Overview & Thematic Scope
Spanning Tree Protocol (STP) and its rapid and multiple-instance variants—RSTP (802.1w) and MSTP (802.1s)—remain foundational for loop-free Layer 2 network design. This FAQ addresses pre-sales architectural questions and post-sales troubleshooting scenarios encountered by enterprise and ISP network engineers. Coverage includes convergence timing, VLAN-to-instance mapping, root bridge selection, TC propagation limits, and multi-vendor interoperability.
Frequently Asked Questions
- Q1: What is the actual convergence time difference between RSTP and legacy STP (802.1D) in a typical enterprise edge deployment?
- RSTP converges in under 6 seconds (typically 1-3 seconds) compared to legacy STP’s 30-50 seconds. RSTP achieves this through explicit handshaking (proposal/agreement) on point-to-point links and the alternate/backup port mechanism, eliminating the need for the listening and learning timers. For a 10-switch daisy-chain topology, RSTP restores connectivity in ~2s, while 802.1D requires ~30s.
- Q2: How many MSTP instances can a typical data center top-of-rack switch support, and what is the recommended maximum to avoid CPU overload?
- Most enterprise-class switches support 16 to 64 MSTP instances, but the recommended operational maximum is 8-12 instances for stable CPU utilization below 15%. Each additional instance increases BPDU processing overhead and memory consumption for the spanning-tree database. Beyond 15 instances on a 1 GHz control-plane CPU, TC (Topology Change) events can cause 200-300ms BPDU processing latency, risking inconsistent port states.
- Q3: During a root bridge failure, how does RSTP select a new root and what causes ‘root inconsistency’ errors on access ports?
- RSTP selects a new root based on the lowest bridge ID (priority + MAC) among remaining switches within 6 seconds of missing BPDUs (3 Hello intervals). ‘Root inconsistency’ errors occur when an access port configured as ‘portfast’ or ‘edge port’ receives superior BPDUs, indicating another switch is claiming root role. Resolution requires removing the rogue device or disabling ‘portfast’ on that interface and allowing normal STP negotiation.
- Q4: Can you run RSTP on some switches and MSTP on others within the same Layer 2 domain without causing loops?
- Yes, MSTP is backward-compatible with RSTP at the boundary, but interoperability forces all MSTP regions to behave as a single RSTP bridge. This creates a ‘Common Spanning Tree’ (CST) that does not load-balance VLANs across multiple links. To safely integrate, configure the MSTP region boundary ports with ‘no spanning-tree mst pre-standard’ and verify that the external root priority matches. Expect all VLANs within an MSTP instance to share the same RSTP forwarding state on boundary ports.
- Q5: What are the critical CLI commands to troubleshoot ‘TCN floods’ (continuous Topology Change Notifications) on a production network running MSTP?
- Execute ‘show spanning-tree mst detail’ to view TC counter increments per instance, and ‘show spanning-tree interface [port] statistics’ to identify which port is flapping. A healthy switch shows <5 TCs per hour. For persistent TCN floods (>100 TCs/minute), use ‘debug spanning-tree events’ (during maintenance) to isolate the unstable link. Mitigation commands: ‘spanning-tree mst [instance-id] root primary’ to stabilize root assignment, and ‘spanning-tree guard loop’ on ports connecting to end devices.
- Q6: How does MSTP map VLANs to instances, and what happens if two switches have inconsistent VLAN-to-instance mapping tables?
- MSTP uses a configuration digest (MD5 hash of the VLAN-to-instance mapping table) to determine region membership. If two switches have inconsistent mappings, they fall back to RSTP compatibility mode on the link between them, creating a CST boundary and losing per-instance load balancing. To prevent this, always use identical ‘instance [id] vlan [range]’ commands across all switches in the region, then verify with ‘show spanning-tree mst configuration digest’.
- Q7: In a brownfield migration from PVST+ to MSTP, what is the recommended procedure to avoid Layer 2 loops during the transition?
- The safe migration procedure is: (1) Enable MSTP on all switches but set ‘spanning-tree mst simulate pvst disable’ to maintain PVST+ BPDU transparency; (2) Change root priorities in MSTP to match PVST+ root VLANs; (3) Shift access-layer switches first, then distribution, finally core, waiting 2x forward delay (30s) between tiers; (4) Verify with ‘show spanning-tree mst summary’ that all ports are in forwarding state before disabling PVST+. Total maintenance window: 90-120 seconds of potential reconvergence.
- Q8: Does RSTP or MSTP support per-VLAN load balancing without using PVST+, and what are the hardware limitations?
- MSTP supports per-instance load balancing, where up to 4094 VLANs can be grouped into 8-16 logical instances. Each instance creates an independent active topology, allowing different root bridges per instance. Hardware limitation: TCAM (Ternary Content Addressable Memory) entries for MAC address tables are shared across all instances; a 24-port switch with 16K MAC table entries can support 12 MSTP instances before MAC move latency exceeds 500ms. To achieve per-VLAN granularity like PVST+, you must use MSTP with one instance per VLAN, but this is not recommended beyond 8 VLANs due to BPDU overhead.
Summary & Next Steps
RSTP and MSTP remain essential for loop-free resilience with modern convergence requirements. For greenfield deployments, MSTP with 8 VLAN-to-instance mappings offers the best balance of load balancing and CPU efficiency. Always validate BPDU guard, root guard, and loop guard on edge ports to contain topology changes. For multi-vendor environments, test interoperability using a dedicated MSTP region boundary port configuration.
Leave a comment