(http://www.firewall.

cx)

FIREWALL.CX TEAM

NEWS

ALTERNATIVE MENU

RECOMMENDED SITES

CONTACT US - FEEDBACK

(/MEET-THE-TEAM.HTML)

(/NEWS.HTML)

(/SITE-MAP.HTML)

(/RECOMMENDED-SITES.HTML)

(/CONTACT-US.HTML)

HOME

(/)

NETWORKING

MICROSOFT
DOWNLOADS
Home (/)

(/networking-topics.html)

(/microsoft-knowledgebase.html)
(/downloads.html)

FORUM

Networking (/networking-topics.html)

LINUX

CISCO

(/cisco-technical-knowledgebase.html)

(/linux-knowledgebase-tutorials.html)

MORE CONTENT

(/general-topics-reviews.html)

(/forums.html)
Network Protocols (/networking-topics/protocols.html)

SATURDAY, 15 NOVEMBER 2014

search...

Spanning Tree Protocol (STP) (/networking-topics/protocols/spanning-tree-protocol.html)

Spanning Tree Protocol: Bridge ID, Priority, System ID Extension & Root Bridge Election Process

HOT DOWNLOADS
(http://clixtrac.com/goto/?99229)

(http://clixtrac.com/goto/?181629)

(http://clixtrac.com/goto/?99231)

NETWORK SECURITY
FREE HYPER-V BACKUP
WEB MONITORING &
SCANNER
(HTTP://CLIXTRAC.COM/GOTO/? SECURITY
(HTTP://CLIXTRAC.COM/GOTO/? 181629)
(HTTP://CLIXTRAC.COM/GOTO/?

(http://www.linkedin.com/groups?
(https://www.facebook.com/firewa
(http://twitter.com/firewallcx
(http://feeds.feedburne
CONNECT:home=&gid=1037867)

NETWORK SECURITY
SCANNER
(http://clixtrac.com/goto/?179823)

SPANNING TREE PROTOCOL: BRIDGE ID, PRIORITY, SYSTEM ID

EXTENSION & ROOT BRIDGE ELECTION PROCESS
WRITTEN BY ARANI MUKHERJEE. POSTED IN SPANNING TREE PROTOCOL (STP) (/NETWORKING-TOPICS/PROTOCOLS/SPANNING-TREEPROTOCOL.HTML)
Rating 5.00 (4 Votes)

(http://clixtrac.com/goto/?
99232)

Share Tweet (http://twitter.com/share)

In this article we will examine the Spanning Tree Bridge ID structure, explain why it has increments of 4096, how VLAN information is
embedded (for Per-VLAN Spanning Tree & multiple STP instances) via the System ID Extension and finally explain how the Spanning

Notify me of new articles

Name

Tree Protocol Root Bridge Election occurs.

UNDERSTANDING BRIDGE ID, BRIDGE PRIORITY & SYSTEM ID EXTENSION

In our earlier article (/networking-topics/protocols/spanning-tree-protocol/1045-spanning-tree-protocol-port-costs-states.html) we discussed

E-mail

about the Spanning Tree Protocol, Rapid STP port costs and port states (/networking-topics/protocols/spanning-tree-protocol/1045-

Subscribe

spanning-tree-protocol-port-costs-states.html). Before STP decides which path is the best to the Root Bridge, it needs to first decide
which switch has to be elected as the Root Bridge, which is where the Bridge ID comes into play. Readers interested can also read our
STP Principles, Redundant Network Links & Broadcast Storms (/networking-topics/protocols/spanning-tree-protocol/1042-spanning-treeprotocol-fundamentals.html) article.

RSS SUBSCRIPTION

Every switch has an identity when they are part of a network. This identity is called the Bridge ID or BID. It is an 8 byte field which is

Subscribe to Firewall.cx RSS

divided into two parts. The first part is a 2-byte Bridge Priority field (which can be configured) while the second part is the 6-byte MAC

Feed by Email

address of the switch. While the Bridge Priority is configurable, the MAC address is unique amongst all switches and the sum of these

(http://feedburner.google.com/fb/a/mailverify?

two ensures a unique Bridge ID.

uri=firewallcx&loc=en_US)

HYPER-V BACKUP

(http://clixtrac.com/goto/?
The above Bridge ID assumes there is one Spanning Tree instance for the entire network. This is also called Common Spanning-Tree
(CST).

181631)

As networks begun to grow and become more complex, VLANs were introduced, allowing the creation of multiple logical and physical
networks. It was then necessary to run multiple instances of STP in order to accommodate each network - VLAN. These multiple
instances are called Multiple Spanning Tree (MST), Per-VLAN Spanning Tree (PVST) and Per-VLAN Spanning Tree Plus (PVST+).

