Table of Contents

bridge_stp

The Spanning Tree Protocol (STP) is used to allow multiple bridges to work together. Each bridge communicates with other bridges to discover how they are interconnected. This information is then used to eliminate cycles, and provide optimal routing of packets. STP also provides fault tolerance, because it will recompute the topology if a bridge or port fails.

The Linux bridge implements a subset of the full standard, but interoperates with other hardware bridges. There are new standards for per VLAN Spanning Tree (PVST),Rapid Spanning Tree andMulitple Spanning Tree Protocol which are not yet implemented.

Security

The Spanning Tree Protocol has no authentication; all participants are assumed to be trustworthy and correct. This assumption is not true if bridging between a hostile environment like the Internet and a private network. For this reason, STP is turned off by default on the recent versions of Linux.

STP Filtering

If you need to bridge between a hostile network (for example cable/dsl internet connection) and a private network with multiple bridges, then it is possible to filter STP traffic. What you want to do is drop/ignore all STP traffic on the hostile ethernet.