At various places on the IPFire forum, you will find information about the next major release of IPFire, which will come with more zones than just “green”, “red”, “orange” and “blue”. In this post, I would like to explain how this works and especially what role mstpd is playing in that game.

The Linux bridging code

The Linux kernel comes with a function that emulates a kind of switch inside the IPFire box. A simple advantage we gain from that is that we can connect multiple physical ports to one logical interface. That is what we know from every switch or hub. Who knows about managed switches, they all have an implementation of the Spanning Tree Protocol (STP), which is needed to avoid loops in the network infrastructure. A good introduction on how this work can be found here [3]. Anyway, I will give you a short introduction on the protocol itself:

The Spanning Tree Protocol

As STP was originally developed by Radia Perlman, there have been some amendments to the protocol to overcome problems that made it hard to use in some cases. For example, plain STP takes about 30 seconds to enable a link after it has been disabled. That is quite long if you need a highly available network and so the Rapid Spanning Tree Protocol (RSTP) was invented that enables and disables links in less than a second. After a short time, Multiple Spanning Tree Protocol (MSTP) was invented which solved an issue with VLANs.
However, the Linux kernel is missing an implementation of RSTP and MSTP. There is only STP implemented in the kernel space, which is working very well, but has got the mentioned issues. Because writing kernel code is kind of hard to do, there were user-space implementations written, but none of them did the jump into the bigger distributions. Reasons for that are just that they did not seem to perform very reliably and did not ever leave alpha or beta status. That shows how less interestest people currently have in STP although it is a very necessary protocol.

Noteable implementations have been rstp [1], which receives a couple of patches from time to time and is generally working. Based on that code, there is a fresh implementation called mstpd [2]. It is maintained by Vitalii Demianets, who really knows what he is doing when it comes to STP. The first one was included in IPFire 3 so far, but was now replaced by mstpd because of the way better support and state of the code.

What are the benefits of mstpd?

mstpd does not only try to implement RSTP, as rstpd does. It implements MSTP which is not functioning on Linux because of a separation between the VLAN and bridging code. But generally fully-featured, mstpd is the only daemon that is working very well on IPFire and we think that it is on the way to become more reliable and well-tested.

The IPFire team has discovered some issues with newer versions of the Linux kernel, that inhibited mstpd to switch ports in forwarding mode. Patches, written by Vitalii, have already been accepted in the Linux kernel and mstpd:

However, a somewhat missing user base is a problem of the mstpd project and if you are intested in joining the group of testers, Vitalii is already “crying for help” in testing the code. More details on that can be found on his website [2].

For us, mstpd is an opportunity to make IPFire one step more ready for enterprise networks.