RECOMMENDED
DOWNLOADS
Web Security

In order to accommodate the additional VLAN information, the Extended System ID field was introduced, borrowing 12 bits from the

(http://clixtrac.com/goto/?

original Bridge Priority:

99233)
Server AntiSpam
(http://clixtrac.com/goto/?
99234)
Network Scanner
(http://clixtrac.com/goto/?
99235)
IDS Security Manager
(http://clixtrac.com/goto/?
99236)
Web-Proxy Monitor
(http://clixtrac.com/goto/?
99237)
FTP / TFTP Servers
(/downloads/ftp-tftp-serversa-clients.html)

The Bridge Priority value and the Extended System ID extension together make up a 16 bit (2-byte) value. The Bridge Priority making
up the left most bits, is a value of 0 to 61440. The Extended System ID is a value of 1 to 4095 corresponding to the respective VLAN

Cisco VPN Client

(/downloads/cisco-tools-a-

participating in STP. The Bridge Priority increments in blocks of 4096 to allow the System ID Extension to squeeze in between each

applications.html)

increment. This is clearly shown in the below analysis:

Network Fax Server

(http://clixtrac.com/goto/?
100607)
Free Hyper-V Backup
(http://clixtrac.com/goto/?
163765)

CISCO PRESS REVIEW

PARTNER

We should note that the Bridge Priority Field can only be set in increments of 4096. This means that possible values are: 4096, 8192,
12288, 16384, 20480, 24576, 28672, 32768 etc. By default, Ciscos Per-VLAN Spanning-Tree Plus (PVST+) adds this System ID
Extension (sys-id-ext) to the Bridge Priority.
The two values (Bridge Priority + System ID Extension) together make up the Bridge ID used to elect the Root Bridge.

(/site-news/316-firewallciscopress.html)

POPULAR CISCO
ARTICLES
DMVPN Configuration (/ciscotechnical-

THE ROOT BRIDGE ELECTION PROCESS

knowledgebase/cisco-

The election process uses several STP messages sent between switches which help each switch to decide, who is the Root Bridge.

routers/901-cisco-router-

These messages are called Hello BPDU where BPDU stands for Bridge Protocol Data Unit. It is important to understand the information

dmvpn-configuration.html)

these BPDUs carry as it will help understand the election process itself.

Cisco IP SLA (/ciscotechnical-

Each BPDU carries several fields in it. The following table defines each field:

Field

Description

Root Bridge ID or Root BID

BID of the switch that the sender of this BPDU believes

to be the root switch

knowledgebase/ciscorouters/813-cisco-router-ipslabasic.html)
VLAN Security (/ciscotechnicalknowledgebase/ciscoswitches/818-cisco-switchesvlan-security.html)

Senders Bridge ID

BID of the switch sending this Hello BPDU

4507R-E Installation (/ciscotechnical-

Cost to the Root Bridge

The STP cost between this switch and the current root

knowledgebase/ciscoswitches/948-cisco-switches4507re-ws-x45-sup7l-e-

Timer values on Root Bridge

Hello Timer, Max Age Timer, Forward Delay Timer

installation.html)
CallManager Express Intro

For the purpose of this exercise, we will only concentrate on the first three fields.
Now, the election process itself is very simple. The switch with the lowest BID becomes the Root Bridge. Since the BID starts with the
Bridge Priority field, essentially, the switch with the lowest Bridge Priority field becomes the Root Bridge. If there is a tie between two
switches having the same priority value, then the switch with the lowest MAC address becomes the Root Bridge.

(/cisco-technicalknowledgebase/ciscovoice/371-cisco-ccme-part1.html)
Secure CME - SRTP & TLS
(/cisco-technical-

The STP Root Bridge election process starts with each switch advertising themselves as the Root Bridge and constructing the Hello

knowledgebase/cisco-

BPDU accordingly. So each switch lists its own BID as the Root BID. The Sender Bridge ID is ofcourse the same as the Root BID, as it

voice/956-cisco-voice-cme-

is again its own BID. With in BPDU, the Cost field is listed with a value of 0, because there is no cost between itself. The switches send

secure-voip.html)

out the Hello BPDU constructed as above, onto the network. They will keep on maintaining their status as Root Bridge by default, until

Cisco Password Crack (/cisco-

they receive a Hello BPDU which carries a lower BID. This Hello BPDU then becomes a superior BPDU. Now the switch receiving this

technical-

superior BPDU makes changes to the Hello BPDU it has been sending out. It changes the value of the Root BID to reflect the Root BID

knowledgebase/cisco-

from the superior Hello BPDU. This process continues till every switch agrees on which switch has the lower BID, and hence deserves

routers/358-cisco-type7-

to be the Root Bridge.

