The “typical” site LAN

In most networks, a site LAN consists of a number of interconnected Ethernet switches in a regular partial mesh pattern. The topology typically enables high availability of the networked applications. We create redundant links which are not typically used but are available to take over should there be a failure.

IP Fabric site LAN map

Users and services are connected to edge ports on switches which place traffic from endpoints onto a Virtual LAN (VLAN). Trunk links between switches then carry the VLAN traffic toward the site egress point. If one of the uplinks from a switch fails, there is an alternative path via another switch.

Enabling Technologies

In order to allow us to use such redundancy to provide resilience in the LAN, we enable two key technologies.

Spanning Tree

We create extra links in the topology in order to ensure resilience in the VLANs. This creates loops in paths through the LAN. When loops are created in Ethernet networks, frames will be sent round them indefinitely, consuming all available bandwidth. This very quickly brings the network to a halt. Thus we ensure that if we add any additional links, that they remain redundant, unused for traffic until required. Spanning Tree is the most widely-used protocol for signalling which links will and won’t be used.

Spanning Tree Protocol (STP) is used to build a loop-free distribution tree for Ethernet frames by signaling between network devices . Once the algorithm has run, there is precisely one valid path between any node and any other to deliver traffic. STP relies on the notion of a root of the distribution tree to optimise the path between nodes. The best place for the root of the Spanning Tree is the point through which most traffic is required to flow.

First Hop Resolution Protocol

When traffic is required to leave the VLAN, it leaves via a gateway that is able to route traffic to other networks. Each endpoint knows the address of that gateway and how to get to it. Now, if there is a problem with that gateway, no traffic can leave the VLAN!

A First Hop Resolution Protocol (FHRP) is used to provide redundancy and resilience to that first gateway from the VLAN to the wider network. So a number of capable network nodes will share the gateway address and if the device which is acting as the gateway fails, another will take over.

There are a number of FHRPs which are typically used in a LAN environment. Hot Standby Router Protocol (HSRP) – a Cisco proprietary FHRP – is the most popular. Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancer Protocol (GLBP) are standards-based equivalents – they have slightly different use cases but serve the same purpose.


Typically, network users are connecting to applications on other networks. They will most often be communicating with Data Centres, Public Cloud environments or services on the Internet. Thus most user traffic will pass through the active gateway. As we have already seen, the Spanning Tree root on a VLAN will typically draw network traffic towards it.

It should be fairly obvious then that to ensure traffic paths are optimal, the FHRP gateway and Spanning Tree root should be aligned.

But how does Jenny, our network engineer, check that the FHRP and Spanning Tree roots are aligned?

  • First, she must log in to the switches in the LAN to obtain the IDs used to identify all the switches;
  • Next she will check the Spanning Tree state and determine which device is the Spanning Tree root;
  • Then she will need to log into candidate devices for the FHRP gateway and examine their state to see which is active.

Let IP Fabric have a go

Alternatively she could give the job to IP Fabric.

When the platform runs its discovery and a snapshot is created, the Spanning Tree and FHRP configuration and state are captured and analysed. A verification check – supplied “out of the box” – is run against that state and the results placed on the dashboard.

All Jenny needs to do is Search for FHRP on the IP Fabric menu, then click on the Shortcut to “Active gateway root alignment”:

She’ll then be presented with a table showing the sites where the gateways and roots aren’t correctly aligned:

Clicking through a site allows Jenny to examine that in more detail. For example selecting site 37 from the table above, then turning off all but STP for VLANs 110 and 111 shows her:

Spanning Tree root placement for both VLANs is on L37SD7. But enabling the Intent Verification check overlay for First Hop Resolution Protocol, then clicking through L37SD8 shows the mismatch details:

And so Jenny has got to the bottom of one of the issues and has the details required to remediate it.

If you have found this article helpful, please follow our company’s LinkedIn or Blog, where more content will be emerging. If you would like to test our solution to see for yourself how IP Fabric can help you manage your network more effectively, please contact us through