Home Search Center IP Encyclopedia Online Courses Intelligent Model Selection

What Is STP Loop Protection?

On a network running a spanning tree protocol, a switching device maintains the status of the root port and the blocked port by continually receiving Bridge Protocol Data Units (BPDUs) from the upstream switching device. If the ports cannot receive BPDUs from the upstream switching device due to link congestion or unidirectional link failures, the switching device will re-select a root port. The original root port becomes a designated port, and the original blocked port changes to the Forwarding state, which may cause loops on the network.
STP loop protection is an enhanced function of STP. After loop protection is enabled, if the root port or alternate port does not receive BPDUs from the upstream device for a long time, the root port or alternate port does not change to the Forwarding state. This prevents loops on the network. After link congestion is eliminated or unidirectional link failures are rectified, the port receives BPDUs for negotiation and restores its original role and status.

How Does Loop Protection Work?

Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), or VLAN-based Spanning Tree (VBST) can be deployed on switching devices to prevent loops on Layer 2 networks. In some cases, a loop may occur on the network when the blocked port on a device running a spanning tree protocol changes to the Forwarding state. The loop protection function can prevent this problem.

When a spanning tree protocol is deployed on devices on a network, the devices exchange Bridge Protocol Data Units (BPDUs) to calculate a loop-free network topology. The devices continuously update and exchange BPDUs to determine the ports to be blocked and those to become root ports. Port blocking can prevent loops while the root ports continue to forward traffic.

When link congestion or a unidirectional link failure occurs, a blocked port may fail to receive BPDUs and changes to the Forwarding state, causing a loop on the network.

After the loop protection function is enabled, STP checks whether the root port and the alternate port can receive BPDUs. If a port enabled with the loop protection function does not receive any BPDU, the port does not change to the Forwarding state but remains in the Discarding state. In this manner, loops can be prevented.

As shown in the figure, when the link between BP2 and CP1 is congested, the root port CP1 on DeviceC cannot receive BPDUs from the upstream device within the timeout period. As a result, the alternate port CP2 becomes the root port and is in the Forwarding state, and the root port CP1 becomes the designated port and is also in the Forwarding state, causing a Layer 2 loop on the network. After the loop protection function is enabled, if the root port or alternate port does not receive BPDUs from the upstream device for a long time, the port role is changed normally, but the port does not change to the Forwarding state and remains in the Discarding state. Therefore, a loop does not occur on the network. After link congestion is eliminated or unidirectional link failures are rectified, the port receives BPDUs for negotiation and restores its original role and status.

Topology change upon link congestion
Topology change upon link congestion

What Are the Differences Between Loop Protection and STP?

STP is a loop prevention protocol that prevents loops on a Layer 2 network. Loop protection is an enhanced function of STP. It prevents loops that occur when a port cannot receive BPDUs from the upstream switching device.

In addition to loop protection, STP supports enhanced functions such as root protection and BPDU protection.

  • Root protection: The root bridge on a network may receive superior BPDUs due to incorrect configurations or malicious attacks. When this occurs, the root bridge can no longer serve as the root bridge and the network topology will incorrectly change. Root protection can prevent this problem. When the designated port enabled with root protection receives a superior BPDU, the port enters the Discarding state and does not forward packets. If the port does not receive any superior BPDU for a period of time, the port automatically restores to the Forwarding state. This prevents incorrect root bridge switching on the network. Note that root protection takes effect only on designated ports. Root protection and loop protection cannot be configured together on the same port.
  • BPDU protection: This function is configured on edge ports. When an edge port receives a BPDU, the edge port is set to error-down state and retains its attributes. This prevents the network topology from being changed and service traffic from being interrupted because the edge port receives BPDUs from attackers.
About This Topic
  • Author: Zhao Fangfang
  • Updated on: 2024-02-27
  • Views: 19395
  • Average rating:
Share link to