password-crack.html)
Site-to-Site VPN (/cisco-

ROOT BRIDGE ELECTION EXAMPLE

Let's look at this process using a three switch combination within a network. For the sake of simplicity, the MAC address of each switch
has been changed to a simple value:

technicalknowledgebase/ciscorouters/867-cisco-router-siteto-site-ipsec-vpn.html)

FREE CISCO LAB

PARTNER

(http://clixtrac.com/goto/?
99238)

POPULAR LINUX
ARTICLES
Linux Init & RunLevels (/linuxknowledgebase-tutorials/linuxadministration/845-linuxadministration-runlevels.html)
Linux Groups & Users (/linuxknowledgebase-tutorials/linuxadministration/842-linuxSwitch 1 (SW1). Has a priority of 32769 and MAC address of 1111.1111.1111. So its BID becomes 32769.1111.1111.1111. When

groups-user-accounts.html)

SW1 creates its own BPDU, it sets both BID and Root BID to 32769.1111.1111.1111.

Linux Performance Monitoring

Switch 2 (SW2). Has a priority of 32769 and MAC address of 2222.2222.2222. So its BID becomes 32769.2222.2222.2222. When

tutorials/linux-

SW2 creates its own BPDU, it sets both BID and Root BID to 32769.2222.2222.2222.

administration/837-linux-

Switch 3 (SW3). Has a priority of 32769 and MAC address of 3333.3333.3333. So its BID becomes 32769.3333.3333.3333. When

system-resource-

SW3 creates its own BPDU, it sets both BID and Root BID to 32769.3333.3333.3333.

monitoring.html)

Now, the election process commences with the advertisement of the individual Hello BPDU's from each switch, as indicated by the arrows
in our diagram. These BPDUs originate from each switch and end up at the other switches. Let's take up one switch at a time to see how it
reacts to the BPDUs it receives from the other switches.
Switch 1 (SW1): It had sent out its own Hello BPDU with both BID and Root BID set to 32769.1111.1111.1111. When it receives the
Hello BPDU from SW2, it checks for the Root BID value which is 32769.2222.2222.2222. SW1 discards the BPDU sent by SW2, as it still
is the switch with the lowest BID. Same situation happens when it receives the Hello BPDU from SW3. SW1 is still the switch with the
lowest BID. So it discards the Hello BPDU received from SW3 and keeps on advertising itself as the Root Bridge.

(/linux-knowledgebase-

Linux Vim Editor (/linuxknowledgebase-tutorials/linuxadministration/836-linuxvi.html)

Linux Samba (/linuxknowledgebasetutorials/system-and-networkservices/848-linux-servicessamba.html)

Switch 2 (SW2): Just like SW1, SW2 generates and sends its own Hello BPDU with both BID and Root BID set to

Linux DHCP Server (/linux-

32769.2222.2222.2222. When it receives the Hello BPDU from SW1, it checks for the Root BID value which SW1 has set to

knowledgebase-

32769.1111.1111.1111. This being lower than SW2's own BID, makes the Hello BPDU received from SW1, a superior BPDU. So in its

tutorials/system-and-network-

own BPDU, SW2 changes the value of the Root BID from 32769.2222.2222.2222, to 32769.1111.1111.1111, and starts advertising this

services/849-linux-services-

revised Hello BPDU. SW2 now considers SW1 as the Root Bridge. Now, when it receives the Hello BPDU from SW3, it will obviously

dhcp-server.html)

discard the BPDU as it is not superior in Root BID value. So for SW2, SW1 remains as Root Bridge, even after receiving the Hello BPDU

Linux Bind DNS (/general-

from SW3.

topics-reviews/linuxunixrelated/829-linux-bind-

Switch 3 (SW3): SW3 will send out its own Hello BPDU with both BID and Root BID set to 32769.3333.3333.3333. Depending on which

introduction.html)

Hello BPDU it receives first i.e. from SW1 or SW2, it will end up changing the Root BID value in its Hello BPDU because both SW1 &

Linux File & Folder

SW2 have lower MAC addresses. So if it received the Hello BPDU from SW2 first, then it will change the Root BID from

Permissions (/general-topics-

32769.3333.3333.3333 to 32769.2222.2222.2222 and consider SW2 as new Root Bridge. Once it receives the Hello BPDU from SW1,

reviews/linuxunix-

this BPDU supersedes the BPDU sent by SW2. So SW3 changes the Root BID from 32769.2222.2222.2222 to 32769.1111.1111.1111 and

related/introduction-to-

now considers SW1 as new Root Bridge.

linux/299-linux-file-folder-

At this point, all switches have received each other's BPDU and have agreed that SW1 has the lowerst BID address and is therefore the
rightful Root Bridge of the network. Both SW2, and SW3 now agree that SW1 is Root Bridge, and start organizing their respective links
into Root Ports and Designated Ports.

