Follow Me Icons


Follow @KendrickColeman on TwitterConnect on LinkedInWatch My Videos on YouTubeFollow me on FacebookCheck Out My Projects on GitHubStay Up To Date with RSS


BSA 728x90 Center Banner

VMware Networking, Don't Forget STP

Here is one networking configuration step that seems to get overlooked. The Spanning-Tree Protocol (STP) is an link-layer protocol that should be built into all switches. Let's take a look at how Spanning-Tree works and what it does.


By definition, STP is used to prevent loops in switching architecture and it is enabled by default on most products. How does a switching loop happen? take a look at the diagram below.



You have 2 switches, connected through a trunk port or access port on Gi0/1. If someone comes and and connects another wire from Gi0/48 to Gi0/24, a loop will occur. Consider, the PC connected to switch 1 sent out a broadcast, that broadcast would eventually loop back to switch 1 from switch 2 with the same source mac address. Since switches have to assume that machines will move and use the most recent information they have, when switch 2 sends that broadcast back to switch 1, switch 1 will then decide that the best way to reach the PC that broadcasted is via switch 2 rather than it's own directly connected port.. The looped pair will keep generating broadcast packets, which will eventually take down every single switch in broadcast domain because it corrupts your mac address tables. (thread)





When STP is enabled (and it is by default on most switches) and device is plugged into a port, convergence begins.

(From Wikipedia)

STP switch port states:

  • Blocking - A port that would cause a switching loop, no user data is sent or received but it may go into forwarding mode if the other links in use were to fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state.
  • Listening - The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state.
  • Learning - While the port does not yet forward frames (packets) it does learn source addresses from frames received and adds them to the filtering database (switching database)
  • Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
  • Disabled - Not strictly part of STP, a network administrator can manually disable a port

If a port is shown to create a loop, it will be put into a blocking state to suppress that loop, as indicated by red wire.



Once a port goes up or down it forces all of the physical switches in the STP domain to dump their forwarding tables and relearn the STP topology and all MAC addresses. It can take anywhere from 20-60 seconds for convergence to complete and frames to actually be process. This poses a problem when it relates to VMware and enterprise deployments of vSphere. Applications can timeout and possibly end up with a host failure if you didn't correctly configure HA to use not only redundant NICS, but also, redundant Service Consoles.


Enabling Portfast on a specific port will automatically skip all of the Listening and Learning stages and automatically send the port into a forwarding state. We have now over come that 20-60 second lag time for convergence. The only downside is that these ports are not configured for loopback prevention. In reality, that doesn't matter because loops are not going to be a concern when connecting servers, it is a problem related when connecting switches and some VoIP equipment.


How to configure portfast on different kinds of switches:

spanning-tree portfast (for an access port)
spanning-tree portfast trunk (for a trunk port)

spanning-tree portfast


Read More:

VMware KB: 1003804  "STP may cause temporary loss of network connectivity when a failover or failback event occurs"

VMTN Communites "Spanning Tree and VMware ESX Server"

Related Items

Related Tags