cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
189724
Views
175
Helpful
23
Replies

STP: Root port vs. designated port

Kevin Melton
Level 2
Level 2

Forum

I am having difficulty understanding the difference between the root port and a designated port.  Please read the following definitions from Todd Lammle's CCNA study guide...

Root port - The root port is always the link connected to the root bridge, or the shortest path to the root bridge.  If more than one link connects to the root bridge, then a port cost is determined by checking the bandwidth of each link.  The lowest cost port becomes the root port.  if multiple links have the same cost, the bridge withe the lower advertising Bridge ID is used.  Since multiple links can be from the same device, the lowest port number will be used.

Designated Port - a designated port is one that has been determined as having the best (lowest)cost.  A designated port will be a forwarding port.

I am having some difficulty understanding this, and wanted the perspective of someone who may be able to expain the difference between the two port types.  To me it sounds like the Root Port and the Designated Port are the same...

Why are they not the same, and what are the differences between each?

Thanks

Kevin

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Kevin

Have a look at the attached schematic.

sw1 is the root bridge.

The root port (RP) is the port that leads to the root bridge so the root bridge does not have any root ports. All the ports on a root bridge forward and they are all designated ports (DP).

As you can see there is loop in this the above network so one of the links must be blocked (BLK).

When the switches boot up they exchange BPDUs and the first thing they do is elect a root bridge. SW1 is elected in this case.

Next each switch has to work out the least cost path to the root bridge. I haven't included costs for each link in this diagram but from the above

SW3 sees it's direction connection to SW1 as the least cost so it's port on that link becomes the RP.

SW2 sees it's direction connection to SW1 as the least cost so it's port on that link becomes the RP.

Once the switches have agreed on the root bridge and their RPs they now need to find their designated ports. The designated ports are the ports responsible for forwarding traffic onto a network segment. Think of it like this -

RPs lead toward the root bridge

DPs lead away from the root bridge

because the root bridge has no blocking ports all it's ports are DP's.

So the only other segment not accounted for in the above diagram is SW2 -> SW3. One of the ports that connect that segment must forward traffic onto that segment otherwise that segment would never receive any traffic. But they can't both forward as then there would be a loop ie. a packet sent from SW1 would go to SW3 -> SW2 and back to SW1 etc.

So SW2 and SW3 compare costs on that segment in the BPDUs sent between each other and one of them has a better cost, in this case SW3. It puts it's port into forwarding and this becomes a DP. To break the loop SW2 must now put it's port into blocking mode.

Hope that's helped. All of the above is done on costs but i didn't include them so as not to confuse the basic concepts.

Jon

View solution in original post

Access ports are probably going to be in the forwarding state, and in reality you should probably have the spanning-tree portfast command on those ports so that they do not cycle through the stages of STP, better for them to go straight to forwarding. The designated port should never be an access port. It is a port that is basically a downlink to another switch.

If you are looking at the switch that is acting as the root bridge for the VLAN then it will show all the ports as designated ports because they are the downlinks to the rest of the network. If you are in a switch further down the spanning tree it will have a port called the root port, which is the pathway to the root bridge. So if you have a port in the root port state, it is understood that it is connected to a port that is in a designated port state. This is the case because the root port is the uplink towards the root, and the designated port is the downlink to a lower portion of the spanning tree. Hope that clears things up.

View solution in original post

23 Replies 23

lgijssel
Level 9
Level 9

Think of it like this:

A bridge device has two (or more) ports.

The one that is connected on the side where the STP root resides is called 'root port'.

A port not facing the root but forwarding traffic (while lowest cost) from another segment is called 'designated port'.

Another difference is a designated port is transmitting bpdu's on the segment while a root port only listens to bpdu's from the root.

regards,

Leo

Leo

Thanks for the response.

Kevin

Leo

You've changed colour - congrats on new star

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Kevin

Have a look at the attached schematic.

sw1 is the root bridge.

The root port (RP) is the port that leads to the root bridge so the root bridge does not have any root ports. All the ports on a root bridge forward and they are all designated ports (DP).

As you can see there is loop in this the above network so one of the links must be blocked (BLK).

When the switches boot up they exchange BPDUs and the first thing they do is elect a root bridge. SW1 is elected in this case.

Next each switch has to work out the least cost path to the root bridge. I haven't included costs for each link in this diagram but from the above

SW3 sees it's direction connection to SW1 as the least cost so it's port on that link becomes the RP.

SW2 sees it's direction connection to SW1 as the least cost so it's port on that link becomes the RP.

Once the switches have agreed on the root bridge and their RPs they now need to find their designated ports. The designated ports are the ports responsible for forwarding traffic onto a network segment. Think of it like this -

RPs lead toward the root bridge

DPs lead away from the root bridge

because the root bridge has no blocking ports all it's ports are DP's.