WHAT IF WE WANTED SWITCH 3 TO BE THE ROOT BRIDGE?

permissions.html)
Linux OpenMosix (/generaltopics-reviews/linuxunixrelated/openmosix-linuxsupercomputer.html)
Linux Network Config (/linux-

In most real-life cases, we need to configure the Root Bridge to ensure that no matter the switch that joins the network, our initial Root

knowledgebase-tutorials/linux-

Bridge will remain. To achieve this, we simply configure the Bridge Priority so that it is always smaller than the default value of 32769.

administration/851-linuxservices-tcpip.html)

In our example, if we wanted Switch 3 to become the new Root Bridge, we would set its Bridge Priority to 4096 (4096+1 for VLAN 1).
By doing so, we change its BID to 4097.3333.3333.3333 making it the lowest amongst our network switches.
The two values (Bridge Priority + System ID Extension) together make up the Bridge ID used to elect the Root Bridge.

BANDWIDTH
MONITORING

Configuring a new BID in a production network is not recommended unless every caution has been taken to ensure network downtime is
eliminated. When the BID of a switch changes to make it a Root Bridge, the whole network (switches) will react upon this and begin
recomputing the new information. Depending on where the new Root Bridge is located, switch uplinks and redundant links might be
(http://clixtrac.com/goto/?

blocked.

99758)
This article analysed the Spanning Tree Protocol Bridge ID structure and its importance. We saw how the Bridge Priority and System ID
Extension fields play a primary role in the Root Bridge election within a network.
Back to the Spanning Tree Protocol Section (/networking-topics/protocols/spanning-tree-protocol.html)

ARTICLES TO READ NEXT:

SPANNING TREE PROTOCOL
UNDERSTAND STP PRINCIPLES,
RED... (/NETWORKINGTOPICS/PROTOCOLS/SPANNINGTREE-PROTOCOL/1042-SPANNINGTREE-PROTOCOLFUNDAMENTALS.HTML)

SPANNING TREE PROTOCOL: BRIDGE

ID, PRIORITY, SYSTEM ID ...
(/NETWORKINGTOPICS/PROTOCOLS/SPANNINGTREE-PROTOCOL/1054-SPANNINGTREE-PROTOCOL-ROOT-BRIDGEELECTION.HTML)

SPANNING TREE PROTOCOL, RAPID

STP PORT COSTS - PORT STA...
(/NETWORKINGTOPICS/PROTOCOLS/SPANNINGTREE-PROTOCOL/1045-SPANNINGTREE-PROTOCOL-PORT-COSTSSTATES.HTML)

CCENT/CCNA

CISCO ROUTERS

VPN SECURITY

CISCO HELP

WINDOWS 2012

LINUX

ROUTER BASICS (/CISCO-

SSL WEBVPN

UNDERSTAND DMVPN

VPN CLIENT WINDOWS 8

NEW FEATURES

FILE PERMISSIONS

TECHNICAL-

SECURING ROUTERS

GRE/IPSEC

VPN CLIENT WINDOWS 7

LICENSING

WEBMIN

KNOWLEDGEBASE/CISCO-

POLICY BASED ROUTING

CONFIGURATION

CCP DISPLAY PROBLEM

HYPER-V / VDI

GROUPS - USERS

ROUTERS/250-CISCO-

ROUTER ON-A-STICK

SITE-TO-SITE IPSEC VPN

CISCO SUPPORT APP.

INSTALL HYPER-V

SAMBA SETUP

ROUTER-BASICS.HTML)

IPSEC MODES

SUBNETTING
OSI MODEL
IP PROTOCOL

FIREWALL.CX TEAM
(/MEET-THE-TEAM.HTML)

NEWS
(/NEWS.HTML)

ALTERNATIVE MENU
(/SITE-MAP.HTML)

RECOMMENDED SITES
(/RECOMMENDED-SITES.HTML)

CONTACT US - FEEDBACK
(/CONTACT-US.HTML)

Copyright 2000-2014 Firewall.cx - All Rights Reserved

Information and images contained on this site is copyrighted material.
Firewall.cx - Cisco Networking, VPN - IPSec, Security, Cisco Switching, Cisco Routers, Cisco VoIP- CallManager Express & UC500, Windows Server, Virtualization, Hyper-V Linux Administration