======bridge_stp======

The [[http://en.wikipedia.com/wiki/Spanning_tree_protocol|Spanning Tree Protocol]] (STP) is used to allow multiple bridges to work together. Each bridge communicates with other bridges to discover how they are interconnected. This information is then used to eliminate cycles, and provide optimal routing of packets. STP also provides fault tolerance, because it will recompute the topology if a bridge or port fails.

The Linux bridge implements a subset of the full standard, but interoperates with other hardware bridges. There are new standards for per [[http://en.wikipedia.com/wiki/VLAN|VLAN]] Spanning Tree (PVST),[[http://en.wikipedia.com/wiki/Rapid_Spanning_Tree_Protocol|Rapid Spanning Tree]] and[[http://en.wikipedia.com/wiki/Multiple_Spanning_Tree_Protocol|Mulitple Spanning Tree Protocol]]
which are not yet implemented.
===== Security=====

The Spanning Tree Protocol has no [[http://en.wikipedia.com/wiki/Authenitcation|authentication]]; all participants are assumed to be trustworthy and correct. This assumption is not true if bridging between a hostile environment like the Internet and a private network. For this reason, STP is turned off by default on the recent versions of Linux.
==== STP Filtering====

If you need to bridge between a hostile network (for example cable/dsl internet connection) and a private network with multiple bridges, then it is possible to filter STP traffic. What you want to do is drop/ignore all STP traffic on the hostile ethernet.

\\ 
===== External Links=====

  *  [[http://standards.ieee.org/getieee802/download/802.1D-2004.pdf|IEEE 802.1d standard]]