Skip to content
Industrial Networking for Busy Professionals

4.1 STP and RSTP

Chapters 1 to 3 covered how data moves through a network under normal conditions. Chapter 4 covers what happens when something fails. Redundancy is not optional in industrial networks — a single cable failure that takes down a production line costs thousands of euros per minute. STP is the first redundancy mechanism: it prevents loops while keeping a backup path ready.

Why Loops Are Catastrophic

Section titled “Why Loops Are Catastrophic”

A switch has no TTL mechanism. If a network has a physical loop, frames circulate forever. A single broadcast frame enters the loop and is flooded by both switches. Each switch receives the frame from the other and floods it again. The frame count doubles every microsecond. Within 50 ms, the link is saturated and every device on the network is unreachable.

STP (Spanning Tree Protocol) prevents this by logically blocking redundant paths. Only one active path exists between any two points. If the active path fails, STP unblocks a redundant path. To do this, STP first needs to elect a central reference point for the topology.

How STP Works

Section titled “How STP Works”

STP elects one switch as the Root Bridge: the logical center of the spanning tree. All other switches calculate their shortest path to the Root Bridge and block any ports that would create a loop.

Key terms:

  • Root Bridge — the switch elected as the center of the spanning tree; all paths are calculated relative to it
  • Bridge ID — an 8-byte value used in the election: Priority (2 bytes) + MAC address (6 bytes); the switch with the lowest Bridge ID wins
  • BPDU (Bridge Protocol Data Unit) — the control frame STP uses to exchange topology information; sent to multicast 01:80:C2:00:00:00
  • Root Port — the port with the best path to the Root Bridge (one per non-root switch)
  • Blocked Port — a redundant port that is blocked to prevent loops

The Root Bridge election has a critical flaw that must be addressed manually.

Root Bridge Election

Section titled “Root Bridge Election”

With default priority (32768), the switch with the lowest MAC address becomes Root Bridge. MAC addresses are assigned by manufacturers in sequence. The oldest switch in the network often wins. This is never what you want.

Set the Root Bridge manually by lowering the priority on the intended Root Bridge:

Switching → L2-Redundancy → Spanning Tree → Bridge
Bridge Priority: 4096   (lower = more likely to be root)

Beyond the election, the convergence time of classic STP is a fundamental problem for OT networks.

STP Convergence Time

Section titled “STP Convergence Time”

Classic STP converges in 30 to 50 seconds. This is unacceptable for OT. A 30-second outage after a cable failure causes PLCs to fault and production to stop.

ProtocolConvergenceSuitable for OT?
STP (802.1D)30 to 50 sNo
RSTP (802.1w)1 to 2 sMarginal
MRP (IEC 62439-2)less than 200 msYes

RSTP solves the convergence problem through a fundamentally different negotiation mechanism.

RSTP: Why It Is Faster

Section titled “RSTP: Why It Is Faster”

RSTP (Rapid Spanning Tree Protocol) (IEEE 802.1w) converges in 1 to 2 seconds. It achieves this through the Proposal/Agreement mechanism. Instead of waiting for timers, switches negotiate directly.

The downstream switch blocks its other ports (preventing loops) and immediately agrees. The upstream port goes to Forwarding without waiting for any timer. Ports connected to end devices need special treatment to avoid unnecessary delays.

Edge Ports

Section titled “Edge Ports”

Configure ports connected to end devices (PLCs, HMIs, PCs) as Edge Ports. Edge Ports skip the Learning state and go directly to Forwarding when the link comes up. This eliminates the 15-second delay that would otherwise occur every time a device reboots.

Enable BPDU Guard on Edge Ports. If a BPDU arrives on an Edge Port (indicating someone connected a switch), the port is immediately disabled. This prevents accidental loops from unauthorized switches.

Switching → L2-Redundancy → Spanning Tree → Port
Admin Edge Port: Enabled
BPDU Guard: Enabled

With STP configured correctly, the next step is to monitor it for signs of instability.

Monitoring STP Topology Changes

Section titled “Monitoring STP Topology Changes”

A high rate of STP topology change events indicates a loop or a flapping link. Each topology change causes all switches to flush their MAC tables, which temporarily floods all traffic. The following script monitors BPDU traffic and alerts when topology changes occur too frequently:

from scapy.all import sniff, Ether
from scapy.contrib.spanning_tree import STP
import time


tc_times: list[float] = []
last_root: str = ""


def monitor_stp(pkt):
    global last_root
    if not pkt.haslayer(STP):
        return
    stp = pkt[STP]
    now = time.time()


    if stp.tc:
        tc_times.append(now)
        recent = [t for t in tc_times if now - t < 60]
        tc_times.clear()
        tc_times.extend(recent)
        print(f"Topology change from {pkt[Ether].src}{len(tc_times)} TCs in last 60s")
        if len(tc_times) > 5:
            print("  WARNING: high TC rate — check for loop or flapping link")


    root = f"{stp.rootprio}:{stp.rootid}"
    if last_root and last_root != root:
        print(f"Root bridge changed: {last_root} -> {root}")
    last_root = root


sniff(iface="eth0", filter="ether dst 01:80:c2:00:00:00",
      prn=monitor_stp, store=False)

More than 5 topology changes per minute indicates a problem. Check for unauthorized switches connected to Edge Ports, or for a cable that is intermittently losing link. A root bridge change indicates that the manually configured Root Bridge has lost its role, which means it is offline or its priority was changed.

Key Takeaways

Section titled “Key Takeaways”

Set the Root Bridge manually

With default priority, the oldest switch becomes Root Bridge. Set priority to 4096 on the intended Root Bridge. Verify it after every switch replacement.

Use RSTP, not classic STP

RSTP converges in 1 to 2 seconds. Classic STP takes 30 to 50 seconds. For ring topologies, use MRP instead of RSTP.

Enable Edge Ports on access ports

Edge Ports skip STP learning states. Enable BPDU Guard to prevent unauthorized switches from creating loops.

What Comes Next

Section titled “What Comes Next”

STP and RSTP work on arbitrary mesh topologies. The next section covers ring topologies — the dominant redundancy architecture in industrial networks, and why ring-specific protocols like MRP converge much faster than RSTP on a ring.

References

Section titled “References”
  • IEEE 802.1D-2004 — Media Access Control (MAC) Bridges (includes RSTP)
  • Perlman, R. (1985). An Algorithm for Distributed Computation of a Spanning Tree in an Extended LAN. ACM SIGCOMM.
  • Hirschmann. (2023). User Manual — HiOS: Spanning Tree. Belden/Hirschmann.