Juniper MX series supports;
    • STP
    • RSTP
    • MSTP
    • VSTP

STP: STP is defined in IEEE 802.1D-1998. The purpose of STP is to build loop free paths in a layer 2 network.

STP related terms:
    • Bridge-ID: configurable value + MAC-address
    • Root-Bridge: switch with the lowest bridge ID
    • Root Port: port closest to the Root-Bridge
    • Root path-cost: cost from self to root
    • Designated Bridge: a switch representing a LAN-segment
    • Port-ID: unique identifier for each port
    • Designated port: forwarding port on designated Bridge’s LAN segment
    • BPDU: Bridge Protocol Data Units. There are 2:
         1: Configuration BPDU: to build the STP topology
         2: Topology Change notification BPDU: reports topology changes

When an equal cost to the root bridge exists, the bridge ID acts as a tie-breaker.

Port states:

    • all packets are dropped, port listens to BPDUs
    • port is not used
    • drops packets & listens to BPDUs
    • port is transitioning
    • drops packets and listens to BPDUs
    • port is transitioning and learning MAC-addresses
    • receives & forwards data, receives & sends BPDUs
    • port transitioned and learns MAC addresses

BPDU Ethernet Frame.


Source address is the address of the outgoing port. Destination address is the bridge group address (01:30:C2:00:00:00)

Configuration BPDU determines tree topology of a LAN. STP uses the info to elect the root, identify root ports & designated ports and prune redundant links. Upon startup, all switches advertise themselves as the root switch. When the topology is build, the root sends configu BPDUs every 2 seconds by default. The default port priority is 128 on MX-routers.

The field included in the configuration BPDU;
    • message age: field records time since generation of BPDU by root.
    • max-age: set by root, max time the BPDU is saved & bridge table aging timer. Also influences the bridge aging timer during topology change notification process.
    • hello-time: time between sending configuration BPDUs by designated port
    • forward delay: time spend in listening and learning state. Also influences timers during topology change notification process.

Configuration BPDUs are not flooded. Every bridge creates its own.


Normally, full convergence can take 50 seconds ( 2 x forwarding delay of 15s + max age timer 20s).

TCN: always travel out root port every 2 seconds until acknowledged. Upon TCN, root switch sets TC-flag and all switches change forwarding table age to 15 seconds. Deleted entries must be relearned.

RSTP (802.1w).

RSTP is faster and reduces link-convergence time to sub seconds on p2p-links. It introduces new port roles:

- Alternate Port:
    • provides alternate path to root
    • blocks traffic while receiving superior BPDUs
- Backup Port:
    • provides a redundant path to a segment (designated switches only)
    • blocks traffic while more preferred port functions as designated port
- Root & Designated Ports remain


RSTP uses fewer port states:


Default RSTP failure detect time < 6 seconds. RSTP sends configuration BPDU every 2 seconds. RSTP BPDU is backwards compatible with STP (will function as STP).

Bridge priority: Priority (4 bits) + Extended system ID (12 bits) + Bridge address (6 octets)

MSTP populates extended system ID with a VLAN-ID. Priority and extended system ID are configurable for RSTP.

RSTP forwarding state transitions.

Uses proposal-and-agreement handshake on p2p-links instead of timers.

alternate ports -> transitions to root immediately
edge ports -> transitions to forwarding state immediately

When no BPDUs are detected on a link, port becomes edge port. If port configured as edge port receives BPDUs, port becomes non-edge port. Non-edge designated ports transition to forwarding only after receipt of explicit agreement from attached switch.

Topology Changes (Tc).

Tc occur only when non-edge ports transition to forwarding;
    • Port transitions to discarding state no longer trigger STP TCN/TCN-ack sequence
    • initiator floods RSTP TCNs (RSTP BPDU with TCN-flag set) out all designated ports as well as root port
    • Because of received RSTP TCN, switches flush majority of MAC-addresses;
         - they do not flush MACs learned from edge ports
         - they do not flush MACs learned on the port receiving the TCN

Unlike in traditional STP, neighboring switches not in root path do not have to wait for info to pass root first.

STP/RSTP interoperability.

    • switches supporting 802.1D-1998 STP discards RSTP-BPDUs
    • RSTP switch receiving 802.1D-1998 BPDUs reverts to 802.1D-1998 STP mode on the receiving interfaces only


Defined in 802.1s, later merged in 802.1Q-2003.

Provides extensions to RSTP;
    • separate topology tree for each MSTI
    • maps VLANs to 1 or more instances, providing load-balancing

An MST-region is a group of switches with the same region name, revision level & VLAN-to-instance mapping. There is a maximum of 64 MSTIs per region. There is 1 regional root-bridge per instance.

Backwards compatible with STP & RSTP through a CST. All other switches outside the MST-region view the region as a single switch. MSTP calculates a CIST for this, allowing others to view the MST-region as a virtual-bridge. MSTP uses the same Ethernet frame as STP / RSTP, the BPDU info in the data field is different.


Maintains a separate spanning-tree instance for each VLAN. Compatible with PVST+ & RPVST+. Adding more VLANs will consume more resources. VSTP is most similar to RSTP, all terminology is the same. VSTP also provides for the ability to force the version to STP. VSTP is carried in 802.1q-tag and uses the bridge address 01:00:0C:CC:CC:CD.

BPDU protection.

To protect the network from unwanted BPDUs, enable BPDU protection. If protected interface receives BPDUs, the bridge disables the interface and transitions to blocking state. BPDU-protection can be configured with or without spanning-tree.

Loop Protection.

Lack of BPDUs is interpreted as a link problem. Interface moves to 'loop inconsistent' state. When BPDUs are received again, interface recovers. Per interface, either root or loop protection.

Root protection.

Prevents unwanted root. Once superior BPDU arrives, port becomes inconsistent. Recovers automatically. When enabled, it applies to all instances.