So the only other segment not accounted for in the above diagram is SW2 -> SW3. One of the ports that connect that segment must forward traffic onto that segment otherwise that segment would never receive any traffic. But they can't both forward as then there would be a loop ie. a packet sent from SW1 would go to SW3 -> SW2 and back to SW1 etc.

So SW2 and SW3 compare costs on that segment in the BPDUs sent between each other and one of them has a better cost, in this case SW3. It puts it's port into forwarding and this becomes a DP. To break the loop SW2 must now put it's port into blocking mode.

Hope that's helped. All of the above is done on costs but i didn't include them so as not to confuse the basic concepts.

Jon

Hello Forum,

I have an inquiry regarding port roles on this topology, mainly designated routers...I know Switch C is the root,  therefore SWC fa0/1 & fa0/2 are designated, SWA fa0/1, SWD gi0/2 and SWB path SWD-SWC are root leaving SWA-SWB link dead, but I am not sure what port gets to be designated, I would say SWA's port (fa0/2) cause its cost is lower than SWB but dont know. Can you please give me a hand?

Regards

JOSE

Watch this excellent video and all your questions will be answered.

Lamav,

I appreciate the video it was really good indeed, I guess my question even though the path of SWB to the root is better when it comes to electing  the designated port and blocking port the lower BID is selected as designated; I thought that the costs were used to elect the designated port as well, does  that make sense?

Thanks,

Jose

hello lamav...your video is amazing man...could you tell me the source of the video...bcoz i am giving ccna soon...it'll b helpful for me....plzzz bro

anyway thank you for this video...keep up the goodwork

very nice video and informative..now i am clear abt designated port..thanks lamav..hope you will share in future such gud stuff for increasing others  knowledge.

Do you have a link to the STP Part 2 video?

Hi,

We must assume the cost of the port. Say Fa cost = 100, Gi cost = 4

We assume that the ID is by default for each switch, so the ranking is based on the MAC address. The ranking is therefore from the eldest (the older the better is) : SWC(1), SWA(2), SWD(3), SWB(4). So SWC is the root.

Root port determination: to calculate the cost from a SW to the root SW we sum all the outpout cost on the path.

If we do the maths it comes out : SWA Fa01 is RP (cost 104 to reach root), SWB Gi0/1 is RP (cost 8 to root), SWD Gi0/2 is RP.

For the DP ; we look at each segment, the port which has the lowest cost to reach the root will be the DP.

Segment swA-swB , A tells I've cost 100 to reach root C, B tells I've 8(4 for SWB Gi0/1 + 4 for SWD Gi0/2) to reach root C , thus SWB Gi0/2 is DP

Segment SWB-SWD : the same rationale gives SWD Gi0/1 as DP.

And as a result, interface SWA FA0/2 is in blocking state (it is neither RP nor DP). And while SWB Gi0/2 being a DP is used to forward broadcast frame, the frame is stopped by SWA on Fa0/2 interface, preventing a frame storm. Only BPDU from SWB to SWA is accepted by SWA.

Kevin Melton
Level 2
Level 2

Jon

Is it correct then to assume that Access ports cannot be Designated Ports?...

Thanks for your detailed response as it helps me undertand this better.

Kevin

Access ports are probably going to be in the forwarding state, and in reality you should probably have the spanning-tree portfast command on those ports so that they do not cycle through the stages of STP, better for them to go straight to forwarding. The designated port should never be an access port. It is a port that is basically a downlink to another switch.

If you are looking at the switch that is acting as the root bridge for the VLAN then it will show all the ports as designated ports because they are the downlinks to the rest of the network. If you are in a switch further down the spanning tree it will have a port called the root port, which is the pathway to the root bridge. So if you have a port in the root port state, it is understood that it is connected to a port that is in a designated port state. This is the case because the root port is the uplink towards the root, and the designated port is the downlink to a lower portion of the spanning tree. Hope that clears things up.

Quoted from Robert's answer: "The designated port should never be an access port."

Turning this concept around, and asking the question "Are all access ports designated ports?" I have been pondering this idea (during some deep STP study) and I think that all "access ports" (i.e. ports connected only to a host device) in an up/up state are designated ports, since they are not root ports and are in the forwarding state.

We tend to think of designated ports having to be on an inter-switch link, but links to hosts are LAN segments as well, and hence part of the spanning tree; it's just that they have only one port as a switch port. When a port determines whether or not it is a designated port, it forwards (or originates if the root bridge) a BPDU and waits to see if it receives a superior BPDU; if it does, then it 'knows':

  1. that there is another path to the root bridge on the segment and there is the potential for a loop and
  2. it is not the lowest cost to the root bridge on the segment, and goes into blocking state.

If it receives no BPDUs, as is the case when attached to a host, it assumes, correctly, that it is the lowest cost path to the root bridge ON THAT SEGMENT, is therefore the designated port for that segment, and goes into forwarding state.

This is why BPDUGuard is a useful "access port" feature, because you would never expect a BPDU from a host device and if you received one, then someone has probably plugged in a rogue switch with the potential to completely mess with your STP topology.