converged, meaning it has reached a stable loop-free topology; however, if a network change occurs, the network can become temporarily unavailable until the bridges recalculate their states and converge again, with RSTP (a few seconds or less) significantly reducing this downtime compared to the older STP (tens of seconds) protocol by converging much faster.

STP & RSTP - Spanning Tree

 Spanning Tree Protocol

This protocol requires a managed switch. Spanning tree prevents switching loops, which causes a broadcast storm. Without this, the switching loops continue until manually stopped.

Switching loops occur when both ends of the same cable are plugged into the same switch or adjacent wall jacks. This would also happen with multiple uplinks between two switches if LACP (Link Aggregation Control Protocol) is not configured. 

RSTP (Rapid Spanning Tree Protocol) improves STP by providing much faster convergence after any change to the topology. 

The other systems connected to the switch will eventually lose connection as though a DoS (Denial of Service) attack occurs. 

The DP (Designated Port) sends traffic down through the network. The RP (Root Port) sends traffic towards the root bridge. The BP (Blocking Port) prevents a switching loop.