Layer 2 vs Layer 3 Protocols: Understanding Each Protocol Layer

Building enterprise networks with routers and switches requires interoperability of key protocols at Layer 2 and Layer 3. Without them, the network falls apart; with them, it’s a finely tuned and reliable service.

At Layer 2, switches within a building and even across a campus will use the Spanning Tree Protocol (STP) and its many variants to create a redundant switch fabric that distributes traffic across multiple links and handles device and link failure. At Layer 3, routers will use dynamic routing protocols (generally Open Shortest Path First or OSPF and BGP in most enterprises) to present a robust network that handles site-to-site link failures and minimizes the burden of IP management.

Layer 2 Spanning Tree Protocol

STP, first introduced as a proprietary protocol in 1985 by Digital Equipment Corporation, has a simple requirement: Keep LANs loop free. In the absence of a control protocol such as STP, a LAN with a loop in it can flood itself with traffic by continually sending the same packets around the loop. Spanning Tree Protocol solves this problem by detecting the LAN’s topology and blocking links that cause topology loops. With STP in place, a network manager can design a network with some redundancy — a loop — without the network melting down the first time a broadcast frame is sent.

STP uses timers to learn network topology. During the learning phase and any topology change, the network can block some or all traffic over a link. In the early days of Ethernet, having a network link blocked for a minute or two wasn’t a big deal.

But by 2001 it was a major issue, and the first major update to STP, dubbed Rapid STP (RSTP), was introduced. The big change: shorter timers and a network convergence time reduced from minutes to a few seconds.

Because STP was designed before virtual LANs (VLANs), the second major update to STP was Multiple STP (MSTP), which changed the spanning tree from one per network to one per VLAN. The key benefit of MSTP is that different VLANs can use different links across the network, allowing redundant links to be more fully utilized to speed traffic whenever possible.

MSTP includes RSTP, so any product supporting MSTP also includes the shorter timers of RSTP. MSTP was approved as a standard in 2005, so it’s commonly available in all major networking vendor’s products.

The next generations of STP have new names: Shortest Path Bridging (SPB) from the Institute of Electrical and Electronics Engineers (IEEE) and Transparent Interconnection of Lots of Links (TRILL) from the Internet Engineering Task Force (IETF). Both build on STP’s strengths and go even further by supporting multipath load sharing (multiple equal-cost paths through the network), larger topologies to link multiple campus VLAN environments and even faster convergence times and resilience to human error.

Because SPB and TRILL are based on a dynamic intermediate-system-to-intermediate-system (IS–IS) routing protocol, they are potentially more complicated to configure than a traditional spanning tree. It’s impossible to know just how difficult they’ll be to configure until they’re commonly available, however. It’s unclear whether enterprises will adopt SPB or TRILL. For now, network managers should plan on MSTP for at least the next five years.

Layer 3 Dynamic Routing Protocols

While Layer 2 protocols such as STP operate within a LAN environment, routing between subnets requires Layer 3 dynamic routing to minimize management costs and maximize network uptime. Many dynamic routing protocols are being used, but most organizations rely on two for their internal routing of IP traffic: OSPF and Cisco Systems’ proprietary Enhanced Interior Gateway Routing Protocol (EIGRP).

EIGRP is popular in all-Cisco networks because it’s easier to configure than OSPF. Network managers concerned about scalability, multivendor interoperability and futureproofing their network, on the other hand, typically choose OSPF. Both protocols in their latest versions support IPv6 and IPv4.

Most network managers with experience with both protocols consider EIGRP easier to manage in small to midsize networks. However, OSPF scales to larger networks, particularly WANs, better than EIGRP.

Other Layer 3 routing protocols, such as Routing Information Protocol (RIP) and IS–IS, aren’t as widely available across equipment vendors and often have less advanced implementations, leading to restrictions and potential complications in large network deployments. Unless there’s a very specific reason to stray from OSPF or EIGRP (such as routing non-IP traffic), it is wise to avoid alternative Layer 3 protocols for internal network routing.

While OSPF and EIGRP are popular for internal routing, enterprise-to-enterprise and enterprise-to-Internet routing always fall to one popular protocol, BGP, which is universally used across the Internet. BGP’s design differs quite a bit from OSPF, but the key practical differences are in the controls available.

BGP peering relationships are individually defined, and each relationship normally has a set of rules defining which routes are sent and received and how to differentiate them. In contrast, OSPF routers usually communicate without a specifically defined peering relationship (such as across a LAN), and the route interpretation rules are handled on a more macro scale, not one by one.

These differences make BGP a great choice for network administrative boundaries in which network managers need very tight controls on what traffic is exchanged. OSPF is a better choice in enterprise networks with more dynamic topologies and heavy LAN use.

To learn more best practices, insights and strategies on routing and switching, read our "Ultimate Guide to Routing and Switching."